upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: dev: Standardize CHECK and RETERR macros

Browse source 
Previously, there were over 40 separate definitions of `CHECK` macros, of
which most used `goto cleanup`, and the rest `goto failure` or `goto out`.
There were another 10 definitions of `RETERR`, of which most were identical
to `CHECK`, but some simply returned a result code instead
of jumping to a cleanup label.

This has now been standardized throughout the code base: `RETERR` is for
returning an error code in the case of an error, and `CHECK` is for jumping
to a cleanup tag, which is now always called `cleanup`. Both macros are
defined in `isc/util.h`.

Merge branch 'each-check-and-cleanup' into 'main'

See merge request isc-projects/bind9!10472
This commit is contained in:
Evan Hunt 2025-12-04 03:15:12 +00:00
commit a45d253882
161 changed files with 2819 additions and 5617 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
bin/check/check-tool.c
View file

@ -52,13 +52,6 @@
#define CHECK_LOCAL 1
#endif /* ifndef CHECK_LOCAL */
#define CHECK(r) \
do { \
result = (r); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
#define ERR_IS_CNAME 1
#define ERR_NO_ADDRESSES 2
#define ERR_LOOKUP_FAILURE 3

27
bin/check/named-checkconf.c
View file

@ -44,13 +44,6 @@
#include "check-tool.h"
#define CHECK(r) \
do { \
result = (r); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
/*% usage */
ISC_NORETURN static void
usage(void);
@ -115,7 +108,6 @@ get_checknames(const cfg_obj_t **maps, const cfg_obj_t **obj) {
static isc_result_t
configure_hint(const char *zfile, const char *zclass) {
isc_result_t result;
dns_db_t *db = NULL;
dns_rdataclass_t rdclass;
isc_textregion_t r;
@ -126,15 +118,8 @@ configure_hint(const char *zfile, const char *zclass) {
r.base = UNCONST(zclass);
r.length = strlen(zclass);
result = dns_rdataclass_fromtext(&rdclass, &r);
if (result != ISC_R_SUCCESS) {
return result;
}
result = dns_rootns_create(isc_g_mctx, rdclass, zfile, &db);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_rdataclass_fromtext(&rdclass, &r));
RETERR(dns_rootns_create(isc_g_mctx, rdclass, zfile, &db));
dns_db_detach(&db);
return ISC_R_SUCCESS;
@ -512,7 +497,7 @@ load_zones_fromconfig(const cfg_obj_t *config, bool list_zones) {
}
if (dns_rdataclass_ismeta(viewclass)) {
CHECK(ISC_R_FAILURE);
CLEANUP(ISC_R_FAILURE);
}
dns_rdataclass_format(viewclass, buf, sizeof(buf));
@ -698,7 +683,7 @@ main(int argc, char **argv) {
fprintf(stderr, "%s: unhandled option -%c\n",
isc_commandline_progname,
isc_commandline_option);
CHECK(ISC_R_FAILURE);
CLEANUP(ISC_R_FAILURE);
}
}
@ -710,12 +695,12 @@ main(int argc, char **argv) {
if (((flags & CFG_PRINTER_XKEY) != 0) && !print) {
fprintf(stderr, "%s: -x cannot be used without -p\n",
isc_commandline_progname);
CHECK(ISC_R_FAILURE);
CLEANUP(ISC_R_FAILURE);
}
if (print && list_zones) {
fprintf(stderr, "%s: -l cannot be used with -p\n",
isc_commandline_progname);
CHECK(ISC_R_FAILURE);
CLEANUP(ISC_R_FAILURE);
}
if (isc_commandline_index + 1 < argc) {

49
bin/delv/delv.c
View file

@ -84,13 +84,6 @@
#include <irs/resconf.h>
#define CHECK(r) \
do { \
result = (r); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
#define MAXNAME (DNS_NAME_MAXTEXT + 1)
#define MAX_QUERIES 50
@ -683,8 +676,7 @@ key_fromconfig(const cfg_obj_t *key, dns_client_t *client, dns_view_t *toview) {
delv_log(ISC_LOG_ERROR,
"key '%s': invalid initialization method '%s'",
keynamestr, atstr);
result = ISC_R_FAILURE;
goto cleanup;
CLEANUP(ISC_R_FAILURE);
}
}
@ -692,13 +684,13 @@ key_fromconfig(const cfg_obj_t *key, dns_client_t *client, dns_view_t *toview) {
isc_buffer_init(&rrdatabuf, rrdata, sizeof(rrdata));
if (rdata1 > 0xffff) {
CHECK(ISC_R_RANGE);
CLEANUP(ISC_R_RANGE);
}
if (rdata2 > 0xff) {
CHECK(ISC_R_RANGE);
CLEANUP(ISC_R_RANGE);
}
if (rdata3 > 0xff) {
CHECK(ISC_R_RANGE);
CLEANUP(ISC_R_RANGE);
}
switch (anchortype) {
@ -749,17 +741,17 @@ key_fromconfig(const cfg_obj_t *key, dns_client_t *client, dns_view_t *toview) {
switch (ds.digest_type) {
case DNS_DSDIGEST_SHA1:
if (r.length != ISC_SHA1_DIGESTLENGTH) {
CHECK(ISC_R_UNEXPECTEDEND);
CLEANUP(ISC_R_UNEXPECTEDEND);
}
break;
case DNS_DSDIGEST_SHA256:
if (r.length != ISC_SHA256_DIGESTLENGTH) {
CHECK(ISC_R_UNEXPECTEDEND);
CLEANUP(ISC_R_UNEXPECTEDEND);
}
break;
case DNS_DSDIGEST_SHA384:
if (r.length != ISC_SHA384_DIGESTLENGTH) {
CHECK(ISC_R_UNEXPECTEDEND);
CLEANUP(ISC_R_UNEXPECTEDEND);
}
break;
}
@ -1765,15 +1757,8 @@ reverse_octets(const char *in, char **p, char *end) {
char *dot = strchr(in, '.');
int len;
if (dot != NULL) {
isc_result_t result;
result = reverse_octets(dot + 1, p, end);
if (result != ISC_R_SUCCESS) {
return result;
}
result = append_str(".", 1, p, end);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(reverse_octets(dot + 1, p, end));
RETERR(append_str(".", 1, p, end));
len = (int)(dot - in);
} else {
len = strlen(in);
@ -1784,7 +1769,6 @@ reverse_octets(const char *in, char **p, char *end) {
static isc_result_t
get_reverse(char *reverse, size_t len, char *value, bool strict) {
int r;
isc_result_t result;
isc_netaddr_t addr;
addr.family = AF_INET6;
@ -1795,10 +1779,7 @@ get_reverse(char *reverse, size_t len, char *value, bool strict) {
dns_name_t *name;
name = dns_fixedname_initname(&fname);
result = dns_byaddr_createptrname(&addr, name);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_byaddr_createptrname(&addr, name));
dns_name_format(name, reverse, (unsigned int)len);
return ISC_R_SUCCESS;
} else {
@ -1815,14 +1796,8 @@ get_reverse(char *reverse, size_t len, char *value, bool strict) {
if (strict && inet_pton(AF_INET, value, &addr.type.in) != 1) {
return DNS_R_BADDOTTEDQUAD;
}
result = reverse_octets(value, &p, end);
if (result != ISC_R_SUCCESS) {
return result;
}
result = append_str(".in-addr.arpa.", 15, &p, end);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(reverse_octets(value, &p, end));
RETERR(append_str(".in-addr.arpa.", 15, &p, end));
return ISC_R_SUCCESS;
}
}

15
bin/dig/dig.c
View file

@ -503,10 +503,7 @@ say_message(dns_rdata_t *rdata, dig_query_t *query, isc_buffer_t *buf) {
unsigned int styleflags = 0;
if (query->lookup->trace || query->lookup->ns_search_only) {
result = dns_rdatatype_totext(rdata->type, buf);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_rdatatype_totext(rdata->type, buf));
ADD_STRING(buf, " ");
}
@ -583,14 +580,8 @@ dns64prefix_answer(dns_message_t *msg, isc_buffer_t *buf) {
count = 10;
}
for (i = 0; i < count; i++) {
result = isc_netaddr_totext(&prefix[i].addr, buf);
if (result != ISC_R_SUCCESS) {
return result;
}
result = isc_buffer_printf(buf, "/%u\n", prefix[i].prefixlen);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(isc_netaddr_totext(&prefix[i].addr, buf));
RETERR(isc_buffer_printf(buf, "/%u\n", prefix[i].prefixlen));
}
return ISC_R_SUCCESS;

87
bin/dig/dighost.c
View file

@ -291,15 +291,8 @@ reverse_octets(const char *in, char **p, char *end) {
const char *dot = strchr(in, '.');
size_t len;
if (dot != NULL) {
isc_result_t result;
result = reverse_octets(dot + 1, p, end);
if (result != ISC_R_SUCCESS) {
return result;
}
result = append(".", 1, p, end);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(reverse_octets(dot + 1, p, end));
RETERR(append(".", 1, p, end));
len = (int)(dot - in);
} else {
len = (int)strlen(in);
@ -310,7 +303,6 @@ reverse_octets(const char *in, char **p, char *end) {
isc_result_t
get_reverse(char *reverse, size_t len, char *value, bool strict) {
int r;
isc_result_t result;
isc_netaddr_t addr;
addr.family = AF_INET6;
@ -321,10 +313,7 @@ get_reverse(char *reverse, size_t len, char *value, bool strict) {
dns_name_t *name;
name = dns_fixedname_initname(&fname);
result = dns_byaddr_createptrname(&addr, name);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_byaddr_createptrname(&addr, name));
dns_name_format(name, reverse, (unsigned int)len);
return ISC_R_SUCCESS;
} else {
@ -341,15 +330,9 @@ get_reverse(char *reverse, size_t len, char *value, bool strict) {
if (strict && inet_pton(AF_INET, value, &addr.type.in) != 1) {
return DNS_R_BADDOTTEDQUAD;
}
result = reverse_octets(value, &p, end);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(reverse_octets(value, &p, end));
/* Append .in-addr.arpa. and a terminating NUL. */
result = append(".in-addr.arpa.", 15, &p, end);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(append(".in-addr.arpa.", 15, &p, end));
return ISC_R_SUCCESS;
}
}
@ -862,26 +845,19 @@ setup_text_key(void) {
secretsize = (unsigned int)strlen(keysecret) * 3 / 4;
secretstore = isc_mem_allocate(isc_g_mctx, secretsize);
isc_buffer_init(&secretbuf, secretstore, secretsize);
result = isc_base64_decodestring(keysecret, &secretbuf);
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(isc_base64_decodestring(keysecret, &secretbuf));
secretsize = isc_buffer_usedlength(&secretbuf);
if (hmac_alg == DST_ALG_UNKNOWN) {
result = DST_R_UNSUPPORTEDALG;
goto failure;
CLEANUP(DST_R_UNSUPPORTEDALG);
}
result = dns_name_fromtext(keyname, namebuf, dns_rootname, 0);
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(dns_name_fromtext(keyname, namebuf, dns_rootname, 0));
result = dns_tsigkey_create(keyname, hmac_alg, secretstore,
(int)secretsize, isc_g_mctx, &tsigkey);
failure:
cleanup:
if (result != ISC_R_SUCCESS) {
printf(";; Couldn't create key %s: %s\n", keynametext,
isc_result_totext(result));
@ -1086,16 +1062,10 @@ read_confkey(void) {
return ISC_R_FILENOTFOUND;
}
result = cfg_parse_file(isc_g_mctx, keyfile, &cfg_type_sessionkey, 0,
&file);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(cfg_parse_file(isc_g_mctx, keyfile, &cfg_type_sessionkey, 0,
&file));
result = cfg_map_get(file, "key", &keyobj);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(cfg_map_get(file, "key", &keyobj));
(void)cfg_map_get(keyobj, "secret", &secretobj);
(void)cfg_map_get(keyobj, "algorithm", &algorithmobj);
@ -1147,7 +1117,7 @@ setup_file_key(void) {
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "Couldn't read key from %s: %s\n", keyfile,
isc_result_totext(result));
goto failure;
goto cleanup;
}
switch (dst_key_alg(dstkey)) {
@ -1175,7 +1145,7 @@ setup_file_key(void) {
}
}
failure:
cleanup:
if (dstkey != NULL) {
dst_key_free(&dstkey);
}
@ -2764,21 +2734,14 @@ get_create_tls_context(dig_query_t *query, const bool is_https,
if (result != ISC_R_SUCCESS) {
if (query->lookup->tls_ca_set) {
if (found_store == NULL) {
result = isc_tls_cert_store_create(
query->lookup->tls_ca_file, &store);
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(isc_tls_cert_store_create(
query->lookup->tls_ca_file, &store));
} else {
store = found_store;
}
}
result = isc_tlsctx_createclient(&ctx);
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(isc_tlsctx_createclient(&ctx));
if (store != NULL) {
const char *hostname = get_tls_sni_hostname(query);
@ -2788,23 +2751,17 @@ get_create_tls_context(dig_query_t *query, const bool is_https,
* SubjectAltName must be checked. That is NOT the case
* for HTTPS.
*/
result = isc_tlsctx_enable_peer_verification(
CHECK(isc_tlsctx_enable_peer_verification(
ctx, false, store, hostname,
hostname_ignore_subject);
if (result != ISC_R_SUCCESS) {
goto failure;
}
hostname_ignore_subject));
}
if (query->lookup->tls_key_file_set &&
query->lookup->tls_cert_file_set)
{
result = isc_tlsctx_load_certificate(
CHECK(isc_tlsctx_load_certificate(
ctx, query->lookup->tls_key_file,
query->lookup->tls_cert_file);
if (result != ISC_R_SUCCESS) {
goto failure;
}
query->lookup->tls_cert_file));
}
if (!is_https) {
@ -2840,7 +2797,7 @@ get_create_tls_context(dig_query_t *query, const bool is_https,
INSIST(!query->lookup->tls_ca_set || found_store != NULL);
return found_ctx;
failure:
cleanup:
if (ctx != NULL) {
isc_tlsctx_free(&ctx);
}

51
bin/dig/host.c
View file

@ -208,7 +208,6 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
const char *section_name, bool headers, dig_query_t *query) {
dns_name_t *print_name;
isc_buffer_t target;
isc_result_t result;
isc_region_t r;
dns_name_t empty_name;
char tbuf[4096] = { 0 };
@ -245,12 +244,9 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
continue;
}
if (!short_form) {
result = dns_rdataset_totext(rdataset,
print_name, false,
no_rdata, &target);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_rdataset_totext(rdataset, print_name,
false, no_rdata,
&target));
#ifdef USEINITALWS
if (first) {
print_name = &empty_name;
@ -305,7 +301,6 @@ static isc_result_t
printrdata(dns_message_t *msg, dns_rdataset_t *rdataset,
const dns_name_t *owner, const char *set_name, bool headers) {
isc_buffer_t target;
isc_result_t result;
isc_region_t r;
char tbuf[4096];
@ -316,10 +311,7 @@ printrdata(dns_message_t *msg, dns_rdataset_t *rdataset,
isc_buffer_init(&target, tbuf, sizeof(tbuf));
result = dns_rdataset_totext(rdataset, owner, false, false, &target);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_rdataset_totext(rdataset, owner, false, false, &target));
isc_buffer_usedregion(&target, &r);
printf("%.*s", (int)r.length, (char *)r.base);
@ -501,50 +493,35 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
if (!ISC_LIST_EMPTY(msg->sections[DNS_SECTION_QUESTION]) && !short_form)
{
printf("\n");
result = printsection(msg, DNS_SECTION_QUESTION, "QUESTION",
true, query);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(printsection(msg, DNS_SECTION_QUESTION, "QUESTION", true,
query));
}
if (!ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER])) {
if (!short_form) {
printf("\n");
}
result = printsection(msg, DNS_SECTION_ANSWER, "ANSWER",
!short_form, query);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(printsection(msg, DNS_SECTION_ANSWER, "ANSWER",
!short_form, query));
}
if (!ISC_LIST_EMPTY(msg->sections[DNS_SECTION_AUTHORITY]) &&
!short_form)
{
printf("\n");
result = printsection(msg, DNS_SECTION_AUTHORITY, "AUTHORITY",
true, query);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(printsection(msg, DNS_SECTION_AUTHORITY, "AUTHORITY",
true, query));
}
if (!ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ADDITIONAL]) &&
!short_form)
{
printf("\n");
result = printsection(msg, DNS_SECTION_ADDITIONAL, "ADDITIONAL",
true, query);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(printsection(msg, DNS_SECTION_ADDITIONAL, "ADDITIONAL",
true, query));
}
if ((tsig != NULL) && !short_form) {
printf("\n");
result = printrdata(msg, tsig, tsigname, "PSEUDOSECTION TSIG",
true);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(printrdata(msg, tsig, tsigname, "PSEUDOSECTION TSIG",
true));
}
if (!short_form) {
printf("\n");

67
bin/dnssec/dnssec-keyfromlabel.c
View file

@ -116,7 +116,7 @@ main(int argc, char **argv) {
dst_algorithm_t alg;
bool oldstyle = false;
int ch;
isc_result_t ret;
isc_result_t result;
isc_textregion_t r;
char filename[255];
isc_buffer_t buf;
@ -182,10 +182,10 @@ main(int argc, char **argv) {
break;
case 'K':
directory = isc_commandline_argument;
ret = try_dir(directory);
if (ret != ISC_R_SUCCESS) {
result = try_dir(directory);
if (result != ISC_R_SUCCESS) {
fatal("cannot open directory %s: %s", directory,
isc_result_totext(ret));
isc_result_totext(result));
}
break;
case 'k':
@ -358,11 +358,11 @@ main(int argc, char **argv) {
isc_buffer_init(&buf, argv[isc_commandline_index],
strlen(argv[isc_commandline_index]));
isc_buffer_add(&buf, strlen(argv[isc_commandline_index]));
ret = dns_name_fromtext(name, &buf, dns_rootname, 0);
if (ret != ISC_R_SUCCESS) {
result = dns_name_fromtext(name, &buf, dns_rootname, 0);
if (result != ISC_R_SUCCESS) {
fatal("invalid key name %s: %s",
argv[isc_commandline_index],
isc_result_totext(ret));
isc_result_totext(result));
}
if (strchr(label, ':') == NULL) {
@ -382,8 +382,8 @@ main(int argc, char **argv) {
r.base = algname;
r.length = strlen(algname);
ret = dst_algorithm_fromtext(&alg, &r);
if (ret != ISC_R_SUCCESS) {
result = dst_algorithm_fromtext(&alg, &r);
if (result != ISC_R_SUCCESS) {
fatal("unknown algorithm %s", algname);
}
@ -459,12 +459,13 @@ main(int argc, char **argv) {
fatal("-S and -G cannot be used together");
}
ret = dst_key_fromnamedfile(predecessor, directory,
DST_TYPE_PUBLIC | DST_TYPE_PRIVATE,
isc_g_mctx, &prevkey);
if (ret != ISC_R_SUCCESS) {
result = dst_key_fromnamedfile(predecessor, directory,
DST_TYPE_PUBLIC |
DST_TYPE_PRIVATE,
isc_g_mctx, &prevkey);
if (result != ISC_R_SUCCESS) {
fatal("Invalid keyfile %s: %s", predecessor,
isc_result_totext(ret));
isc_result_totext(result));
}
if (!dst_key_isprivate(prevkey)) {
fatal("%s is not a private key", predecessor);
@ -482,16 +483,16 @@ main(int argc, char **argv) {
keystr, major, minor);
}
ret = dst_key_gettime(prevkey, DST_TIME_ACTIVATE, &when);
if (ret != ISC_R_SUCCESS) {
result = dst_key_gettime(prevkey, DST_TIME_ACTIVATE, &when);
if (result != ISC_R_SUCCESS) {
fatal("Key %s has no activation date.\n\t"
"You must use dnssec-settime -A to set one "
"before generating a successor.",
keystr);
}
ret = dst_key_gettime(prevkey, DST_TIME_INACTIVE, &activate);
if (ret != ISC_R_SUCCESS) {
result = dst_key_gettime(prevkey, DST_TIME_INACTIVE, &activate);
if (result != ISC_R_SUCCESS) {
fatal("Key %s has no inactivation date.\n\t"
"You must use dnssec-settime -I to set one "
"before generating a successor.",
@ -510,8 +511,8 @@ main(int argc, char **argv) {
keystr);
}
ret = dst_key_gettime(prevkey, DST_TIME_DELETE, &when);
if (ret != ISC_R_SUCCESS) {
result = dst_key_gettime(prevkey, DST_TIME_DELETE, &when);
if (result != ISC_R_SUCCESS) {
fprintf(stderr,
"%s: WARNING: Key %s has no removal "
"date;\n\t it will remain in the zone "
@ -556,16 +557,16 @@ main(int argc, char **argv) {
isc_buffer_init(&buf, filename, sizeof(filename) - 1);
/* associate the key */
ret = dst_key_fromlabel(name, alg, flags, DNS_KEYPROTO_DNSSEC, rdclass,
label, NULL, isc_g_mctx, &key);
result = dst_key_fromlabel(name, alg, flags, DNS_KEYPROTO_DNSSEC,
rdclass, label, NULL, isc_g_mctx, &key);
if (ret != ISC_R_SUCCESS) {
if (result != ISC_R_SUCCESS) {
char namestr[DNS_NAME_FORMATSIZE];
char algstr[DNS_SECALG_FORMATSIZE];
dns_name_format(name, namestr, sizeof(namestr));
dns_secalg_format(alg, algstr, sizeof(algstr));
fatal("failed to get key %s/%s: %s", namestr, algstr,
isc_result_totext(ret));
isc_result_totext(result));
UNREACHABLE();
exit(EXIT_FAILURE);
}
@ -651,10 +652,10 @@ main(int argc, char **argv) {
&exact))
{
isc_buffer_clear(&buf);
ret = dst_key_buildfilename(key, 0, directory, &buf);
if (ret != ISC_R_SUCCESS) {
result = dst_key_buildfilename(key, 0, directory, &buf);
if (result != ISC_R_SUCCESS) {
fatal("dst_key_buildfilename returned: %s\n",
isc_result_totext(ret));
isc_result_totext(result));
}
if (exact) {
fatal("%s: %s already exists\n",
@ -675,19 +676,19 @@ main(int argc, char **argv) {
isc_commandline_progname, filename);
}
ret = dst_key_tofile(key, options, directory);
if (ret != ISC_R_SUCCESS) {
result = dst_key_tofile(key, options, directory);
if (result != ISC_R_SUCCESS) {
char keystr[DST_KEY_FORMATSIZE];
dst_key_format(key, keystr, sizeof(keystr));
fatal("failed to write key %s: %s\n", keystr,
isc_result_totext(ret));
isc_result_totext(result));
}
isc_buffer_clear(&buf);
ret = dst_key_buildfilename(key, 0, NULL, &buf);
if (ret != ISC_R_SUCCESS) {
result = dst_key_buildfilename(key, 0, NULL, &buf);
if (result != ISC_R_SUCCESS) {
fatal("dst_key_buildfilename returned: %s\n",
isc_result_totext(ret));
isc_result_totext(result));
}
printf("%s\n", filename);
dst_key_free(&key);

96
bin/dnssec/dnssec-keygen.c
View file

@ -241,7 +241,7 @@ keygen(keygen_ctx_t *ctx, int argc, char **argv) {
isc_buffer_t buf;
dns_name_t *name;
dns_fixedname_t fname;
isc_result_t ret;
isc_result_t result;
dst_key_t *key = NULL;
dst_key_t *prevkey = NULL;
@ -258,11 +258,11 @@ keygen(keygen_ctx_t *ctx, int argc, char **argv) {
isc_buffer_init(&buf, argv[isc_commandline_index],
strlen(argv[isc_commandline_index]));
isc_buffer_add(&buf, strlen(argv[isc_commandline_index]));
ret = dns_name_fromtext(name, &buf, dns_rootname, 0);
if (ret != ISC_R_SUCCESS) {
result = dns_name_fromtext(name, &buf, dns_rootname, 0);
if (result != ISC_R_SUCCESS) {
fatal("invalid key name %s: %s",
argv[isc_commandline_index],
isc_result_totext(ret));
isc_result_totext(result));
}
if (!dst_algorithm_supported(ctx->alg)) {
@ -391,13 +391,13 @@ keygen(keygen_ctx_t *ctx, int argc, char **argv) {
fatal("-S and -G cannot be used together");
}
ret = dst_key_fromnamedfile(ctx->predecessor, ctx->directory,
DST_TYPE_PUBLIC | DST_TYPE_PRIVATE |
DST_TYPE_STATE,
isc_g_mctx, &prevkey);
if (ret != ISC_R_SUCCESS) {
result = dst_key_fromnamedfile(
ctx->predecessor, ctx->directory,
DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | DST_TYPE_STATE,
isc_g_mctx, &prevkey);
if (result != ISC_R_SUCCESS) {
fatal("Invalid keyfile %s: %s", ctx->predecessor,
isc_result_totext(ret));
isc_result_totext(result));
}
if (!dst_key_isprivate(prevkey)) {
fatal("%s is not a private key", ctx->predecessor);
@ -416,17 +416,17 @@ keygen(keygen_ctx_t *ctx, int argc, char **argv) {
keystr, major, minor);
}
ret = dst_key_gettime(prevkey, DST_TIME_ACTIVATE, &when);
if (ret != ISC_R_SUCCESS) {
result = dst_key_gettime(prevkey, DST_TIME_ACTIVATE, &when);
if (result != ISC_R_SUCCESS) {
fatal("Key %s has no activation date.\n\t"
"You must use dnssec-settime -A to set one "
"before generating a successor.",
keystr);
}
ret = dst_key_gettime(prevkey, DST_TIME_INACTIVE,
&ctx->activate);
if (ret != ISC_R_SUCCESS) {
result = dst_key_gettime(prevkey, DST_TIME_INACTIVE,
&ctx->activate);
if (result != ISC_R_SUCCESS) {
fatal("Key %s has no inactivation date.\n\t"
"You must use dnssec-settime -I to set one "
"before generating a successor.",
@ -445,8 +445,8 @@ keygen(keygen_ctx_t *ctx, int argc, char **argv) {
keystr);
}
ret = dst_key_gettime(prevkey, DST_TIME_DELETE, &when);
if (ret != ISC_R_SUCCESS) {
result = dst_key_gettime(prevkey, DST_TIME_DELETE, &when);
if (result != ISC_R_SUCCESS) {
fprintf(stderr,
"%s: WARNING: Key %s has no removal "
"date;\n\t it will remain in the zone "
@ -558,19 +558,19 @@ keygen(keygen_ctx_t *ctx, int argc, char **argv) {
}
if (ctx->keystore != NULL && ctx->policy != NULL) {
ret = dns_keystore_keygen(
result = dns_keystore_keygen(
ctx->keystore, name, ctx->policy, ctx->rdclass,
isc_g_mctx, ctx->alg, ctx->size, flags, &key);
} else if (!ctx->quiet && show_progress) {
ret = dst_key_generate(name, ctx->alg, ctx->size, 0,
flags, DNS_KEYPROTO_DNSSEC,
ctx->rdclass, NULL, isc_g_mctx,
&key, &progress);
result = dst_key_generate(name, ctx->alg, ctx->size, 0,
flags, DNS_KEYPROTO_DNSSEC,
ctx->rdclass, NULL,
isc_g_mctx, &key, &progress);
} else {
ret = dst_key_generate(name, ctx->alg, ctx->size, 0,
flags, DNS_KEYPROTO_DNSSEC,
ctx->rdclass, NULL, isc_g_mctx,
&key, NULL);
result = dst_key_generate(name, ctx->alg, ctx->size, 0,
flags, DNS_KEYPROTO_DNSSEC,
ctx->rdclass, NULL,
isc_g_mctx, &key, NULL);
}
if (!ctx->quiet && show_progress) {
@ -578,11 +578,11 @@ keygen(keygen_ctx_t *ctx, int argc, char **argv) {
fflush(stderr);
}
if (ret != ISC_R_SUCCESS) {
if (result != ISC_R_SUCCESS) {
char namestr[DNS_NAME_FORMATSIZE];
dns_name_format(name, namestr, sizeof(namestr));
fatal("failed to generate key %s/%s: %s\n", namestr,
algstr, isc_result_totext(ret));
algstr, isc_result_totext(result));
}
/*
@ -715,9 +715,9 @@ keygen(keygen_ctx_t *ctx, int argc, char **argv) {
if (verbose > 0) {
isc_buffer_clear(&buf);
ret = dst_key_buildfilename(
result = dst_key_buildfilename(
key, 0, ctx->directory, &buf);
if (ret == ISC_R_SUCCESS) {
if (result == ISC_R_SUCCESS) {
fprintf(stderr,
"%s: %s already exists, or "
"might collide with another "
@ -741,28 +741,28 @@ keygen(keygen_ctx_t *ctx, int argc, char **argv) {
dst_key_setnum(prevkey, DST_NUM_SUCCESSOR, dst_key_id(key));
dst_key_setnum(key, DST_NUM_PREDECESSOR, dst_key_id(prevkey));
ret = dst_key_tofile(prevkey, ctx->options, ctx->directory);
if (ret != ISC_R_SUCCESS) {
result = dst_key_tofile(prevkey, ctx->options, ctx->directory);
if (result != ISC_R_SUCCESS) {
char keystr[DST_KEY_FORMATSIZE];
dst_key_format(prevkey, keystr, sizeof(keystr));
fatal("failed to update predecessor %s: %s\n", keystr,
isc_result_totext(ret));
isc_result_totext(result));
}
}
ret = dst_key_tofile(key, ctx->options, ctx->directory);
if (ret != ISC_R_SUCCESS) {
result = dst_key_tofile(key, ctx->options, ctx->directory);
if (result != ISC_R_SUCCESS) {
char keystr[DST_KEY_FORMATSIZE];
dst_key_format(key, keystr, sizeof(keystr));
fatal("failed to write key %s: %s\n", keystr,
isc_result_totext(ret));
isc_result_totext(result));
}
isc_buffer_clear(&buf);
ret = dst_key_buildfilename(key, 0, NULL, &buf);
if (ret != ISC_R_SUCCESS) {
result = dst_key_buildfilename(key, 0, NULL, &buf);
if (result != ISC_R_SUCCESS) {
fatal("dst_key_buildfilename returned: %s\n",
isc_result_totext(ret));
isc_result_totext(result));
}
printf("%s\n", filename);
@ -776,10 +776,10 @@ static void
check_keystore_options(keygen_ctx_t *ctx) {
ctx->directory = dns_keystore_directory(ctx->keystore, NULL);
if (ctx->directory != NULL) {
isc_result_t ret = try_dir(ctx->directory);
if (ret != ISC_R_SUCCESS) {
isc_result_t result = try_dir(ctx->directory);
if (result != ISC_R_SUCCESS) {
fatal("cannot open directory %s: %s", ctx->directory,
isc_result_totext(ret));
isc_result_totext(result));
}
}
}
@ -789,7 +789,7 @@ main(int argc, char **argv) {
char *algname = NULL, *freeit = NULL;
char *classname = NULL;
char *endp;
isc_result_t ret;
isc_result_t result;
isc_textregion_t r;
unsigned char c;
int ch;
@ -878,10 +878,10 @@ main(int argc, char **argv) {
break;
case 'K':
ctx.directory = isc_commandline_argument;
ret = try_dir(ctx.directory);
if (ret != ISC_R_SUCCESS) {
result = try_dir(ctx.directory);
if (result != ISC_R_SUCCESS) {
fatal("cannot open directory %s: %s",
ctx.directory, isc_result_totext(ret));
ctx.directory, isc_result_totext(result));
}
break;
case 'k':
@ -1096,8 +1096,8 @@ main(int argc, char **argv) {
}
r.base = algname;
r.length = strlen(algname);
ret = dst_algorithm_fromtext(&ctx.alg, &r);
if (ret != ISC_R_SUCCESS) {
result = dst_algorithm_fromtext(&ctx.alg, &r);
if (result != ISC_R_SUCCESS) {
fatal("unknown algorithm %s", algname);
}
if (!dst_algorithm_supported(ctx.alg)) {

177
bin/dnssec/dnssec-ksr.c
View file

@ -91,24 +91,9 @@ static int min_dh = 128;
#define READLINE(lex, opt, token)
#define NEXTTOKEN(lex, opt, token) \
{ \
ret = isc_lex_gettoken(lex, opt, token); \
if (ret != ISC_R_SUCCESS) \
goto cleanup; \
}
#define NEXTTOKEN(lex, opt, token) CHECK(isc_lex_gettoken(lex, opt, token))
#define BADTOKEN() \
{ \
ret = ISC_R_UNEXPECTEDTOKEN; \
goto cleanup; \
}
#define CHECK(r) \
ret = (r); \
if (ret != ISC_R_SUCCESS) { \
goto fail; \
}
#define BADTOKEN() CLEANUP(ISC_R_UNEXPECTEDTOKEN)
isc_bufferlist_t cleanup_list = ISC_LIST_INITIALIZER;
@ -209,16 +194,16 @@ get_dnskeys(ksr_ctx_t *ksr, dns_dnsseckeylist_t *keys) {
dns_dnsseckeylist_t keys_read;
dns_dnsseckey_t **keys_sorted;
int i = 0, n = 0;
isc_result_t ret;
isc_result_t result;
ISC_LIST_INIT(*keys);
ISC_LIST_INIT(keys_read);
ret = dns_dnssec_findmatchingkeys(name, NULL, ksr->keydir, NULL,
ksr->now, false, isc_g_mctx,
&keys_read);
if (ret != ISC_R_SUCCESS && ret != ISC_R_NOTFOUND) {
result = dns_dnssec_findmatchingkeys(name, NULL, ksr->keydir, NULL,
ksr->now, false, isc_g_mctx,
&keys_read);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
fatal("failed to load existing keys from %s: %s", ksr->keydir,
isc_result_totext(ret));
isc_result_totext(result));
}
/* Sort on keytag. */
ISC_LIST_FOREACH(keys_read, dk, link) {
@ -323,7 +308,7 @@ create_key(ksr_ctx_t *ksr, dns_kasp_t *kasp, dns_kasp_key_t *kaspkey,
dst_key_t *key = NULL;
int options = (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC | DST_TYPE_STATE);
isc_buffer_t buf;
isc_result_t ret;
isc_result_t result;
isc_stdtime_t prepub;
uint16_t flags = DNS_KEYOWNER_ZONE;
@ -421,26 +406,26 @@ create_key(ksr_ctx_t *ksr, dns_kasp_t *kasp, dns_kasp_key_t *kaspkey,
"Generating key pair for bundle %s: ", timestr);
}
if (ksr->keystore != NULL && ksr->policy != NULL) {
ret = dns_keystore_keygen(
result = dns_keystore_keygen(
ksr->keystore, name, ksr->policy,
dns_rdataclass_in, isc_g_mctx, ksr->alg,
ksr->size, flags, &key);
} else if (show_progress) {
ret = dst_key_generate(name, ksr->alg, ksr->size, 0,
flags, DNS_KEYPROTO_DNSSEC,
dns_rdataclass_in, NULL,
isc_g_mctx, &key, &progress);
result = dst_key_generate(name, ksr->alg, ksr->size, 0,
flags, DNS_KEYPROTO_DNSSEC,
dns_rdataclass_in, NULL,
isc_g_mctx, &key, &progress);
fflush(stderr);
} else {
ret = dst_key_generate(name, ksr->alg, ksr->size, 0,
flags, DNS_KEYPROTO_DNSSEC,
dns_rdataclass_in, NULL,
isc_g_mctx, &key, NULL);
result = dst_key_generate(name, ksr->alg, ksr->size, 0,
flags, DNS_KEYPROTO_DNSSEC,
dns_rdataclass_in, NULL,
isc_g_mctx, &key, NULL);
}
if (ret != ISC_R_SUCCESS) {
if (result != ISC_R_SUCCESS) {
fatal("failed to generate key %s/%s: %s\n", namestr,
algstr, isc_result_totext(ret));
algstr, isc_result_totext(result));
}
/* Do not overwrite an existing key. */
@ -451,9 +436,9 @@ create_key(ksr_ctx_t *ksr, dns_kasp_t *kasp, dns_kasp_key_t *kaspkey,
conflict = true;
if (verbose > 0) {
isc_buffer_clear(&buf);
ret = dst_key_buildfilename(key, 0, ksr->keydir,
&buf);
if (ret == ISC_R_SUCCESS) {
result = dst_key_buildfilename(
key, 0, ksr->keydir, &buf);
if (result == ISC_R_SUCCESS) {
fprintf(stderr,
"%s: %s already exists, or "
"might collide with another "
@ -502,20 +487,20 @@ create_key(ksr_ctx_t *ksr, dns_kasp_t *kasp, dns_kasp_key_t *kaspkey,
*expiration = 0;
}
ret = dst_key_tofile(key, options, ksr->keydir);
if (ret != ISC_R_SUCCESS) {
result = dst_key_tofile(key, options, ksr->keydir);
if (result != ISC_R_SUCCESS) {
char keystr[DST_KEY_FORMATSIZE];
dst_key_format(key, keystr, sizeof(keystr));
fatal("failed to write key %s: %s\n", keystr,
isc_result_totext(ret));
isc_result_totext(result));
}
output:
isc_buffer_clear(&buf);
ret = dst_key_buildfilename(key, 0, NULL, &buf);
if (ret != ISC_R_SUCCESS) {
result = dst_key_buildfilename(key, 0, NULL, &buf);
if (result != ISC_R_SUCCESS) {
fatal("dst_key_buildfilename returned: %s\n",
isc_result_totext(ret));
isc_result_totext(result));
}
printf("%s\n", filename);
fflush(stdout);
@ -528,12 +513,12 @@ static void
print_rdata(dns_rdataset_t *rrset) {
isc_buffer_t target;
isc_region_t r;
isc_result_t ret;
isc_result_t result;
char buf[4096];
isc_buffer_init(&target, buf, sizeof(buf));
ret = dns_rdataset_totext(rrset, name, false, false, &target);
if (ret != ISC_R_SUCCESS) {
result = dns_rdataset_totext(rrset, name, false, false, &target);
if (result != ISC_R_SUCCESS) {
fatal("failed to print rdata");
}
isc_buffer_usedregion(&target, &r);
@ -547,7 +532,7 @@ print_dnskeys(dns_kasp_key_t *kaspkey, dns_ttl_t ttl, dns_dnsseckeylist_t *keys,
char timestr[26]; /* Minimal buf as per ctime_r() spec. */
dns_rdatalist_t *rdatalist = NULL;
dns_rdataset_t rdataset = DNS_RDATASET_INIT;
isc_result_t ret = ISC_R_SUCCESS;
isc_result_t result = ISC_R_SUCCESS;
isc_stdtime_t next_bundle = next_inception;
isc_stdtime_tostring(inception, timestr, sizeof(timestr));
@ -614,11 +599,11 @@ print_dnskeys(dns_kasp_key_t *kaspkey, dns_ttl_t ttl, dns_dnsseckeylist_t *keys,
dns_rdatalist_tordataset(rdatalist, &rdataset);
print_rdata(&rdataset);
fail:
cleanup:
/* Cleanup */
freerrset(&rdataset);
if (ret != ISC_R_SUCCESS) {
if (result != ISC_R_SUCCESS) {
fatal("failed to print %s/%s zsk key pair found for bundle %s",
namestr, algstr, timestr);
}
@ -631,7 +616,7 @@ sign_rrset(ksr_ctx_t *ksr, isc_stdtime_t inception, isc_stdtime_t expiration,
dns_rdataset_t *rrset, dns_dnsseckeylist_t *keys) {
dns_rdatalist_t *rrsiglist = NULL;
dns_rdataset_t rrsigset = DNS_RDATASET_INIT;
isc_result_t ret;
isc_result_t result;
isc_stdtime_t next_bundle = expiration;
UNUSED(ksr);
@ -646,10 +631,10 @@ sign_rrset(ksr_ctx_t *ksr, isc_stdtime_t inception, isc_stdtime_t expiration,
isc_buffer_init(&timebuf, timestr, sizeof(timestr));
isc_stdtime_tostring(inception, timestr, sizeof(timestr));
isc_buffer_init(&b, utc, sizeof(utc));
ret = dns_time32_totext(inception, &b);
if (ret != ISC_R_SUCCESS) {
result = dns_time32_totext(inception, &b);
if (result != ISC_R_SUCCESS) {
fatal("failed to convert bundle time32 to text: %s",
isc_result_totext(ret));
isc_result_totext(result));
}
isc_buffer_usedregion(&b, &r);
fprintf(stdout, ";; SignedKeyResponse 1.0 %.*s (%s)\n",
@ -696,9 +681,9 @@ sign_rrset(ksr_ctx_t *ksr, isc_stdtime_t inception, isc_stdtime_t expiration,
rrsig = isc_mem_get(isc_g_mctx, sizeof(*rrsig));
dns_rdata_init(rrsig);
isc_buffer_init(&buf, rdatabuf, sizeof(rdatabuf));
ret = dns_dnssec_sign(name, rrset, dk->key, &clockskew,
&expiration, isc_g_mctx, &buf, &rdata);
if (ret != ISC_R_SUCCESS) {
result = dns_dnssec_sign(name, rrset, dk->key, &clockskew,
&expiration, isc_g_mctx, &buf, &rdata);
if (result != ISC_R_SUCCESS) {
fatal("failed to sign KSR");
}
isc_buffer_usedregion(&buf, &rs);
@ -733,7 +718,7 @@ get_keymaterial(ksr_ctx_t *ksr, dns_kasp_t *kasp, isc_stdtime_t inception,
dns_rdatalist_t *cdnskeylist = isc_mem_get(isc_g_mctx,
sizeof(*cdnskeylist));
dns_rdatalist_t *cdslist = isc_mem_get(isc_g_mctx, sizeof(*cdslist));
isc_result_t ret = ISC_R_SUCCESS;
isc_result_t result = ISC_R_SUCCESS;
isc_stdtime_t next_bundle = next_inception;
dns_rdatalist_init(dnskeylist);
@ -873,7 +858,7 @@ get_keymaterial(ksr_ctx_t *ksr, dns_kasp_t *kasp, isc_stdtime_t inception,
return next_bundle;
fail:
cleanup:
fatal("failed to create KSK/CDS/CDNSKEY");
return 0;
}
@ -968,7 +953,7 @@ parse_dnskey(isc_lex_t *lex, char *owner, isc_buffer_t *buf, dns_ttl_t *ttl) {
dns_name_t *dname = NULL;
dns_rdataclass_t rdclass = dns_rdataclass_in;
isc_buffer_t b;
isc_result_t ret;
isc_result_t result;
isc_token_t token;
unsigned int opt = ISC_LEXOPT_EOL;
@ -982,12 +967,9 @@ parse_dnskey(isc_lex_t *lex, char *owner, isc_buffer_t *buf, dns_ttl_t *ttl) {
dname = dns_fixedname_initname(&dfname);
isc_buffer_init(&b, owner, strlen(owner));
isc_buffer_add(&b, strlen(owner));
ret = dns_name_fromtext(dname, &b, dns_rootname, 0);
if (ret != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_name_fromtext(dname, &b, dns_rootname, 0));
if (dns_name_compare(dname, name) != 0) {
ret = DNS_R_BADOWNERNAME;
result = DNS_R_BADOWNERNAME;
goto cleanup;
}
isc_buffer_clear(&b);
@ -999,8 +981,8 @@ parse_dnskey(isc_lex_t *lex, char *owner, isc_buffer_t *buf, dns_ttl_t *ttl) {
}
/* If it's a TTL, read the next one */
ret = dns_ttl_fromtext(&token.value.as_textregion, ttl);
if (ret == ISC_R_SUCCESS) {
result = dns_ttl_fromtext(&token.value.as_textregion, ttl);
if (result == ISC_R_SUCCESS) {
NEXTTOKEN(lex, opt, &token);
}
if (token.type != isc_tokentype_string) {
@ -1008,8 +990,8 @@ parse_dnskey(isc_lex_t *lex, char *owner, isc_buffer_t *buf, dns_ttl_t *ttl) {
}
/* If it's a class, read the next one */
ret = dns_rdataclass_fromtext(&rdclass, &token.value.as_textregion);
if (ret == ISC_R_SUCCESS) {
result = dns_rdataclass_fromtext(&rdclass, &token.value.as_textregion);
if (result == ISC_R_SUCCESS) {
NEXTTOKEN(lex, opt, &token);
}
if (token.type != isc_tokentype_string) {
@ -1021,12 +1003,12 @@ parse_dnskey(isc_lex_t *lex, char *owner, isc_buffer_t *buf, dns_ttl_t *ttl) {
BADTOKEN();
}
ret = dns_rdata_fromtext(NULL, rdclass, dns_rdatatype_dnskey, lex, name,
0, isc_g_mctx, buf, NULL);
result = dns_rdata_fromtext(NULL, rdclass, dns_rdatatype_dnskey, lex,
name, 0, isc_g_mctx, buf, NULL);
cleanup:
isc_lex_setcomments(lex, 0);
return ret;
return result;
}
static void
@ -1097,14 +1079,14 @@ request(ksr_ctx_t *ksr) {
char utc[sizeof("YYYYMMDDHHSSMM")];
isc_buffer_t b;
isc_region_t r;
isc_result_t ret;
isc_result_t result;
isc_stdtime_tostring(inception, timestr, sizeof(timestr));
isc_buffer_init(&b, utc, sizeof(utc));
ret = dns_time32_totext(inception, &b);
if (ret != ISC_R_SUCCESS) {
result = dns_time32_totext(inception, &b);
if (result != ISC_R_SUCCESS) {
fatal("failed to convert bundle time32 to text: %s",
isc_result_totext(ret));
isc_result_totext(result));
}
isc_buffer_usedregion(&b, &r);
fprintf(stdout, ";; KeySigningRequest 1.0 %.*s (%s)\n",
@ -1146,7 +1128,7 @@ sign(ksr_ctx_t *ksr) {
dns_dnsseckeylist_t keys;
dns_kasp_t *kasp = NULL;
dns_rdatalist_t *rdatalist = NULL;
isc_result_t ret;
isc_result_t result;
isc_stdtime_t inception;
isc_lex_t *lex = NULL;
isc_lexspecials_t specials;
@ -1172,14 +1154,15 @@ sign(ksr_ctx_t *ksr) {
specials[')'] = 1;
specials['"'] = 1;
isc_lex_setspecials(lex, specials);
ret = isc_lex_openfile(lex, ksr->file);
if (ret != ISC_R_SUCCESS) {
result = isc_lex_openfile(lex, ksr->file);
if (result != ISC_R_SUCCESS) {
fatal("unable to open KSR file %s: %s", ksr->file,
isc_result_totext(ret));
isc_result_totext(result));
}
for (ret = isc_lex_gettoken(lex, opt, &token); ret == ISC_R_SUCCESS;
ret = isc_lex_gettoken(lex, opt, &token))
for (result = isc_lex_gettoken(lex, opt, &token);
result == ISC_R_SUCCESS;
result = isc_lex_gettoken(lex, opt, &token))
{
if (token.type != isc_tokentype_string) {
fatal("bad KSR file %s(%lu): syntax error", ksr->file,
@ -1245,13 +1228,13 @@ sign(ksr_ctx_t *ksr) {
readline:
/* Read remainder of header line */
do {
ret = isc_lex_gettoken(lex, opt, &token);
if (ret != ISC_R_SUCCESS) {
result = isc_lex_gettoken(lex, opt, &token);
if (result != ISC_R_SUCCESS) {
fatal("bad KSR file %s(%lu): bad "
"header (%s)",
ksr->file,
isc_lex_getsourceline(lex),
isc_result_totext(ret));
isc_result_totext(result));
}
} while (token.type != isc_tokentype_eol);
} else {
@ -1268,11 +1251,11 @@ sign(ksr_ctx_t *ksr) {
rdata = isc_mem_get(isc_g_mctx, sizeof(*rdata));
dns_rdata_init(rdata);
isc_buffer_init(&buf, rdatabuf, sizeof(rdatabuf));
ret = parse_dnskey(lex, STR(token), &buf, &ttl);
if (ret != ISC_R_SUCCESS) {
result = parse_dnskey(lex, STR(token), &buf, &ttl);
if (result != ISC_R_SUCCESS) {
fatal("bad KSR file %s(%lu): bad DNSKEY (%s)",
ksr->file, isc_lex_getsourceline(lex),
isc_result_totext(ret));
isc_result_totext(result));
}
isc_buffer_usedregion(&buf, &r);
isc_buffer_allocate(isc_g_mctx, &newbuf, r.length);
@ -1290,7 +1273,7 @@ sign(ksr_ctx_t *ksr) {
}
}
if (ret != ISC_R_EOF) {
if (result != ISC_R_EOF) {
fatal("bad KSR file %s(%lu): trailing garbage data", ksr->file,
isc_lex_getsourceline(lex));
}
@ -1308,14 +1291,14 @@ sign(ksr_ctx_t *ksr) {
fprintf(stdout, ";; SignedKeyResponse 1.0 generated at %s by %s\n",
timestr, PACKAGE_VERSION);
fail:
cleanup:
isc_lex_destroy(&lex);
cleanup(&keys, kasp);
}
int
main(int argc, char *argv[]) {
isc_result_t ret;
isc_result_t result;
isc_buffer_t buf;
int ch;
char *endp;
@ -1354,10 +1337,10 @@ main(int argc, char *argv[]) {
break;
case 'K':
ksr.keydir = isc_commandline_argument;
ret = try_dir(ksr.keydir);
if (ret != ISC_R_SUCCESS) {
result = try_dir(ksr.keydir);
if (result != ISC_R_SUCCESS) {
fatal("cannot open directory %s: %s",
ksr.keydir, isc_result_totext(ret));
ksr.keydir, isc_result_totext(result));
}
break;
case 'k':
@ -1405,10 +1388,10 @@ main(int argc, char *argv[]) {
name = dns_fixedname_initname(&fname);
isc_buffer_init(&buf, argv[1], strlen(argv[1]));
isc_buffer_add(&buf, strlen(argv[1]));
ret = dns_name_fromtext(name, &buf, dns_rootname, 0);
if (ret != ISC_R_SUCCESS) {
result = dns_name_fromtext(name, &buf, dns_rootname, 0);
if (result != ISC_R_SUCCESS) {
fatal("invalid zone name %s: %s", argv[1],
isc_result_totext(ret));
isc_result_totext(result));
}
/* command */

64
bin/dnssec/dnssec-signzone.c
View file

@ -727,9 +727,9 @@ signset(dns_diff_t *del, dns_diff_t *add, dns_dbnode_t *node, dns_name_t *name,
*/
bool have_pre_sig = false;
uint32_t pre;
isc_result_t ret = dst_key_getnum(
key->key, DST_NUM_PREDECESSOR, &pre);
if (ret == ISC_R_SUCCESS) {
result = dst_key_getnum(key->key, DST_NUM_PREDECESSOR,
&pre);
if (result == ISC_R_SUCCESS) {
/*
* This key has a predecessor, look for the
* corresponding key in the keylist. The
@ -749,10 +749,10 @@ signset(dns_diff_t *del, dns_diff_t *add, dns_dbnode_t *node, dns_name_t *name,
{
continue;
}
ret = dst_key_getnum(curr->key,
DST_NUM_SUCCESSOR,
&suc);
if (ret != ISC_R_SUCCESS ||
result = dst_key_getnum(
curr->key, DST_NUM_SUCCESSOR,
&suc);
if (result != ISC_R_SUCCESS ||
dst_key_id(key->key) != suc)
{
continue;
@ -1377,18 +1377,12 @@ setsoaserial(uint32_t serial, dns_updatemethod_t method) {
uint32_t old_serial, new_serial = 0;
dns_updatemethod_t used = dns_updatemethod_none;
result = dns_db_getoriginnode(gdb, &node);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_db_getoriginnode(gdb, &node));
dns_rdataset_init(&rdataset);
result = dns_db_findrdataset(gdb, node, gversion, dns_rdatatype_soa, 0,
0, &rdataset, NULL);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_db_findrdataset(gdb, node, gversion, dns_rdatatype_soa, 0, 0,
&rdataset, NULL));
result = dns_rdataset_first(&rdataset);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
@ -2520,22 +2514,14 @@ loadzonekeys(bool preserve_keys, bool load_public) {
dns_rdataset_init(&keysigs);
/* Make note of the keys which signed the SOA, if any */
result = dns_db_findrdataset(gdb, node, currentversion,
dns_rdatatype_soa, 0, 0, &rdataset,
&soasigs);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_db_findrdataset(gdb, node, currentversion, dns_rdatatype_soa,
0, 0, &rdataset, &soasigs));
/* Preserve the TTL of the DNSKEY RRset, if any */
dns_rdataset_disassociate(&rdataset);
result = dns_db_findrdataset(gdb, node, currentversion,
dns_rdatatype_dnskey, 0, 0, &rdataset,
&keysigs);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_db_findrdataset(gdb, node, currentversion,
dns_rdatatype_dnskey, 0, 0, &rdataset,
&keysigs));
if (set_keyttl && keyttl != rdataset.ttl) {
fprintf(stderr,
@ -2886,12 +2872,8 @@ set_nsec3params(bool update, bool set_salt, bool set_optout, bool set_iter) {
dns_rdataset_init(&rdataset);
orig_saltlen = sizeof(orig_salt);
result = dns_db_getnsec3parameters(gdb, ver, &orig_hash, NULL,
&orig_iter, orig_salt,
&orig_saltlen);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_db_getnsec3parameters(gdb, ver, &orig_hash, NULL, &orig_iter,
orig_salt, &orig_saltlen));
nsec_datatype = dns_rdatatype_nsec3;
@ -2928,16 +2910,10 @@ set_nsec3params(bool update, bool set_salt, bool set_optout, bool set_iter) {
orig_saltlen);
check_result(result, "dns_nsec3_hashname");
result = dns_db_findnsec3node(gdb, hashname, false, &node);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_db_findnsec3node(gdb, hashname, false, &node));
result = dns_db_findrdataset(gdb, node, ver, dns_rdatatype_nsec3, 0, 0,
&rdataset, NULL);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_db_findrdataset(gdb, node, ver, dns_rdatatype_nsec3, 0, 0,
&rdataset, NULL));
result = dns_rdataset_first(&rdataset);
check_result(result, "dns_rdataset_first");

40
bin/named/builtin.c
View file

@ -166,10 +166,7 @@ putrr(bdbnode_t *node, const char *type, dns_ttl_t ttl, const char *data) {
origin = &node->bdb->common.origin;
isc_constregion_t r = { .base = type, .length = strlen(type) };
result = dns_rdatatype_fromtext(&typeval, (isc_textregion_t *)&r);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_rdatatype_fromtext(&typeval, (isc_textregion_t *)&r));
isc_lex_create(mctx, 64, &lex);
@ -177,10 +174,7 @@ putrr(bdbnode_t *node, const char *type, dns_ttl_t ttl, const char *data) {
isc_buffer_constinit(&b, data, datalen);
isc_buffer_add(&b, datalen);
result = isc_lex_openbuffer(lex, &b);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(isc_lex_openbuffer(lex, &b));
isc_buffer_allocate(mctx, &rb, DNS_RDATA_MAXLENGTH);
result = dns_rdata_fromtext(NULL, node->bdb->common.rdclass, typeval,
@ -535,7 +529,6 @@ hostname_lookup(bdbnode_t *node) {
static isc_result_t
authors_lookup(bdbnode_t *node) {
isc_result_t result;
const char **p = NULL;
static const char *authors[] = {
"Mark Andrews", "Curtis Blackburn",
@ -559,10 +552,7 @@ authors_lookup(bdbnode_t *node) {
}
for (p = authors; *p != NULL; p++) {
result = puttxt(node, *p);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(puttxt(node, *p));
}
return ISC_R_SUCCESS;
}
@ -591,14 +581,10 @@ empty_lookup(bdbnode_t *node) {
static isc_result_t
ipv4only_lookup(bdbnode_t *node) {
isc_result_t result;
unsigned char data[2][4] = { { 192, 0, 0, 170 }, { 192, 0, 0, 171 } };
for (int i = 0; i < 2; i++) {
result = putrdata(node, dns_rdatatype_a, 3600, data[i], 4);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(putrdata(node, dns_rdatatype_a, 3600, data[i], 4));
}
return ISC_R_SUCCESS;
}
@ -846,10 +832,7 @@ findnode(dns_db_t *db, const dns_name_t *name, bool create,
dns_name_getlabelsequence(name, 0, labels, &relname);
name = &relname;
result = createnode(bdb, &node);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(createnode(bdb, &node));
result = builtin_lookup(bdb, name, node);
if (result != ISC_R_SUCCESS && (!isorigin || result != ISC_R_NOTFOUND))
@ -1173,15 +1156,13 @@ create(isc_mem_t *mctx, const dns_name_t *origin, dns_dbtype_t type,
if (needargs) {
if (argc != 3) {
result = DNS_R_SYNTAX;
goto cleanup;
CLEANUP(DNS_R_SYNTAX);
}
bdb->server = isc_mem_strdup(isc_g_mctx, argv[1]);
bdb->contact = isc_mem_strdup(isc_g_mctx, argv[2]);
} else if (argc != 1) {
result = DNS_R_SYNTAX;
goto cleanup;
CLEANUP(DNS_R_SYNTAX);
}
bdb->common.magic = DNS_DB_MAGIC;
@ -1214,11 +1195,8 @@ isc_result_t
named_builtin_init(void) {
isc_result_t result;
result = dns_db_register("_builtin", create, &builtin, isc_g_mctx,
&builtin.dbimp);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_db_register("_builtin", create, &builtin, isc_g_mctx,
&builtin.dbimp));
result = dns_db_register("_dns64", create, &dns64, isc_g_mctx,
&dns64.dbimp);

42
bin/named/config.c
View file

@ -72,11 +72,8 @@ named_config_parsefile(cfg_obj_t **conf) {
ISC_LOG_INFO, "parsing user configuration from '%s'",
named_g_conffile);
result = cfg_parse_file(isc_g_mctx, named_g_conffile,
&cfg_type_namedconf, 0, conf);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(cfg_parse_file(isc_g_mctx, named_g_conffile, &cfg_type_namedconf,
0, conf));
/*
* Check the validity of the configuration.
@ -85,11 +82,7 @@ named_config_parsefile(cfg_obj_t **conf) {
* checked later when the modules are actually loaded and
* registered.)
*/
result = isccfg_check_namedconf(*conf, BIND_CHECK_ALGORITHMS,
isc_g_mctx);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(isccfg_check_namedconf(*conf, BIND_CHECK_ALGORITHMS, isc_g_mctx));
goto out;
@ -255,17 +248,13 @@ named_config_getzonetype(const cfg_obj_t *zonetypeobj) {
isc_result_t
named_config_getremotesdef(const cfg_obj_t *cctx, const char *list,
const char *name, const cfg_obj_t **ret) {
isc_result_t result;
const cfg_obj_t *obj = NULL;
REQUIRE(cctx != NULL);
REQUIRE(name != NULL);
REQUIRE(ret != NULL && *ret == NULL);
result = cfg_map_get(cctx, list, &obj);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(cfg_map_get(cctx, list, &obj));
CFG_LIST_FOREACH(obj, elt) {
obj = cfg_listelt_value(elt);
if (strcasecmp(cfg_obj_asstring(cfg_tuple_get(obj, "name")),
@ -568,24 +557,15 @@ named_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
/*
* Get system defaults.
*/
result = named_config_getport(config, "port", &def_port);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(named_config_getport(config, "port", &def_port));
result = named_config_getport(config, "tls-port", &def_tlsport);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(named_config_getport(config, "tls-port", &def_tlsport));
/*
* Process the (nested) list(s).
*/
result = getipandkeylist(def_port, def_tlsport, config, list,
(in_port_t)0, NULL, NULL, mctx, &s);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(getipandkeylist(def_port, def_tlsport, config, list, (in_port_t)0,
NULL, NULL, mctx, &s));
shrink_array(mctx, s.addrs, s.count, s.addrsallocated);
shrink_array(mctx, s.keys, s.count, s.keysallocated);
@ -713,7 +693,6 @@ named_config_getkeyalgorithm(const char *str, unsigned int *typep,
int i;
size_t len = 0;
uint16_t bits;
isc_result_t result;
for (i = 0; algorithms[i].str != NULL; i++) {
len = strlen(algorithms[i].str);
@ -728,10 +707,7 @@ named_config_getkeyalgorithm(const char *str, unsigned int *typep,
return ISC_R_NOTFOUND;
}
if (str[len] == '-') {
result = isc_parse_uint16(&bits, str + len + 1, 10);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(isc_parse_uint16(&bits, str + len + 1, 10));
if (bits > algorithms[i].size) {
return ISC_R_RANGE;
}

27
bin/named/control.c
View file

@ -37,15 +37,11 @@
static isc_result_t
getcommand(isc_lex_t *lex, char **cmdp) {
isc_result_t result;
isc_token_t token;
REQUIRE(cmdp != NULL && *cmdp == NULL);
result = isc_lex_gettoken(lex, ISC_LEXOPT_EOF, &token);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(isc_lex_gettoken(lex, ISC_LEXOPT_EOF, &token));
isc_lex_ungettoken(lex, &token);
@ -89,27 +85,15 @@ named_control_docommand(isccc_sexpr_t *message, bool readonly,
return ISC_R_FAILURE;
}
result = isccc_cc_lookupstring(data, "type", &cmdline);
if (result != ISC_R_SUCCESS) {
/*
* We have no idea what this is.
*/
return result;
}
RETERR(isccc_cc_lookupstring(data, "type", &cmdline));
isc_lex_create(isc_g_mctx, strlen(cmdline), &lex);
isc_buffer_init(&src, cmdline, strlen(cmdline));
isc_buffer_add(&src, strlen(cmdline));
result = isc_lex_openbuffer(lex, &src);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(isc_lex_openbuffer(lex, &src));
result = getcommand(lex, &command);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(getcommand(lex, &command));
/*
* Compare the 'command' parameter against all known control commands.
@ -140,8 +124,7 @@ named_control_docommand(isccc_sexpr_t *message, bool readonly,
"rejecting restricted control channel "
"command '%s'",
cmdline);
result = ISC_R_FAILURE;
goto cleanup;
CLEANUP(ISC_R_FAILURE);
}
isc_log_write(NAMED_LOGCATEGORY_GENERAL, NAMED_LOGMODULE_CONTROL,

38
bin/named/controlconf.c
View file

@ -149,14 +149,6 @@ ISC_REFCOUNT_DECL(controlconnection);
#define CLOCKSKEW 300
#define CHECK(x) \
{ \
result = (x); \
if (result != ISC_R_SUCCESS) { \
goto cleanup; \
} \
}
static void
free_controlkey(controlkey_t *key, isc_mem_t *mctx) {
if (key->keyname != NULL) {
@ -313,11 +305,8 @@ control_respond(controlconnection_t *conn) {
isc_region_t r;
isc_result_t result;
result = isccc_cc_createresponse(conn->request, conn->now,
conn->now + 60, &conn->response);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(isccc_cc_createresponse(conn->request, conn->now, conn->now + 60,
&conn->response));
if (conn->result == ISC_R_SHUTTINGDOWN) {
result = ISC_R_SUCCESS;
@ -453,14 +442,12 @@ control_recvmessage(isc_nmhandle_t *handle ISC_ATTR_UNUSED, isc_result_t result,
}
if (!match) {
result = ISCCC_R_BADAUTH;
goto cleanup;
CLEANUP(ISCCC_R_BADAUTH);
}
/* We shouldn't be getting a reply. */
if (isccc_cc_isreply(conn->request)) {
result = ISC_R_FAILURE;
goto cleanup;
CLEANUP(ISC_R_FAILURE);
}
conn->now = isc_stdtime_now();
@ -470,20 +457,17 @@ control_recvmessage(isc_nmhandle_t *handle ISC_ATTR_UNUSED, isc_result_t result,
*/
conn->ctrl = isccc_alist_lookup(conn->request, "_ctrl");
if (!isccc_alist_alistp(conn->ctrl)) {
result = ISC_R_FAILURE;
goto cleanup;
CLEANUP(ISC_R_FAILURE);
}
if (isccc_cc_lookupuint32(conn->ctrl, "_tim", &sent) == ISC_R_SUCCESS) {
if ((sent + CLOCKSKEW) < conn->now ||
(sent - CLOCKSKEW) > conn->now)
{
result = DNS_R_CLOCKSKEW;
goto cleanup;
CLEANUP(DNS_R_CLOCKSKEW);
}
} else {
result = ISC_R_FAILURE;
goto cleanup;
CLEANUP(ISC_R_FAILURE);
}
/*
@ -492,8 +476,7 @@ control_recvmessage(isc_nmhandle_t *handle ISC_ATTR_UNUSED, isc_result_t result,
if (isccc_cc_lookupuint32(conn->ctrl, "_exp", &exp) == ISC_R_SUCCESS &&
conn->now > exp)
{
result = DNS_R_EXPIRED;
goto cleanup;
CLEANUP(DNS_R_EXPIRED);
}
/*
@ -516,8 +499,7 @@ control_recvmessage(isc_nmhandle_t *handle ISC_ATTR_UNUSED, isc_result_t result,
ISC_R_SUCCESS ||
conn->nonce != nonce))
{
result = ISCCC_R_BADAUTH;
goto cleanup;
CLEANUP(ISCCC_R_BADAUTH);
}
isc_buffer_allocate(listener->mctx, &conn->text, 2 * 2048);
@ -1094,7 +1076,7 @@ add_listener(named_controls_t *cp, controllistener_t **listenerp,
if ((pf == AF_INET && isc_net_probeipv4() != ISC_R_SUCCESS) ||
(pf == AF_INET6 && isc_net_probeipv6() != ISC_R_SUCCESS))
{
CHECK(ISC_R_FAMILYNOSUPPORT);
CLEANUP(ISC_R_FAMILYNOSUPPORT);
}
CHECK(isc_nm_listentcp(ISC_NM_LISTEN_ONE, &listener->address,

13
bin/named/log.c
View file

@ -44,10 +44,7 @@ named_log_init(bool safe) {
named_log_setdefaultchannels(lcfg);
}
result = named_log_setdefaultcategory(lcfg);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(named_log_setdefaultcategory(lcfg));
named_log_setdefaultsslkeylogfile(lcfg);
rcu_read_unlock();
@ -199,12 +196,8 @@ isc_result_t
named_log_setdefaultcategory(isc_logconfig_t *lcfg) {
isc_result_t result = ISC_R_SUCCESS;
result = isc_log_usechannel(lcfg, "default_debug",
ISC_LOGCATEGORY_DEFAULT,
ISC_LOGMODULE_DEFAULT);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(isc_log_usechannel(lcfg, "default_debug", ISC_LOGCATEGORY_DEFAULT,
ISC_LOGMODULE_DEFAULT));
if (!named_g_logstderr) {
if (named_g_logfile != NULL) {

7
bin/named/logconf.c
View file

@ -28,13 +28,6 @@
#include <named/log.h>
#include <named/logconf.h>
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
/*%
* Set up a logging category according to the named.conf data
* in 'ccat' and add it to 'logconfig'.

627
bin/named/server.c
View file

File diff suppressed because it is too large Load diff

22
bin/named/statschannel.c
View file

@ -64,14 +64,6 @@
#define STATS_JSON_VERSION_MINOR "8"
#define STATS_JSON_VERSION STATS_JSON_VERSION_MAJOR "." STATS_JSON_VERSION_MINOR
#define CHECK(m) \
do { \
result = (m); \
if (result != ISC_R_SUCCESS) { \
goto cleanup; \
} \
} while (0)
struct named_statschannel {
/* Unlocked */
isc_httpdmgr_t *httpdmgr;
@ -2413,8 +2405,7 @@ zone_jsonrender(dns_zone_t *zone, void *arg) {
if (zonestats != NULL) {
json_object *counters = json_object_new_object();
if (counters == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup;
CLEANUP(ISC_R_NOMEMORY);
}
result = dump_stats(zonestats, isc_statsformat_json,
@ -2438,8 +2429,7 @@ zone_jsonrender(dns_zone_t *zone, void *arg) {
if (gluecachestats != NULL) {
json_object *counters = json_object_new_object();
if (counters == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup;
CLEANUP(ISC_R_NOMEMORY);
}
result = dump_stats(
@ -2592,8 +2582,7 @@ xfrin_jsonrender(dns_zone_t *zone, void *arg) {
}
if (xfrinobj == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup;
CLEANUP(ISC_R_NOMEMORY);
}
result = dns_zone_getxfr(zone, &xfr, &is_firstrefresh, &is_running,
@ -3175,8 +3164,7 @@ generatejson(named_server_t *server, size_t *msglen, const char **msg,
0);
if (result != ISC_R_SUCCESS) {
json_object_put(counters);
result = dumparg.result;
goto cleanup;
CHECK(dumparg.result);
}
json_object_object_add(res, "adb",
@ -3662,7 +3650,7 @@ add_listener(named_server_t *server, named_statschannel_t **listenerp,
if ((pf == AF_INET && isc_net_probeipv4() != ISC_R_SUCCESS) ||
(pf == AF_INET6 && isc_net_probeipv6() != ISC_R_SUCCESS))
{
CHECK(ISC_R_FAMILYNOSUPPORT);
CLEANUP(ISC_R_FAMILYNOSUPPORT);
}
CHECK(isc_httpdmgr_create(server->mctx, addr, client_ok,

4
bin/named/tkeyconf.c
View file

@ -21,6 +21,7 @@
#include <isccfg/cfg.h>
#include <named/log.h>
#include <named/tkeyconf.h>
void
@ -28,11 +29,10 @@ named_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx,
dns_tkeyctx_t **tctxp) {
isc_result_t result;
dns_tkeyctx_t *tctx = NULL;
const cfg_obj_t *obj;
const cfg_obj_t *obj = NULL;
dns_tkeyctx_create(mctx, &tctx);
obj = NULL;
result = cfg_map_get(options, "tkey-gssapi-keytab", &obj);
if (result == ISC_R_SUCCESS) {
const char *s = cfg_obj_asstring(obj);

23
bin/named/transportconf.c
View file

@ -36,7 +36,7 @@
result = (dns_name_fromtext(name, &namesrc, dns_rootname, \
DNS_NAME_DOWNCASE)); \
if (result != ISC_R_SUCCESS) { \
goto failure; \
goto cleanup; \
}
#define parse_transport_option(map, transport, name, setter) \
@ -126,7 +126,7 @@ add_doh_transports(const cfg_obj_t *transportlist, dns_transport_list_t *list) {
}
return ISC_R_SUCCESS;
failure:
cleanup:
cfg_obj_log(doh, ISC_LOG_ERROR, "configuring DoH '%s': %s", dohid,
isc_result_totext(result));
@ -147,8 +147,7 @@ add_tls_transports(const cfg_obj_t *transportlist, dns_transport_list_t *list) {
tlsid = cfg_obj_asstring(cfg_map_getname(tls));
if (!strcmp(tlsid, "ephemeral")) {
result = ISC_R_UNEXPECTEDTOKEN;
goto failure;
CLEANUP(ISC_R_UNEXPECTEDTOKEN);
}
create_name(tlsid, tlsname);
@ -176,18 +175,13 @@ add_tls_transports(const cfg_obj_t *transportlist, dns_transport_list_t *list) {
}
return ISC_R_SUCCESS;
failure:
cleanup:
cfg_obj_log(tls, ISC_LOG_ERROR, "configuring tls '%s': %s", tlsid,
isc_result_totext(result));
return result;
}
#define CHECK(f) \
if ((result = f) != ISC_R_SUCCESS) { \
goto failure; \
}
static isc_result_t
transport_list_fromconfig(const cfg_obj_t *config, dns_transport_list_t *list) {
const cfg_obj_t *obj = NULL;
@ -222,7 +216,7 @@ transport_list_add_ephemeral(dns_transport_list_t *list) {
dns_transport_set_tlsname(transport, "ephemeral");
return;
failure:
cleanup:
RUNTIME_CHECK(result == ISC_R_SUCCESS);
}
@ -237,10 +231,7 @@ named_transports_fromconfig(const cfg_obj_t *config, const cfg_obj_t *vconfig,
transport_list_add_ephemeral(list);
if (config != NULL) {
result = transport_list_fromconfig(config, list);
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(transport_list_fromconfig(config, list));
}
if (vconfig != NULL) {
@ -250,7 +241,7 @@ named_transports_fromconfig(const cfg_obj_t *config, const cfg_obj_t *vconfig,
*listp = list;
return ISC_R_SUCCESS;
failure:
cleanup:
dns_transport_list_detach(&list);
return result;
}

42
bin/named/tsigconf.c
View file

@ -38,7 +38,7 @@ add_initial_keys(const cfg_obj_t *list, dns_tsigkeyring_t *ring,
const char *keyid = NULL;
unsigned char *secret = NULL;
int secretalloc = 0;
isc_result_t ret;
isc_result_t result;
CFG_LIST_FOREACH(list, element) {
const cfg_obj_t *algobj = NULL;
@ -67,11 +67,8 @@ add_initial_keys(const cfg_obj_t *list, dns_tsigkeyring_t *ring,
*/
isc_buffer_constinit(&keynamesrc, keyid, strlen(keyid));
isc_buffer_add(&keynamesrc, strlen(keyid));
ret = dns_name_fromtext(keyname, &keynamesrc, dns_rootname,
DNS_NAME_DOWNCASE);
if (ret != ISC_R_SUCCESS) {
goto failure;
}
CHECK(dns_name_fromtext(keyname, &keynamesrc, dns_rootname,
DNS_NAME_DOWNCASE));
/*
* Create the algorithm.
@ -84,31 +81,27 @@ add_initial_keys(const cfg_obj_t *list, dns_tsigkeyring_t *ring,
"key '%s': has a "
"unsupported algorithm '%s'",
keyid, algstr);
ret = DNS_R_BADALG;
goto failure;
CLEANUP(DNS_R_BADALG);
}
secretstr = cfg_obj_asstring(secretobj);
secretalloc = secretlen = strlen(secretstr) * 3 / 4;
secret = isc_mem_get(mctx, secretlen);
isc_buffer_init(&secretbuf, secret, secretlen);
ret = isc_base64_decodestring(secretstr, &secretbuf);
if (ret != ISC_R_SUCCESS) {
goto failure;
}
CHECK(isc_base64_decodestring(secretstr, &secretbuf));
secretlen = isc_buffer_usedlength(&secretbuf);
ret = dns_tsigkey_create(keyname, alg, secret, secretlen, mctx,
&tsigkey);
result = dns_tsigkey_create(keyname, alg, secret, secretlen,
mctx, &tsigkey);
isc_mem_put(mctx, secret, secretalloc);
if (ret == ISC_R_SUCCESS) {
ret = dns_tsigkeyring_add(ring, tsigkey);
if (result == ISC_R_SUCCESS) {
result = dns_tsigkeyring_add(ring, tsigkey);
}
if (ret != ISC_R_SUCCESS) {
if (result != ISC_R_SUCCESS) {
if (tsigkey != NULL) {
dns_tsigkey_detach(&tsigkey);
}
goto failure;
goto cleanup;
}
/*
* Set digest bits.
@ -119,13 +112,13 @@ add_initial_keys(const cfg_obj_t *list, dns_tsigkeyring_t *ring,
return ISC_R_SUCCESS;
failure:
cleanup:
if (secret != NULL) {
isc_mem_put(mctx, secret, secretalloc);
}
cfg_obj_log(key, ISC_LOG_ERROR, "configuring key '%s': %s", keyid,
isc_result_totext(ret));
return ret;
isc_result_totext(result));
return result;
}
isc_result_t
@ -159,16 +152,13 @@ named_tsigkeyring_fromconfig(const cfg_obj_t *config, const cfg_obj_t *vconfig,
if (result != ISC_R_SUCCESS) {
continue;
}
result = add_initial_keys(keylist, ring, mctx);
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(add_initial_keys(keylist, ring, mctx));
}
*ringp = ring;
return ISC_R_SUCCESS;
failure:
cleanup:
dns_tsigkeyring_detach(&ring);
return result;
}

50
bin/named/zoneconf.c
View file

@ -62,13 +62,6 @@ typedef enum {
allow_update_forwarding
} acl_type_t;
#define CHECK(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
/*%
* Convenience function for configuring a single zone ACL.
*/
@ -78,7 +71,6 @@ configure_zone_acl(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,
cfg_aclconfctx_t *aclctx, dns_zone_t *zone,
void (*setzacl)(dns_zone_t *, dns_acl_t *),
void (*clearzacl)(dns_zone_t *)) {
isc_result_t result;
const cfg_obj_t *maps[6] = { 0 };
const cfg_obj_t *aclobj = NULL;
int i = 0;
@ -176,11 +168,7 @@ configure_zone_acl(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,
}
parse_acl:
result = cfg_acl_fromconfig(aclobj, config, aclctx, isc_g_mctx, 0,
&acl);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(cfg_acl_fromconfig(aclobj, config, aclctx, isc_g_mctx, 0, &acl));
(*setzacl)(zone, acl);
/* Set the view default now */
@ -376,8 +364,7 @@ configure_zone_ssutable(const cfg_obj_t *zconfig, const cfg_obj_t *tconfig,
"failed to enable auto DDNS policy "
"for zone %s: session key not found",
zname);
result = ISC_R_NOTFOUND;
goto cleanup;
CLEANUP(ISC_R_NOTFOUND);
}
dns_ssutable_addrule(
@ -566,12 +553,9 @@ configure_staticstub(const cfg_obj_t *zconfig, const cfg_obj_t *tconfig,
isc_region_t region;
/* Create the DB beforehand */
result = dns_db_create(mctx, dbtype, dns_zone_getorigin(zone),
dns_dbtype_stub, dns_zone_getclass(zone), 0,
NULL, &db);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_db_create(mctx, dbtype, dns_zone_getorigin(zone),
dns_dbtype_stub, dns_zone_getclass(zone), 0, NULL,
&db));
dns_rdataset_init(&rdataset);
@ -616,8 +600,7 @@ configure_staticstub(const cfg_obj_t *zconfig, const cfg_obj_t *tconfig,
"No NS record is configured for a "
"static-stub zone '%s'",
zname);
result = ISC_R_FAILURE;
goto cleanup;
CLEANUP(ISC_R_FAILURE);
}
/*
@ -703,8 +686,6 @@ zonetype_fromconfig(const cfg_obj_t *zmap, const cfg_obj_t *tmap) {
static isc_result_t
strtoargvsub(isc_mem_t *mctx, char *s, unsigned int *argcp, char ***argvp,
unsigned int n) {
isc_result_t result;
/* Discard leading whitespace. */
while (*s == ' ' || *s == '\t') {
s++;
@ -723,10 +704,7 @@ strtoargvsub(isc_mem_t *mctx, char *s, unsigned int *argcp, char ***argvp,
*p++ = '\0';
}
result = strtoargvsub(mctx, p, argcp, argvp, n + 1);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(strtoargvsub(mctx, p, argcp, argvp, n + 1));
(*argvp)[n] = s;
}
return ISC_R_SUCCESS;
@ -1926,10 +1904,7 @@ named_zone_configure_writeable_dlz(dns_dlzdb_t *dlzdatabase, dns_zone_t *zone,
isc_result_t result;
dns_zone_settype(zone, dns_zone_dlz);
result = dns_sdlz_setdb(dlzdatabase, rdclass, name, &db);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_sdlz_setdb(dlzdatabase, rdclass, name, &db));
result = dns_zone_dlzpostload(zone, db);
dns_db_detach(&db);
return result;
@ -2141,12 +2116,9 @@ named_zone_loadplugins(dns_zone_t *zone, const cfg_obj_t *config,
ns_plugins_create(zmctx, &hookdata.plugins);
dns_zone_setplugins(zone, hookdata.plugins, ns_plugins_free);
result = cfg_pluginlist_foreach(config, tpluginlist, aclctx,
named_register_one_plugin,
&hookdata);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(cfg_pluginlist_foreach(config, tpluginlist, aclctx,
named_register_one_plugin,
&hookdata));
result = cfg_pluginlist_foreach(config, zpluginlist, aclctx,
named_register_one_plugin,

12
bin/nsupdate/nsupdate.c
View file

@ -569,16 +569,10 @@ read_sessionkey(isc_mem_t *mctx) {
return ISC_R_FILENOTFOUND;
}
result = cfg_parse_file(mctx, keyfile, &cfg_type_sessionkey, 0,
&sessionkey);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(cfg_parse_file(mctx, keyfile, &cfg_type_sessionkey, 0,
&sessionkey));
result = cfg_map_get(sessionkey, "key", &key);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(cfg_map_get(sessionkey, "key", &key));
(void)cfg_map_get(key, "secret", &secretobj);
(void)cfg_map_get(key, "algorithm", &algorithmobj);

8
bin/plugins/filter-a.c
View file

@ -46,14 +46,6 @@
#include <ns/query.h>
#include <ns/types.h>
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) { \
goto cleanup; \
} \
} while (0)
/*
* Possible values for the settings of filter-a-on-v6 and
* filter-a-on-v4: "no" is NONE, "yes" is FILTER, "break-dnssec"

8
bin/plugins/filter-aaaa.c
View file

@ -46,14 +46,6 @@
#include <ns/query.h>
#include <ns/types.h>
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) { \
goto cleanup; \
} \
} while (0)
/*
* Possible values for the settings of filter-aaaa-on-v4 and
* filter-aaaa-on-v6: "no" is NONE, "yes" is FILTER, "break-dnssec"

28
bin/plugins/synthrecord.c
View file

@ -21,14 +21,6 @@
#include <ns/hooks.h>
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) { \
goto cleanup; \
} \
} while (0)
#define DEFAULT_TTL 300
typedef enum { UNDEFINED, FORWARD, REVERSE } synthrecord_mode_t;
@ -70,7 +62,6 @@ synthrecord_reverseanswer(synthrecord_t *inst, isc_netaddr_t *na,
isc_buffer_t addrb;
char addrbdata[DNS_NAME_FORMATSIZE];
isc_region_t addrr;
isc_result_t result;
REQUIRE(DNS_NAME_VALID(synthname));
REQUIRE(na->family == AF_INET || na->family == AF_INET6);
@ -79,10 +70,7 @@ synthrecord_reverseanswer(synthrecord_t *inst, isc_netaddr_t *na,
isc_buffer_copyregion(&b, &inst->prefix);
isc_buffer_init(&addrb, addrbdata, sizeof(addrbdata));
result = isc_netaddr_totext(na, &addrb);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(isc_netaddr_totext(na, &addrb));
/*
* IDN compatibility, as an IPv6 begining or ending with `::` will be
@ -476,11 +464,8 @@ synthrecord_initorigin(synthrecord_t *inst, const cfg_obj_t *synthrecordcfg,
dns_name_init(&inst->origin);
if (result == ISC_R_SUCCESS) {
originstr = cfg_obj_asstring(obj);
result = dns_name_fromstring(&inst->origin, originstr, NULL, 0,
inst->mctx);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_name_fromstring(&inst->origin, originstr, NULL, 0,
inst->mctx));
if (!dns_name_isabsolute(&inst->origin)) {
isc_log_write(NS_LOGCATEGORY_GENERAL,
@ -525,11 +510,8 @@ synthrecord_parseallowsynth(synthrecord_t *inst, const cfg_obj_t *cfg,
return result;
}
result = cfg_acl_fromconfig(obj, cfg, aclctx, inst->mctx, 0,
&inst->allowedsynth);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(cfg_acl_fromconfig(obj, cfg, aclctx, inst->mctx, 0,
&inst->allowedsynth));
for (unsigned int i = 0; i < inst->allowedsynth->length; i++) {
switch (inst->allowedsynth->elements[i].type) {

46
bin/tests/system/dlzexternal/driver/driver.c
View file

@ -49,13 +49,6 @@ dlz_dlopen_addrdataset_t dlz_addrdataset;
dlz_dlopen_subrdataset_t dlz_subrdataset;
dlz_dlopen_delrdataset_t dlz_delrdataset;
#define CHECK(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#define loginfo(...) \
({ \
if ((state != NULL) && (state->log != NULL)) \
@ -258,7 +251,6 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[], void **dbdata,
const char *helper_name;
va_list ap;
char soa_data[sizeof("@ hostmaster.root 123 900 600 86400 3600")];
isc_result_t result;
size_t n;
UNUSED(dlzname);
@ -306,7 +298,8 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[], void **dbdata,
}
if (n >= sizeof(soa_data)) {
CHECK(ISC_R_NOSPACE);
free(state);
return ISC_R_NOSPACE;
}
add_name(state, &state->current[0], state->zone_name, "soa", 3600,
@ -320,10 +313,6 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[], void **dbdata,
*dbdata = state;
return ISC_R_SUCCESS;
failure:
free(state);
return result;
}
/*
@ -513,10 +502,7 @@ dlz_lookup(const char *zone, const char *name, void *dbdata,
loginfo("dlz_example: lookup connection from %s", buf);
found = true;
result = state->putrr(lookup, "TXT", 0, buf);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(state->putrr(lookup, "TXT", 0, buf));
}
if (strcmp(name, "too-long") == 0 ||
@ -527,10 +513,7 @@ dlz_lookup(const char *zone, const char *name, void *dbdata,
}
buf[i] = '\0';
found = true;
result = state->putrr(lookup, "TXT", 0, buf);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(state->putrr(lookup, "TXT", 0, buf));
}
/* Tests for DLZ redirection zones */
@ -556,12 +539,9 @@ dlz_lookup(const char *zone, const char *name, void *dbdata,
for (i = 0; i < MAX_RECORDS; i++) {
if (strcasecmp(state->current[i].name, full_name) == 0) {
found = true;
result = state->putrr(lookup, state->current[i].type,
state->current[i].ttl,
state->current[i].data);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(state->putrr(lookup, state->current[i].type,
state->current[i].ttl,
state->current[i].data));
}
}
@ -627,17 +607,13 @@ dlz_allnodes(const char *zone, void *dbdata, dns_sdlzallnodes_t *allnodes) {
}
for (i = 0; i < MAX_RECORDS; i++) {
isc_result_t result;
if (strlen(state->current[i].name) == 0U) {
continue;
}
result = state->putnamedrr(allnodes, state->current[i].name,
state->current[i].type,
state->current[i].ttl,
state->current[i].data);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(state->putnamedrr(allnodes, state->current[i].name,
state->current[i].type,
state->current[i].ttl,
state->current[i].data));
}
return ISC_R_SUCCESS;

3
bin/tests/system/dyndb/driver/instance.c
View file

@ -78,8 +78,7 @@ parse_params(isc_mem_t *mctx, int argc, char **argv, dns_name_t *z1,
if (argc != 2) {
log_error("exactly two parameters "
"(absolute zone names) are required");
result = ISC_R_FAILURE;
goto cleanup;
CLEANUP(ISC_R_FAILURE);
}
result = dns_name_fromstring(z1, argv[0], dns_rootname, 0, mctx);
if (result != ISC_R_SUCCESS) {

13
bin/tests/system/dyndb/driver/util.h
View file

@ -38,16 +38,3 @@
#include <dns/types.h>
#include "log.h"
#define CLEANUP_WITH(result_code) \
do { \
result = (result_code); \
goto cleanup; \
} while (0)
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)

10
bin/tests/system/dyndb/driver/zone.c
View file

@ -130,8 +130,8 @@ publish_zone(sample_instance_t *inst, dns_zone_t *zone) {
/* Return success if the zone is already in the view as expected. */
result = dns_view_findzone(inst->view, dns_zone_getorigin(zone),
DNS_ZTFIND_EXACT, &zone_in_view);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
goto cleanup;
if (result != ISC_R_NOTFOUND) {
CHECK(result);
}
view_in_zone = dns_zone_getview(zone);
@ -139,7 +139,7 @@ publish_zone(sample_instance_t *inst, dns_zone_t *zone) {
/* Zone has a view set -> view should contain the same zone. */
if (zone_in_view == zone) {
/* Zone is already published in the right view. */
CLEANUP_WITH(ISC_R_SUCCESS);
CLEANUP(ISC_R_SUCCESS);
} else if (view_in_zone != inst->view) {
/*
* Un-published inactive zone will have
@ -149,7 +149,7 @@ publish_zone(sample_instance_t *inst, dns_zone_t *zone) {
dns_zone_log(zone, ISC_LOG_ERROR,
"zone->view doesn't "
"match data in the view");
CLEANUP_WITH(ISC_R_UNEXPECTED);
CLEANUP(ISC_R_UNEXPECTED);
}
}
@ -157,7 +157,7 @@ publish_zone(sample_instance_t *inst, dns_zone_t *zone) {
dns_zone_log(zone, ISC_LOG_ERROR,
"cannot publish zone: view already "
"contains another zone with this name");
CLEANUP_WITH(ISC_R_UNEXPECTED);
CLEANUP(ISC_R_UNEXPECTED);
}
if (inst->view->frozen) {

8
bin/tests/system/hooks/driver/test-async.c
View file

@ -35,14 +35,6 @@
#include <ns/query.h>
#include <ns/types.h>
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) { \
goto cleanup; \
} \
} while (0)
/*
* Persistent data for use by this module. This will be associated
* with client object address in the hash table, and will remain

15
bin/tests/system/hooks/driver/test-syncplugin.c
View file

@ -28,14 +28,6 @@ typedef struct {
char *firstlbl;
} syncplugin_t;
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) { \
goto cleanup; \
} \
} while (0)
static ns_hookresult_t
syncplugin__hook(void *arg, void *cbdata, isc_result_t *resp) {
query_ctx_t *qctx = (query_ctx_t *)arg;
@ -82,14 +74,11 @@ static cfg_type_t syncplugin__cfgparams = {
static isc_result_t
syncplugin__parse_rcode(const cfg_obj_t *syncplugincfg, uint8_t *rcode) {
isc_result_t result;
isc_result_t result = ISC_R_SUCCESS;
const cfg_obj_t *obj = NULL;
const char *rcodestr = NULL;
result = cfg_map_get(syncplugincfg, "rcode", &obj);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(cfg_map_get(syncplugincfg, "rcode", &obj));
rcodestr = obj->value.string.base;

14
bin/tests/system/pipelined/pipequeries.c
View file

@ -43,7 +43,7 @@
#include <dns/types.h>
#include <dns/view.h>
#define CHECK(str, x) \
#define CHECKM(str, x) \
{ \
if ((x) != ISC_R_SUCCESS) { \
fprintf(stderr, "I:%s: %s\n", (str), \
@ -84,7 +84,7 @@ recvresponse(void *arg) {
result = dns_request_getresponse(request, response,
DNS_MESSAGEPARSE_PRESERVEORDER);
CHECK("dns_request_getresponse", result);
CHECKM("dns_request_getresponse", result);
if (response->rcode != dns_rcode_noerror) {
result = dns_result_fromrcode(response->rcode);
@ -101,7 +101,7 @@ recvresponse(void *arg) {
result = dns_message_sectiontotext(
response, DNS_SECTION_ANSWER, &dns_master_style_simple,
DNS_MESSAGETEXTFLAG_NOCOMMENTS, &outbuf);
CHECK("dns_message_sectiontotext", result);
CHECKM("dns_message_sectiontotext", result);
printf("%.*s", (int)isc_buffer_usedlength(&outbuf),
(char *)isc_buffer_base(&outbuf));
fflush(stdout);
@ -140,7 +140,7 @@ sendquery(void) {
isc_buffer_add(&buf, strlen(host));
result = dns_name_fromtext(dns_fixedname_name(&queryname), &buf,
dns_rootname, 0);
CHECK("dns_name_fromtext", result);
CHECKM("dns_name_fromtext", result);
dns_message_create(isc_g_mctx, NULL, NULL, DNS_MESSAGE_INTENTRENDER,
&message);
@ -164,7 +164,7 @@ sendquery(void) {
requestmgr, message, have_src ? &srcaddr : NULL, &dstaddr, NULL,
NULL, DNS_REQUESTOPT_TCP, NULL, TIMEOUT, TIMEOUT, 0, 0,
isc_loop_main(), recvresponse, message, &request);
CHECK("dns_request_create", result);
CHECKM("dns_request_create", result);
return ISC_R_SUCCESS;
}
@ -258,13 +258,13 @@ main(int argc, char *argv[]) {
result = ISC_R_FAILURE;
if (inet_pton(AF_INET, "10.53.0.7", &inaddr) != 1) {
CHECK("inet_pton", result);
CHECKM("inet_pton", result);
}
isc_sockaddr_fromin(&srcaddr, &inaddr, 0);
result = ISC_R_FAILURE;
if (inet_pton(AF_INET, "10.53.0.4", &inaddr) != 1) {
CHECK("inet_pton", result);
CHECKM("inet_pton", result);
}
isc_sockaddr_fromin(&dstaddr, &inaddr, port);

24
bin/tests/system/rsabigexponent/bigkey.c
View file

@ -57,7 +57,7 @@ RSA *rsa;
BIGNUM *e;
EVP_PKEY *pkey;
#define CHECK(op, msg) \
#define CHECKM(op, msg) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) { \
@ -116,22 +116,20 @@ main(int argc, char **argv) {
name = dns_fixedname_initname(&fname);
isc_buffer_constinit(&buf, "example.", strlen("example."));
isc_buffer_add(&buf, strlen("example."));
CHECK(dns_name_fromtext(name, &buf, dns_rootname, 0, NULL), "dns_name_"
"fromtext("
"\"example."
"\")");
CHECKM(dns_name_fromtext(name, &buf, dns_rootname, 0, NULL),
"dns_name_fromtext(\"example.\")");
CHECK(dst_key_buildinternal(name, DNS_KEYALG_RSASHA256, bits,
DNS_KEYOWNER_ZONE, DNS_KEYPROTO_DNSSEC,
dns_rdataclass_in, pkey, isc_g_mctx, &key),
"dst_key_buildinternal(...)");
CHECKM(dst_key_buildinternal(name, DNS_KEYALG_RSASHA256, bits,
DNS_KEYOWNER_ZONE, DNS_KEYPROTO_DNSSEC,
dns_rdataclass_in, pkey, isc_g_mctx, &key),
"dst_key_buildinternal(...)");
CHECK(dst_key_tofile(key, DST_TYPE_PRIVATE | DST_TYPE_PUBLIC, NULL),
"dst_key_tofile()");
CHECKM(dst_key_tofile(key, DST_TYPE_PRIVATE | DST_TYPE_PUBLIC, NULL),
"dst_key_tofile()");
isc_buffer_init(&buf, filename, sizeof(filename) - 1);
isc_buffer_clear(&buf);
CHECK(dst_key_buildfilename(key, 0, NULL, &buf), "dst_key_"
"buildfilename()");
CHECKM(dst_key_buildfilename(key, 0, NULL, &buf),
"dst_key_buildfilename()");
printf("%s\n", filename);
dst_key_free(&key);

85
bin/tools/mdig.c
View file

@ -53,7 +53,7 @@
#include <dns/types.h>
#include <dns/view.h>
#define CHECK(str, x) \
#define CHECKM(str, x) \
{ \
if ((x) != ISC_R_SUCCESS) { \
fprintf(stderr, "mdig: %s failed with %s\n", (str), \
@ -221,7 +221,7 @@ recvresponse(void *arg) {
msgbuf = dns_request_getanswer(request);
result = dns_request_getresponse(request, response, parseflags);
CHECK("dns_request_getresponse", result);
CHECKM("dns_request_getresponse", result);
styleflags |= DNS_STYLEFLAG_REL_OWNER;
if (yaml) {
@ -277,7 +277,7 @@ recvresponse(void *arg) {
48, 80, 8, display_splitwidth,
isc_g_mctx);
}
CHECK("dns_master_stylecreate2", result);
CHECKM("dns_master_stylecreate2", result);
flags = 0;
if (!display_headers) {
@ -341,7 +341,7 @@ recvresponse(void *arg) {
printf(" %s:\n", "response_message_data");
result = dns_message_headertotext(response, style, flags, buf);
CHECK("dns_message_headertotext", result);
CHECKM("dns_message_headertotext", result);
} else if (display_comments && !display_short_form) {
printf(";; Got answer:\n");
@ -404,7 +404,7 @@ repopulate_buffer:
isc_buffer_allocate(isc_g_mctx, &buf, len);
goto repopulate_buffer;
}
CHECK("dns_message_pseudosectiontotext", result);
CHECKM("dns_message_pseudosectiontotext", result);
}
if (display_question && display_headers && !display_short_form) {
@ -413,7 +413,7 @@ repopulate_buffer:
if (result == ISC_R_NOSPACE) {
goto buftoosmall;
}
CHECK("dns_message_sectiontotext", result);
CHECKM("dns_message_sectiontotext", result);
}
if (display_answer && !display_short_form) {
@ -422,7 +422,7 @@ repopulate_buffer:
if (result == ISC_R_NOSPACE) {
goto buftoosmall;
}
CHECK("dns_message_sectiontotext", result);
CHECKM("dns_message_sectiontotext", result);
} else if (display_answer) {
dns_name_t empty_name;
unsigned int answerstyleflags = 0;
@ -447,8 +447,7 @@ repopulate_buffer:
if (result == ISC_R_NOSPACE) {
goto buftoosmall;
}
CHECK("dns_rdata_tofmttext", result);
CHECKM("dns_rdata_tofmttext", result);
if (strlen("\n") >=
isc_buffer_availablelength(buf))
{
@ -466,7 +465,7 @@ repopulate_buffer:
if (result == ISC_R_NOSPACE) {
goto buftoosmall;
}
CHECK("dns_message_sectiontotext", result);
CHECKM("dns_message_sectiontotext", result);
}
if (display_additional && !display_short_form) {
@ -475,7 +474,7 @@ repopulate_buffer:
if (result == ISC_R_NOSPACE) {
goto buftoosmall;
}
CHECK("dns_message_sectiontotext", result);
CHECKM("dns_message_sectiontotext", result);
}
if (display_additional && !display_short_form && display_headers) {
@ -487,13 +486,13 @@ repopulate_buffer:
if (result == ISC_R_NOSPACE) {
goto buftoosmall;
}
CHECK("dns_message_pseudosectiontotext", result);
CHECKM("dns_message_pseudosectiontotext", result);
result = dns_message_pseudosectiontotext(
response, DNS_PSEUDOSECTION_SIG0, style, flags, buf);
if (result == ISC_R_NOSPACE) {
goto buftoosmall;
}
CHECK("dns_message_pseudosectiontotext", result);
CHECKM("dns_message_pseudosectiontotext", result);
}
if (display_headers && display_comments && !display_short_form && !yaml)
@ -549,7 +548,7 @@ sendquery(struct query *query) {
isc_buffer_add(&buf, strlen(query->textname));
result = dns_name_fromtext(dns_fixedname_name(&queryname), &buf,
dns_rootname, 0);
CHECK("dns_name_fromtext", result);
CHECKM("dns_name_fromtext", result);
dns_message_create(isc_g_mctx, NULL, NULL, DNS_MESSAGE_INTENTRENDER,
&message);
@ -608,7 +607,7 @@ sendquery(struct query *query) {
if (query->nsid) {
dns_ednsopt_t option = { .code = DNS_OPT_NSID };
result = dns_message_ednsaddopt(message, &option);
CHECK("dns_message_ednsaddopt", result);
CHECKM("dns_message_ednsaddopt", result);
}
if (query->ecs_addr != NULL) {
@ -663,7 +662,7 @@ sendquery(struct query *query) {
.length = (uint16_t)addrl +
4 };
result = dns_message_ednsaddopt(message, &option);
CHECK("dns_message_ednsaddopt", result);
CHECKM("dns_message_ednsaddopt", result);
}
if (query->send_cookie) {
@ -674,7 +673,7 @@ sendquery(struct query *query) {
isc_buffer_init(&b, cookie, sizeof(cookie));
result = isc_hex_decodestring(query->cookie,
&b);
CHECK("isc_hex_decodestring", result);
CHECKM("isc_hex_decodestring", result);
option.value = isc_buffer_base(&b);
option.length = isc_buffer_usedlength(&b);
} else {
@ -684,25 +683,25 @@ sendquery(struct query *query) {
}
result = dns_message_ednsaddopt(message, &option);
CHECK("dns_message_ednsaddopt", result);
CHECKM("dns_message_ednsaddopt", result);
}
if (query->expire) {
dns_ednsopt_t option = { .code = DNS_OPT_EXPIRE };
result = dns_message_ednsaddopt(message, &option);
CHECK("dns_message_ednsaddopt", result);
CHECKM("dns_message_ednsaddopt", result);
}
if (query->ednsoptscnt != 0) {
for (size_t i = 0; i < query->ednsoptscnt; i++) {
result = dns_message_ednsaddopt(
message, &query->ednsopts[i]);
CHECK("dns_message_ednsaddopt", result);
CHECKM("dns_message_ednsaddopt", result);
}
}
result = dns_message_setopt(message);
CHECK("dns_message_setopt", result);
CHECKM("dns_message_setopt", result);
}
if (tcp_mode) {
@ -714,7 +713,7 @@ sendquery(struct query *query) {
NULL, options, NULL, query->timeout, query->timeout,
query->udptimeout, query->udpretries, isc_loop_main(),
recvresponse, message, &request);
CHECK("dns_request_create", result);
CHECKM("dns_request_create", result);
return ISC_R_SUCCESS;
}
@ -928,7 +927,7 @@ save_opt(struct query *query, char *code, char *value) {
buf = isc_mem_allocate(isc_g_mctx, strlen(value) / 2 + 1);
isc_buffer_init(&b, buf, strlen(value) / 2 + 1);
result = isc_hex_decodestring(value, &b);
CHECK("isc_hex_decodestring", result);
CHECKM("isc_hex_decodestring", result);
query->ednsopts[query->ednsoptscnt].value = isc_buffer_base(&b);
query->ednsopts[query->ednsoptscnt].length =
isc_buffer_usedlength(&b);
@ -1025,9 +1024,9 @@ reverse_octets(const char *in, char **p, char *end) {
if (dot != NULL) {
isc_result_t result;
result = reverse_octets(dot + 1, p, end);
CHECK("reverse_octets", result);
CHECKM("reverse_octets", result);
result = append(".", 1, p, end);
CHECK("append", result);
CHECKM("append", result);
len = (int)(dot - in);
} else {
len = strlen(in);
@ -1050,7 +1049,7 @@ get_reverse(char *reverse, size_t len, const char *value) {
name = dns_fixedname_initname(&fname);
result = dns_byaddr_createptrname(&addr, name);
CHECK("dns_byaddr_createptrname", result);
CHECKM("dns_byaddr_createptrname", result);
dns_name_format(name, reverse, (unsigned int)len);
return;
} else {
@ -1064,10 +1063,10 @@ get_reverse(char *reverse, size_t len, const char *value) {
char *p = reverse;
char *end = reverse + len;
result = reverse_octets(value, &p, end);
CHECK("reverse_octets", result);
CHECKM("reverse_octets", result);
/* Append .in-addr.arpa. and a terminating NUL. */
result = append(".in-addr.arpa.", 15, &p, end);
CHECK("append", result);
CHECKM("append", result);
return;
}
}
@ -1184,7 +1183,7 @@ plus_option(char *option, struct query *query, bool global) {
}
result = parse_uint(&num, value, COMMSIZE,
"buffer size");
CHECK("parse_uint(buffer size)", result);
CHECKM("parse_uint(buffer size)", result);
query->udpsize = num;
break;
case 'r': /* burst */
@ -1294,8 +1293,8 @@ plus_option(char *option, struct query *query, bool global) {
result = parse_uint(&num, value,
255,
"edns");
CHECK("parse_uint(edns)",
result);
CHECKM("parse_uint(edns)",
result);
query->edns = num;
break;
case 'f':
@ -1311,8 +1310,8 @@ plus_option(char *option, struct query *query, bool global) {
result = parse_xint(
&num, value, 0xffff,
"ednsflags");
CHECK("parse_xint(ednsflags)",
result);
CHECKM("parse_xint(ednsflags)",
result);
if (query->edns == -1) {
query->edns = 1;
}
@ -1394,7 +1393,7 @@ plus_option(char *option, struct query *query, bool global) {
}
result = parse_uint(&query->udpretries, value,
MAXTRIES - 1, "udpretries");
CHECK("parse_uint(udpretries)", result);
CHECKM("parse_uint(udpretries)", result);
break;
default:
goto invalid_option;
@ -1458,7 +1457,7 @@ plus_option(char *option, struct query *query, bool global) {
if (display_splitwidth) {
display_splitwidth += 3;
}
CHECK("parse_uint(split)", result);
CHECKM("parse_uint(split)", result);
break;
case 'u': /* subnet */
FULLCHECK("subnet");
@ -1476,7 +1475,7 @@ plus_option(char *option, struct query *query, bool global) {
query->edns = 0;
}
result = parse_netprefix(&query->ecs_addr, value);
CHECK("parse_netprefix", result);
CHECKM("parse_netprefix", result);
break;
default:
goto invalid_option;
@ -1499,7 +1498,7 @@ plus_option(char *option, struct query *query, bool global) {
}
result = parse_uint(&query->timeout, value, MAXTIMEOUT,
"timeout");
CHECK("parse_uint(timeout)", result);
CHECKM("parse_uint(timeout)", result);
if (query->timeout == 0) {
query->timeout = 1;
}
@ -1514,7 +1513,7 @@ plus_option(char *option, struct query *query, bool global) {
}
result = parse_uint(&query->udpretries, value, MAXTRIES,
"udpretries");
CHECK("parse_uint(udpretries)", result);
CHECKM("parse_uint(udpretries)", result);
if (query->udpretries > 0) {
query->udpretries -= 1;
}
@ -1559,7 +1558,7 @@ plus_option(char *option, struct query *query, bool global) {
}
result = parse_uint(&query->udptimeout, value,
MAXTIMEOUT, "udptimeout");
CHECK("parse_uint(udptimeout)", result);
CHECKM("parse_uint(udptimeout)", result);
break;
case 'n':
FULLCHECK("unknownformat");
@ -1689,7 +1688,7 @@ dash_option(const char *option, char *next, struct query *query, bool global,
if (hash != NULL) {
result = parse_uint(&num, hash + 1, MAXPORT,
"port number");
CHECK("parse_uint(srcport)", result);
CHECKM("parse_uint(srcport)", result);
srcport = num;
*hash = '\0';
} else {
@ -1717,7 +1716,7 @@ dash_option(const char *option, char *next, struct query *query, bool global,
tr.length = strlen(value);
result = dns_rdataclass_fromtext(&rdclass,
(isc_textregion_t *)&tr);
CHECK("dns_rdataclass_fromtext", result);
CHECKM("dns_rdataclass_fromtext", result);
query->rdclass = rdclass;
return value_from_next;
case 'f':
@ -1726,7 +1725,7 @@ dash_option(const char *option, char *next, struct query *query, bool global,
case 'p':
GLOBAL();
result = parse_uint(&num, value, MAXPORT, "port number");
CHECK("parse_uint(port)", result);
CHECKM("parse_uint(port)", result);
port = num;
return value_from_next;
case 't':
@ -1734,7 +1733,7 @@ dash_option(const char *option, char *next, struct query *query, bool global,
tr.length = strlen(value);
result = dns_rdatatype_fromtext(&rdtype,
(isc_textregion_t *)&tr);
CHECK("dns_rdatatype_fromtext", result);
CHECKM("dns_rdatatype_fromtext", result);
query->rdtype = rdtype;
return value_from_next;
case 'x':

22
bin/tools/named-makejournal.c
View file

@ -45,20 +45,11 @@ static isc_result_t
loadzone(dns_db_t **db, const char *origin, const char *filename) {
isc_result_t result;
dns_fixedname_t fixed;
dns_name_t *name = NULL;
dns_name_t *name = dns_fixedname_initname(&fixed);
name = dns_fixedname_initname(&fixed);
result = dns_name_fromstring(name, origin, dns_rootname, 0, NULL);
if (result != ISC_R_SUCCESS) {
return result;
}
result = dns_db_create(isc_g_mctx, ZONEDB_DEFAULT, name,
dns_dbtype_zone, dns_rdataclass_in, 0, NULL, db);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_name_fromstring(name, origin, dns_rootname, 0, NULL));
RETERR(dns_db_create(isc_g_mctx, ZONEDB_DEFAULT, name, dns_dbtype_zone,
dns_rdataclass_in, 0, NULL, db));
result = dns_db_load(*db, filename, dns_masterformat_text, 0);
if (result == DNS_R_SEENINCLUDE) {
@ -177,10 +168,7 @@ main(int argc, char **argv) {
goto cleanup;
}
result = loadjournal(olddb, journal);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(loadjournal(olddb, journal));
result = dns_db_getsoaserial(olddb, NULL, &s2);
RUNTIME_CHECK(result == ISC_R_SUCCESS);

30
cocci/check-reterr.spatch Normal file
View file

@ -0,0 +1,30 @@
@@
expression E1;
@@
- result = E1;
- if (result != ISC_R_SUCCESS) {
- goto cleanup;
- }
+ CHECK(E1);
@@
expression E1;
isc_result_t result;
@@
- result = E1;
- if (result != ISC_R_SUCCESS) {
- return result;
- }
+ RETERR(E1);
@@
expression E1;
@@
- result = E1;
- if (result != ISC_R_SUCCESS) {
- CHECK(result);
- }
+ CHECK(E1);

20
fuzz/dns_message_parse.c
View file

@ -156,25 +156,13 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
isc_buffer_add(&buffer, size);
isc_buffer_setactive(&buffer, size);
result = parse_message(&buffer, &message);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(parse_message(&buffer, &message));
result = print_message(message);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(print_message(message));
result = render_message(&message);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(render_message(&message));
result = print_message(message);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(print_message(message));
cleanup:
if (message != NULL) {

2
fuzz/dns_qpkey_name.c
View file

@ -44,6 +44,7 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
isc_buffer_t buf;
dns_qpkey_t key, cmp;
dns_namespace_t space;
isc_result_t result;
namein = dns_fixedname_initname(&fixedin);
nameout = dns_fixedname_initname(&fixedout);
@ -77,5 +78,6 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
assert((namerel > 0) == (keyrel > 0));
assert(space == DNS_DBNAMESPACE_NORMAL);
cleanup:
return 0;
}

24
fuzz/dns_rdata_fromtext.c
View file

@ -79,10 +79,7 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
RUNTIME_CHECK(isc_lex_openbuffer(lex, &inbuf) == ISC_R_SUCCESS);
result = isc_lex_gettoken(lex, options | ISC_LEXOPT_NUMBER, &token);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(isc_lex_gettoken(lex, options | ISC_LEXOPT_NUMBER, &token));
if (token.type == isc_tokentype_eof) {
goto cleanup;
}
@ -98,18 +95,12 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
}
rdclass = (dns_rdataclass_t)token.value.as_ulong;
} else if (token.type == isc_tokentype_string) {
result = dns_rdataclass_fromtext(&rdclass,
&token.value.as_textregion);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_rdataclass_fromtext(&rdclass,
&token.value.as_textregion));
} else {
goto cleanup;
}
result = isc_lex_gettoken(lex, options | ISC_LEXOPT_NUMBER, &token);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(isc_lex_gettoken(lex, options | ISC_LEXOPT_NUMBER, &token));
if (token.type == isc_tokentype_eol) {
goto cleanup;
}
@ -126,11 +117,8 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
}
rdtype = (dns_rdatatype_t)token.value.as_ulong;
} else if (token.type == isc_tokentype_string) {
result = dns_rdatatype_fromtext(&rdtype,
&token.value.as_textregion);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_rdatatype_fromtext(&rdtype,
&token.value.as_textregion));
} else {
goto cleanup;
}

1
fuzz/dns_rdata_fromwire_text.c
View file

@ -210,5 +210,6 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
assert(target.used == size);
assert(!memcmp(target.base, data, size));
cleanup:
return 0;
}

5
fuzz/fuzz.h
View file

@ -32,8 +32,3 @@ LLVMFuzzerInitialize(int *argc ISC_ATTR_UNUSED, char ***argv ISC_ATTR_UNUSED);
int
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
#define CHECK(x) \
if ((x) != ISC_R_SUCCESS) { \
return (0); \
}

1
fuzz/isc_lex_getmastertoken.c
View file

@ -71,5 +71,6 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
result = isc_lex_getmastertoken(lex, &token, expect, eol);
} while (result == ISC_R_SUCCESS && token.type != isc_tokentype_eof);
cleanup:
return 0;
}

1
fuzz/isc_lex_gettoken.c
View file

@ -50,5 +50,6 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
result = isc_lex_gettoken(lex, 0, &token);
} while (result == ISC_R_SUCCESS);
cleanup:
return 0;
}

6
lib/dns/acl.c
View file

@ -271,7 +271,6 @@ dns_acl_match_port_transport(const isc_netaddr_t *reqaddr,
*/
isc_result_t
dns_acl_merge(dns_acl_t *dest, dns_acl_t *source, bool pos) {
isc_result_t result;
unsigned int nelem, i;
int max_node = 0, nodes;
@ -345,10 +344,7 @@ dns_acl_merge(dns_acl_t *dest, dns_acl_t *source, bool pos) {
* node_count value is set correctly afterward.
*/
nodes = max_node + dns_acl_node_count(dest);
result = dns_iptable_merge(dest->iptable, source->iptable, pos);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_iptable_merge(dest->iptable, source->iptable, pos));
if (nodes > dns_acl_node_count(dest)) {
dns_acl_node_count(dest) = nodes;
}

7
lib/dns/adb.c
View file

@ -2351,12 +2351,7 @@ print_find_list(FILE *f, dns_adbname_t *name) {
static isc_result_t
putstr(isc_buffer_t *b, const char *str) {
isc_result_t result;
result = isc_buffer_reserve(b, strlen(str));
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(isc_buffer_reserve(b, strlen(str)));
isc_buffer_putstr(b, str);
return ISC_R_SUCCESS;

34
lib/dns/cache.c
View file

@ -184,11 +184,7 @@ dns_cache_create(dns_rdataclass_t rdclass, const char *cachename,
/*
* Create the database
*/
result = cache_create_db(cache, &cache->db, &cache->tmctx,
&cache->hmctx);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(cache_create_db(cache, &cache->db, &cache->tmctx, &cache->hmctx));
*cachep = cache;
return ISC_R_SUCCESS;
@ -327,15 +323,11 @@ dns_cache_getservestalerefresh(dns_cache_t *cache) {
isc_result_t
dns_cache_flush(dns_cache_t *cache) {
dns_db_t *db = NULL, *olddb;
isc_mem_t *tmctx = NULL, *oldtmctx;
isc_mem_t *hmctx = NULL, *oldhmctx;
isc_result_t result;
dns_db_t *db = NULL, *olddb = NULL;
isc_mem_t *tmctx = NULL, *oldtmctx = NULL;
isc_mem_t *hmctx = NULL, *oldhmctx = NULL;
result = cache_create_db(cache, &db, &tmctx, &hmctx);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(cache_create_db(cache, &db, &tmctx, &hmctx));
LOCK(&cache->lock);
isc_mem_clearwater(cache->tmctx);
@ -357,16 +349,13 @@ dns_cache_flush(dns_cache_t *cache) {
static isc_result_t
clearnode(dns_db_t *db, dns_dbnode_t *node) {
isc_result_t result;
dns_rdatasetiter_t *iter = NULL;
result = dns_db_allrdatasets(db, node, NULL, DNS_DB_STALEOK,
(isc_stdtime_t)0, &iter);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_db_allrdatasets(db, node, NULL, DNS_DB_STALEOK,
(isc_stdtime_t)0, &iter));
DNS_RDATASETITER_FOREACH(iter) {
isc_result_t result;
dns_rdataset_t rdataset = DNS_RDATASET_INIT;
dns_rdatasetiter_current(iter, &rdataset);
@ -379,7 +368,7 @@ clearnode(dns_db_t *db, dns_dbnode_t *node) {
}
dns_rdatasetiter_destroy(&iter);
return result;
return ISC_R_SUCCESS;
}
static isc_result_t
@ -398,10 +387,7 @@ cleartree(dns_db_t *db, const dns_name_t *name) {
nodename = dns_fixedname_initname(&fnodename);
result = dns_db_createiterator(db, 0, &iter);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_db_createiterator(db, 0, &iter));
result = dns_dbiterator_seek(iter, name);
if (result == DNS_R_PARTIALMATCH) {

134
lib/dns/catz.c
View file

@ -1200,34 +1200,22 @@ catz_process_coo(dns_catz_zone_t *catz, dns_label_t *mhash,
return ISC_R_FAILURE;
}
result = dns_rdataset_first(value);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_rdataset_first(value));
dns_rdata_init(&rdata);
dns_rdataset_current(value, &rdata);
result = dns_rdata_tostruct(&rdata, &ptr, NULL);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_rdata_tostruct(&rdata, &ptr, NULL));
if (dns_name_countlabels(&ptr.ptr) == 0) {
result = ISC_R_FAILURE;
goto cleanup;
CLEANUP(ISC_R_FAILURE);
}
result = isc_ht_find(catz->entries, mhash->base, mhash->length,
(void **)&entry);
if (result != ISC_R_SUCCESS) {
/* The entry was not found .*/
goto cleanup;
}
CHECK(isc_ht_find(catz->entries, mhash->base, mhash->length,
(void **)&entry));
if (dns_name_countlabels(&entry->name) == 0) {
result = ISC_R_FAILURE;
goto cleanup;
CLEANUP(ISC_R_FAILURE);
}
catz_coo_add(catz, entry, &ptr.ptr);
@ -1259,18 +1247,12 @@ catz_process_zones_entry(dns_catz_zone_t *catz, dns_rdataset_t *value,
return ISC_R_FAILURE;
}
result = dns_rdataset_first(value);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_rdataset_first(value));
dns_rdata_init(&rdata);
dns_rdataset_current(value, &rdata);
result = dns_rdata_tostruct(&rdata, &ptr, NULL);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_rdata_tostruct(&rdata, &ptr, NULL));
result = isc_ht_find(catz->entries, mhash->base, mhash->length,
(void **)&entry);
@ -1320,44 +1302,27 @@ catz_process_version(dns_catz_zone_t *catz, dns_rdataset_t *value) {
return ISC_R_FAILURE;
}
result = dns_rdataset_first(value);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_rdataset_first(value));
dns_rdata_init(&rdata);
dns_rdataset_current(value, &rdata);
result = dns_rdata_tostruct(&rdata, &rdatatxt, NULL);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_rdata_tostruct(&rdata, &rdatatxt, NULL));
result = dns_rdata_txt_first(&rdatatxt);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_rdata_txt_first(&rdatatxt));
result = dns_rdata_txt_current(&rdatatxt, &rdatastr);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_rdata_txt_current(&rdatatxt, &rdatastr));
result = dns_rdata_txt_next(&rdatatxt);
if (result != ISC_R_NOMORE) {
result = ISC_R_FAILURE;
goto cleanup;
CLEANUP(ISC_R_FAILURE);
}
if (rdatastr.length > 15) {
result = ISC_R_BADNUMBER;
goto cleanup;
CLEANUP(ISC_R_BADNUMBER);
}
memmove(t, rdatastr.data, rdatastr.length);
t[rdatastr.length] = 0;
result = isc_parse_uint32(&tversion, t, 10);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(isc_parse_uint32(&tversion, t, 10));
catz->version = tversion;
result = ISC_R_SUCCESS;
@ -1576,10 +1541,7 @@ catz_process_apl(dns_catz_zone_t *catz, isc_buffer_t **aclbp,
RUNTIME_CHECK(result == ISC_R_SUCCESS);
dns_rdata_init(&rdata);
dns_rdataset_current(value, &rdata);
result = dns_rdata_tostruct(&rdata, &rdata_apl, catz->catzs->mctx);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_rdata_tostruct(&rdata, &rdata_apl, catz->catzs->mctx));
isc_buffer_allocate(catz->catzs->mctx, &aclb, 16);
for (result = dns_rdata_apl_first(&rdata_apl); result == ISC_R_SUCCESS;
result = dns_rdata_apl_next(&rdata_apl))
@ -1819,10 +1781,7 @@ dns__catz_update_process(dns_catz_zone_t *catz, const dns_name_t *src_name,
nrres = dns_name_fullcompare(src_name, &catz->name, &order, &nlabels);
if (nrres == dns_namereln_equal) {
if (rdataset->type == dns_rdatatype_soa) {
result = dns_rdataset_first(rdataset);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_rdataset_first(rdataset));
dns_rdataset_current(rdataset, &rdata);
result = dns_rdata_tostruct(&rdata, &soa, NULL);
@ -1883,16 +1842,10 @@ dns_catz_generate_masterfilename(dns_catz_zone_t *catz, dns_catz_entry_t *entry,
isc_buffer_putstr(tbuf, catz->catzs->view->name);
isc_buffer_putstr(tbuf, "_");
result = dns_name_totext(&catz->name, DNS_NAME_OMITFINALDOT, tbuf);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_name_totext(&catz->name, DNS_NAME_OMITFINALDOT, tbuf));
isc_buffer_putstr(tbuf, "_");
result = dns_name_totext(&entry->name, DNS_NAME_OMITFINALDOT, tbuf);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_name_totext(&entry->name, DNS_NAME_OMITFINALDOT, tbuf));
/*
* Search for slash and other special characters in the view and
@ -1913,10 +1866,7 @@ dns_catz_generate_masterfilename(dns_catz_zone_t *catz, dns_catz_entry_t *entry,
rlen += strlen(entry->opts.zonedir) + 1;
}
result = isc_buffer_reserve(*buffer, (unsigned int)rlen);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(isc_buffer_reserve(*buffer, (unsigned int)rlen));
if (entry->opts.zonedir != NULL) {
isc_buffer_putstr(*buffer, entry->opts.zonedir);
@ -1930,16 +1880,10 @@ dns_catz_generate_masterfilename(dns_catz_zone_t *catz, dns_catz_entry_t *entry,
unsigned int digestlen;
/* we can do that because digest string < 2 * DNS_NAME */
result = isc_md(ISC_MD_SHA256, r.base, r.length, digest,
&digestlen);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
result = digest2hex(digest, digestlen, (char *)r.base,
ISC_SHA256_DIGESTLENGTH * 2 + 1);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(isc_md(ISC_MD_SHA256, r.base, r.length, digest,
&digestlen));
CHECK(digest2hex(digest, digestlen, (char *)r.base,
ISC_SHA256_DIGESTLENGTH * 2 + 1));
isc_buffer_putstr(*buffer, (char *)r.base);
} else {
isc_buffer_copyregion(*buffer, &r);
@ -2002,8 +1946,7 @@ dns_catz_generate_zonecfg(dns_catz_zone_t *catz, dns_catz_entry_t *entry,
"catz: zone '%s' uses an invalid primary "
"(no IP address assigned)",
zname);
result = ISC_R_FAILURE;
goto cleanup;
CLEANUP(ISC_R_FAILURE);
}
isc_netaddr_fromsockaddr(&netaddr,
&entry->opts.masters.addrs[i]);
@ -2018,30 +1961,21 @@ dns_catz_generate_zonecfg(dns_catz_zone_t *catz, dns_catz_entry_t *entry,
if (entry->opts.masters.keys[i] != NULL) {
isc_buffer_putstr(buffer, " key ");
result = dns_name_totext(entry->opts.masters.keys[i],
DNS_NAME_OMITFINALDOT, buffer);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_name_totext(entry->opts.masters.keys[i],
DNS_NAME_OMITFINALDOT, buffer));
}
if (entry->opts.masters.tlss[i] != NULL) {
isc_buffer_putstr(buffer, " tls ");
result = dns_name_totext(entry->opts.masters.tlss[i],
DNS_NAME_OMITFINALDOT, buffer);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_name_totext(entry->opts.masters.tlss[i],
DNS_NAME_OMITFINALDOT, buffer));
}
isc_buffer_putstr(buffer, "; ");
}
isc_buffer_putstr(buffer, "}; ");
if (!entry->opts.in_memory) {
isc_buffer_putstr(buffer, "file \"");
result = dns_catz_generate_masterfilename(catz, entry, &buffer);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_catz_generate_masterfilename(catz, entry, &buffer));
isc_buffer_putstr(buffer, "\"; ");
}
if (entry->opts.allow_query != NULL) {
@ -2140,13 +2074,9 @@ dns_catz_dbupdate_callback(dns_db_t *db, void *fn_arg) {
LOCK(&catzs->lock);
if (catzs->zones == NULL) {
result = ISC_R_SHUTTINGDOWN;
goto cleanup;
}
result = isc_ht_find(catzs->zones, r.base, r.length, (void **)&catz);
if (result != ISC_R_SUCCESS) {
goto cleanup;
CLEANUP(ISC_R_SHUTTINGDOWN);
}
CHECK(isc_ht_find(catzs->zones, r.base, r.length, (void **)&catz));
/* New zone came as AXFR */
if (catz->db != NULL && catz->db != db) {

27
lib/dns/client.c
View file

@ -59,13 +59,6 @@
#define UCTX_MAGIC ISC_MAGIC('U', 'c', 't', 'x')
#define UCTX_VALID(c) ISC_MAGIC_VALID(c, UCTX_MAGIC)
#define CHECK(r) \
do { \
result = (r); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
/*%
* DNS client object
*/
@ -149,17 +142,11 @@ setsourceports(isc_mem_t *mctx, dns_dispatchmgr_t *manager) {
isc_result_t result;
isc_portset_create(mctx, &v4portset);
result = isc_net_getudpportrange(AF_INET, &udpport_low, &udpport_high);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(isc_net_getudpportrange(AF_INET, &udpport_low, &udpport_high));
isc_portset_addrange(v4portset, udpport_low, udpport_high);
isc_portset_create(mctx, &v6portset);
result = isc_net_getudpportrange(AF_INET6, &udpport_low, &udpport_high);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(isc_net_getudpportrange(AF_INET6, &udpport_low, &udpport_high));
isc_portset_addrange(v6portset, udpport_low, udpport_high);
result = dns_dispatchmgr_setavailports(manager, v4portset, v6portset);
@ -907,17 +894,11 @@ startresolve(dns_client_t *client, const dns_name_t *name,
.link = ISC_LINK_INITIALIZER,
};
result = getrdataset(mctx, &rdataset);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(getrdataset(mctx, &rdataset));
rctx->rdataset = rdataset;
if (want_dnssec) {
result = getrdataset(mctx, &sigrdataset);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(getrdataset(mctx, &sigrdataset));
}
rctx->sigrdataset = sigrdataset;

10
lib/dns/db.c
View file

@ -317,10 +317,7 @@ dns_db_load(dns_db_t *db, const char *filename, dns_masterformat_t format,
}
dns_rdatacallbacks_init(&callbacks);
result = dns_db_beginload(db, &callbacks);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_db_beginload(db, &callbacks));
result = dns_master_loadfile(filename, &db->origin, &db->origin,
db->rdclass, options, 0, &callbacks, NULL,
NULL, db->mctx, format, 0);
@ -697,10 +694,7 @@ dns_db_getsoaserial(dns_db_t *db, dns_dbversion_t *ver, uint32_t *serialp) {
REQUIRE(dns_db_iszone(db) || dns_db_isstub(db));
result = dns_db_findnode(db, dns_db_origin(db), false, &node);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_db_findnode(db, dns_db_origin(db), false, &node));
dns_rdataset_init(&rdataset);
result = dns_db_findrdataset(db, node, ver, dns_rdatatype_soa, 0,

11
lib/dns/diff.c
View file

@ -36,13 +36,6 @@
#include <dns/rdatatype.h>
#include <dns/time.h>
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
static dns_rdatatype_t
rdata_covers(dns_rdata_t *rdata) {
return rdata->type == dns_rdatatype_rrsig ? dns_rdata_covers(rdata) : 0;
@ -494,7 +487,7 @@ diff_apply(const dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *ver,
}
return ISC_R_SUCCESS;
failure:
cleanup:
if (node != NULL) {
dns_db_detachnode(&node);
}
@ -584,7 +577,7 @@ dns_diff_load(const dns_diff_t *diff, dns_rdatacallbacks_t *callbacks) {
}
result = ISC_R_SUCCESS;
failure:
cleanup:
if (callbacks->commit != NULL) {
callbacks->commit(callbacks->add_private);
}

17
lib/dns/dispatch.c
View file

@ -1328,10 +1328,7 @@ dispatch_createudp(dns_dispatchmgr_t *mgr, const isc_sockaddr_t *localaddr,
*/
isc_sockaddr_anyofpf(&sa_any, isc_sockaddr_pf(localaddr));
if (!isc_sockaddr_eqaddr(&sa_any, localaddr)) {
result = isc_nm_checkaddr(localaddr, isc_socktype_udp);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(isc_nm_checkaddr(localaddr, isc_socktype_udp));
}
dispatch_allocate(mgr, isc_socktype_udp, tid, &disp);
@ -1978,15 +1975,9 @@ tcp_dispatch_connect(dns_dispatch_t *disp, dns_dispentry_t *resp) {
}
if (transport_type == DNS_TRANSPORT_TLS) {
isc_result_t result;
result = dns_transport_get_tlsctx(
resp->transport, &resp->peer, resp->tlsctx_cache,
resp->mctx, &tlsctx, &sess_cache);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_transport_get_tlsctx(resp->transport, &resp->peer,
resp->tlsctx_cache, resp->mctx,
&tlsctx, &sess_cache));
INSIST(tlsctx != NULL);
}

24
lib/dns/dlz.c
View file

@ -203,20 +203,17 @@ dns_dlzcreate(isc_mem_t *mctx, const char *dlzname, const char *drivername,
/* Create a new database using implementation 'drivername'. */
result = ((impinfo->methods->create)(mctx, dlzname, argc, argv,
impinfo->driverarg, &db->dbdata));
RWUNLOCK(&dlz_implock, isc_rwlocktype_read);
/* mark the DLZ driver as valid */
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
/* Mark the DLZ driver as valid */
db->magic = DNS_DLZ_MAGIC;
isc_mem_attach(mctx, &db->mctx);
isc_log_write(DNS_LOGCATEGORY_DATABASE, DNS_LOGMODULE_DLZ,
ISC_LOG_DEBUG(2), "DLZ driver loaded successfully.");
*dbp = db;
return ISC_R_SUCCESS;
failure:
cleanup:
isc_log_write(DNS_LOGCATEGORY_DATABASE, DNS_LOGMODULE_DLZ,
ISC_LOG_ERROR, "DLZ driver failed to load.");
@ -402,11 +399,8 @@ dns_dlz_writeablezone(dns_view_t *view, dns_dlzdb_t *dlzdb,
isc_buffer_constinit(&buffer, zone_name, strlen(zone_name));
isc_buffer_add(&buffer, strlen(zone_name));
dns_fixedname_init(&fixorigin);
result = dns_name_fromtext(dns_fixedname_name(&fixorigin), &buffer,
dns_rootname, 0);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_name_fromtext(dns_fixedname_name(&fixorigin), &buffer,
dns_rootname, 0));
origin = dns_fixedname_name(&fixorigin);
if (!dlzdb->search) {
@ -423,8 +417,7 @@ dns_dlz_writeablezone(dns_view_t *view, dns_dlzdb_t *dlzdb,
result = dns_view_findzone(view, origin, DNS_ZTFIND_EXACT, &dupzone);
if (result == ISC_R_SUCCESS) {
dns_zone_detach(&dupzone);
result = ISC_R_EXISTS;
goto cleanup;
CLEANUP(ISC_R_EXISTS);
}
INSIST(dupzone == NULL);
@ -440,10 +433,7 @@ dns_dlz_writeablezone(dns_view_t *view, dns_dlzdb_t *dlzdb,
}
dns_zone_setssutable(zone, dlzdb->ssutable);
result = dlzdb->configure_callback(view, dlzdb, zone);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dlzdb->configure_callback(view, dlzdb, zone));
result = dns_view_addzone(view, zone);

15
lib/dns/dns64.c
View file

@ -131,7 +131,6 @@ dns_dns64_aaaafroma(const dns_dns64_t *dns64, const isc_netaddr_t *reqaddr,
const dns_name_t *reqsigner, dns_aclenv_t *env,
unsigned int flags, unsigned char *a, unsigned char *aaaa) {
unsigned int nbytes, i;
isc_result_t result;
int match;
if ((dns64->flags & DNS_DNS64_RECURSIVE_ONLY) != 0 &&
@ -147,11 +146,8 @@ dns_dns64_aaaafroma(const dns_dns64_t *dns64, const isc_netaddr_t *reqaddr,
}
if (dns64->clients != NULL && reqaddr != NULL) {
result = dns_acl_match(reqaddr, reqsigner, dns64->clients, env,
&match, NULL);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_acl_match(reqaddr, reqsigner, dns64->clients, env,
&match, NULL));
if (match <= 0) {
return DNS_R_DISALLOWED;
}
@ -163,11 +159,8 @@ dns_dns64_aaaafroma(const dns_dns64_t *dns64, const isc_netaddr_t *reqaddr,
memmove(&ina.s_addr, a, 4);
isc_netaddr_fromin(&netaddr, &ina);
result = dns_acl_match(&netaddr, NULL, dns64->mapped, env,
&match, NULL);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_acl_match(&netaddr, NULL, dns64->mapped, env, &match,
NULL));
if (match <= 0) {
return DNS_R_DISALLOWED;
}

285
lib/dns/dnssec.c
View file

@ -43,13 +43,6 @@ isc_stats_t *dns_dnssec_stats;
#define is_response(msg) ((msg->flags & DNS_MESSAGEFLAG_QR) != 0)
#define RETERR(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#define TYPE_SIGN 0
#define TYPE_VERIFY 1
@ -92,7 +85,7 @@ rdata_compare_wrapper(const void *rdata1, const void *rdata2) {
static isc_result_t
rdataset_to_sortedarray(dns_rdataset_t *set, isc_mem_t *mctx,
dns_rdata_t **rdata, int *nrdata) {
isc_result_t ret;
isc_result_t result;
int i = 0, n;
dns_rdata_t *data;
dns_rdataset_t rdataset;
@ -103,11 +96,11 @@ rdataset_to_sortedarray(dns_rdataset_t *set, isc_mem_t *mctx,
dns_rdataset_init(&rdataset);
dns_rdataset_clone(set, &rdataset);
ret = dns_rdataset_first(&rdataset);
if (ret != ISC_R_SUCCESS) {
result = dns_rdataset_first(&rdataset);
if (result != ISC_R_SUCCESS) {
dns_rdataset_disassociate(&rdataset);
isc_mem_cput(mctx, data, n, sizeof(dns_rdata_t));
return ret;
return result;
}
/*
@ -152,17 +145,13 @@ static isc_result_t
digest_sig(dst_context_t *ctx, bool downcase, dns_rdata_t *sigrdata,
dns_rdata_rrsig_t *rrsig) {
isc_region_t r;
isc_result_t ret;
dns_fixedname_t fname;
dns_rdata_toregion(sigrdata, &r);
INSIST(r.length >= 19);
r.length = 18;
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS) {
return ret;
}
RETERR(dst_context_adddata(ctx, &r));
if (downcase) {
dns_fixedname_init(&fname);
@ -188,7 +177,7 @@ dns_dnssec_sign(const dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
isc_buffer_t sigbuf, envbuf;
isc_region_t r;
dst_context_t *ctx = NULL;
isc_result_t ret;
isc_result_t result;
isc_buffer_t *databuf = NULL;
char data[256 + 8];
unsigned int sigsize;
@ -232,10 +221,7 @@ dns_dnssec_sign(const dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
sig.timesigned = *inception;
sig.timeexpire = *expire;
sig.keyid = dst_key_id(key);
ret = dst_key_sigsize(key, &sigsize);
if (ret != ISC_R_SUCCESS) {
return ret;
}
RETERR(dst_key_sigsize(key, &sigsize));
sig.siglen = sigsize;
/*
* The actual contents of sig.signature are not important yet, since
@ -246,22 +232,23 @@ dns_dnssec_sign(const dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
isc_buffer_allocate(mctx, &databuf, sigsize + 256 + 18);
dns_rdata_init(&tmpsigrdata);
ret = dns_rdata_fromstruct(&tmpsigrdata, sig.common.rdclass,
sig.common.rdtype, &sig, databuf);
if (ret != ISC_R_SUCCESS) {
result = dns_rdata_fromstruct(&tmpsigrdata, sig.common.rdclass,
sig.common.rdtype, &sig, databuf);
if (result != ISC_R_SUCCESS) {
goto cleanup_databuf;
}
ret = dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, true, &ctx);
if (ret != ISC_R_SUCCESS) {
result = dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, true,
&ctx);
if (result != ISC_R_SUCCESS) {
goto cleanup_databuf;
}
/*
* Digest the SIG rdata.
*/
ret = digest_sig(ctx, false, &tmpsigrdata, &sig);
if (ret != ISC_R_SUCCESS) {
result = digest_sig(ctx, false, &tmpsigrdata, &sig);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
@ -280,8 +267,8 @@ dns_dnssec_sign(const dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
isc_buffer_putuint16(&envbuf, set->rdclass);
isc_buffer_putuint32(&envbuf, set->ttl);
ret = rdataset_to_sortedarray(set, mctx, &rdatas, &nrdatas);
if (ret != ISC_R_SUCCESS) {
result = rdataset_to_sortedarray(set, mctx, &rdatas, &nrdatas);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
isc_buffer_usedregion(&envbuf, &r);
@ -302,8 +289,8 @@ dns_dnssec_sign(const dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
/*
* Digest the envelope.
*/
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS) {
result = dst_context_adddata(ctx, &r);
if (result != ISC_R_SUCCESS) {
goto cleanup_array;
}
@ -313,33 +300,33 @@ dns_dnssec_sign(const dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
isc_buffer_init(&lenbuf, &len, sizeof(len));
isc_buffer_putuint16(&lenbuf, (uint16_t)rdatas[i].length);
isc_buffer_usedregion(&lenbuf, &lenr);
ret = dst_context_adddata(ctx, &lenr);
if (ret != ISC_R_SUCCESS) {
result = dst_context_adddata(ctx, &lenr);
if (result != ISC_R_SUCCESS) {
goto cleanup_array;
}
/*
* Digest the rdata.
*/
ret = dns_rdata_digest(&rdatas[i], digest_callback, ctx);
if (ret != ISC_R_SUCCESS) {
result = dns_rdata_digest(&rdatas[i], digest_callback, ctx);
if (result != ISC_R_SUCCESS) {
goto cleanup_array;
}
}
isc_buffer_init(&sigbuf, sig.signature, sig.siglen);
ret = dst_context_sign(ctx, &sigbuf);
if (ret != ISC_R_SUCCESS) {
result = dst_context_sign(ctx, &sigbuf);
if (result != ISC_R_SUCCESS) {
goto cleanup_array;
}
isc_buffer_usedregion(&sigbuf, &r);
if (r.length != sig.siglen) {
ret = ISC_R_NOSPACE;
result = ISC_R_NOSPACE;
goto cleanup_array;
}
ret = dns_rdata_fromstruct(sigrdata, sig.common.rdclass,
sig.common.rdtype, &sig, buffer);
result = dns_rdata_fromstruct(sigrdata, sig.common.rdclass,
sig.common.rdtype, &sig, buffer);
cleanup_array:
isc_mem_cput(mctx, rdatas, nrdatas, sizeof(dns_rdata_t));
@ -349,7 +336,7 @@ cleanup_databuf:
isc_buffer_free(&databuf);
isc_mem_put(mctx, sig.signature, sig.siglen);
return ret;
return result;
}
isc_result_t
@ -363,7 +350,7 @@ dns_dnssec_verify(const dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
dns_rdata_t *rdatas;
int nrdatas, i;
isc_stdtime_t now;
isc_result_t ret;
isc_result_t result;
unsigned char data[300];
dst_context_t *ctx = NULL;
int labels = 0;
@ -375,10 +362,7 @@ dns_dnssec_verify(const dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
REQUIRE(mctx != NULL);
REQUIRE(sigrdata != NULL && sigrdata->type == dns_rdatatype_rrsig);
ret = dns_rdata_tostruct(sigrdata, &sig, NULL);
if (ret != ISC_R_SUCCESS) {
return ret;
}
RETERR(dns_rdata_tostruct(sigrdata, &sig, NULL));
if (set->type != sig.covered) {
return DNS_R_SIGINVALID;
@ -432,17 +416,17 @@ dns_dnssec_verify(const dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
}
again:
ret = dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, false,
&ctx);
if (ret != ISC_R_SUCCESS) {
result = dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, false,
&ctx);
if (result != ISC_R_SUCCESS) {
goto cleanup_struct;
}
/*
* Digest the SIG rdata (not including the signature).
*/
ret = digest_sig(ctx, downcase, sigrdata, &sig);
if (ret != ISC_R_SUCCESS) {
result = digest_sig(ctx, downcase, sigrdata, &sig);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
@ -476,8 +460,8 @@ again:
isc_buffer_putuint16(&envbuf, set->rdclass);
isc_buffer_putuint32(&envbuf, sig.originalttl);
ret = rdataset_to_sortedarray(set, mctx, &rdatas, &nrdatas);
if (ret != ISC_R_SUCCESS) {
result = rdataset_to_sortedarray(set, mctx, &rdatas, &nrdatas);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
@ -499,8 +483,8 @@ again:
/*
* Digest the envelope.
*/
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS) {
result = dst_context_adddata(ctx, &r);
if (result != ISC_R_SUCCESS) {
goto cleanup_array;
}
@ -514,20 +498,20 @@ again:
/*
* Digest the rdata.
*/
ret = dst_context_adddata(ctx, &lenr);
if (ret != ISC_R_SUCCESS) {
result = dst_context_adddata(ctx, &lenr);
if (result != ISC_R_SUCCESS) {
goto cleanup_array;
}
ret = dns_rdata_digest(&rdatas[i], digest_callback, ctx);
if (ret != ISC_R_SUCCESS) {
result = dns_rdata_digest(&rdatas[i], digest_callback, ctx);
if (result != ISC_R_SUCCESS) {
goto cleanup_array;
}
}
r.base = sig.signature;
r.length = sig.siglen;
ret = dst_context_verify(ctx, &r);
if (ret == ISC_R_SUCCESS && downcase) {
result = dst_context_verify(ctx, &r);
if (result == ISC_R_SUCCESS && downcase) {
char namebuf[DNS_NAME_FORMATSIZE];
dns_name_format(&sig.signer, namebuf, sizeof(namebuf));
isc_log_write(DNS_LOGCATEGORY_DNSSEC, DNS_LOGMODULE_DNSSEC,
@ -536,7 +520,7 @@ again:
"signer '%s'",
namebuf);
inc_stat(dns_dnssecstats_downcase);
} else if (ret == ISC_R_SUCCESS) {
} else if (result == ISC_R_SUCCESS) {
inc_stat(dns_dnssecstats_asis);
}
@ -544,22 +528,22 @@ cleanup_array:
isc_mem_cput(mctx, rdatas, nrdatas, sizeof(dns_rdata_t));
cleanup_context:
dst_context_destroy(&ctx);
if (ret == DST_R_VERIFYFAILURE && !downcase) {
if (result == DST_R_VERIFYFAILURE && !downcase) {
downcase = true;
goto again;
}
cleanup_struct:
dns_rdata_freestruct(&sig);
if (ret == DST_R_VERIFYFAILURE) {
ret = DNS_R_SIGINVALID;
if (result == DST_R_VERIFYFAILURE) {
result = DNS_R_SIGINVALID;
}
if (ret != ISC_R_SUCCESS) {
if (result != ISC_R_SUCCESS) {
inc_stat(dns_dnssecstats_fail);
}
if (ret == ISC_R_SUCCESS && labels - sig.labels > 0) {
if (result == ISC_R_SUCCESS && labels - sig.labels > 0) {
if (wild != NULL) {
RUNTIME_CHECK(dns_name_concatenate(
dns_wildcardname,
@ -567,9 +551,9 @@ cleanup_struct:
wild) == ISC_R_SUCCESS);
}
inc_stat(dns_dnssecstats_wildcard);
ret = DNS_R_FROMWILDCARD;
result = DNS_R_FROMWILDCARD;
}
return ret;
return result;
}
bool
@ -579,19 +563,18 @@ dns_dnssec_keyactive(dst_key_t *key, isc_stdtime_t now) {
bool hint_publish, hint_zsign, hint_ksign, hint_revoke, hint_remove;
int major, minor;
bool ksk = false, zsk = false;
isc_result_t ret;
/* Is this an old-style key? */
result = dst_key_getprivateformat(key, &major, &minor);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
/* Is this a KSK? */
ret = dst_key_getbool(key, DST_BOOL_KSK, &ksk);
if (ret != ISC_R_SUCCESS) {
result = dst_key_getbool(key, DST_BOOL_KSK, &ksk);
if (result != ISC_R_SUCCESS) {
ksk = ((dst_key_flags(key) & DNS_KEYFLAG_KSK) != 0);
}
ret = dst_key_getbool(key, DST_BOOL_ZSK, &zsk);
if (ret != ISC_R_SUCCESS) {
result = dst_key_getbool(key, DST_BOOL_ZSK, &zsk);
if (result != ISC_R_SUCCESS) {
zsk = ((dst_key_flags(key) & DNS_KEYFLAG_KSK) == 0);
}
@ -782,25 +765,25 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) {
isc_buffer_init(&databuf, data, sizeof(data));
RETERR(dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, true,
&ctx));
CHECK(dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, true,
&ctx));
/*
* Digest the fields of the SIG - we can cheat and use
* dns_rdata_fromstruct. Since siglen is 0, the digested data
* is identical to dns format.
*/
RETERR(dns_rdata_fromstruct(NULL, dns_rdataclass_any,
dns_rdatatype_sig /* SIG(0) */, &sig,
&databuf));
CHECK(dns_rdata_fromstruct(NULL, dns_rdataclass_any,
dns_rdatatype_sig /* SIG(0) */, &sig,
&databuf));
isc_buffer_usedregion(&databuf, &r);
RETERR(dst_context_adddata(ctx, &r));
CHECK(dst_context_adddata(ctx, &r));
/*
* If this is a response, digest the query.
*/
if (is_response(msg)) {
RETERR(dst_context_adddata(ctx, &msg->query));
CHECK(dst_context_adddata(ctx, &msg->query));
}
/*
@ -809,29 +792,29 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) {
isc_buffer_init(&headerbuf, header, sizeof(header));
dns_message_renderheader(msg, &headerbuf);
isc_buffer_usedregion(&headerbuf, &r);
RETERR(dst_context_adddata(ctx, &r));
CHECK(dst_context_adddata(ctx, &r));
/*
* Digest the remainder of the message.
*/
isc_buffer_usedregion(msg->buffer, &r);
isc_region_consume(&r, DNS_MESSAGE_HEADERLEN);
RETERR(dst_context_adddata(ctx, &r));
CHECK(dst_context_adddata(ctx, &r));
RETERR(dst_key_sigsize(key, &sigsize));
CHECK(dst_key_sigsize(key, &sigsize));
sig.siglen = sigsize;
sig.signature = isc_mem_get(mctx, sig.siglen);
isc_buffer_init(&sigbuf, sig.signature, sig.siglen);
RETERR(dst_context_sign(ctx, &sigbuf));
CHECK(dst_context_sign(ctx, &sigbuf));
dst_context_destroy(&ctx);
rdata = NULL;
dns_message_gettemprdata(msg, &rdata);
isc_buffer_allocate(msg->mctx, &dynbuf, 1024);
RETERR(dns_rdata_fromstruct(rdata, dns_rdataclass_any,
dns_rdatatype_sig /* SIG(0) */, &sig,
dynbuf));
CHECK(dns_rdata_fromstruct(rdata, dns_rdataclass_any,
dns_rdatatype_sig /* SIG(0) */, &sig,
dynbuf));
isc_mem_put(mctx, sig.signature, sig.siglen);
@ -849,7 +832,7 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) {
return ISC_R_SUCCESS;
failure:
cleanup:
if (dynbuf != NULL) {
isc_buffer_free(&dynbuf);
}
@ -895,21 +878,19 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
isc_buffer_usedregion(source, &source_r);
RETERR(dns_rdataset_first(msg->sig0));
CHECK(dns_rdataset_first(msg->sig0));
dns_rdataset_current(msg->sig0, &rdata);
RETERR(dns_rdata_tostruct(&rdata, &sig, NULL));
CHECK(dns_rdata_tostruct(&rdata, &sig, NULL));
signeedsfree = true;
if (sig.labels != 0) {
result = DNS_R_SIGINVALID;
goto failure;
CLEANUP(DNS_R_SIGINVALID);
}
if (isc_serial_lt(sig.timeexpire, sig.timesigned)) {
result = DNS_R_SIGINVALID;
msg->sig0status = dns_tsigerror_badtime;
goto failure;
CLEANUP(DNS_R_SIGINVALID);
}
if (msg->fuzzing) {
@ -919,36 +900,33 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
}
if (isc_serial_lt((uint32_t)now, sig.timesigned)) {
result = DNS_R_SIGFUTURE;
msg->sig0status = dns_tsigerror_badtime;
goto failure;
CLEANUP(DNS_R_SIGFUTURE);
} else if (isc_serial_lt(sig.timeexpire, (uint32_t)now)) {
result = DNS_R_SIGEXPIRED;
msg->sig0status = dns_tsigerror_badtime;
goto failure;
CLEANUP(DNS_R_SIGEXPIRED);
}
if (!dns_name_equal(dst_key_name(key), &sig.signer)) {
result = DNS_R_SIGINVALID;
msg->sig0status = dns_tsigerror_badkey;
goto failure;
CLEANUP(DNS_R_SIGINVALID);
}
RETERR(dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, false,
&ctx));
CHECK(dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, false,
&ctx));
/*
* Digest the SIG(0) record, except for the signature.
*/
dns_rdata_toregion(&rdata, &r);
r.length -= sig.siglen;
RETERR(dst_context_adddata(ctx, &r));
CHECK(dst_context_adddata(ctx, &r));
/*
* If this is a response, digest the query.
*/
if (is_response(msg)) {
RETERR(dst_context_adddata(ctx, &msg->query));
CHECK(dst_context_adddata(ctx, &msg->query));
}
/*
@ -969,21 +947,21 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
*/
header_r.base = (unsigned char *)header;
header_r.length = DNS_MESSAGE_HEADERLEN;
RETERR(dst_context_adddata(ctx, &header_r));
CHECK(dst_context_adddata(ctx, &header_r));
/*
* Digest all non-SIG(0) records.
*/
r.base = source_r.base + DNS_MESSAGE_HEADERLEN;
r.length = msg->sigstart - DNS_MESSAGE_HEADERLEN;
RETERR(dst_context_adddata(ctx, &r));
CHECK(dst_context_adddata(ctx, &r));
sig_r.base = sig.signature;
sig_r.length = sig.siglen;
result = dst_context_verify(ctx, &sig_r);
if (result != ISC_R_SUCCESS) {
msg->sig0status = dns_tsigerror_badsig;
goto failure;
goto cleanup;
}
msg->verified_sig = 1;
@ -994,7 +972,7 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
return ISC_R_SUCCESS;
failure:
cleanup:
if (signeedsfree) {
dns_rdata_freestruct(&sig);
}
@ -1236,7 +1214,7 @@ findmatchingkeys(const char *directory, bool rrtypekey, char *namebuf,
directory = ".";
}
RETERR(isc_dir_open(&dir, directory));
CHECK(isc_dir_open(&dir, directory));
dir_open = true;
while (isc_dir_read(&dir) == ISC_R_SUCCESS) {
@ -1315,7 +1293,7 @@ findmatchingkeys(const char *directory, bool rrtypekey, char *namebuf,
}
result = match ? ISC_R_SUCCESS : ISC_R_NOTFOUND;
failure:
cleanup:
if (dir_open) {
isc_dir_close(&dir);
}
@ -1344,15 +1322,15 @@ dns_dnssec_findmatchingkeys(const dns_name_t *origin, dns_kasp_t *kasp,
ISC_LIST_INIT(list);
isc_buffer_init(&b, namebuf, sizeof(namebuf) - 1);
RETERR(dns_name_tofilenametext(origin, false, &b));
CHECK(dns_name_tofilenametext(origin, false, &b));
len = isc_buffer_usedlength(&b);
namebuf[len] = '\0';
if (kasp == NULL || (strcmp(dns_kasp_getname(kasp), "none") == 0) ||
(strcmp(dns_kasp_getname(kasp), "insecure") == 0))
{
RETERR(findmatchingkeys(keydir, rrtypekey, namebuf, len, mctx,
now, &list));
CHECK(findmatchingkeys(keydir, rrtypekey, namebuf, len, mctx,
now, &list));
} else if (keystores != NULL) {
ISC_LIST_FOREACH(*keystores, keystore, link) {
ISC_LIST_FOREACH(dns_kasp_keys(kasp), kkey, link) {
@ -1360,7 +1338,7 @@ dns_dnssec_findmatchingkeys(const dns_name_t *origin, dns_kasp_t *kasp,
const char *directory =
dns_keystore_directory(keystore,
keydir);
RETERR(findmatchingkeys(
CHECK(findmatchingkeys(
directory, rrtypekey, namebuf,
len, mctx, now, &list));
break;
@ -1376,7 +1354,7 @@ dns_dnssec_findmatchingkeys(const dns_name_t *origin, dns_kasp_t *kasp,
result = ISC_R_NOTFOUND;
}
failure:
cleanup:
ISC_LIST_FOREACH(list, key, link) {
ISC_LIST_UNLINK(list, key, link);
INSIST(key->key != NULL);
@ -1556,7 +1534,7 @@ dns_dnssec_keylistfromrdataset(const dns_name_t *origin, dns_kasp_t *kasp,
goto skip;
}
RETERR(dns_dnssec_keyfromrdata(origin, &rdata, mctx, &dnskey));
CHECK(dns_dnssec_keyfromrdata(origin, &rdata, mctx, &dnskey));
dst_key_setttl(dnskey, keys.ttl);
if (!is_zone_key(dnskey)) {
@ -1580,7 +1558,7 @@ dns_dnssec_keylistfromrdataset(const dns_name_t *origin, dns_kasp_t *kasp,
if (result == ISC_R_FILENOTFOUND || result == ISC_R_NOPERM) {
result = ISC_R_SUCCESS;
}
RETERR(result);
CHECK(result);
if (kasp != NULL && dns_kasp_offlineksk(kasp) &&
(dst_key_flags(dnskey) & DNS_KEYFLAG_KSK) != 0)
@ -1663,7 +1641,7 @@ dns_dnssec_keylistfromrdataset(const dns_name_t *origin, dns_kasp_t *kasp,
}
goto skip;
}
RETERR(result);
CHECK(result);
/*
* Whatever the key's default TTL may have
@ -1685,16 +1663,16 @@ dns_dnssec_keylistfromrdataset(const dns_name_t *origin, dns_kasp_t *kasp,
}
if (keysigs != NULL && dns_rdataset_isassociated(keysigs)) {
RETERR(mark_active_keys(keylist, keysigs));
CHECK(mark_active_keys(keylist, keysigs));
}
if (soasigs != NULL && dns_rdataset_isassociated(soasigs)) {
RETERR(mark_active_keys(keylist, soasigs));
CHECK(mark_active_keys(keylist, soasigs));
}
result = ISC_R_SUCCESS;
failure:
cleanup:
if (dns_rdataset_isassociated(&keys)) {
dns_rdataset_disassociate(&keys);
}
@ -1713,15 +1691,11 @@ failure:
isc_result_t
dns_dnssec_make_dnskey(dst_key_t *key, unsigned char *buf, int bufsize,
dns_rdata_t *target) {
isc_result_t result;
isc_buffer_t b;
isc_region_t r;
isc_buffer_init(&b, buf, bufsize);
result = dst_key_todns(key, &b);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dst_key_todns(key, &b));
dns_rdata_reset(target);
isc_buffer_usedregion(&b, &r);
@ -1758,7 +1732,7 @@ publish_key(dns_diff_t *diff, dns_dnsseckey_t *key, const dns_name_t *origin,
dns_rdata_t dnskey = DNS_RDATA_INIT;
dns_rdata_reset(&dnskey);
RETERR(dns_dnssec_make_dnskey(key->key, buf, sizeof(buf), &dnskey));
CHECK(dns_dnssec_make_dnskey(key->key, buf, sizeof(buf), &dnskey));
dst_key_format(key->key, keystr, sizeof(keystr));
report("Fetching %s (%s) from key %s.", keystr,
@ -1779,7 +1753,7 @@ publish_key(dns_diff_t *diff, dns_dnsseckey_t *key, const dns_name_t *origin,
/* publish key */
addrdata(&dnskey, diff, origin, ttl, mctx);
failure:
cleanup:
return result;
}
@ -1798,10 +1772,10 @@ remove_key(dns_diff_t *diff, dns_dnsseckey_t *key, const dns_name_t *origin,
report("Removing %s key %s/%d/%s from DNSKEY RRset.", reason, namebuf,
dst_key_id(key->key), alg);
RETERR(dns_dnssec_make_dnskey(key->key, buf, sizeof(buf), &dnskey));
CHECK(dns_dnssec_make_dnskey(key->key, buf, sizeof(buf), &dnskey));
delrdata(&dnskey, diff, origin, ttl, mctx);
failure:
cleanup:
return result;
}
@ -1863,16 +1837,12 @@ static isc_result_t
delete_cds(dns_dnsseckey_t *key, dns_rdata_t *keyrdata, const char *keystr,
dns_rdataset_t *cds, unsigned int digesttype, dns_diff_t *diff,
isc_mem_t *mctx) {
isc_result_t r;
unsigned char dsbuf[DNS_DS_BUFFERSIZE];
dns_rdata_t cdsrdata = DNS_RDATA_INIT;
dns_name_t *origin = dst_key_name(key->key);
r = dns_ds_buildrdata(origin, keyrdata, digesttype, dsbuf,
sizeof(dsbuf), &cdsrdata);
if (r != ISC_R_SUCCESS) {
return r;
}
RETERR(dns_ds_buildrdata(origin, keyrdata, digesttype, dsbuf,
sizeof(dsbuf), &cdsrdata));
cdsrdata.type = dns_rdatatype_cds;
if (exists(cds, &cdsrdata)) {
@ -1915,8 +1885,8 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys,
dns_rdata_t cdnskeyrdata = DNS_RDATA_INIT;
dns_name_t *origin = dst_key_name(key->key);
RETERR(dns_dnssec_make_dnskey(key->key, keybuf, sizeof(keybuf),
&cdnskeyrdata));
CHECK(dns_dnssec_make_dnskey(key->key, keybuf, sizeof(keybuf),
&cdnskeyrdata));
cdnskeyrdata.type = dns_rdatatype_cdnskey;
if (syncpublish(key->key, now)) {
@ -1924,10 +1894,9 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys,
dst_key_format(key->key, keystr, sizeof(keystr));
ISC_LIST_FOREACH(*digests, alg, link) {
RETERR(add_cds(key, &cdnskeyrdata,
(const char *)keystr, cds,
alg->digest, cdsttl, diff,
mctx));
CHECK(add_cds(key, &cdnskeyrdata,
(const char *)keystr, cds,
alg->digest, cdsttl, diff, mctx));
}
if (gencdnskey &&
@ -1992,8 +1961,8 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys,
char keystr[DST_KEY_FORMATSIZE];
dst_key_format(key->key, keystr, sizeof(keystr));
RETERR(dns_dnssec_make_dnskey(key->key, keybuf, sizeof(keybuf),
&cdnskeyrdata));
CHECK(dns_dnssec_make_dnskey(key->key, keybuf, sizeof(keybuf),
&cdnskeyrdata));
if (dns_rdataset_isassociated(cds)) {
delete_cds(key, &cdnskeyrdata, (const char *)keystr,
@ -2019,7 +1988,7 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys,
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -2125,8 +2094,8 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
if (key->source == dns_keysource_user &&
(key->hint_publish || key->force_publish))
{
RETERR(publish_key(diff, key, origin, ttl, mctx,
report));
CHECK(publish_key(diff, key, origin, ttl, mctx,
report));
}
if (key->source == dns_keysource_zoneapex) {
ttl = dst_key_getttl(key->key);
@ -2195,8 +2164,8 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
if (key1->source != dns_keysource_zoneapex &&
(key1->hint_publish || key1->force_publish))
{
RETERR(publish_key(diff, key1, origin, ttl,
mctx, report));
CHECK(publish_key(diff, key1, origin, ttl, mctx,
report));
isc_log_write(
DNS_LOGCATEGORY_DNSSEC,
DNS_LOGMODULE_DNSSEC, ISC_LOG_INFO,
@ -2230,8 +2199,8 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
/* Match found: remove or update it as needed */
if (key1->hint_remove) {
RETERR(remove_key(diff, key2, origin, ttl, mctx,
"expired", report));
CHECK(remove_key(diff, key2, origin, ttl, mctx,
"expired", report));
ISC_LIST_UNLINK(*keys, key2, link);
if (removed != NULL) {
@ -2254,8 +2223,8 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
* We need to remove the old version and pull
* in the new one.
*/
RETERR(remove_key(diff, key2, origin, ttl, mctx,
"revoked", report));
CHECK(remove_key(diff, key2, origin, ttl, mctx,
"revoked", report));
ISC_LIST_UNLINK(*keys, key2, link);
if (removed != NULL) {
ISC_LIST_APPEND(*removed, key2, link);
@ -2272,8 +2241,8 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
dns_dnsseckey_destroy(mctx, &key2);
}
RETERR(publish_key(diff, key1, origin, ttl, mctx,
report));
CHECK(publish_key(diff, key1, origin, ttl, mctx,
report));
ISC_LIST_UNLINK(*newkeys, key1, link);
ISC_LIST_APPEND(*keys, key1, link);
@ -2323,7 +2292,7 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}

41
lib/dns/dnstap.c
View file

@ -120,13 +120,6 @@ struct dns_dtenv {
isc_stats_t *stats;
};
#define CHECK(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
typedef struct ioq {
unsigned int generation;
struct fstrm_iothr_queue *ioq;
@ -171,13 +164,13 @@ dns_dt_create(isc_mem_t *mctx, dns_dtmode_t mode, const char *path,
fwopt = fstrm_writer_options_init();
if (fwopt == NULL) {
CHECK(ISC_R_NOMEMORY);
CLEANUP(ISC_R_NOMEMORY);
}
res = fstrm_writer_options_add_content_type(
fwopt, DNSTAP_CONTENT_TYPE, sizeof(DNSTAP_CONTENT_TYPE) - 1);
if (res != fstrm_res_success) {
CHECK(ISC_R_FAILURE);
CLEANUP(ISC_R_FAILURE);
}
if (mode == dns_dtmode_file) {
@ -194,11 +187,11 @@ dns_dt_create(isc_mem_t *mctx, dns_dtmode_t mode, const char *path,
fw = fstrm_unix_writer_init(fuwopt, fwopt);
}
} else {
CHECK(ISC_R_FAILURE);
CLEANUP(ISC_R_FAILURE);
}
if (fw == NULL) {
CHECK(ISC_R_FAILURE);
CLEANUP(ISC_R_FAILURE);
}
env->iothr = fstrm_iothr_init(*foptp, &fw);
@ -207,7 +200,7 @@ dns_dt_create(isc_mem_t *mctx, dns_dtmode_t mode, const char *path,
ISC_LOG_WARNING,
"unable to initialize dnstap I/O thread");
fstrm_writer_destroy(&fw);
CHECK(ISC_R_FAILURE);
CLEANUP(ISC_R_FAILURE);
}
env->mode = mode;
env->max_size = 0;
@ -288,13 +281,13 @@ dns_dt_reopen(dns_dtenv_t *env, int roll) {
*/
fwopt = fstrm_writer_options_init();
if (fwopt == NULL) {
CHECK(ISC_R_NOMEMORY);
CLEANUP(ISC_R_NOMEMORY);
}
res = fstrm_writer_options_add_content_type(
fwopt, DNSTAP_CONTENT_TYPE, sizeof(DNSTAP_CONTENT_TYPE) - 1);
if (res != fstrm_res_success) {
CHECK(ISC_R_FAILURE);
CLEANUP(ISC_R_FAILURE);
}
if (env->mode == dns_dtmode_file) {
@ -311,11 +304,11 @@ dns_dt_reopen(dns_dtenv_t *env, int roll) {
fw = fstrm_unix_writer_init(fuwopt, fwopt);
}
} else {
CHECK(ISC_R_NOTIMPLEMENTED);
CLEANUP(ISC_R_NOTIMPLEMENTED);
}
if (fw == NULL) {
CHECK(ISC_R_FAILURE);
CLEANUP(ISC_R_FAILURE);
}
/*
@ -357,7 +350,7 @@ dns_dt_reopen(dns_dtenv_t *env, int roll) {
isc_log_write(DNS_LOGCATEGORY_DNSTAP, DNS_LOGMODULE_DNSTAP,
ISC_LOG_WARNING,
"unable to initialize dnstap I/O thread");
CHECK(ISC_R_FAILURE);
CLEANUP(ISC_R_FAILURE);
}
cleanup:
@ -945,23 +938,23 @@ dns_dt_open(const char *filename, dns_dtmode_t mode, isc_mem_t *mctx,
case dns_dtmode_file:
fopt = fstrm_file_options_init();
if (fopt == NULL) {
CHECK(ISC_R_NOMEMORY);
CLEANUP(ISC_R_NOMEMORY);
}
fstrm_file_options_set_file_path(fopt, filename);
handle->reader = fstrm_file_reader_init(fopt, NULL);
if (handle->reader == NULL) {
CHECK(ISC_R_NOMEMORY);
CLEANUP(ISC_R_NOMEMORY);
}
res = fstrm_reader_open(handle->reader);
if (res != fstrm_res_success) {
CHECK(ISC_R_FAILURE);
CLEANUP(ISC_R_FAILURE);
}
if (!dnstap_file(handle->reader)) {
CHECK(DNS_R_BADDNSTAP);
CLEANUP(DNS_R_BADDNSTAP);
}
break;
case dns_dtmode_unix:
@ -1050,13 +1043,13 @@ dns_dt_parse(isc_mem_t *mctx, isc_region_t *src, dns_dtdata_t **destp) {
d->frame = dnstap__dnstap__unpack(NULL, src->length, src->base);
if (d->frame == NULL) {
CHECK(ISC_R_NOMEMORY);
CLEANUP(ISC_R_NOMEMORY);
}
frame = (Dnstap__Dnstap *)d->frame;
if (frame->type != DNSTAP__DNSTAP__TYPE__MESSAGE) {
CHECK(DNS_R_BADDNSTAP);
CLEANUP(DNS_R_BADDNSTAP);
}
m = frame->message;
@ -1106,7 +1099,7 @@ dns_dt_parse(isc_mem_t *mctx, isc_region_t *src, dns_dtdata_t **destp) {
d->type = DNS_DTTYPE_UR;
break;
default:
CHECK(DNS_R_BADDNSTAP);
CLEANUP(DNS_R_BADDNSTAP);
}
/* Query? */

5
lib/dns/ds.c
View file

@ -186,10 +186,7 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key,
dns_rdata_ds_t ds;
isc_buffer_t b;
result = dns_ds_fromkeyrdata(owner, key, digest_type, digest, len, &ds);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_ds_fromkeyrdata(owner, key, digest_type, digest, len, &ds));
memset(buffer, 0, DNS_DS_BUFFERSIZE);
isc_buffer_init(&b, buffer, DNS_DS_BUFFERSIZE);

251
lib/dns/dst_api.c
View file

@ -68,36 +68,27 @@
#define DST_AS_STR(t) ((t).value.as_textregion.base)
#define NEXTTOKEN(lex, opt, token) \
{ \
ret = isc_lex_gettoken(lex, opt, token); \
if (ret != ISC_R_SUCCESS) \
goto cleanup; \
}
#define NEXTTOKEN(lex, opt, token) CHECK(isc_lex_gettoken(lex, opt, token))
#define NEXTTOKEN_OR_EOF(lex, opt, token) \
do { \
ret = isc_lex_gettoken(lex, opt, token); \
if (ret == ISC_R_EOF) \
break; \
if (ret != ISC_R_SUCCESS) \
goto cleanup; \
#define NEXTTOKEN_OR_EOF(lex, opt, token) \
do { \
result = isc_lex_gettoken(lex, opt, token); \
if (result == ISC_R_EOF) { \
break; \
} \
CHECK(result); \
} while ((*token).type == isc_tokentype_eol);
#define READLINE(lex, opt, token) \
do { \
ret = isc_lex_gettoken(lex, opt, token); \
if (ret == ISC_R_EOF) \
break; \
if (ret != ISC_R_SUCCESS) \
goto cleanup; \
#define READLINE(lex, opt, token) \
do { \
result = isc_lex_gettoken(lex, opt, token); \
if (result == ISC_R_EOF) { \
break; \
} \
CHECK(result); \
} while ((*token).type != isc_tokentype_eol)
#define BADTOKEN() \
{ \
ret = ISC_R_UNEXPECTEDTOKEN; \
goto cleanup; \
}
#define BADTOKEN() CLEANUP(ISC_R_UNEXPECTEDTOKEN)
static const char *numerictags[DST_MAX_NUMERIC] = {
[DST_NUM_PREDECESSOR] = "Predecessor:",
@ -193,13 +184,6 @@ static isc_result_t
addsuffix(char *filename, int len, const char *dirname, const char *ofilename,
const char *suffix);
#define RETERR(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto out; \
} while (0)
#define CHECKALG(alg) \
do { \
isc_result_t _r; \
@ -383,8 +367,6 @@ dst_context_verify(dst_context_t *dctx, isc_region_t *sig) {
isc_result_t
dst_key_tofile(const dst_key_t *key, int type, const char *directory) {
isc_result_t ret = ISC_R_SUCCESS;
REQUIRE(VALID_KEY(key));
REQUIRE((type &
(DST_TYPE_PRIVATE | DST_TYPE_PUBLIC | DST_TYPE_STATE)) != 0);
@ -396,17 +378,11 @@ dst_key_tofile(const dst_key_t *key, int type, const char *directory) {
}
if ((type & DST_TYPE_PUBLIC) != 0) {
ret = write_public_key(key, type, directory);
if (ret != ISC_R_SUCCESS) {
return ret;
}
RETERR(write_public_key(key, type, directory));
}
if ((type & DST_TYPE_STATE) != 0) {
ret = write_key_state(key, type, directory);
if (ret != ISC_R_SUCCESS) {
return ret;
}
RETERR(write_key_state(key, type, directory));
}
if (((type & DST_TYPE_PRIVATE) != 0) &&
@ -497,32 +473,20 @@ dst_key_fromfile(dns_name_t *name, dns_keytag_t id, unsigned int alg, int type,
key = NULL;
isc_buffer_init(&buf, filename, NAME_MAX);
result = dst_key_getfilename(name, id, alg, type, NULL, mctx, &buf);
if (result != ISC_R_SUCCESS) {
goto out;
}
result = dst_key_fromnamedfile(filename, directory, type, mctx, &key);
if (result != ISC_R_SUCCESS) {
goto out;
}
result = computeid(key);
if (result != ISC_R_SUCCESS) {
goto out;
}
CHECK(dst_key_getfilename(name, id, alg, type, NULL, mctx, &buf));
CHECK(dst_key_fromnamedfile(filename, directory, type, mctx, &key));
CHECK(computeid(key));
if (!dns_name_equal(name, key->key_name) || id != key->key_id ||
alg != key->key_alg)
{
result = DST_R_INVALIDPRIVATEKEY;
goto out;
CLEANUP(DST_R_INVALIDPRIVATEKEY);
}
*keyp = key;
result = ISC_R_SUCCESS;
out:
cleanup:
if ((key != NULL) && (result != ISC_R_SUCCESS)) {
dst_key_free(&key);
}
@ -558,7 +522,7 @@ dst_key_fromnamedfile(const char *filename, const char *dirname, int type,
".key");
INSIST(result == ISC_R_SUCCESS);
RETERR(dst_key_read_public(newfilename, type, mctx, &pubkey));
CHECK(dst_key_read_public(newfilename, type, mctx, &pubkey));
isc_mem_put(mctx, newfilename, newfilenamelen);
/*
@ -584,20 +548,20 @@ dst_key_fromnamedfile(const char *filename, const char *dirname, int type,
/* Having no state is valid. */
result = ISC_R_SUCCESS;
}
RETERR(result);
CHECK(result);
}
if ((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC)) == DST_TYPE_PUBLIC ||
(pubkey->key_flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY)
{
RETERR(computeid(pubkey));
CHECK(computeid(pubkey));
pubkey->modified = false;
*keyp = pubkey;
pubkey = NULL;
goto out;
goto cleanup;
}
RETERR(algorithm_status(pubkey->key_alg));
CHECK(algorithm_status(pubkey->key_alg));
key = get_key_struct(pubkey->key_name, pubkey->key_alg,
pubkey->key_flags, pubkey->key_proto,
@ -605,7 +569,7 @@ dst_key_fromnamedfile(const char *filename, const char *dirname, int type,
pubkey->key_ttl, mctx);
if (key->func->parse == NULL) {
RETERR(DST_R_UNSUPPORTEDALG);
CLEANUP(DST_R_UNSUPPORTEDALG);
}
newfilenamelen = strlen(filename) + 9;
@ -618,10 +582,10 @@ dst_key_fromnamedfile(const char *filename, const char *dirname, int type,
INSIST(result == ISC_R_SUCCESS);
isc_lex_create(mctx, 1500, &lex);
RETERR(isc_lex_openfile(lex, newfilename));
CHECK(isc_lex_openfile(lex, newfilename));
isc_mem_put(mctx, newfilename, newfilenamelen);
RETERR(key->func->parse(key, lex, pubkey));
CHECK(key->func->parse(key, lex, pubkey));
isc_lex_destroy(&lex);
key->kasp = false;
@ -633,13 +597,13 @@ dst_key_fromnamedfile(const char *filename, const char *dirname, int type,
/* Having no state is valid. */
result = ISC_R_SUCCESS;
}
RETERR(result);
CHECK(result);
}
RETERR(computeid(key));
CHECK(computeid(key));
if (pubkey->key_id != key->key_id) {
RETERR(DST_R_INVALIDPRIVATEKEY);
CLEANUP(DST_R_INVALIDPRIVATEKEY);
}
key->modified = false;
@ -650,7 +614,7 @@ dst_key_fromnamedfile(const char *filename, const char *dirname, int type,
*keyp = key;
key = NULL;
out:
cleanup:
if (pubkey != NULL) {
dst_key_free(&pubkey);
}
@ -711,7 +675,6 @@ dst_key_fromdns(const dns_name_t *name, dns_rdataclass_t rdclass,
dst_key_t *key = NULL;
dns_keytag_t id, rid;
isc_region_t r;
isc_result_t result;
isc_buffer_remainingregion(source, &r);
@ -733,11 +696,8 @@ dst_key_fromdns(const dns_name_t *name, dns_rdataclass_t rdclass,
flags |= (extflags << 16);
}
result = frombuffer(name, alg, flags, proto, rdclass, source, mctx,
&key);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(frombuffer(name, alg, flags, proto, rdclass, source, mctx,
&key));
key->key_id = id;
key->key_rid = rid;
@ -752,11 +712,8 @@ dst_key_frombuffer(const dns_name_t *name, unsigned int alg, unsigned int flags,
dst_key_t *key = NULL;
isc_result_t result;
result = frombuffer(name, alg, flags, protocol, rdclass, source, mctx,
&key);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(frombuffer(name, alg, flags, protocol, rdclass, source, mctx,
&key));
result = computeid(key);
if (result != ISC_R_SUCCESS) {
@ -808,13 +765,13 @@ dst_key_fromgssapi(const dns_name_t *name, dns_gss_ctx_id_t gssctx,
*/
isc_buffer_allocate(key->mctx, &key->key_tkeytoken,
intoken->length);
RETERR(isc_buffer_copyregion(key->key_tkeytoken, intoken));
CHECK(isc_buffer_copyregion(key->key_tkeytoken, intoken));
}
key->keydata.gssctx = gssctx;
*keyp = key;
result = ISC_R_SUCCESS;
out:
cleanup:
if (result != ISC_R_SUCCESS) {
dst_key_free(&key);
}
@ -955,7 +912,7 @@ dst_key_generate(const dns_name_t *name, unsigned int alg, unsigned int bits,
dns_rdataclass_t rdclass, const char *label, isc_mem_t *mctx,
dst_key_t **keyp, void (*callback)(int)) {
dst_key_t *key;
isc_result_t ret;
isc_result_t result;
REQUIRE(dns_name_isabsolute(name));
REQUIRE(mctx != NULL);
@ -981,16 +938,16 @@ dst_key_generate(const dns_name_t *name, unsigned int alg, unsigned int bits,
return DST_R_UNSUPPORTEDALG;
}
ret = key->func->generate(key, param, callback);
if (ret != ISC_R_SUCCESS) {
result = key->func->generate(key, param, callback);
if (result != ISC_R_SUCCESS) {
dst_key_free(&key);
return ret;
return result;
}
ret = computeid(key);
if (ret != ISC_R_SUCCESS) {
result = computeid(key);
if (result != ISC_R_SUCCESS) {
dst_key_free(&key);
return ret;
return result;
}
*keyp = key;
@ -1514,13 +1471,12 @@ dst_key_read_public(const char *filename, int type, isc_mem_t *mctx,
dns_fixedname_t name;
isc_lex_t *lex = NULL;
isc_token_t token;
isc_result_t ret;
isc_result_t result;
dns_rdata_t rdata = DNS_RDATA_INIT;
unsigned int opt = ISC_LEXOPT_DNSMULTILINE | ISC_LEXOPT_ESCAPE;
dns_rdataclass_t rdclass = dns_rdataclass_in;
isc_lexspecials_t specials;
uint32_t ttl = 0;
isc_result_t result;
dns_rdatatype_t keytype;
/*
@ -1540,10 +1496,7 @@ dst_key_read_public(const char *filename, int type, isc_mem_t *mctx,
isc_lex_setspecials(lex, specials);
isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE);
ret = isc_lex_openfile(lex, filename);
if (ret != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(isc_lex_openfile(lex, filename));
/* Read the domain name */
NEXTTOKEN(lex, opt, &token);
@ -1561,10 +1514,8 @@ dst_key_read_public(const char *filename, int type, isc_mem_t *mctx,
dns_fixedname_init(&name);
isc_buffer_init(&b, DST_AS_STR(token), strlen(DST_AS_STR(token)));
isc_buffer_add(&b, strlen(DST_AS_STR(token)));
ret = dns_name_fromtext(dns_fixedname_name(&name), &b, dns_rootname, 0);
if (ret != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_name_fromtext(dns_fixedname_name(&name), &b, dns_rootname,
0));
/* Read the next word: either TTL, class, or 'KEY' */
NEXTTOKEN(lex, opt, &token);
@ -1583,8 +1534,8 @@ dst_key_read_public(const char *filename, int type, isc_mem_t *mctx,
BADTOKEN();
}
ret = dns_rdataclass_fromtext(&rdclass, &token.value.as_textregion);
if (ret == ISC_R_SUCCESS) {
result = dns_rdataclass_fromtext(&rdclass, &token.value.as_textregion);
if (result == ISC_R_SUCCESS) {
NEXTTOKEN(lex, opt, &token);
}
@ -1603,22 +1554,16 @@ dst_key_read_public(const char *filename, int type, isc_mem_t *mctx,
if (((type & DST_TYPE_KEY) != 0 && keytype != dns_rdatatype_key) ||
((type & DST_TYPE_KEY) == 0 && keytype != dns_rdatatype_dnskey))
{
ret = DST_R_BADKEYTYPE;
result = DST_R_BADKEYTYPE;
goto cleanup;
}
isc_buffer_init(&b, rdatabuf, sizeof(rdatabuf));
ret = dns_rdata_fromtext(&rdata, rdclass, keytype, lex, NULL, false,
mctx, &b, NULL);
if (ret != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_rdata_fromtext(&rdata, rdclass, keytype, lex, NULL, false,
mctx, &b, NULL));
ret = dst_key_fromdns(dns_fixedname_name(&name), rdclass, &b, mctx,
keyp);
if (ret != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dst_key_fromdns(dns_fixedname_name(&name), rdclass, &b, mctx,
keyp));
dst_key_setttl(*keyp, ttl);
@ -1626,7 +1571,7 @@ cleanup:
if (lex != NULL) {
isc_lex_destroy(&lex);
}
return ret;
return result;
}
static int
@ -1677,16 +1622,13 @@ isc_result_t
dst_key_read_state(const char *filename, isc_mem_t *mctx, dst_key_t **keyp) {
isc_lex_t *lex = NULL;
isc_token_t token;
isc_result_t ret;
isc_result_t result;
unsigned int opt = ISC_LEXOPT_EOL;
isc_lex_create(mctx, 1500, &lex);
isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE);
ret = isc_lex_openfile(lex, filename);
if (ret != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(isc_lex_openfile(lex, filename));
/*
* Read the comment line.
@ -1738,7 +1680,7 @@ dst_key_read_state(const char *filename, isc_mem_t *mctx, dst_key_t **keyp) {
int tag;
NEXTTOKEN_OR_EOF(lex, opt, &token);
if (ret == ISC_R_EOF) {
if (result == ISC_R_EOF) {
break;
}
if (token.type != isc_tokentype_string) {
@ -1791,10 +1733,7 @@ dst_key_read_state(const char *filename, isc_mem_t *mctx, dst_key_t **keyp) {
BADTOKEN();
}
ret = dns_time32_fromtext(DST_AS_STR(token), &when);
if (ret != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_time32_fromtext(DST_AS_STR(token), &when));
dst_key_settime(*keyp, tag, when);
goto next;
@ -1812,10 +1751,7 @@ dst_key_read_state(const char *filename, isc_mem_t *mctx, dst_key_t **keyp) {
BADTOKEN();
}
ret = keystate_fromtext(DST_AS_STR(token), &state);
if (ret != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(keystate_fromtext(DST_AS_STR(token), &state));
dst_key_setstate(*keyp, tag, state);
goto next;
@ -1826,13 +1762,13 @@ dst_key_read_state(const char *filename, isc_mem_t *mctx, dst_key_t **keyp) {
}
/* Done, successfully parsed the whole file. */
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
cleanup:
if (lex != NULL) {
isc_lex_destroy(&lex);
}
return ret;
return result;
}
static bool
@ -1957,17 +1893,10 @@ write_key_state(const dst_key_t *key, int type, const char *directory) {
* Make the filename.
*/
isc_buffer_init(&fileb, filename, sizeof(filename));
result = dst_key_buildfilename(key, DST_TYPE_STATE, directory, &fileb);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dst_key_buildfilename(key, DST_TYPE_STATE, directory, &fileb));
isc_buffer_init(&tmpb, tmpname, sizeof(tmpname));
result = dst_key_buildfilename(key, DST_TYPE_TEMPLATE, directory,
&tmpb);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dst_key_buildfilename(key, DST_TYPE_TEMPLATE, directory, &tmpb));
mode_t mode = issymmetric(key) ? S_IRUSR | S_IWUSR
: S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH;
@ -2050,10 +1979,7 @@ write_public_key(const dst_key_t *key, int type, const char *directory) {
isc_buffer_init(&textb, text_array, sizeof(text_array));
isc_buffer_init(&classb, class_array, sizeof(class_array));
result = dst_key_todns(key, &keyb);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dst_key_todns(key, &keyb));
isc_buffer_usedregion(&keyb, &r);
dns_rdata_fromregion(&rdata, key->key_class, dns_rdatatype_dnskey, &r);
@ -2072,17 +1998,10 @@ write_public_key(const dst_key_t *key, int type, const char *directory) {
* Make the filename.
*/
isc_buffer_init(&fileb, filename, sizeof(filename));
result = dst_key_buildfilename(key, DST_TYPE_PUBLIC, directory, &fileb);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dst_key_buildfilename(key, DST_TYPE_PUBLIC, directory, &fileb));
isc_buffer_init(&tmpb, tmpname, sizeof(tmpname));
result = dst_key_buildfilename(key, DST_TYPE_TEMPLATE, directory,
&tmpb);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dst_key_buildfilename(key, DST_TYPE_TEMPLATE, directory, &tmpb));
/* Create temporary public key file. */
mode_t mode = issymmetric(key) ? S_IRUSR | S_IWUSR
@ -2153,7 +2072,6 @@ static isc_result_t
buildfilename(dns_name_t *name, dns_keytag_t id, unsigned int alg,
unsigned int type, const char *directory, isc_buffer_t *out) {
const char *suffix = "";
isc_result_t result;
REQUIRE(out != NULL);
REQUIRE(alg != 0 && alg != DST_ALG_PRIVATEOID &&
@ -2184,10 +2102,7 @@ buildfilename(dns_name_t *name, dns_keytag_t id, unsigned int alg,
return ISC_R_NOSPACE;
}
isc_buffer_putstr(out, "K");
result = dns_name_tofilenametext(name, false, out);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_name_tofilenametext(name, false, out));
return isc_buffer_printf(out, "+%03d+%05d%s", alg, id, suffix);
}
@ -2197,13 +2112,9 @@ computeid(dst_key_t *key) {
isc_buffer_t dnsbuf;
unsigned char dns_array[DST_KEY_MAXSIZE];
isc_region_t r;
isc_result_t ret;
isc_buffer_init(&dnsbuf, dns_array, sizeof(dns_array));
ret = dst_key_todns(key, &dnsbuf);
if (ret != ISC_R_SUCCESS) {
return ret;
}
RETERR(dst_key_todns(key, &dnsbuf));
isc_buffer_usedregion(&dnsbuf, &r);
key->key_id = dst_region_computeid(&r);
@ -2216,7 +2127,7 @@ frombuffer(const dns_name_t *name, unsigned int alg, unsigned int flags,
unsigned int protocol, dns_rdataclass_t rdclass,
isc_buffer_t *source, isc_mem_t *mctx, dst_key_t **keyp) {
dst_key_t *key;
isc_result_t ret;
isc_result_t result;
REQUIRE(dns_name_isabsolute(name));
REQUIRE(source != NULL);
@ -2242,20 +2153,20 @@ frombuffer(const dns_name_t *name, unsigned int alg, unsigned int flags,
key = get_key_struct(name, alg, flags, protocol, 0, rdclass, 0, mctx);
if (isc_buffer_remaininglength(source) > 0) {
ret = algorithm_status(alg);
if (ret != ISC_R_SUCCESS) {
result = algorithm_status(alg);
if (result != ISC_R_SUCCESS) {
dst_key_free(&key);
return ret;
return result;
}
if (key->func->fromdns == NULL) {
dst_key_free(&key);
return DST_R_UNSUPPORTEDALG;
}
ret = key->func->fromdns(key, source);
if (ret != ISC_R_SUCCESS) {
result = key->func->fromdns(key, source);
if (result != ISC_R_SUCCESS) {
dst_key_free(&key);
return ret;
return result;
}
}

155
lib/dns/dst_parse.c
View file

@ -184,7 +184,8 @@ check_rsa(const dst_private_t *priv, bool external) {
unsigned int mask;
if (external) {
return (priv->nelements == 0) ? 0 : -1;
return (priv->nelements == 0) ? ISC_R_SUCCESS
: DST_R_INVALIDPRIVATEKEY;
}
for (i = 0; i < RSA_NTAGS; i++) {
@ -198,7 +199,7 @@ check_rsa(const dst_private_t *priv, bool external) {
}
}
if (i == RSA_NTAGS) {
return -1;
return DST_R_INVALIDPRIVATEKEY;
}
have[i] = true;
}
@ -218,7 +219,7 @@ check_rsa(const dst_private_t *priv, bool external) {
have[TAG_RSA_EXPONENT2 & mask] &&
have[TAG_RSA_COEFFICIENT & mask];
}
return ok ? 0 : -1;
return ok ? ISC_R_SUCCESS : DST_R_INVALIDPRIVATEKEY;
}
static int
@ -229,7 +230,8 @@ check_ecdsa(const dst_private_t *priv, bool external) {
unsigned int mask;
if (external) {
return (priv->nelements == 0) ? 0 : -1;
return (priv->nelements == 0) ? ISC_R_SUCCESS
: DST_R_INVALIDPRIVATEKEY;
}
for (i = 0; i < ECDSA_NTAGS; i++) {
@ -242,7 +244,7 @@ check_ecdsa(const dst_private_t *priv, bool external) {
}
}
if (i == ECDSA_NTAGS) {
return -1;
return DST_R_INVALIDPRIVATEKEY;
}
have[i] = true;
}
@ -251,10 +253,10 @@ check_ecdsa(const dst_private_t *priv, bool external) {
ok = have[TAG_ECDSA_LABEL & mask] || have[TAG_ECDSA_PRIVATEKEY & mask];
return ok ? 0 : -1;
return ok ? ISC_R_SUCCESS : DST_R_INVALIDPRIVATEKEY;
}
static int
static isc_result_t
check_eddsa(const dst_private_t *priv, bool external) {
int i, j;
bool have[EDDSA_NTAGS];
@ -262,7 +264,8 @@ check_eddsa(const dst_private_t *priv, bool external) {
unsigned int mask;
if (external) {
return (priv->nelements == 0) ? 0 : -1;
return (priv->nelements == 0) ? ISC_R_SUCCESS
: DST_R_INVALIDPRIVATEKEY;
}
for (i = 0; i < EDDSA_NTAGS; i++) {
@ -275,7 +278,7 @@ check_eddsa(const dst_private_t *priv, bool external) {
}
}
if (i == EDDSA_NTAGS) {
return -1;
return DST_R_INVALIDPRIVATEKEY;
}
have[i] = true;
}
@ -284,10 +287,10 @@ check_eddsa(const dst_private_t *priv, bool external) {
ok = have[TAG_EDDSA_LABEL & mask] || have[TAG_EDDSA_PRIVATEKEY & mask];
return ok ? 0 : -1;
return ok ? ISC_R_SUCCESS : DST_R_INVALIDPRIVATEKEY;
}
static int
static isc_result_t
check_hmac_md5(const dst_private_t *priv, bool old) {
int i, j;
@ -299,9 +302,9 @@ check_hmac_md5(const dst_private_t *priv, bool old) {
if (old && priv->nelements == OLD_HMACMD5_NTAGS &&
priv->elements[0].tag == TAG_HMACMD5_KEY)
{
return 0;
return ISC_R_SUCCESS;
}
return -1;
return DST_R_INVALIDPRIVATEKEY;
}
/*
* We must be new format at this point.
@ -313,18 +316,18 @@ check_hmac_md5(const dst_private_t *priv, bool old) {
}
}
if (j == priv->nelements) {
return -1;
return DST_R_INVALIDPRIVATEKEY;
}
}
return 0;
}
static int
static isc_result_t
check_hmac_sha(const dst_private_t *priv, unsigned int ntags,
unsigned int alg) {
unsigned int i, j;
if (priv->nelements != ntags) {
return -1;
return DST_R_INVALIDPRIVATEKEY;
}
for (i = 0; i < ntags; i++) {
for (j = 0; j < priv->nelements; j++) {
@ -333,13 +336,13 @@ check_hmac_sha(const dst_private_t *priv, unsigned int ntags,
}
}
if (j == priv->nelements) {
return -1;
return DST_R_INVALIDPRIVATEKEY;
}
}
return 0;
return ISC_R_SUCCESS;
}
static int
static isc_result_t
check_data(const dst_private_t *priv, const unsigned int alg, bool old,
bool external) {
switch (alg) {
@ -394,13 +397,13 @@ dst__privstruct_free(dst_private_t *priv, isc_mem_t *mctx) {
isc_result_t
dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
isc_mem_t *mctx, dst_private_t *priv) {
int n = 0, major, minor, check;
int n = 0, major, minor;
isc_buffer_t b;
isc_token_t token;
unsigned char *data = NULL;
unsigned int opt = ISC_LEXOPT_EOL;
isc_stdtime_t when;
isc_result_t ret;
isc_result_t result;
bool external = false;
REQUIRE(priv != NULL);
@ -408,20 +411,19 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
priv->nelements = 0;
memset(priv->elements, 0, sizeof(priv->elements));
#define NEXTTOKEN(lex, opt, token) \
do { \
ret = isc_lex_gettoken(lex, opt, token); \
if (ret != ISC_R_SUCCESS) \
goto fail; \
#define NEXTTOKEN(lex, opt, token) \
do { \
CHECK(isc_lex_gettoken(lex, opt, token)); \
} while (0)
#define READLINE(lex, opt, token) \
do { \
ret = isc_lex_gettoken(lex, opt, token); \
if (ret == ISC_R_EOF) \
break; \
else if (ret != ISC_R_SUCCESS) \
goto fail; \
#define READLINE(lex, opt, token) \
do { \
result = isc_lex_gettoken(lex, opt, token); \
if (result == ISC_R_EOF) { \
break; \
} else if (result != ISC_R_SUCCESS) { \
goto cleanup; \
} \
} while ((*token).type != isc_tokentype_eol)
/*
@ -431,24 +433,24 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
if (token.type != isc_tokentype_string ||
strcmp(DST_AS_STR(token), PRIVATE_KEY_STR) != 0)
{
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
NEXTTOKEN(lex, opt, &token);
if (token.type != isc_tokentype_string || (DST_AS_STR(token))[0] != 'v')
{
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
if (sscanf(DST_AS_STR(token), "v%d.%d", &major, &minor) != 2) {
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
if (major > DST_MAJOR_VERSION) {
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
/*
@ -465,16 +467,16 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
if (token.type != isc_tokentype_string ||
strcmp(DST_AS_STR(token), ALGORITHM_STR) != 0)
{
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
NEXTTOKEN(lex, opt | ISC_LEXOPT_NUMBER, &token);
if (token.type != isc_tokentype_number ||
token.value.as_ulong != (unsigned long)dst_key_alg(key))
{
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
READLINE(lex, opt, &token);
@ -486,18 +488,18 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
int tag;
isc_region_t r;
do {
ret = isc_lex_gettoken(lex, opt, &token);
if (ret == ISC_R_EOF) {
result = isc_lex_gettoken(lex, opt, &token);
if (result == ISC_R_EOF) {
goto done;
}
if (ret != ISC_R_SUCCESS) {
goto fail;
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
} while (token.type == isc_tokentype_eol);
if (token.type != isc_tokentype_string) {
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
if (strcmp(DST_AS_STR(token), "External:") == 0) {
@ -512,8 +514,8 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
NEXTTOKEN(lex, opt | ISC_LEXOPT_NUMBER, &token);
if (token.type != isc_tokentype_number) {
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
dst_key_setnum(key, tag, token.value.as_ulong);
@ -527,14 +529,11 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
NEXTTOKEN(lex, opt, &token);
if (token.type != isc_tokentype_string) {
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
ret = dns_time32_fromtext(DST_AS_STR(token), &when);
if (ret != ISC_R_SUCCESS) {
goto fail;
}
CHECK(dns_time32_fromtext(DST_AS_STR(token), &when));
dst_key_settime(key, tag, when);
@ -546,8 +545,8 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
if (tag < 0 && minor > DST_MINOR_VERSION) {
goto next;
} else if (tag < 0) {
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
priv->elements[n].tag = tag;
@ -555,10 +554,7 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
data = isc_mem_get(mctx, MAXFIELDSIZE);
isc_buffer_init(&b, data, MAXFIELDSIZE);
ret = isc_base64_tobuffer(lex, &b, -1);
if (ret != ISC_R_SUCCESS) {
goto fail;
}
CHECK(isc_base64_tobuffer(lex, &b, -1));
isc_buffer_usedregion(&b, &r);
priv->elements[n].length = r.length;
@ -572,30 +568,23 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
done:
if (external && priv->nelements != 0) {
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
check = check_data(priv, alg, true, external);
if (check < 0) {
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
} else if (check != ISC_R_SUCCESS) {
ret = check;
goto fail;
}
CHECK(check_data(priv, alg, true, external));
key->external = external;
return ISC_R_SUCCESS;
fail:
cleanup:
dst__privstruct_free(priv, mctx);
if (data != NULL) {
isc_mem_put(mctx, data, MAXFIELDSIZE);
}
return ret;
return result;
}
isc_result_t
@ -626,11 +615,7 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
}
isc_buffer_init(&fileb, filename, sizeof(filename));
result = dst_key_buildfilename(key, DST_TYPE_PRIVATE, directory,
&fileb);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dst_key_buildfilename(key, DST_TYPE_PRIVATE, directory, &fileb));
result = isc_file_mode(filename, &mode);
if (result == ISC_R_SUCCESS && mode != (S_IRUSR | S_IWUSR)) {
@ -647,11 +632,7 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
}
isc_buffer_init(&tmpb, tmpname, sizeof(tmpname));
result = dst_key_buildfilename(key, DST_TYPE_TEMPLATE, directory,
&tmpb);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dst_key_buildfilename(key, DST_TYPE_TEMPLATE, directory, &tmpb));
fp = dst_key_open(tmpname, S_IRUSR | S_IWUSR);
if (fp == NULL) {

13
lib/dns/dyndb.c
View file

@ -28,13 +28,6 @@
#include "dyndb_p.h"
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
typedef struct dyndb_implementation dyndb_implementation_t;
struct dyndb_implementation {
isc_mem_t *mctx;
@ -144,7 +137,7 @@ load_library(isc_mem_t *mctx, const char *filename, const char *instname,
"failed to dlopen() DynDB instance '%s' driver "
"'%s': %s",
instname, filename, errmsg);
CHECK(ISC_R_FAILURE);
CLEANUP(ISC_R_FAILURE);
}
CHECK(load_symbol(&imp->handle, filename, "dyndb_version",
@ -158,7 +151,7 @@ load_library(isc_mem_t *mctx, const char *filename, const char *instname,
ISC_LOG_ERROR,
"driver API version mismatch: %d/%d", version,
DNS_DYNDB_VERSION);
CHECK(ISC_R_FAILURE);
CLEANUP(ISC_R_FAILURE);
}
CHECK(load_symbol(&imp->handle, filename, "dyndb_init",
@ -214,7 +207,7 @@ dns_dyndb_load(const char *libname, const char *name, const char *parameters,
/* duplicate instance names are not allowed */
if (impfind(name) != NULL) {
CHECK(ISC_R_EXISTS);
CLEANUP(ISC_R_EXISTS);
}
CHECK(load_library(mctx, libname, name, &implementation));

25
lib/dns/gssapictx.c
View file

@ -82,13 +82,6 @@ static gss_OID_desc __gss_spnego_mechanism_oid_desc = {
(r).base = (gb).value; \
} while (0)
#define RETERR(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto out; \
} while (0)
static void
name_to_gbuffer(const dns_name_t *name, isc_buffer_t *buffer,
gss_buffer_desc *gbuffer) {
@ -321,8 +314,7 @@ dst_gssapi_initctx(const dns_name_t *name, isc_buffer_t *intoken,
gret = gss_import_name(&minor, &gnamebuf, GSS_C_NO_OID, &gname);
if (gret != GSS_S_COMPLETE) {
gss_err_message(mctx, gret, minor, err_message);
result = ISC_R_FAILURE;
goto out;
CLEANUP(ISC_R_FAILURE);
}
if (intoken != NULL) {
@ -353,8 +345,7 @@ dst_gssapi_initctx(const dns_name_t *name, isc_buffer_t *intoken,
gss_log(3, "Failure initiating security context");
}
result = ISC_R_FAILURE;
goto out;
CLEANUP(ISC_R_FAILURE);
}
/*
@ -367,7 +358,7 @@ dst_gssapi_initctx(const dns_name_t *name, isc_buffer_t *intoken,
*/
if (gouttoken.length != 0U) {
GBUFFER_TO_REGION(gouttoken, r);
RETERR(isc_buffer_copyregion(outtoken, &r));
CHECK(isc_buffer_copyregion(outtoken, &r));
}
if (gret == GSS_S_COMPLETE) {
@ -376,7 +367,7 @@ dst_gssapi_initctx(const dns_name_t *name, isc_buffer_t *intoken,
result = DNS_R_CONTINUE;
}
out:
cleanup:
if (gouttoken.length != 0U) {
(void)gss_release_buffer(&minor, &gouttoken);
}
@ -479,7 +470,7 @@ dst_gssapi_acceptctx(const char *gssapi_keytab, isc_region_t *intoken,
isc_buffer_allocate(mctx, outtoken,
(unsigned int)gouttoken.length);
GBUFFER_TO_REGION(gouttoken, r);
RETERR(isc_buffer_copyregion(*outtoken, &r));
CHECK(isc_buffer_copyregion(*outtoken, &r));
(void)gss_release_buffer(&minor, &gouttoken);
}
@ -489,7 +480,7 @@ dst_gssapi_acceptctx(const char *gssapi_keytab, isc_region_t *intoken,
gss_log(3, "failed gss_display_name: %s",
gss_error_tostring(gret, minor, buf,
sizeof(buf)));
RETERR(ISC_R_FAILURE);
CLEANUP(ISC_R_FAILURE);
}
/*
@ -511,7 +502,7 @@ dst_gssapi_acceptctx(const char *gssapi_keytab, isc_region_t *intoken,
isc_buffer_init(&namebuf, r.base, r.length);
isc_buffer_add(&namebuf, r.length);
RETERR(dns_name_fromtext(principal, &namebuf, dns_rootname, 0));
CHECK(dns_name_fromtext(principal, &namebuf, dns_rootname, 0));
if (gnamebuf.length != 0U) {
gret = gss_release_buffer(&minor, &gnamebuf);
@ -527,7 +518,7 @@ dst_gssapi_acceptctx(const char *gssapi_keytab, isc_region_t *intoken,
*ctxout = context;
out:
cleanup:
if (gname != NULL) {
gret = gss_release_name(&minor, &gname);
if (gret != GSS_S_COMPLETE) {

15
lib/dns/hmac_link.c
View file

@ -272,7 +272,7 @@ hmac_compare(const isc_md_type_t *type, const dst_key_t *key1,
static isc_result_t
hmac_generate(const isc_md_type_t *type, dst_key_t *key) {
isc_buffer_t b;
isc_result_t ret;
isc_result_t result;
unsigned int bytes, len;
unsigned char data[ISC_MAX_MD_SIZE] = { 0 };
@ -290,11 +290,11 @@ hmac_generate(const isc_md_type_t *type, dst_key_t *key) {
isc_buffer_init(&b, data, bytes);
isc_buffer_add(&b, bytes);
ret = hmac_fromdns(type, key, &b);
result = hmac_fromdns(type, key, &b);
isc_safe_memwipe(data, sizeof(data));
return ret;
return result;
}
static bool
@ -456,18 +456,15 @@ static isc_result_t
hmac_parse(const isc_md_type_t *type, dst_key_t *key, isc_lex_t *lexer,
dst_key_t *pub) {
dst_private_t priv;
isc_result_t result, tresult;
isc_result_t result = ISC_R_SUCCESS, tresult;
isc_buffer_t b;
isc_mem_t *mctx = key->mctx;
unsigned int i;
UNUSED(pub);
/* read private key file */
result = dst__privstruct_parse(key, hmac__to_dst_alg(type), lexer, mctx,
&priv);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dst__privstruct_parse(key, hmac__to_dst_alg(type), lexer, mctx,
&priv));
if (key->external) {
result = DST_R_EXTERNALKEY;

7
lib/dns/iptable.c
View file

@ -90,17 +90,12 @@ dns_iptable_addprefix(dns_iptable_t *tab, const isc_netaddr_t *addr,
*/
isc_result_t
dns_iptable_merge(dns_iptable_t *tab, dns_iptable_t *source, bool pos) {
isc_result_t result;
isc_radix_node_t *node, *new_node;
int i, max_node = 0;
RADIX_WALK(source->radix->head, node) {
new_node = NULL;
result = isc_radix_insert(tab->radix, &new_node, node, NULL);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(isc_radix_insert(tab->radix, &new_node, node, NULL));
/*
* If we're negating a nested ACL, then we should

151
lib/dns/journal.c
View file

@ -80,25 +80,6 @@
* Miscellaneous utilities.
*/
/*%
* It would be non-sensical (or at least obtuse) to use FAIL() with an
* ISC_R_SUCCESS code, but the test is there to keep the Solaris compiler
* from complaining about "end-of-loop code not reached".
*/
#define FAIL(code) \
do { \
result = (code); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#define JOURNAL_SERIALSET 0x01U
static isc_result_t
@ -479,17 +460,12 @@ journal_fsync(dns_journal_t *j) {
*/
static isc_result_t
journal_read_xhdr(dns_journal_t *j, journal_xhdr_t *xhdr) {
isc_result_t result;
j->it.cpos.offset = j->offset;
switch (j->xhdr_version) {
case XHDR_VERSION1: {
journal_rawxhdr_ver1_t raw;
result = journal_read(j, &raw, sizeof(raw));
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(journal_read(j, &raw, sizeof(raw)));
xhdr->size = decode_uint32(raw.size);
xhdr->count = 0;
xhdr->serial0 = decode_uint32(raw.serial0);
@ -500,10 +476,7 @@ journal_read_xhdr(dns_journal_t *j, journal_xhdr_t *xhdr) {
case XHDR_VERSION2: {
journal_rawxhdr_t raw;
result = journal_read(j, &raw, sizeof(raw));
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(journal_read(j, &raw, sizeof(raw)));
xhdr->size = decode_uint32(raw.size);
xhdr->count = decode_uint32(raw.count);
xhdr->serial0 = decode_uint32(raw.serial0);
@ -543,12 +516,8 @@ journal_write_xhdr(dns_journal_t *j, uint32_t size, uint32_t count,
static isc_result_t
journal_read_rrhdr(dns_journal_t *j, journal_rrhdr_t *rrhdr) {
journal_rawrrhdr_t raw;
isc_result_t result;
result = journal_read(j, &raw, sizeof(raw));
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(journal_read(j, &raw, sizeof(raw)));
rrhdr->size = decode_uint32(raw.size);
return ISC_R_SUCCESS;
}
@ -641,14 +610,14 @@ journal_open(isc_mem_t *mctx, const char *filename, bool writable, bool create,
*/
result = isc_stdio_open(j->filename, "rb+", &fp);
} else {
FAIL(ISC_R_NOTFOUND);
CLEANUP(ISC_R_NOTFOUND);
}
}
if (result != ISC_R_SUCCESS) {
isc_log_write(DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_JOURNAL,
ISC_LOG_ERROR, "%s: open: %s", j->filename,
isc_result_totext(result));
FAIL(ISC_R_UNEXPECTED);
CLEANUP(ISC_R_UNEXPECTED);
}
j->fp = fp;
@ -687,7 +656,7 @@ journal_open(isc_mem_t *mctx, const char *filename, bool writable, bool create,
isc_log_write(DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_JOURNAL,
ISC_LOG_ERROR,
"%s: journal format not recognized", j->filename);
FAIL(ISC_R_UNEXPECTED);
CLEANUP(ISC_R_UNEXPECTED);
}
journal_header_decode(&rawheader, &j->header);
@ -740,7 +709,7 @@ journal_open(isc_mem_t *mctx, const char *filename, bool writable, bool create,
*journalp = j;
return ISC_R_SUCCESS;
failure:
cleanup:
j->magic = 0;
if (j->rawindex != NULL) {
isc_mem_cput(j->mctx, j->rawindex, j->header.index_size,
@ -920,7 +889,7 @@ maybe_fixup_xhdr(dns_journal_t *j, journal_xhdr_t *xhdr, uint32_t serial,
j->recovered = true;
}
failure:
cleanup:
return result;
}
@ -948,10 +917,7 @@ journal_next(dns_journal_t *j, journal_pos_t *pos) {
REQUIRE(DNS_JOURNAL_VALID(j));
result = journal_seek(j, pos->offset);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(journal_seek(j, pos->offset));
if (pos->serial == j->header.end.serial) {
return ISC_R_NOMORE;
@ -961,10 +927,7 @@ journal_next(dns_journal_t *j, journal_pos_t *pos) {
* Read the header of the current transaction.
* This will return ISC_R_NOMORE if we are at EOF.
*/
result = journal_read_xhdr(j, &xhdr);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(journal_read_xhdr(j, &xhdr));
if (j->header_ver1) {
CHECK(maybe_fixup_xhdr(j, &xhdr, pos->serial, pos->offset));
@ -1002,7 +965,7 @@ journal_next(dns_journal_t *j, journal_pos_t *pos) {
pos->serial = xhdr.serial1;
return ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -1115,7 +1078,6 @@ index_invalidate(dns_journal_t *j, uint32_t serial) {
*/
static isc_result_t
journal_find(dns_journal_t *j, uint32_t serial, journal_pos_t *pos) {
isc_result_t result;
journal_pos_t current_pos;
REQUIRE(DNS_JOURNAL_VALID(j));
@ -1138,10 +1100,7 @@ journal_find(dns_journal_t *j, uint32_t serial, journal_pos_t *pos) {
if (DNS_SERIAL_GT(current_pos.serial, serial)) {
return ISC_R_NOTFOUND;
}
result = journal_next(j, &current_pos);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(journal_next(j, &current_pos));
}
*pos = current_pos;
return ISC_R_SUCCESS;
@ -1183,7 +1142,7 @@ dns_journal_begin_transaction(dns_journal_t *j) {
j->state = JOURNAL_STATE_TRANSACTION;
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -1270,7 +1229,7 @@ dns_journal_writediff(dns_journal_t *j, dns_diff_t *diff) {
result = ISC_R_SUCCESS;
failure:
cleanup:
if (mem != NULL) {
isc_mem_put(j->mctx, mem, size);
}
@ -1417,7 +1376,7 @@ dns_journal_commit(dns_journal_t *j) {
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -1430,7 +1389,7 @@ dns_journal_write_transaction(dns_journal_t *j, dns_diff_t *diff) {
CHECK(dns_journal_writediff(j, diff));
CHECK(dns_journal_commit(j));
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -1538,7 +1497,7 @@ dns_journal_rollforward(dns_journal_t *j, dns_db_t *db, unsigned int options) {
}
if (db_serial == end_serial) {
CHECK(DNS_R_UPTODATE);
CLEANUP(DNS_R_UPTODATE);
}
CHECK(dns_journal_iter_init(j, db_serial, end_serial, NULL));
@ -1568,7 +1527,7 @@ dns_journal_rollforward(dns_journal_t *j, dns_db_t *db, unsigned int options) {
"%s: journal file corrupt: missing "
"initial SOA",
j->filename);
FAIL(ISC_R_UNEXPECTED);
CLEANUP(ISC_R_UNEXPECTED);
}
if ((options & DNS_JOURNALOPT_RESIGN) != 0) {
op = (n_soa == 1) ? DNS_DIFFOP_DELRESIGN
@ -1606,7 +1565,7 @@ dns_journal_rollforward(dns_journal_t *j, dns_db_t *db, unsigned int options) {
dns_diff_clear(&diff);
}
failure:
cleanup:
if (ver != NULL) {
dns_db_closeversion(db, &ver,
result == ISC_R_SUCCESS ? true : false);
@ -1714,7 +1673,7 @@ dns_journal_print(isc_mem_t *mctx, uint32_t flags, const char *filename,
"%s: journal file corrupt: missing "
"initial SOA",
j->filename);
FAIL(ISC_R_UNEXPECTED);
CLEANUP(ISC_R_UNEXPECTED);
}
if (print) {
@ -1756,14 +1715,14 @@ dns_journal_print(isc_mem_t *mctx, uint32_t flags, const char *filename,
result = dns_diff_print(&diff, file);
dns_diff_clear(&diff);
}
goto cleanup;
goto done;
failure:
cleanup:
isc_log_write(DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_JOURNAL,
ISC_LOG_ERROR, "%s: cannot print: journal file corrupt",
j->filename);
cleanup:
done:
if (source.base != NULL) {
isc_mem_put(j->mctx, source.base, source.length);
}
@ -1900,7 +1859,7 @@ dns_journal_iter_init(dns_journal_t *j, uint32_t begin_serial,
if (xhdr.serial0 != pos.serial ||
isc_serial_le(xhdr.serial1, xhdr.serial0))
{
CHECK(ISC_R_UNEXPECTED);
CLEANUP(ISC_R_UNEXPECTED);
}
size += xhdr.size;
@ -1924,7 +1883,7 @@ dns_journal_iter_init(dns_journal_t *j, uint32_t begin_serial,
}
result = ISC_R_SUCCESS;
failure:
cleanup:
j->it.result = result;
return j->it.result;
}
@ -1945,7 +1904,7 @@ dns_journal_first_rr(dns_journal_t *j) {
return read_one_rr(j);
failure:
cleanup:
return result;
}
@ -1981,7 +1940,7 @@ read_one_rr(dns_journal_t *j) {
DNS_LOGMODULE_JOURNAL, ISC_LOG_ERROR,
"%s: journal corrupt: empty transaction",
j->filename);
FAIL(ISC_R_UNEXPECTED);
CLEANUP(ISC_R_UNEXPECTED);
}
if (j->header_ver1) {
@ -1998,7 +1957,7 @@ read_one_rr(dns_journal_t *j) {
"expected serial %u, got %u",
j->filename, j->it.current_serial,
xhdr.serial0);
FAIL(ISC_R_UNEXPECTED);
CLEANUP(ISC_R_UNEXPECTED);
}
j->it.xsize = xhdr.size;
@ -2021,7 +1980,7 @@ read_one_rr(dns_journal_t *j) {
"%s: journal corrupt: impossible RR size "
"(%d bytes)",
j->filename, rrhdr.size);
FAIL(ISC_R_UNEXPECTED);
CLEANUP(ISC_R_UNEXPECTED);
}
size_buffer(j->mctx, &j->it.source, rrhdr.size);
@ -2050,7 +2009,7 @@ read_one_rr(dns_journal_t *j) {
* Check that the RR header is there, and parse it.
*/
if (isc_buffer_remaininglength(&j->it.source) < 10) {
FAIL(DNS_R_FORMERR);
CLEANUP(DNS_R_FORMERR);
}
rdtype = isc_buffer_getuint16(&j->it.source);
@ -2064,14 +2023,14 @@ read_one_rr(dns_journal_t *j) {
"%s: journal corrupt: impossible rdlen "
"(%u bytes)",
j->filename, rdlen);
FAIL(ISC_R_FAILURE);
CLEANUP(ISC_R_FAILURE);
}
/*
* Parse the rdata.
*/
if (isc_buffer_remaininglength(&j->it.source) != rdlen) {
FAIL(DNS_R_FORMERR);
CLEANUP(DNS_R_FORMERR);
}
isc_buffer_setactive(&j->it.source, rdlen);
dns_rdata_reset(&j->it.rdata);
@ -2087,7 +2046,7 @@ read_one_rr(dns_journal_t *j) {
result = ISC_R_SUCCESS;
failure:
cleanup:
j->it.result = result;
return result;
}
@ -2130,10 +2089,7 @@ get_name_diff(dns_db_t *db, dns_dbversion_t *ver, isc_stdtime_t now,
dns_rdatasetiter_t *rdsiter = NULL;
dns_difftuple_t *tuple = NULL;
result = dns_dbiterator_current(dbit, &node, name);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_dbiterator_current(dbit, &node, name));
result = dns_db_allrdatasets(db, node, ver, 0, now, &rdsiter);
if (result != ISC_R_SUCCESS) {
@ -2243,7 +2199,7 @@ dns_diff_subtract(dns_diff_t diff[2], dns_diff_t *r) {
ISC_LIST_APPENDLIST(r->tuples, del, link);
ISC_LIST_APPENDLIST(r->tuples, add, link);
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -2269,10 +2225,7 @@ diff_namespace(dns_db_t *dba, dns_dbversion_t *dbvera, dns_db_t *dbb,
dns_fixedname_init(&fixname[0]);
dns_fixedname_init(&fixname[1]);
result = dns_db_createiterator(db[0], options, &dbit[0]);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_db_createiterator(db[0], options, &dbit[0]));
result = dns_db_createiterator(db[1], options, &dbit[1]);
if (result != ISC_R_SUCCESS) {
goto cleanup_iterator;
@ -2335,16 +2288,16 @@ diff_namespace(dns_db_t *dba, dns_dbversion_t *dbvera, dns_db_t *dbb,
next:;
}
if (itresult[0] != ISC_R_NOMORE) {
FAIL(itresult[0]);
CHECK(itresult[0]);
}
if (itresult[1] != ISC_R_NOMORE) {
FAIL(itresult[1]);
CHECK(itresult[1]);
}
INSIST(ISC_LIST_EMPTY(diff[0].tuples));
INSIST(ISC_LIST_EMPTY(diff[1].tuples));
failure:
cleanup:
dns_dbiterator_destroy(&dbit[1]);
cleanup_iterator:
@ -2382,11 +2335,8 @@ dns_db_diffx(dns_diff_t *diff, dns_db_t *dba, dns_dbversion_t *dbvera,
dns_journal_t *journal = NULL;
if (filename != NULL) {
result = dns_journal_open(diff->mctx, filename,
DNS_JOURNAL_CREATE, &journal);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_journal_open(diff->mctx, filename,
DNS_JOURNAL_CREATE, &journal));
}
CHECK(diff_namespace(dba, dbvera, dbb, dbverb, DNS_DB_NONSEC3, diff));
@ -2402,7 +2352,7 @@ dns_db_diffx(dns_diff_t *diff, dns_db_t *dba, dns_dbversion_t *dbvera,
}
}
failure:
cleanup:
if (journal != NULL) {
dns_journal_destroy(&journal);
}
@ -2631,7 +2581,7 @@ dns_journal_compact(isc_mem_t *mctx, char *filename, uint32_t serial,
"%s: journal file corrupt, "
"transaction too large",
j1->filename);
CHECK(ISC_R_FAILURE);
CLEANUP(ISC_R_FAILURE);
}
buf = isc_mem_get(mctx, size);
result = journal_read(j1, buf, size);
@ -2666,13 +2616,13 @@ dns_journal_compact(isc_mem_t *mctx, char *filename, uint32_t serial,
"%s: journal file corrupt, "
"transaction too large",
j1->filename);
CHECK(ISC_R_FAILURE);
CLEANUP(ISC_R_FAILURE);
}
buf = isc_mem_get(mctx, size);
CHECK(journal_read(j1, buf, size));
if (!check_delta(buf, size)) {
CHECK(ISC_R_UNEXPECTED);
CLEANUP(ISC_R_UNEXPECTED);
}
} else {
CHECK(result);
@ -2699,7 +2649,7 @@ dns_journal_compact(isc_mem_t *mctx, char *filename, uint32_t serial,
if (xhdr.serial0 != serial ||
isc_serial_le(xhdr.serial1, xhdr.serial0))
{
CHECK(ISC_R_UNEXPECTED);
CLEANUP(ISC_R_UNEXPECTED);
}
/*
@ -2789,7 +2739,7 @@ dns_journal_compact(isc_mem_t *mctx, char *filename, uint32_t serial,
if (result != ISC_R_SUCCESS &&
result != ISC_R_FILENOTFOUND)
{
goto failure;
CHECK(result);
}
if (rename(filename, backup) == -1) {
goto maperrno;
@ -2800,14 +2750,13 @@ dns_journal_compact(isc_mem_t *mctx, char *filename, uint32_t serial,
(void)isc_file_remove(backup);
} else {
maperrno:
result = ISC_R_FAILURE;
goto failure;
CLEANUP(ISC_R_FAILURE);
}
}
result = ISC_R_SUCCESS;
failure:
cleanup:
(void)isc_file_remove(newname);
if (buf != NULL) {
isc_mem_put(mctx, buf, size);
@ -2845,6 +2794,6 @@ index_to_disk(dns_journal_t *j) {
CHECK(journal_seek(j, sizeof(journal_rawheader_t)));
CHECK(journal_write(j, j->rawindex, rawbytes));
}
failure:
cleanup:
return result;
}

10
lib/dns/kasp.c
View file

@ -522,7 +522,7 @@ dns_kasp_key_tagmax(dns_kasp_key_t *key) {
bool
dns_kasp_key_match(dns_kasp_key_t *key, dns_dnsseckey_t *dkey) {
isc_result_t ret;
isc_result_t result;
bool role = false;
REQUIRE(key != NULL);
@ -537,12 +537,12 @@ dns_kasp_key_match(dns_kasp_key_t *key, dns_dnsseckey_t *dkey) {
return false;
}
/* Matching role? */
ret = dst_key_getbool(dkey->key, DST_BOOL_KSK, &role);
if (ret != ISC_R_SUCCESS || role != dns_kasp_key_ksk(key)) {
result = dst_key_getbool(dkey->key, DST_BOOL_KSK, &role);
if (result != ISC_R_SUCCESS || role != dns_kasp_key_ksk(key)) {
return false;
}
ret = dst_key_getbool(dkey->key, DST_BOOL_ZSK, &role);
if (ret != ISC_R_SUCCESS || role != dns_kasp_key_zsk(key)) {
result = dst_key_getbool(dkey->key, DST_BOOL_ZSK, &role);
if (result != ISC_R_SUCCESS || role != dns_kasp_key_zsk(key)) {
return false;
}
/* Valid key tag range? */

406
lib/dns/keymgr.c
View file

@ -34,13 +34,6 @@
#include <dst/dst.h>
#define RETERR(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
/*
* Set key state to `target` state and change last changed
* to `time`, only if key state has not been set before.
@ -103,13 +96,13 @@ log_key_overflow(dst_key_t *key, const char *what) {
static const char *
keymgr_keyrole(dst_key_t *key) {
bool ksk = false, zsk = false;
isc_result_t ret;
ret = dst_key_getbool(key, DST_BOOL_KSK, &ksk);
if (ret != ISC_R_SUCCESS) {
isc_result_t result;
result = dst_key_getbool(key, DST_BOOL_KSK, &ksk);
if (result != ISC_R_SUCCESS) {
return "UNKNOWN";
}
ret = dst_key_getbool(key, DST_BOOL_ZSK, &zsk);
if (ret != ISC_R_SUCCESS) {
result = dst_key_getbool(key, DST_BOOL_ZSK, &zsk);
if (result != ISC_R_SUCCESS) {
return "UNKNOWN";
}
if (ksk && zsk) {
@ -130,26 +123,26 @@ static void
keymgr_settime_remove(dns_dnsseckey_t *key, dns_kasp_t *kasp) {
isc_stdtime_t retire = 0, remove = 0, ksk_remove = 0, zsk_remove = 0;
bool zsk = false, ksk = false;
isc_result_t ret;
isc_result_t result;
REQUIRE(key != NULL);
REQUIRE(key->key != NULL);
ret = dst_key_gettime(key->key, DST_TIME_INACTIVE, &retire);
if (ret != ISC_R_SUCCESS) {
result = dst_key_gettime(key->key, DST_TIME_INACTIVE, &retire);
if (result != ISC_R_SUCCESS) {
return;
}
ret = dst_key_getbool(key->key, DST_BOOL_ZSK, &zsk);
if (ret == ISC_R_SUCCESS && zsk) {
result = dst_key_getbool(key->key, DST_BOOL_ZSK, &zsk);
if (result == ISC_R_SUCCESS && zsk) {
dns_ttl_t ttlsig = dns_kasp_zonemaxttl(kasp, true);
/* ZSK: Iret = Dsgn + Dprp + TTLsig */
zsk_remove =
retire + ttlsig + dns_kasp_zonepropagationdelay(kasp) +
dns_kasp_retiresafety(kasp) + dns_kasp_signdelay(kasp);
}
ret = dst_key_getbool(key->key, DST_BOOL_KSK, &ksk);
if (ret == ISC_R_SUCCESS && ksk) {
result = dst_key_getbool(key->key, DST_BOOL_KSK, &ksk);
if (result == ISC_R_SUCCESS && ksk) {
/* KSK: Iret = DprpP + TTLds */
ksk_remove = retire + dns_kasp_dsttl(kasp) +
dns_kasp_parentpropagationdelay(kasp) +
@ -168,17 +161,17 @@ void
dns_keymgr_settime_syncpublish(dst_key_t *key, dns_kasp_t *kasp, bool first) {
isc_stdtime_t published, syncpublish;
bool ksk = false;
isc_result_t ret;
isc_result_t result;
REQUIRE(key != NULL);
ret = dst_key_gettime(key, DST_TIME_PUBLISH, &published);
if (ret != ISC_R_SUCCESS) {
result = dst_key_gettime(key, DST_TIME_PUBLISH, &published);
if (result != ISC_R_SUCCESS) {
return;
}
ret = dst_key_getbool(key, DST_BOOL_KSK, &ksk);
if (ret != ISC_R_SUCCESS || !ksk) {
result = dst_key_getbool(key, DST_BOOL_KSK, &ksk);
if (result != ISC_R_SUCCESS || !ksk) {
return;
}
@ -198,8 +191,8 @@ dns_keymgr_settime_syncpublish(dst_key_t *key, dns_kasp_t *kasp, bool first) {
dst_key_settime(key, DST_TIME_SYNCPUBLISH, syncpublish);
uint32_t lifetime = 0;
ret = dst_key_getnum(key, DST_NUM_LIFETIME, &lifetime);
if (ret == ISC_R_SUCCESS && lifetime > 0) {
result = dst_key_getnum(key, DST_NUM_LIFETIME, &lifetime);
if (result == ISC_R_SUCCESS && lifetime > 0) {
dst_key_settime(key, DST_TIME_SYNCDELETE,
syncpublish + lifetime);
}
@ -222,7 +215,7 @@ dns_keymgr_settime_syncpublish(dst_key_t *key, dns_kasp_t *kasp, bool first) {
static isc_stdtime_t
keymgr_prepublication_time(dns_dnsseckey_t *key, dns_kasp_t *kasp,
uint32_t lifetime, isc_stdtime_t now) {
isc_result_t ret;
isc_result_t result;
isc_stdtime_t active, retire, pub, prepub;
bool zsk = false, ksk = false;
@ -237,14 +230,14 @@ keymgr_prepublication_time(dns_dnsseckey_t *key, dns_kasp_t *kasp,
* An active key must have publish and activate timing
* metadata.
*/
ret = dst_key_gettime(key->key, DST_TIME_ACTIVATE, &active);
if (ret != ISC_R_SUCCESS) {
result = dst_key_gettime(key->key, DST_TIME_ACTIVATE, &active);
if (result != ISC_R_SUCCESS) {
/* Super weird, but if it happens, set it to now. */
dst_key_settime(key->key, DST_TIME_ACTIVATE, now);
active = now;
}
ret = dst_key_gettime(key->key, DST_TIME_PUBLISH, &pub);
if (ret != ISC_R_SUCCESS) {
result = dst_key_gettime(key->key, DST_TIME_PUBLISH, &pub);
if (result != ISC_R_SUCCESS) {
/* Super weird, but if it happens, set it to now. */
dst_key_settime(key->key, DST_TIME_PUBLISH, now);
pub = now;
@ -255,8 +248,8 @@ keymgr_prepublication_time(dns_dnsseckey_t *key, dns_kasp_t *kasp,
* the key lifetime is required.
*/
uint32_t klifetime = 0;
ret = dst_key_getnum(key->key, DST_NUM_LIFETIME, &klifetime);
if (ret != ISC_R_SUCCESS) {
result = dst_key_getnum(key->key, DST_NUM_LIFETIME, &klifetime);
if (result != ISC_R_SUCCESS) {
dst_key_setnum(key->key, DST_NUM_LIFETIME, lifetime);
klifetime = lifetime;
}
@ -266,23 +259,24 @@ keymgr_prepublication_time(dns_dnsseckey_t *key, dns_kasp_t *kasp,
*/
prepub = dst_key_getttl(key->key) + dns_kasp_publishsafety(kasp) +
dns_kasp_zonepropagationdelay(kasp);
ret = dst_key_getbool(key->key, DST_BOOL_KSK, &ksk);
if (ret == ISC_R_SUCCESS && ksk) {
result = dst_key_getbool(key->key, DST_BOOL_KSK, &ksk);
if (result == ISC_R_SUCCESS && ksk) {
isc_stdtime_t syncpub;
/*
* Set PublishCDS if not set.
*/
ret = dst_key_gettime(key->key, DST_TIME_SYNCPUBLISH, &syncpub);
if (ret != ISC_R_SUCCESS) {
result = dst_key_gettime(key->key, DST_TIME_SYNCPUBLISH,
&syncpub);
if (result != ISC_R_SUCCESS) {
uint32_t tag;
isc_stdtime_t syncpub1, syncpub2;
syncpub1 = pub + prepub;
syncpub2 = 0;
ret = dst_key_getnum(key->key, DST_NUM_PREDECESSOR,
&tag);
if (ret != ISC_R_SUCCESS) {
result = dst_key_getnum(key->key, DST_NUM_PREDECESSOR,
&tag);
if (result != ISC_R_SUCCESS) {
/*
* No predecessor, wait for zone to be
* completely signed.
@ -310,8 +304,8 @@ keymgr_prepublication_time(dns_dnsseckey_t *key, dns_kasp_t *kasp,
*/
(void)dst_key_getbool(key->key, DST_BOOL_ZSK, &zsk);
ret = dst_key_gettime(key->key, DST_TIME_INACTIVE, &retire);
if (ret != ISC_R_SUCCESS) {
result = dst_key_gettime(key->key, DST_TIME_INACTIVE, &retire);
if (result != ISC_R_SUCCESS) {
if (klifetime == 0) {
/*
* No inactive time and no lifetime,
@ -346,7 +340,7 @@ static void
keymgr_key_retire(dns_dnsseckey_t *key, dns_kasp_t *kasp, uint8_t opts,
isc_stdtime_t now) {
char keystr[DST_KEY_FORMATSIZE];
isc_result_t ret;
isc_result_t result;
isc_stdtime_t retire;
dst_key_state_t s;
bool ksk = false, zsk = false;
@ -356,8 +350,8 @@ keymgr_key_retire(dns_dnsseckey_t *key, dns_kasp_t *kasp, uint8_t opts,
dst_key_format(key->key, keystr, sizeof(keystr));
ret = dst_key_getstate(key->key, DST_KEY_GOAL, &s);
INSIST(ret == ISC_R_SUCCESS);
result = dst_key_getstate(key->key, DST_KEY_GOAL, &s);
INSIST(result == ISC_R_SUCCESS);
if (dns_kasp_manualmode(kasp) &&
(opts & DNS_KEYMGRATTR_FORCESTEP) == 0 && s != HIDDEN)
@ -381,8 +375,8 @@ keymgr_key_retire(dns_dnsseckey_t *key, dns_kasp_t *kasp, uint8_t opts,
* This key may not have key states set yet. Pretend as if they are
* in the OMNIPRESENT state.
*/
ret = dst_key_gettime(key->key, DST_TIME_INACTIVE, &retire);
if (ret != ISC_R_SUCCESS || (retire > now)) {
result = dst_key_gettime(key->key, DST_TIME_INACTIVE, &retire);
if (result != ISC_R_SUCCESS || (retire > now)) {
dst_key_settime(key->key, DST_TIME_INACTIVE, now);
}
keymgr_settime_remove(key, kasp);
@ -392,8 +386,8 @@ keymgr_key_retire(dns_dnsseckey_t *key, dns_kasp_t *kasp, uint8_t opts,
dst_key_settime(key->key, DST_TIME_DNSKEY, now);
}
ret = dst_key_getbool(key->key, DST_BOOL_KSK, &ksk);
if (ret == ISC_R_SUCCESS && ksk) {
result = dst_key_getbool(key->key, DST_BOOL_KSK, &ksk);
if (result == ISC_R_SUCCESS && ksk) {
if (dst_key_getstate(key->key, DST_KEY_KRRSIG, &s) !=
ISC_R_SUCCESS)
{
@ -406,8 +400,8 @@ keymgr_key_retire(dns_dnsseckey_t *key, dns_kasp_t *kasp, uint8_t opts,
dst_key_settime(key->key, DST_TIME_DS, now);
}
}
ret = dst_key_getbool(key->key, DST_BOOL_ZSK, &zsk);
if (ret == ISC_R_SUCCESS && zsk) {
result = dst_key_getbool(key->key, DST_BOOL_ZSK, &zsk);
if (result == ISC_R_SUCCESS && zsk) {
if (dst_key_getstate(key->key, DST_KEY_ZRRSIG, &s) !=
ISC_R_SUCCESS)
{
@ -520,16 +514,16 @@ keymgr_createkey(dns_kasp_key_t *kkey, const dns_name_t *origin,
result = dns_dnssec_findmatchingkeys(origin, NULL, keydir, NULL, now,
true, mctx, &keykeys);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
goto failure;
goto cleanup;
}
do {
if (keystore == NULL) {
RETERR(dst_key_generate(origin, alg, size, 0, flags,
DNS_KEYPROTO_DNSSEC, rdclass,
NULL, mctx, &newkey, NULL));
CHECK(dst_key_generate(origin, alg, size, 0, flags,
DNS_KEYPROTO_DNSSEC, rdclass,
NULL, mctx, &newkey, NULL));
} else {
RETERR(dns_keystore_keygen(
CHECK(dns_keystore_keygen(
keystore, origin, dns_kasp_getname(kasp),
rdclass, mctx, alg, size, flags, &newkey));
}
@ -567,7 +561,7 @@ keymgr_createkey(dns_kasp_key_t *kkey, const dns_name_t *origin,
*dst_key = newkey;
result = ISC_R_SUCCESS;
failure:
cleanup:
while (!ISC_LIST_EMPTY(keykeys)) {
dns_dnsseckey_t *key = ISC_LIST_HEAD(keykeys);
ISC_LIST_UNLINK(keykeys, key, link);
@ -1316,7 +1310,7 @@ static void
keymgr_transition_time(dns_dnsseckey_t *key, int type,
dst_key_state_t next_state, dns_kasp_t *kasp,
isc_stdtime_t now, isc_stdtime_t *when) {
isc_result_t ret;
isc_result_t result;
isc_stdtime_t lastchange, dstime, sigtime, nexttime = now;
dns_ttl_t ttlsig = dns_kasp_zonemaxttl(kasp, true);
uint32_t dsstate, sigstate, signdelay = 0;
@ -1329,8 +1323,8 @@ keymgr_transition_time(dns_dnsseckey_t *key, int type,
return;
}
ret = dst_key_gettime(key->key, keystatetimes[type], &lastchange);
if (ret != ISC_R_SUCCESS) {
result = dst_key_gettime(key->key, keystatetimes[type], &lastchange);
if (result != ISC_R_SUCCESS) {
/* No last change, for safety purposes let's set it to now. */
dst_key_settime(key->key, keystatetimes[type], now);
lastchange = now;
@ -1376,8 +1370,8 @@ keymgr_transition_time(dns_dnsseckey_t *key, int type,
/* Was there a full sign? */
sigstate = (next_state == HIDDEN) ? DST_TIME_SIGDELETE
: DST_TIME_SIGPUBLISH;
ret = dst_key_gettime(key->key, sigstate, &sigtime);
if (ret == ISC_R_SUCCESS && sigtime <= now) {
result = dst_key_gettime(key->key, sigstate, &sigtime);
if (result == ISC_R_SUCCESS && sigtime <= now) {
signdelay = 0;
} else {
sigtime = lastchange;
@ -1408,13 +1402,13 @@ keymgr_transition_time(dns_dnsseckey_t *key, int type,
* there is an actual predecessor or successor key.
*/
uint32_t tag;
ret = dst_key_getnum(key->key, DST_NUM_PREDECESSOR,
&tag);
if (ret != ISC_R_SUCCESS) {
ret = dst_key_getnum(key->key,
DST_NUM_SUCCESSOR, &tag);
result = dst_key_getnum(key->key, DST_NUM_PREDECESSOR,
&tag);
if (result != ISC_R_SUCCESS) {
result = dst_key_getnum(
key->key, DST_NUM_SUCCESSOR, &tag);
}
if (ret == ISC_R_SUCCESS) {
if (result == ISC_R_SUCCESS) {
nexttime += signdelay +
dns_kasp_retiresafety(kasp);
}
@ -1449,8 +1443,8 @@ keymgr_transition_time(dns_dnsseckey_t *key, int type,
* parent. */
dsstate = next_state == HIDDEN ? DST_TIME_DSDELETE
: DST_TIME_DSPUBLISH;
ret = dst_key_gettime(key->key, dsstate, &dstime);
if (ret != ISC_R_SUCCESS || dstime > now) {
result = dst_key_gettime(key->key, dsstate, &dstime);
if (result != ISC_R_SUCCESS || dstime > now) {
/* Not yet, try again in an hour. */
nexttime = now + 3600;
} else {
@ -1462,14 +1456,14 @@ keymgr_transition_time(dns_dnsseckey_t *key, int type,
* actual predecessor or successor key.
*/
uint32_t tag;
ret = dst_key_getnum(key->key,
DST_NUM_PREDECESSOR, &tag);
if (ret != ISC_R_SUCCESS) {
ret = dst_key_getnum(key->key,
DST_NUM_SUCCESSOR,
&tag);
result = dst_key_getnum(
key->key, DST_NUM_PREDECESSOR, &tag);
if (result != ISC_R_SUCCESS) {
result = dst_key_getnum(
key->key, DST_NUM_SUCCESSOR,
&tag);
}
if (ret == ISC_R_SUCCESS) {
if (result == ISC_R_SUCCESS) {
nexttime += dns_kasp_retiresafety(kasp);
}
}
@ -1515,12 +1509,12 @@ transition:
/* For all records related to this key. */
for (int i = 0; i < NUM_KEYSTATES; i++) {
isc_result_t ret;
isc_stdtime_t when;
dst_key_state_t state, next_state;
ret = dst_key_getstate(dkey->key, i, &state);
if (ret == ISC_R_NOTFOUND) {
if (dst_key_getstate(dkey->key, i, &state) ==
ISC_R_NOTFOUND)
{
/*
* This record type is not applicable for this
* key, continue to the next record type.
@ -1671,7 +1665,7 @@ void
dns_keymgr_key_init(dns_dnsseckey_t *key, dns_kasp_t *kasp, isc_stdtime_t now,
bool csk) {
bool ksk, zsk;
isc_result_t ret;
isc_result_t result;
isc_stdtime_t active = 0, pub = 0, syncpub = 0, retire = 0, remove = 0;
dst_key_state_t dnskey_state = HIDDEN;
dst_key_state_t ds_state = HIDDEN;
@ -1682,20 +1676,20 @@ dns_keymgr_key_init(dns_dnsseckey_t *key, dns_kasp_t *kasp, isc_stdtime_t now,
REQUIRE(key->key != NULL);
/* Initialize role. */
ret = dst_key_getbool(key->key, DST_BOOL_KSK, &ksk);
if (ret != ISC_R_SUCCESS) {
result = dst_key_getbool(key->key, DST_BOOL_KSK, &ksk);
if (result != ISC_R_SUCCESS) {
ksk = ((dst_key_flags(key->key) & DNS_KEYFLAG_KSK) != 0);
dst_key_setbool(key->key, DST_BOOL_KSK, ksk || csk);
}
ret = dst_key_getbool(key->key, DST_BOOL_ZSK, &zsk);
if (ret != ISC_R_SUCCESS) {
result = dst_key_getbool(key->key, DST_BOOL_ZSK, &zsk);
if (result != ISC_R_SUCCESS) {
zsk = ((dst_key_flags(key->key) & DNS_KEYFLAG_KSK) == 0);
dst_key_setbool(key->key, DST_BOOL_ZSK, zsk || csk);
}
/* Get time metadata. */
ret = dst_key_gettime(key->key, DST_TIME_ACTIVATE, &active);
if (active <= now && ret == ISC_R_SUCCESS) {
result = dst_key_gettime(key->key, DST_TIME_ACTIVATE, &active);
if (active <= now && result == ISC_R_SUCCESS) {
dns_ttl_t ttlsig = dns_kasp_zonemaxttl(kasp, true);
ttlsig += dns_kasp_zonepropagationdelay(kasp);
if ((active + ttlsig) <= now) {
@ -1705,8 +1699,8 @@ dns_keymgr_key_init(dns_dnsseckey_t *key, dns_kasp_t *kasp, isc_stdtime_t now,
}
goal_state = OMNIPRESENT;
}
ret = dst_key_gettime(key->key, DST_TIME_PUBLISH, &pub);
if (pub <= now && ret == ISC_R_SUCCESS) {
result = dst_key_gettime(key->key, DST_TIME_PUBLISH, &pub);
if (pub <= now && result == ISC_R_SUCCESS) {
dns_ttl_t key_ttl = dst_key_getttl(key->key);
key_ttl += dns_kasp_zonepropagationdelay(kasp);
if ((pub + key_ttl) <= now) {
@ -1716,8 +1710,8 @@ dns_keymgr_key_init(dns_dnsseckey_t *key, dns_kasp_t *kasp, isc_stdtime_t now,
}
goal_state = OMNIPRESENT;
}
ret = dst_key_gettime(key->key, DST_TIME_SYNCPUBLISH, &syncpub);
if (syncpub <= now && ret == ISC_R_SUCCESS) {
result = dst_key_gettime(key->key, DST_TIME_SYNCPUBLISH, &syncpub);
if (syncpub <= now && result == ISC_R_SUCCESS) {
dns_ttl_t ds_ttl = dns_kasp_dsttl(kasp);
ds_ttl += dns_kasp_parentpropagationdelay(kasp);
if ((syncpub + ds_ttl) <= now) {
@ -1727,8 +1721,8 @@ dns_keymgr_key_init(dns_dnsseckey_t *key, dns_kasp_t *kasp, isc_stdtime_t now,
}
goal_state = OMNIPRESENT;
}
ret = dst_key_gettime(key->key, DST_TIME_INACTIVE, &retire);
if (retire <= now && ret == ISC_R_SUCCESS) {
result = dst_key_gettime(key->key, DST_TIME_INACTIVE, &result);
if (result <= now && result == ISC_R_SUCCESS) {
dns_ttl_t ttlsig = dns_kasp_zonemaxttl(kasp, true);
ttlsig += dns_kasp_zonepropagationdelay(kasp);
if ((retire + ttlsig) <= now) {
@ -1739,8 +1733,8 @@ dns_keymgr_key_init(dns_dnsseckey_t *key, dns_kasp_t *kasp, isc_stdtime_t now,
ds_state = UNRETENTIVE;
goal_state = HIDDEN;
}
ret = dst_key_gettime(key->key, DST_TIME_DELETE, &remove);
if (remove <= now && ret == ISC_R_SUCCESS) {
result = dst_key_gettime(key->key, DST_TIME_DELETE, &remove);
if (remove <= now && result == ISC_R_SUCCESS) {
dns_ttl_t key_ttl = dst_key_getttl(key->key);
key_ttl += dns_kasp_zonepropagationdelay(kasp);
if ((remove + key_ttl) <= now) {
@ -2094,7 +2088,7 @@ dns_keymgr_key_may_be_purged(const dst_key_t *key, uint32_t after,
static void
keymgr_purge_keyfile(dst_key_t *key, int type) {
isc_result_t ret;
isc_result_t result;
isc_buffer_t fileb;
char filename[NAME_MAX];
@ -2102,8 +2096,9 @@ keymgr_purge_keyfile(dst_key_t *key, int type) {
* Make the filename.
*/
isc_buffer_init(&fileb, filename, sizeof(filename));
ret = dst_key_buildfilename(key, type, dst_key_directory(key), &fileb);
if (ret != ISC_R_SUCCESS) {
result = dst_key_buildfilename(key, type, dst_key_directory(key),
&fileb);
if (result != ISC_R_SUCCESS) {
char keystr[DST_KEY_FORMATSIZE];
dst_key_format(key, keystr, sizeof(keystr));
isc_log_write(DNS_LOGCATEGORY_DNSSEC, DNS_LOGMODULE_DNSSEC,
@ -2111,7 +2106,7 @@ keymgr_purge_keyfile(dst_key_t *key, int type) {
"keymgr: failed to purge DNSKEY %s (%s): cannot "
"build filename (%s)",
keystr, keymgr_keyrole(key),
isc_result_totext(ret));
isc_result_totext(result));
return;
}
@ -2141,24 +2136,23 @@ dst_key_doublematch(dns_dnsseckey_t *key, dns_kasp_t *kasp) {
static void
keymgr_zrrsig(dns_dnsseckeylist_t *keyring, isc_stdtime_t now) {
ISC_LIST_FOREACH(*keyring, dkey, link) {
isc_result_t ret;
isc_result_t result;
bool zsk = false;
dst_key_state_t state;
ret = dst_key_getbool(dkey->key, DST_BOOL_ZSK, &zsk);
if (ret == ISC_R_SUCCESS && zsk) {
dst_key_state_t state;
isc_result_t result = dst_key_getstate(
dkey->key, DST_KEY_ZRRSIG, &state);
if (result == ISC_R_SUCCESS) {
if (state == RUMOURED) {
dst_key_settime(dkey->key,
DST_TIME_SIGPUBLISH,
now);
} else if (state == UNRETENTIVE) {
dst_key_settime(dkey->key,
DST_TIME_SIGDELETE,
now);
}
result = dst_key_getbool(dkey->key, DST_BOOL_ZSK, &zsk);
if (result != ISC_R_SUCCESS || !zsk) {
continue;
}
result = dst_key_getstate(dkey->key, DST_KEY_ZRRSIG, &state);
if (result == ISC_R_SUCCESS) {
if (state == RUMOURED) {
dst_key_settime(dkey->key, DST_TIME_SIGPUBLISH,
now);
} else if (state == UNRETENTIVE) {
dst_key_settime(dkey->key, DST_TIME_SIGDELETE,
now);
}
}
}
@ -2346,9 +2340,9 @@ dns_keymgr_run(const dns_name_t *origin, dns_rdataclass_t rdclass,
}
/* See if this key requires a rollover. */
RETERR(keymgr_key_rollover(
kkey, active_key, keyring, &newkeys, origin, rdclass,
kasp, keydir, lifetime, opts, now, nexttime, mctx));
CHECK(keymgr_key_rollover(kkey, active_key, keyring, &newkeys,
origin, rdclass, kasp, keydir,
lifetime, opts, now, nexttime, mctx));
opts &= ~DNS_KEYMGRATTR_NOROLL;
}
@ -2389,7 +2383,7 @@ dns_keymgr_run(const dns_name_t *origin, dns_rdataclass_t rdclass,
}
dns_dnssec_get_hints(dkey, now);
RETERR(dst_key_tofile(dkey->key, options, directory));
CHECK(dst_key_tofile(dkey->key, options, directory));
dst_key_setmodified(dkey->key, false);
if (!isc_log_wouldlog(ISC_LOG_DEBUG(3))) {
@ -2407,8 +2401,9 @@ dns_keymgr_run(const dns_name_t *origin, dns_rdataclass_t rdclass,
}
result = retval;
failure:
if (result != ISC_R_SUCCESS && result != DNS_R_UNCHANGED) {
cleanup:
if (result != ISC_R_SUCCESS) {
ISC_LIST_FOREACH(newkeys, newkey, link) {
ISC_LIST_UNLINK(newkeys, newkey, link);
INSIST(newkey->key != NULL);
@ -2439,11 +2434,10 @@ keymgr_checkds(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
REQUIRE(keyring != NULL);
ISC_LIST_FOREACH(*keyring, dkey, link) {
isc_result_t ret;
bool ksk = false;
ret = dst_key_getbool(dkey->key, DST_BOOL_KSK, &ksk);
if (ret == ISC_R_SUCCESS && ksk) {
result = dst_key_getbool(dkey->key, DST_BOOL_KSK, &ksk);
if (result == ISC_R_SUCCESS && ksk) {
if (check_id && dst_key_id(dkey->key) != id) {
continue;
}
@ -2532,22 +2526,22 @@ keytime_status(dst_key_t *key, isc_stdtime_t now, isc_buffer_t *buf,
isc_stdtime_t when = 0;
dst_key_state_t state = NA;
RETERR(isc_buffer_printf(buf, "%s", pre));
CHECK(isc_buffer_printf(buf, "%s", pre));
(void)dst_key_getstate(key, ks, &state);
isc_result_t r = dst_key_gettime(key, kt, &when);
if (state == RUMOURED || state == OMNIPRESENT) {
RETERR(isc_buffer_printf(buf, "yes - since "));
CHECK(isc_buffer_printf(buf, "yes - since "));
} else if (now < when) {
RETERR(isc_buffer_printf(buf, "no - scheduled "));
CHECK(isc_buffer_printf(buf, "no - scheduled "));
} else {
return isc_buffer_printf(buf, "no\n");
}
if (r == ISC_R_SUCCESS) {
isc_stdtime_tostring(when, timestr, sizeof(timestr));
RETERR(isc_buffer_printf(buf, "%s\n", timestr));
CHECK(isc_buffer_printf(buf, "%s\n", timestr));
}
failure:
cleanup:
return result;
}
@ -2559,16 +2553,16 @@ keystate_status(dst_key_t *key, isc_buffer_t *buf, const char *pre, int ks) {
(void)dst_key_getstate(key, ks, &state);
switch (state) {
case HIDDEN:
RETERR(isc_buffer_printf(buf, " - %shidden\n", pre));
CHECK(isc_buffer_printf(buf, " - %shidden\n", pre));
break;
case RUMOURED:
RETERR(isc_buffer_printf(buf, " - %srumoured\n", pre));
CHECK(isc_buffer_printf(buf, " - %srumoured\n", pre));
break;
case OMNIPRESENT:
RETERR(isc_buffer_printf(buf, " - %somnipresent\n", pre));
CHECK(isc_buffer_printf(buf, " - %somnipresent\n", pre));
break;
case UNRETENTIVE:
RETERR(isc_buffer_printf(buf, " - %sunretentive\n", pre));
CHECK(isc_buffer_printf(buf, " - %sunretentive\n", pre));
break;
case NA:
default:
@ -2576,7 +2570,7 @@ keystate_status(dst_key_t *key, isc_buffer_t *buf, const char *pre, int ks) {
break;
}
failure:
cleanup:
return result;
}
@ -2602,47 +2596,47 @@ rollover_status(dns_dnsseckey_t *dkey, dns_kasp_t *kasp,
(void)dst_key_getstate(key, DST_KEY_DS, &ds);
// publish status
RETERR(keytime_status(key, now, buf, " Published: ", DST_KEY_DNSKEY,
DST_TIME_PUBLISH));
CHECK(keytime_status(key, now, buf, " Published: ", DST_KEY_DNSKEY,
DST_TIME_PUBLISH));
// signing status
result = dst_key_getbool(key, DST_BOOL_KSK, &ksk);
if (result == ISC_R_SUCCESS && ksk) {
RETERR(keytime_status(key, now, buf, " Key signing: ",
DST_KEY_KRRSIG, DST_TIME_PUBLISH));
CHECK(keytime_status(key, now, buf, " Key signing: ",
DST_KEY_KRRSIG, DST_TIME_PUBLISH));
}
result = dst_key_getbool(key, DST_BOOL_ZSK, &zsk);
if (result == ISC_R_SUCCESS && zsk) {
RETERR(keytime_status(key, now, buf, " Zone signing: ",
DST_KEY_ZRRSIG, DST_TIME_ACTIVATE));
CHECK(keytime_status(key, now, buf, " Zone signing: ",
DST_KEY_ZRRSIG, DST_TIME_ACTIVATE));
}
if (zsk) {
if (goal == OMNIPRESENT) {
if (dnskey == HIDDEN && zrrsig == HIDDEN) {
RETERR(isc_buffer_printf(
CHECK(isc_buffer_printf(
buf, " Key is created but not "
"published yet.\n"));
} else if (dnskey == RUMOURED && zrrsig == HIDDEN) {
RETERR(isc_buffer_printf(
CHECK(isc_buffer_printf(
buf, " Key is pre-published.\n"));
} else if (dnskey == RUMOURED && zrrsig == RUMOURED) {
RETERR(isc_buffer_printf(buf, " Introducing "
"new key.\n"));
CHECK(isc_buffer_printf(buf, " Introducing "
"new key.\n"));
} else if (dnskey == OMNIPRESENT && zrrsig == HIDDEN) {
RETERR(isc_buffer_printf(
CHECK(isc_buffer_printf(
buf, " Key is published, but not yet "
"signing.\n"));
} else if (dnskey == OMNIPRESENT && zrrsig == RUMOURED)
{
if (keymgr_dep(key, keyring, NULL)) {
RETERR(isc_buffer_printf(
CHECK(isc_buffer_printf(
buf,
" Key is published, waiting "
"for the zone to be completely "
"signed with this key.\n"));
} else {
RETERR(isc_buffer_printf(
CHECK(isc_buffer_printf(
buf,
" Key is published, "
"introducing signatures.\n"));
@ -2654,7 +2648,7 @@ rollover_status(dns_dnsseckey_t *dkey, dns_kasp_t *kasp,
log_next_rollover = true;
}
} else {
RETERR(isc_buffer_printf(
CHECK(isc_buffer_printf(
buf, " Key is in unexpected state, "
"performing auto-healing.\n"));
*verbose = true;
@ -2662,7 +2656,7 @@ rollover_status(dns_dnsseckey_t *dkey, dns_kasp_t *kasp,
} else if (goal == HIDDEN) {
if (dnskey == OMNIPRESENT && zrrsig == OMNIPRESENT) {
if (!ksk) {
RETERR(isc_buffer_printf(
CHECK(isc_buffer_printf(
buf, " Key will be retired "
"after successor key "
"becomes active.\n"));
@ -2670,24 +2664,24 @@ rollover_status(dns_dnsseckey_t *dkey, dns_kasp_t *kasp,
} else if (dnskey == OMNIPRESENT &&
zrrsig == UNRETENTIVE)
{
RETERR(isc_buffer_printf(
CHECK(isc_buffer_printf(
buf,
" Key is retired, waiting until all "
"signatures generated with this key "
"are replaced with successor.\n"));
} else if (dnskey == OMNIPRESENT && zrrsig == HIDDEN) {
RETERR(isc_buffer_printf(
CHECK(isc_buffer_printf(
buf, " Key is retired, no longer "
"signing the zone.\n"));
} else if (dnskey == UNRETENTIVE && zrrsig == HIDDEN) {
RETERR(isc_buffer_printf(
buf, " Key is removed from zone.\n"));
CHECK(isc_buffer_printf(buf, " Key is removed "
"from zone.\n"));
} else if (dnskey == HIDDEN && zrrsig == HIDDEN) {
RETERR(isc_buffer_printf(
CHECK(isc_buffer_printf(
buf, " Key is completely hidden "
"(waiting to be purged).\n"));
} else {
RETERR(isc_buffer_printf(
CHECK(isc_buffer_printf(
buf, " WARNING: Key is in unexpected "
"state, "
"performing auto-healing.\n"));
@ -2698,24 +2692,24 @@ rollover_status(dns_dnsseckey_t *dkey, dns_kasp_t *kasp,
if (goal == OMNIPRESENT) {
if (dnskey == HIDDEN && ds == HIDDEN) {
if (!zsk) {
RETERR(isc_buffer_printf(
CHECK(isc_buffer_printf(
buf, " Key is created but not "
"published yet.\n"));
}
} else if (dnskey == RUMOURED && ds == HIDDEN) {
if (!zsk) {
RETERR(isc_buffer_printf(
CHECK(isc_buffer_printf(
buf,
" Key is pre-published.\n"));
}
} else if (dnskey == OMNIPRESENT && ds == HIDDEN) {
if (keymgr_dep(key, keyring, NULL)) {
RETERR(isc_buffer_printf(
CHECK(isc_buffer_printf(
buf,
" Waiting for the DS to be "
"submitted to the parent.\n"));
} else {
RETERR(isc_buffer_printf(
CHECK(isc_buffer_printf(
buf,
" Wait for zone to be fully "
"signed before submitting the "
@ -2726,19 +2720,19 @@ rollover_status(dns_dnsseckey_t *dkey, dns_kasp_t *kasp,
isc_result_t ret = dst_key_gettime(
key, DST_TIME_DSPUBLISH, &dstime);
if (ret != ISC_R_SUCCESS || dstime > now) {
RETERR(isc_buffer_printf(
CHECK(isc_buffer_printf(
buf,
" Waiting for the DS to be "
"published to the parent.\n"));
if (checkds) {
RETERR(isc_buffer_printf(
CHECK(isc_buffer_printf(
buf,
" checkds is enabled, "
"BIND will check the "
"DS RRset "
"periodically.\n"));
} else {
RETERR(isc_buffer_printf(
CHECK(isc_buffer_printf(
buf,
" ! Once the DS is in "
"the parent, run 'rndc "
@ -2748,7 +2742,7 @@ rollover_status(dns_dnsseckey_t *dkey, dns_kasp_t *kasp,
dst_key_id(key)));
}
} else {
RETERR(isc_buffer_printf(
CHECK(isc_buffer_printf(
buf, " Waiting TTL period for "
"validators to pick up "
"the new DS RRset.\n"));
@ -2758,7 +2752,7 @@ rollover_status(dns_dnsseckey_t *dkey, dns_kasp_t *kasp,
active_state = DST_TIME_PUBLISH;
retire_state = DST_TIME_DELETE;
} else {
RETERR(isc_buffer_printf(
CHECK(isc_buffer_printf(
buf, " WARNING: Key is in unexpected "
"state, "
"performing auto-healing.\n"));
@ -2766,7 +2760,7 @@ rollover_status(dns_dnsseckey_t *dkey, dns_kasp_t *kasp,
}
} else if (goal == HIDDEN) {
if (dnskey == OMNIPRESENT && ds == OMNIPRESENT) {
RETERR(isc_buffer_printf(
CHECK(isc_buffer_printf(
buf,
" Key will be retired after the DS is "
"withdrawn from the parent.\n"));
@ -2775,19 +2769,19 @@ rollover_status(dns_dnsseckey_t *dkey, dns_kasp_t *kasp,
isc_result_t ret = dst_key_gettime(
key, DST_TIME_DSDELETE, &dstime);
if (ret != ISC_R_SUCCESS || dstime > now) {
RETERR(isc_buffer_printf(
CHECK(isc_buffer_printf(
buf,
" Waiting for the DS to be "
"removed from the parent.\n"));
if (checkds) {
RETERR(isc_buffer_printf(
CHECK(isc_buffer_printf(
buf,
" checkds is enabled, "
"BIND will check the "
"DS RRset "
"periodically.\n"));
} else {
RETERR(isc_buffer_printf(
CHECK(isc_buffer_printf(
buf,
" ! Once the DS is "
"removed from the "
@ -2798,30 +2792,30 @@ rollover_status(dns_dnsseckey_t *dkey, dns_kasp_t *kasp,
dst_key_id(key)));
}
} else {
RETERR(isc_buffer_printf(
CHECK(isc_buffer_printf(
buf, " Waiting TTL period for "
"validators to pick up "
"the new DS RRset.\n"));
}
} else if (dnskey == OMNIPRESENT && ds == HIDDEN) {
RETERR(isc_buffer_printf(
buf, " Key is removed from chain of "
"trust.\n"));
CHECK(isc_buffer_printf(buf, " Key is removed "
"from chain of "
"trust.\n"));
} else if (dnskey == UNRETENTIVE && ds == HIDDEN) {
if (!zsk) {
RETERR(isc_buffer_printf(
CHECK(isc_buffer_printf(
buf, " Key is removed from "
"zone.\n"));
}
} else if (dnskey == HIDDEN && ds == HIDDEN) {
if (!zsk) {
RETERR(isc_buffer_printf(
CHECK(isc_buffer_printf(
buf,
" Key is completely hidden "
"(waiting to be purged).\n"));
}
} else {
RETERR(isc_buffer_printf(
CHECK(isc_buffer_printf(
buf, " WARNING: Key is in unexpected "
"state, "
"performing auto-healing.\n"));
@ -2840,25 +2834,25 @@ rollover_status(dns_dnsseckey_t *dkey, dns_kasp_t *kasp,
char timestr[26]; /* Minimal buf as per ctime_r() spec.
*/
if (now < retire_time) {
RETERR(isc_buffer_printf(buf, " Next rollover "
"scheduled on "));
CHECK(isc_buffer_printf(buf, " Next rollover "
"scheduled on "));
retire_time = keymgr_prepublication_time(
dkey, kasp, retire_time - active_time,
now);
} else {
RETERR(isc_buffer_printf(buf, " Rollover is "
"due since "));
CHECK(isc_buffer_printf(buf, " Rollover is "
"due since "));
}
isc_stdtime_tostring(retire_time, timestr,
sizeof(timestr));
RETERR(isc_buffer_printf(buf, "%s\n", timestr));
CHECK(isc_buffer_printf(buf, "%s\n", timestr));
} else {
RETERR(isc_buffer_printf(buf,
" No rollover scheduled.\n"));
CHECK(isc_buffer_printf(buf,
" No rollover scheduled.\n"));
}
}
failure:
cleanup:
return result;
}
@ -2886,36 +2880,36 @@ dns_keymgr_status(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
// key data
dns_secalg_format((dns_secalg_t)dst_key_alg(dkey->key), algstr,
sizeof(algstr));
RETERR(isc_buffer_printf(buf, "\n%s %d (%s):\n",
keymgr_keyrole(dkey->key),
dst_key_id(dkey->key), algstr));
CHECK(isc_buffer_printf(buf, "\n%s %d (%s):\n",
keymgr_keyrole(dkey->key),
dst_key_id(dkey->key), algstr));
// rollover status
RETERR(rollover_status(dkey, kasp, keyring, now, buf, &verbose,
checkds));
CHECK(rollover_status(dkey, kasp, keyring, now, buf, &verbose,
checkds));
if (verbose) {
// key states
RETERR(isc_buffer_printf(buf, " Key states:\n"));
CHECK(isc_buffer_printf(buf, " Key states:\n"));
RETERR(keystate_status(
CHECK(keystate_status(
dkey->key, buf,
"goal: ", DST_KEY_GOAL));
RETERR(keystate_status(
CHECK(keystate_status(
dkey->key, buf,
"dnskey: ", DST_KEY_DNSKEY));
RETERR(keystate_status(dkey->key, buf,
"ds: ", DST_KEY_DS));
RETERR(keystate_status(
CHECK(keystate_status(dkey->key, buf,
"ds: ", DST_KEY_DS));
CHECK(keystate_status(
dkey->key, buf,
"zone rrsig: ", DST_KEY_ZRRSIG));
RETERR(keystate_status(
CHECK(keystate_status(
dkey->key, buf,
"key rrsig: ", DST_KEY_KRRSIG));
}
}
failure:
cleanup:
return result;
}
@ -3024,15 +3018,13 @@ dns_keymgr_offline(const dns_name_t *origin, dns_dnsseckeylist_t *keyring,
dns_keymgr_key_init(dkey, kasp, now, false);
/* Get current metadata */
RETERR(dst_key_getstate(dkey->key, DST_KEY_DNSKEY,
&current_dnskey));
RETERR(dst_key_getstate(dkey->key, DST_KEY_ZRRSIG,
&current_zrrsig));
RETERR(dst_key_getstate(dkey->key, DST_KEY_GOAL,
&current_goal));
RETERR(dst_key_gettime(dkey->key, DST_TIME_PUBLISH,
&published));
RETERR(dst_key_gettime(dkey->key, DST_TIME_ACTIVATE, &active));
CHECK(dst_key_getstate(dkey->key, DST_KEY_DNSKEY,
&current_dnskey));
CHECK(dst_key_getstate(dkey->key, DST_KEY_ZRRSIG,
&current_zrrsig));
CHECK(dst_key_getstate(dkey->key, DST_KEY_GOAL, &current_goal));
CHECK(dst_key_gettime(dkey->key, DST_TIME_PUBLISH, &published));
CHECK(dst_key_gettime(dkey->key, DST_TIME_ACTIVATE, &active));
(void)dst_key_gettime(dkey->key, DST_TIME_INACTIVE, &inactive);
(void)dst_key_gettime(dkey->key, DST_TIME_DELETE, &remove);
@ -3136,7 +3128,7 @@ dns_keymgr_offline(const dns_name_t *origin, dns_dnsseckeylist_t *keyring,
dns_dnssec_get_hints(dkey, now);
RETERR(dst_key_tofile(dkey->key, options, directory));
CHECK(dst_key_tofile(dkey->key, options, directory));
dst_key_setmodified(dkey->key, false);
if (!isc_log_wouldlog(ISC_LOG_DEBUG(3))) {
@ -3155,7 +3147,7 @@ dns_keymgr_offline(const dns_name_t *origin, dns_dnsseckeylist_t *keyring,
result = ISC_R_SUCCESS;
failure:
cleanup:
if (isc_log_wouldlog(ISC_LOG_DEBUG(3))) {
char namebuf[DNS_NAME_FORMATSIZE];
dns_name_format(origin, namebuf, sizeof(namebuf));

16
lib/dns/keystore.c
View file

@ -134,7 +134,6 @@ buildpkcs11label(const char *uri, const dns_name_t *zname, const char *policy,
bool ksk = ((flags & DNS_KEYFLAG_KSK) != 0);
char timebuf[18];
isc_time_t now = isc_time_now();
isc_result_t result;
dns_fixedname_t fname;
dns_name_t *pname = dns_fixedname_initname(&fname);
@ -146,10 +145,7 @@ buildpkcs11label(const char *uri, const dns_name_t *zname, const char *policy,
isc_buffer_putstr(buf, uri);
isc_buffer_putstr(buf, ";object=");
/* zone name */
result = dns_name_tofilenametext(zname, false, buf);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_name_tofilenametext(zname, false, buf));
/*
* policy name
*
@ -161,14 +157,8 @@ buildpkcs11label(const char *uri, const dns_name_t *zname, const char *policy,
return ISC_R_NOSPACE;
}
isc_buffer_putstr(buf, "-");
result = dns_name_fromstring(pname, policy, dns_rootname, 0, NULL);
if (result != ISC_R_SUCCESS) {
return result;
}
result = dns_name_tofilenametext(pname, false, buf);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_name_fromstring(pname, policy, dns_rootname, 0, NULL));
RETERR(dns_name_tofilenametext(pname, false, buf));
/* key type + current time */
isc_time_formatshorttimestamp(&now, timebuf, sizeof(timebuf));
return isc_buffer_printf(buf, "-%s-%s", ksk ? "ksk" : "zsk", timebuf);

7
lib/dns/keytable.c
View file

@ -558,12 +558,7 @@ dns_keytable_issecuredomain(dns_keytable_t *keytable, const dns_name_t *name,
static isc_result_t
putstr(isc_buffer_t *b, const char *str) {
isc_result_t result;
result = isc_buffer_reserve(b, strlen(str));
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(isc_buffer_reserve(b, strlen(str)));
isc_buffer_putstr(b, str);
return ISC_R_SUCCESS;

96
lib/dns/master.c
View file

@ -2183,10 +2183,7 @@ pushfile(const char *master_file, dns_name_t *origin, dns_loadctx_t *lctx) {
newctx->drop = ictx->drop;
}
result = (lctx->openfile)(lctx, master_file);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK((lctx->openfile)(lctx, master_file));
newctx->parent = ictx;
lctx->inc = newctx;
@ -2207,17 +2204,12 @@ cleanup:
static isc_result_t
read_and_check(bool do_read, isc_buffer_t *buffer, size_t len, FILE *f,
uint32_t *totallen) {
isc_result_t result;
REQUIRE(totallen != NULL);
if (do_read) {
INSIST(isc_buffer_availablelength(buffer) >= len);
result = isc_stdio_read(isc_buffer_used(buffer), 1, len, f,
NULL);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(isc_stdio_read(isc_buffer_used(buffer), 1, len, f,
NULL));
isc_buffer_add(buffer, (unsigned int)len);
if (*totallen < len) {
return ISC_R_RANGE;
@ -2339,10 +2331,7 @@ load_raw(dns_loadctx_t *lctx) {
dctx = DNS_DECOMPRESS_NEVER;
if (lctx->first) {
result = load_header(lctx);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(load_header(lctx));
}
ISC_LIST_INIT(head);
@ -2400,8 +2389,7 @@ load_raw(dns_loadctx_t *lctx) {
sizeof(uint16_t) + sizeof(uint16_t) +
sizeof(uint32_t) + sizeof(uint32_t);
if (totallen < minlen) {
result = ISC_R_RANGE;
goto cleanup;
CLEANUP(ISC_R_RANGE);
}
totallen -= sizeof(totallen);
@ -2428,10 +2416,7 @@ load_raw(dns_loadctx_t *lctx) {
*/
readlen = totallen;
}
result = isc_stdio_read(target.base, 1, readlen, lctx->f, NULL);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(isc_stdio_read(target.base, 1, readlen, lctx->f, NULL));
isc_buffer_add(&target, (unsigned int)readlen);
totallen -= (uint32_t)readlen;
@ -2439,42 +2424,30 @@ load_raw(dns_loadctx_t *lctx) {
dns_rdatalist_init(&rdatalist);
rdatalist.rdclass = isc_buffer_getuint16(&target);
if (lctx->zclass != rdatalist.rdclass) {
result = DNS_R_BADCLASS;
goto cleanup;
CLEANUP(DNS_R_BADCLASS);
}
rdatalist.type = isc_buffer_getuint16(&target);
rdatalist.covers = isc_buffer_getuint16(&target);
rdatalist.ttl = isc_buffer_getuint32(&target);
rdcount = isc_buffer_getuint32(&target);
if (rdcount == 0 || rdcount > 0xffff) {
result = ISC_R_RANGE;
goto cleanup;
CLEANUP(ISC_R_RANGE);
}
INSIST(isc_buffer_consumedlength(&target) <= readlen);
/* Owner name: length followed by name */
result = read_and_check(sequential_read, &target,
sizeof(namelen), lctx->f, &totallen);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(read_and_check(sequential_read, &target, sizeof(namelen),
lctx->f, &totallen));
namelen = isc_buffer_getuint16(&target);
if (namelen > sizeof(namebuf)) {
result = ISC_R_RANGE;
goto cleanup;
CLEANUP(ISC_R_RANGE);
}
result = read_and_check(sequential_read, &target, namelen,
lctx->f, &totallen);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(read_and_check(sequential_read, &target, namelen, lctx->f,
&totallen));
isc_buffer_setactive(&target, (unsigned int)namelen);
result = dns_name_fromwire(name, &target, dctx, NULL);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_name_fromwire(name, &target, dctx, NULL));
if ((lctx->options & DNS_MASTER_CHECKTTL) != 0 &&
rdatalist.ttl > lctx->maxttl)
@ -2484,8 +2457,7 @@ load_raw(dns_loadctx_t *lctx) {
"TTL %d exceeds configured "
"max-zone-ttl %d",
rdatalist.ttl, lctx->maxttl);
result = ISC_R_RANGE;
goto cleanup;
CLEANUP(ISC_R_RANGE);
}
/* Rdata contents. */
@ -2533,20 +2505,14 @@ load_raw(dns_loadctx_t *lctx) {
}
/* rdata length */
result = read_and_check(sequential_read, &target,
sizeof(rdlen), lctx->f,
&totallen);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(read_and_check(sequential_read, &target,
sizeof(rdlen), lctx->f,
&totallen));
rdlen = isc_buffer_getuint16(&target);
/* rdata */
result = read_and_check(sequential_read, &target, rdlen,
lctx->f, &totallen);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(read_and_check(sequential_read, &target, rdlen,
lctx->f, &totallen));
isc_buffer_setactive(&target, (unsigned int)rdlen);
/*
* It is safe to have the source active region and
@ -2556,12 +2522,9 @@ load_raw(dns_loadctx_t *lctx) {
*/
isc_buffer_init(&buf, isc_buffer_current(&target),
(unsigned int)rdlen);
result = dns_rdata_fromwire(
&rdata[i], rdatalist.rdclass, rdatalist.type,
&target, dctx, &buf);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_rdata_fromwire(&rdata[i], rdatalist.rdclass,
rdatalist.type, &target, dctx,
&buf));
ISC_LIST_APPEND(rdatalist.rdata, &rdata[i], link);
}
@ -2571,8 +2534,7 @@ load_raw(dns_loadctx_t *lctx) {
* or malformed data.
*/
if (isc_buffer_remaininglength(&target) != 0 || totallen != 0) {
result = ISC_R_RANGE;
goto cleanup;
CLEANUP(ISC_R_RANGE);
}
ISC_LIST_APPEND(head, &rdatalist, link);
@ -2635,10 +2597,7 @@ dns_master_loadfile(const char *master_file, dns_name_t *top,
lctx->maxttl = maxttl;
result = (lctx->openfile)(lctx, master_file);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK((lctx->openfile)(lctx, master_file));
result = (lctx->load)(lctx);
INSIST(result != DNS_R_CONTINUE);
@ -2729,10 +2688,7 @@ dns_master_loadbuffer(isc_buffer_t *buffer, dns_name_t *top, dns_name_t *origin,
loadctx_create(dns_masterformat_text, mctx, options, 0, top, zclass,
origin, callbacks, NULL, NULL, NULL, NULL, NULL, &lctx);
result = isc_lex_openbuffer(lctx->lex, buffer);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(isc_lex_openbuffer(lctx->lex, buffer));
result = (lctx->load)(lctx);
INSIST(result != DNS_R_CONTINUE);

57
lib/dns/masterdump.c
View file

@ -50,19 +50,6 @@
#define DNS_DCTX_MAGIC ISC_MAGIC('D', 'c', 't', 'x')
#define DNS_DCTX_VALID(d) ISC_MAGIC_VALID(d, DNS_DCTX_MAGIC)
#define RETERR(x) \
do { \
isc_result_t _r = (x); \
if (_r != ISC_R_SUCCESS) \
return ((_r)); \
} while (0)
#define CHECK(x) \
do { \
if ((x) != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
struct dns_master_style {
dns_masterstyle_flags_t flags; /* DNS_STYLEFLAG_* */
unsigned int ttl_column;
@ -658,11 +645,8 @@ rdataset_totext(dns_rdataset_t *rdataset, const dns_name_t *owner_name,
INDENT_TO(ttl_column);
if ((ctx->style.flags & DNS_STYLEFLAG_TTL_UNITS) != 0) {
length = target->used;
result = dns_ttl_totext(rdataset->ttl, false,
false, target);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_ttl_totext(rdataset->ttl, false,
false, target));
column += target->used - length;
} else {
length = snprintf(ttlbuf, sizeof(ttlbuf), "%u",
@ -1584,10 +1568,7 @@ dumpctx_create(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version,
} else {
options = 0;
}
result = dns_db_createiterator(dctx->db, options, &dctx->dbiter);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_db_createiterator(dctx->db, options, &dctx->dbiter));
isc_mutex_init(&dctx->lock);
isc_mem_attach(mctx, &dctx->mctx);
@ -1756,17 +1737,13 @@ dns_master_dumptostreamasync(isc_mem_t *mctx, dns_db_t *db,
isc_loop_t *loop, dns_dumpdonefunc_t done,
void *done_arg, dns_dumpctx_t **dctxp) {
dns_dumpctx_t *dctx = NULL;
isc_result_t result;
REQUIRE(loop != NULL);
REQUIRE(f != NULL);
REQUIRE(done != NULL);
result = dumpctx_create(mctx, db, version, style, f, &dctx,
dns_masterformat_text, NULL);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dumpctx_create(mctx, db, version, style, f, &dctx,
dns_masterformat_text, NULL));
dctx->done = done;
dctx->done_arg = done_arg;
@ -1784,11 +1761,8 @@ dns_master_dumptostream(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version,
dns_dumpctx_t *dctx = NULL;
isc_result_t result;
result = dumpctx_create(mctx, db, version, style, f, &dctx, format,
header);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dumpctx_create(mctx, db, version, style, f, &dctx, format,
header));
result = dumptostream(dctx);
INSIST(result != DNS_R_CONTINUE);
@ -1808,10 +1782,7 @@ opentmp(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) {
tempnamelen = strlen(file) + 20;
tempname = isc_mem_allocate(mctx, tempnamelen);
result = isc_file_mktemplate(file, tempname, tempnamelen);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(isc_file_mktemplate(file, tempname, tempnamelen));
result = isc_file_openunique(tempname, &f);
if (result != ISC_R_SUCCESS) {
@ -1890,16 +1861,10 @@ dns_master_dump(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version,
char *tempname;
dns_dumpctx_t *dctx = NULL;
result = opentmp(mctx, filename, &tempname, &f);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(opentmp(mctx, filename, &tempname, &f));
result = dumpctx_create(mctx, db, version, style, f, &dctx, format,
header);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dumpctx_create(mctx, db, version, style, f, &dctx, format,
header));
result = dumptostream(dctx);
INSIST(result != DNS_R_CONTINUE);

283
lib/dns/message.c
View file

@ -295,15 +295,13 @@ msgblock_free(isc_mem_t *mctx, dns_msgblock_t *block,
* "current" buffer. (which is always the last on the list, for our
* uses)
*/
static isc_result_t
static void
newbuffer(dns_message_t *msg, unsigned int size) {
isc_buffer_t *dynbuf;
isc_buffer_t *dynbuf = NULL;
dynbuf = NULL;
isc_buffer_allocate(msg->mctx, &dynbuf, size);
ISC_LIST_APPEND(msg->scratchpad, dynbuf, link);
return ISC_R_SUCCESS;
}
static isc_buffer_t *
@ -849,11 +847,7 @@ getname(dns_name_t *name, isc_buffer_t *source, dns_message_t *msg,
if (result == ISC_R_NOSPACE) {
tries++;
result = newbuffer(msg, SCRATCHPAD_SIZE);
if (result != ISC_R_SUCCESS) {
return result;
}
newbuffer(msg, SCRATCHPAD_SIZE);
scratch = currentbuffer(msg);
dns_name_reset(name);
} else {
@ -906,10 +900,7 @@ getrdata(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t dctx,
trysize *= 2;
}
tries++;
result = newbuffer(msg, trysize);
if (result != ISC_R_SUCCESS) {
return result;
}
newbuffer(msg, trysize);
scratch = currentbuffer(msg);
} else {
@ -965,10 +956,7 @@ getquestions(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t dctx,
*/
isc_buffer_remainingregion(source, &r);
isc_buffer_setactive(source, r.length);
result = getname(name, source, msg, dctx);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(getname(name, source, msg, dctx));
ISC_LIST_APPEND(*section, name, link);
@ -979,8 +967,7 @@ getquestions(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t dctx,
*/
isc_buffer_remainingregion(source, &r);
if (r.length < 4) {
result = ISC_R_UNEXPECTEDEND;
goto cleanup;
CLEANUP(ISC_R_UNEXPECTEDEND);
}
rdtype = isc_buffer_getuint16(source);
rdclass = isc_buffer_getuint16(source);
@ -1104,10 +1091,7 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t dctx,
*/
isc_buffer_remainingregion(source, &r);
isc_buffer_setactive(source, r.length);
result = getname(name, source, msg, dctx);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(getname(name, source, msg, dctx));
/*
* Get type, class, ttl, and rdatalen. Verify that at least
@ -1116,8 +1100,7 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t dctx,
*/
isc_buffer_remainingregion(source, &r);
if (r.length < 2 + 2 + 4 + 2) {
result = ISC_R_UNEXPECTEDEND;
goto cleanup;
CLEANUP(ISC_R_UNEXPECTEDEND);
}
rdtype = isc_buffer_getuint16(source);
rdclass = isc_buffer_getuint16(source);
@ -1226,8 +1209,7 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t dctx,
rdatalen = isc_buffer_getuint16(source);
r.length -= (2 + 2 + 4 + 2);
if (r.length < rdatalen) {
result = ISC_R_UNEXPECTEDEND;
goto cleanup;
CLEANUP(ISC_R_UNEXPECTEDEND);
}
/*
@ -1241,8 +1223,7 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t dctx,
update(sectionid, rdclass))
{
if (rdatalen != 0) {
result = DNS_R_FORMERR;
goto cleanup;
CLEANUP(DNS_R_FORMERR);
}
/*
* When the rdata is empty, the data pointer is
@ -1309,8 +1290,7 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t dctx,
if (rdtype == dns_rdatatype_nsec3 &&
!dns_rdata_checkowner(name, msg->rdclass, rdtype, false))
{
result = DNS_R_BADOWNERNAME;
goto cleanup;
CLEANUP(DNS_R_BADOWNERNAME);
}
/*
@ -1592,7 +1572,7 @@ dns_message_parse(dns_message_t *msg, isc_buffer_t *source,
unsigned int options) {
isc_region_t r;
dns_decompress_t dctx;
isc_result_t ret;
isc_result_t result;
uint16_t tmpflags;
isc_buffer_t origsource;
bool seen_problem;
@ -1647,54 +1627,54 @@ dns_message_parse(dns_message_t *msg, isc_buffer_t *source,
return early_check_ret;
}
ret = getquestions(source, msg, dctx, options);
result = getquestions(source, msg, dctx, options);
if (ret == ISC_R_UNEXPECTEDEND && ignore_tc) {
if (result == ISC_R_UNEXPECTEDEND && ignore_tc) {
goto truncated;
}
if (ret == DNS_R_RECOVERABLE) {
if (result == DNS_R_RECOVERABLE) {
seen_problem = true;
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
}
if (ret != ISC_R_SUCCESS) {
return ret;
if (result != ISC_R_SUCCESS) {
return result;
}
msg->question_ok = 1;
ret = getsection(source, msg, dctx, DNS_SECTION_ANSWER, options);
if (ret == ISC_R_UNEXPECTEDEND && ignore_tc) {
result = getsection(source, msg, dctx, DNS_SECTION_ANSWER, options);
if (result == ISC_R_UNEXPECTEDEND && ignore_tc) {
goto truncated;
}
if (ret == DNS_R_RECOVERABLE) {
if (result == DNS_R_RECOVERABLE) {
seen_problem = true;
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
}
if (ret != ISC_R_SUCCESS) {
return ret;
if (result != ISC_R_SUCCESS) {
return result;
}
ret = getsection(source, msg, dctx, DNS_SECTION_AUTHORITY, options);
if (ret == ISC_R_UNEXPECTEDEND && ignore_tc) {
result = getsection(source, msg, dctx, DNS_SECTION_AUTHORITY, options);
if (result == ISC_R_UNEXPECTEDEND && ignore_tc) {
goto truncated;
}
if (ret == DNS_R_RECOVERABLE) {
if (result == DNS_R_RECOVERABLE) {
seen_problem = true;
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
}
if (ret != ISC_R_SUCCESS) {
return ret;
if (result != ISC_R_SUCCESS) {
return result;
}
ret = getsection(source, msg, dctx, DNS_SECTION_ADDITIONAL, options);
if (ret == ISC_R_UNEXPECTEDEND && ignore_tc) {
result = getsection(source, msg, dctx, DNS_SECTION_ADDITIONAL, options);
if (result == ISC_R_UNEXPECTEDEND && ignore_tc) {
goto truncated;
}
if (ret == DNS_R_RECOVERABLE) {
if (result == DNS_R_RECOVERABLE) {
seen_problem = true;
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
}
if (ret != ISC_R_SUCCESS) {
return ret;
if (result != ISC_R_SUCCESS) {
return result;
}
isc_buffer_remainingregion(source, &r);
@ -1707,7 +1687,7 @@ dns_message_parse(dns_message_t *msg, isc_buffer_t *source,
truncated:
if (ret == ISC_R_UNEXPECTEDEND && ignore_tc) {
if (result == ISC_R_UNEXPECTEDEND && ignore_tc) {
return DNS_R_RECOVERABLE;
}
if (seen_problem) {
@ -2228,10 +2208,7 @@ dns_message_renderend(dns_message_t *msg) {
if (msg->tsigkey != NULL) {
dns_message_renderrelease(msg, msg->sig_reserved);
msg->sig_reserved = 0;
result = dns_tsig_sign(msg);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_tsig_sign(msg));
count = 0;
result = renderset(msg->tsig, msg->tsigname, msg->id, msg->cctx,
msg->buffer, msg->reserved, 0, &count);
@ -2247,10 +2224,7 @@ dns_message_renderend(dns_message_t *msg) {
if (msg->sig0key != NULL) {
dns_message_renderrelease(msg, msg->sig_reserved);
msg->sig_reserved = 0;
result = dns_dnssec_signmessage(msg, msg->sig0key);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_dnssec_signmessage(msg, msg->sig0key));
count = 0;
/*
* Note: dns_rootname is used here, not msg->sig0name, since
@ -2659,17 +2633,11 @@ dns_message_setopt(dns_message_t *msg) {
REQUIRE(msg->from_to_wire == DNS_MESSAGE_INTENTRENDER);
REQUIRE(msg->state == DNS_SECTION_ANY);
result = buildopt(msg, &opt);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(buildopt(msg, &opt));
msgresetopt(msg);
result = dns_rdataset_first(opt);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_rdataset_first(opt));
dns_rdataset_current(opt, &rdata);
msg->opt_reserved = 11 + rdata.length;
result = dns_message_renderreserve(msg, msg->opt_reserved);
@ -2780,7 +2748,6 @@ dns_message_setquerytsig(dns_message_t *msg, isc_buffer_t *querytsig) {
isc_result_t
dns_message_getquerytsig(dns_message_t *msg, isc_mem_t *mctx,
isc_buffer_t **querytsig) {
isc_result_t result;
dns_rdata_t rdata = DNS_RDATA_INIT;
isc_region_t r;
@ -2792,10 +2759,7 @@ dns_message_getquerytsig(dns_message_t *msg, isc_mem_t *mctx,
return ISC_R_SUCCESS;
}
result = dns_rdataset_first(msg->tsig);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_rdataset_first(msg->tsig));
dns_rdataset_current(msg->tsig, &rdata);
dns_rdata_toregion(&rdata, &r);
@ -2931,10 +2895,7 @@ dns_message_signer(dns_message_t *msg, dns_name_t *signer) {
INSIST(result == ISC_R_SUCCESS);
dns_rdataset_current(msg->sig0, &rdata);
result = dns_rdata_tostruct(&rdata, &sig, NULL);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_rdata_tostruct(&rdata, &sig, NULL));
if (msg->verified_sig && msg->sig0status == dns_rcode_noerror) {
result = ISC_R_SUCCESS;
@ -3125,10 +3086,7 @@ dns_message_checksig(dns_message_t *msg, dns_view_t *view) {
return ISC_R_UNEXPECTEDEND;
}
result = dns_rdata_tostruct(&sigrdata, &sig, NULL);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_rdata_tostruct(&sigrdata, &sig, NULL));
dns_rdataset_init(&keyset);
if (view == NULL) {
@ -3628,8 +3586,7 @@ render_zoneversion(dns_message_t *msg, isc_buffer_t *optbuf,
if (isc_buffer_availablelength(target) <
1)
{
result = ISC_R_NOSPACE;
goto cleanup;
CLEANUP(ISC_R_NOSPACE);
}
isc_buffer_putmem(target, &data[i], 1);
} else {
@ -3755,11 +3712,8 @@ dns_message_pseudosectiontoyaml(dns_message_t *msg, dns_pseudosection_t section,
switch (optcode) {
case DNS_OPT_LLQ:
if (optlen == 18U) {
result = render_llq(&optbuf, msg, style,
target);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(render_llq(&optbuf, msg, style,
target));
ADD_STRING(target, "\n");
continue;
}
@ -3777,11 +3731,8 @@ dns_message_pseudosectiontoyaml(dns_message_t *msg, dns_pseudosection_t section,
ADD_STRING(target, buf);
ADD_STRING(target, " # ");
result = dns_ttl_totext(secs, true,
true, target);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_ttl_totext(secs, true, true,
target));
ADD_STRING(target, "\n");
if (optlen == 8U) {
@ -3795,12 +3746,9 @@ dns_message_pseudosectiontoyaml(dns_message_t *msg, dns_pseudosection_t section,
ADD_STRING(target, buf);
ADD_STRING(target, " # ");
result = dns_ttl_totext(
key, true, true,
target);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_ttl_totext(key, true,
true,
target));
ADD_STRING(target, "\n");
}
continue;
@ -3829,11 +3777,8 @@ dns_message_pseudosectiontoyaml(dns_message_t *msg, dns_pseudosection_t section,
snprintf(buf, sizeof(buf), " %u", secs);
ADD_STRING(target, buf);
ADD_STRING(target, " # ");
result = dns_ttl_totext(secs, true,
true, target);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_ttl_totext(secs, true, true,
target));
ADD_STRING(target, "\n");
continue;
}
@ -3920,11 +3865,8 @@ dns_message_pseudosectiontoyaml(dns_message_t *msg, dns_pseudosection_t section,
if (optlen >= 2U) {
isc_buffer_t zonebuf = optbuf;
isc_buffer_setactive(&zonebuf, optlen);
result = render_zoneversion(
msg, &zonebuf, style, target);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(render_zoneversion(
msg, &zonebuf, style, target));
isc_buffer_forward(&optbuf, optlen);
ADD_STRING(target, "\n");
continue;
@ -4198,11 +4140,8 @@ dns_message_pseudosectiontotext(dns_message_t *msg, dns_pseudosection_t section,
switch (optcode) {
case DNS_OPT_LLQ:
if (optlen == 18U) {
result = render_llq(&optbuf, msg, style,
target);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(render_llq(&optbuf, msg, style,
target));
ADD_STRING(target, "\n");
continue;
}
@ -4221,19 +4160,13 @@ dns_message_pseudosectiontotext(dns_message_t *msg, dns_pseudosection_t section,
ADD_STRING(target, buf);
}
ADD_STRING(target, " (");
result = dns_ttl_totext(secs, true,
true, target);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_ttl_totext(secs, true, true,
target));
if (optlen == 8U) {
ADD_STRING(target, "/");
result = dns_ttl_totext(
key, true, true,
target);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_ttl_totext(key, true,
true,
target));
}
ADD_STRING(target, ")\n");
continue;
@ -4261,11 +4194,8 @@ dns_message_pseudosectiontotext(dns_message_t *msg, dns_pseudosection_t section,
snprintf(buf, sizeof(buf), " %u", secs);
ADD_STRING(target, buf);
ADD_STRING(target, " (");
result = dns_ttl_totext(secs, true,
true, target);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_ttl_totext(secs, true, true,
target));
ADD_STRING(target, ")\n");
continue;
}
@ -4365,11 +4295,8 @@ dns_message_pseudosectiontotext(dns_message_t *msg, dns_pseudosection_t section,
if (optlen >= 2U) {
isc_buffer_t zonebuf = optbuf;
isc_buffer_setactive(&zonebuf, optlen);
result = render_zoneversion(
msg, &zonebuf, style, target);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(render_zoneversion(
msg, &zonebuf, style, target));
ADD_STRING(target, "\n");
isc_buffer_forward(&optbuf, optlen);
continue;
@ -4518,7 +4445,7 @@ isc_result_t
dns_message_headertotext(dns_message_t *msg, const dns_master_style_t *style,
dns_messagetextflag_t flags, isc_buffer_t *target) {
char buf[sizeof("1234567890")];
isc_result_t result;
isc_result_t result = ISC_R_SUCCESS;
REQUIRE(DNS_MESSAGE_VALID(msg));
REQUIRE(target != NULL);
@ -4534,10 +4461,7 @@ dns_message_headertotext(dns_message_t *msg, const dns_master_style_t *style,
ADD_STRING(target, "\n");
INDENT(style);
ADD_STRING(target, "status: ");
result = dns_rcode_totext(msg->rcode, target);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_rcode_totext(msg->rcode, target));
ADD_STRING(target, "\n");
INDENT(style);
ADD_STRING(target, "id: ");
@ -4620,10 +4544,7 @@ dns_message_headertotext(dns_message_t *msg, const dns_master_style_t *style,
ADD_STRING(target, ";; ->>HEADER<<- opcode: ");
ADD_STRING(target, opcodetext[msg->opcode]);
ADD_STRING(target, ", status: ");
result = dns_rcode_totext(msg->rcode, target);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_rcode_totext(msg->rcode, target));
ADD_STRING(target, ", id: ");
snprintf(buf, sizeof(buf), "%6u", msg->id);
ADD_STRING(target, buf);
@ -4698,55 +4619,24 @@ cleanup:
isc_result_t
dns_message_totext(dns_message_t *msg, const dns_master_style_t *style,
dns_messagetextflag_t flags, isc_buffer_t *target) {
isc_result_t result;
REQUIRE(DNS_MESSAGE_VALID(msg));
REQUIRE(target != NULL);
result = dns_message_headertotext(msg, style, flags, target);
if (result != ISC_R_SUCCESS) {
return result;
}
result = dns_message_pseudosectiontotext(msg, DNS_PSEUDOSECTION_OPT,
style, flags, target);
if (result != ISC_R_SUCCESS) {
return result;
}
result = dns_message_sectiontotext(msg, DNS_SECTION_QUESTION, style,
flags, target);
if (result != ISC_R_SUCCESS) {
return result;
}
result = dns_message_sectiontotext(msg, DNS_SECTION_ANSWER, style,
flags, target);
if (result != ISC_R_SUCCESS) {
return result;
}
result = dns_message_sectiontotext(msg, DNS_SECTION_AUTHORITY, style,
flags, target);
if (result != ISC_R_SUCCESS) {
return result;
}
result = dns_message_sectiontotext(msg, DNS_SECTION_ADDITIONAL, style,
flags, target);
if (result != ISC_R_SUCCESS) {
return result;
}
result = dns_message_pseudosectiontotext(msg, DNS_PSEUDOSECTION_TSIG,
style, flags, target);
if (result != ISC_R_SUCCESS) {
return result;
}
result = dns_message_pseudosectiontotext(msg, DNS_PSEUDOSECTION_SIG0,
style, flags, target);
return result;
RETERR(dns_message_headertotext(msg, style, flags, target));
RETERR(dns_message_pseudosectiontotext(msg, DNS_PSEUDOSECTION_OPT,
style, flags, target));
RETERR(dns_message_sectiontotext(msg, DNS_SECTION_QUESTION, style,
flags, target));
RETERR(dns_message_sectiontotext(msg, DNS_SECTION_ANSWER, style, flags,
target));
RETERR(dns_message_sectiontotext(msg, DNS_SECTION_AUTHORITY, style,
flags, target));
RETERR(dns_message_sectiontotext(msg, DNS_SECTION_ADDITIONAL, style,
flags, target));
RETERR(dns_message_pseudosectiontotext(msg, DNS_PSEUDOSECTION_TSIG,
style, flags, target));
return dns_message_pseudosectiontotext(msg, DNS_PSEUDOSECTION_SIG0,
style, flags, target);
}
isc_region_t *
@ -4940,8 +4830,7 @@ buildopt(dns_message_t *message, dns_rdataset_t **rdatasetp) {
}
if (len > 0xffffU) {
result = ISC_R_NOSPACE;
goto cleanup;
CLEANUP(ISC_R_NOSPACE);
}
isc_buffer_allocate(message->mctx, &buf, len);

21
lib/dns/name.c
View file

@ -1707,7 +1707,6 @@ dns_name_dynamic(const dns_name_t *name) {
isc_result_t
dns_name_print(const dns_name_t *name, FILE *stream) {
isc_result_t result;
isc_buffer_t b;
isc_region_t r;
char t[1024];
@ -1719,10 +1718,7 @@ dns_name_print(const dns_name_t *name, FILE *stream) {
REQUIRE(DNS_NAME_VALID(name));
isc_buffer_init(&b, t, sizeof(t));
result = dns_name_totext(name, 0, &b);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_name_totext(name, 0, &b));
isc_buffer_usedregion(&b, &r);
fprintf(stream, "%.*s", (int)r.length, (char *)r.base);
@ -1774,7 +1770,6 @@ dns_name_format(const dns_name_t *name, char *cp, unsigned int size) {
*/
isc_result_t
dns_name_tostring(const dns_name_t *name, char **target, isc_mem_t *mctx) {
isc_result_t result;
isc_buffer_t buf;
isc_region_t reg;
char *p, txt[DNS_NAME_FORMATSIZE];
@ -1783,10 +1778,7 @@ dns_name_tostring(const dns_name_t *name, char **target, isc_mem_t *mctx) {
REQUIRE(target != NULL && *target == NULL);
isc_buffer_init(&buf, txt, sizeof(txt));
result = dns_name_totext(name, 0, &buf);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_name_totext(name, 0, &buf));
isc_buffer_usedregion(&buf, &reg);
p = isc_mem_allocate(mctx, reg.length + 1);
@ -1801,7 +1793,6 @@ isc_result_t
dns_name_fromstring(dns_name_t *target, const char *src,
const dns_name_t *origin, unsigned int options,
isc_mem_t *mctx) {
isc_result_t result;
isc_buffer_t buf;
dns_fixedname_t fn;
dns_name_t *name;
@ -1816,15 +1807,13 @@ dns_name_fromstring(dns_name_t *target, const char *src,
name = dns_fixedname_initname(&fn);
}
result = dns_name_fromtext(name, &buf, origin, options);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_name_fromtext(name, &buf, origin, options));
if (name != target) {
dns_name_dup(name, mctx, target);
}
return result;
return ISC_R_SUCCESS;
}
void

22
lib/dns/ncache.c
View file

@ -68,7 +68,6 @@ copy_rdataset(dns_rdataset_t *rdataset, isc_buffer_t *buffer) {
isc_buffer_putuint16(buffer, (uint16_t)count);
DNS_RDATASET_FOREACH(rdataset) {
isc_result_t result;
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdataset_current(rdataset, &rdata);
@ -85,10 +84,7 @@ copy_rdataset(dns_rdataset_t *rdataset, isc_buffer_t *buffer) {
/*
* Copy the rdata to the buffer.
*/
result = isc_buffer_copyregion(buffer, &r);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(isc_buffer_copyregion(buffer, &r));
}
return ISC_R_SUCCESS;
@ -142,8 +138,6 @@ dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node,
isc_buffer_init(&buffer, data, sizeof(data));
MSG_SECTION_FOREACH(message, DNS_SECTION_AUTHORITY, name) {
result = ISC_R_SUCCESS;
if (name->attributes.ncache) {
ISC_LIST_FOREACH(name->list, rdataset, link) {
if (!rdataset->attributes.ncache) {
@ -169,11 +163,8 @@ dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node,
* Copy the owner name to the buffer.
*/
dns_name_toregion(name, &r);
result = isc_buffer_copyregion(&buffer,
&r);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(isc_buffer_copyregion(&buffer,
&r));
/*
* Copy the type to the buffer.
*/
@ -189,11 +180,8 @@ dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node,
/*
* Copy the rdataset into the buffer.
*/
result = copy_rdataset(rdataset,
&buffer);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(copy_rdataset(rdataset,
&buffer));
if (next >= DNS_NCACHE_RDATA) {
return ISC_R_NOSPACE;

10
lib/dns/notify.c
View file

@ -347,10 +347,7 @@ notify_send_toaddr(void *arg) {
goto cleanup;
}
result = notify_createmessage(notify, &message);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(notify_createmessage(notify, &message));
if (notify->key != NULL) {
/* Transfer ownership of key */
@ -654,10 +651,7 @@ notify_send(dns_notify_t *notify) {
isc_sockaddr_any6(&newnotify->src);
}
startup = ((notify->flags & DNS_NOTIFY_STARTUP) != 0);
result = dns_notify_queue(newnotify, startup);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_notify_queue(newnotify, startup));
newnotify = NULL;
}

23
lib/dns/nsec.c
View file

@ -95,7 +95,6 @@ isc_result_t
dns_nsec_buildrdata(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node,
const dns_name_t *target, unsigned char *buffer,
dns_rdata_t *rdata) {
isc_result_t result;
isc_region_t r;
unsigned int i;
unsigned char *nsec_bits, *bm;
@ -118,10 +117,7 @@ dns_nsec_buildrdata(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node,
dns_nsec_setbit(bm, dns_rdatatype_nsec, 1);
max_type = dns_rdatatype_nsec;
rdsiter = NULL;
result = dns_db_allrdatasets(db, node, version, 0, 0, &rdsiter);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_db_allrdatasets(db, node, version, 0, 0, &rdsiter));
DNS_RDATASETITER_FOREACH(rdsiter) {
dns_rdataset_t rdataset = DNS_RDATASET_INIT;
dns_rdatasetiter_current(rdsiter, &rdataset);
@ -173,10 +169,7 @@ dns_nsec_build(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node,
dns_rdataset_init(&rdataset);
dns_rdata_init(&rdata);
result = dns_nsec_buildrdata(db, version, node, target, data, &rdata);
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(dns_nsec_buildrdata(db, version, node, target, data, &rdata));
dns_rdatalist_init(&rdatalist);
rdatalist.rdclass = dns_db_class(db);
@ -189,7 +182,7 @@ dns_nsec_build(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node,
result = ISC_R_SUCCESS;
}
failure:
cleanup:
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
}
@ -246,10 +239,7 @@ dns_nsec_nseconly(dns_db_t *db, dns_dbversion_t *version, dns_diff_t *diff,
dns_rdataset_init(&rdataset);
result = dns_db_getoriginnode(db, &node);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_db_getoriginnode(db, &node));
result = dns_db_findrdataset(db, node, version, dns_rdatatype_dnskey, 0,
0, &rdataset, NULL);
@ -422,10 +412,7 @@ dns_nsec_noexistnodata(dns_rdatatype_t type, const dns_name_t *name,
return DNS_R_DNAME;
}
result = dns_rdata_tostruct(&rdata, &nsec, NULL);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_rdata_tostruct(&rdata, &nsec, NULL));
relation = dns_name_fullcompare(&nsec.next, name, &order, &nlabels);
if (order == 0) {
dns_rdata_freestruct(&nsec);

155
lib/dns/nsec3.c
View file

@ -41,13 +41,6 @@
#include <dst/dst.h>
#define CHECK(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#define OPTOUT(x) (((x) & DNS_NSEC3FLAG_OPTOUT) != 0)
#define CREATE(x) (((x) & DNS_NSEC3FLAG_CREATE) != 0)
#define INITIAL(x) (((x) & DNS_NSEC3FLAG_INITIAL) != 0)
@ -60,7 +53,6 @@ dns_nsec3_buildrdata(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node,
size_t salt_length, const unsigned char *nexthash,
size_t hash_length, unsigned char *buffer,
dns_rdata_t *rdata) {
isc_result_t result;
isc_region_t r;
unsigned int i;
bool found;
@ -115,10 +107,7 @@ dns_nsec3_buildrdata(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node,
goto collapse_bitmap;
}
rdsiter = NULL;
result = dns_db_allrdatasets(db, node, version, 0, 0, &rdsiter);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_db_allrdatasets(db, node, version, 0, 0, &rdsiter));
found = found_ns = need_rrsig = false;
DNS_RDATASETITER_FOREACH(rdsiter) {
dns_rdataset_t rdataset = DNS_RDATASET_INIT;
@ -434,15 +423,12 @@ delnsec3(dns_db_t *db, dns_dbversion_t *version, const dns_name_t *name,
dns_difftuple_create(diff->mctx, DNS_DIFFOP_DEL, name,
rdataset.ttl, &rdata, &tuple);
result = do_one_tuple(&tuple, db, version, diff);
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(do_one_tuple(&tuple, db, version, diff));
}
result = ISC_R_SUCCESS;
failure:
cleanup:
dns_rdataset_disassociate(&rdataset);
cleanup_node:
dns_db_detachnode(&node);
@ -615,7 +601,7 @@ dns_nsec3_addnsec3(dns_db_t *db, dns_dbversion_t *version,
} else if (CREATE(nsec3param->flags) && OPTOUT(flags)) {
result = dns_nsec3_delnsec3(db, version, name,
nsec3param, diff);
goto failure;
goto cleanup;
} else {
maybe_remove_unsecure = true;
}
@ -660,7 +646,7 @@ dns_nsec3_addnsec3(dns_db_t *db, dns_dbversion_t *version,
if (OPTOUT(nsec3.flags)) {
result = dns_nsec3_delnsec3(db, version, name,
nsec3param, diff);
goto failure;
goto cleanup;
}
goto addnsec3;
} else {
@ -670,7 +656,7 @@ dns_nsec3_addnsec3(dns_db_t *db, dns_dbversion_t *version,
*/
if (OPTOUT(nsec3.flags) && unsecure) {
dns_rdataset_disassociate(&rdataset);
goto failure;
goto cleanup;
}
}
@ -859,7 +845,7 @@ addnsec3:
/* result cannot be ISC_R_NOMORE here */
INSIST(result != ISC_R_NOMORE);
failure:
cleanup:
if (dbit != NULL) {
dns_dbiterator_destroy(&dbit);
}
@ -893,10 +879,7 @@ dns_nsec3_addnsec3s(dns_db_t *db, dns_dbversion_t *version,
/*
* Find the NSEC3 parameters for this zone.
*/
result = dns_db_getoriginnode(db, &node);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_db_getoriginnode(db, &node));
result = dns_db_findrdataset(db, node, version,
dns_rdatatype_nsec3param, 0, 0, &rdataset,
@ -928,7 +911,7 @@ dns_nsec3_addnsec3s(dns_db_t *db, dns_dbversion_t *version,
nsecttl, unsecure, diff));
}
failure:
cleanup:
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
}
@ -1001,7 +984,7 @@ rr_exists(dns_db_t *db, dns_dbversion_t *ver, const dns_name_t *name,
if (result == ISC_R_NOTFOUND) {
*flag = false;
result = ISC_R_SUCCESS;
goto failure;
goto cleanup;
}
bool matched = false;
@ -1016,7 +999,7 @@ rr_exists(dns_db_t *db, dns_dbversion_t *ver, const dns_name_t *name,
dns_rdataset_disassociate(&rdataset);
*flag = matched;
failure:
cleanup:
if (node != NULL) {
dns_db_detachnode(&node);
}
@ -1026,7 +1009,6 @@ failure:
isc_result_t
dns_nsec3param_salttotext(dns_rdata_nsec3param_t *nsec3param, char *dst,
size_t dstlen) {
isc_result_t result;
isc_region_t r;
isc_buffer_t b;
@ -1045,10 +1027,7 @@ dns_nsec3param_salttotext(dns_rdata_nsec3param_t *nsec3param, char *dst,
r.length = nsec3param->salt_length;
isc_buffer_init(&b, dst, (unsigned int)dstlen);
result = isc_hex_totext(&r, 2, "", &b);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(isc_hex_totext(&r, 2, "", &b));
if (isc_buffer_availablelength(&b) < 1) {
return ISC_R_NOSPACE;
@ -1074,10 +1053,7 @@ dns_nsec3param_deletechains(dns_db_t *db, dns_dbversion_t *ver,
dns_name_init(&next);
dns_rdataset_init(&rdataset);
result = dns_db_getoriginnode(db, &node);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_db_getoriginnode(db, &node));
/*
* Cause all NSEC3 chains to be deleted.
@ -1087,9 +1063,7 @@ dns_nsec3param_deletechains(dns_db_t *db, dns_dbversion_t *ver,
if (result == ISC_R_NOTFOUND) {
goto try_private;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
DNS_RDATASET_FOREACH(&rdataset) {
dns_rdata_t rdata = DNS_RDATA_INIT;
@ -1117,16 +1091,16 @@ dns_nsec3param_deletechains(dns_db_t *db, dns_dbversion_t *ver,
try_private:
if (privatetype == 0) {
goto success;
result = ISC_R_SUCCESS;
goto cleanup;
}
result = dns_db_findrdataset(db, node, ver, privatetype, 0,
(isc_stdtime_t)0, &rdataset, NULL);
if (result == ISC_R_NOTFOUND) {
goto success;
}
if (result != ISC_R_SUCCESS) {
goto failure;
result = ISC_R_SUCCESS;
goto cleanup;
}
CHECK(result);
DNS_RDATASET_FOREACH(&rdataset) {
dns_rdata_t rdata = DNS_RDATA_INIT;
@ -1166,10 +1140,9 @@ try_private:
}
}
success:
result = ISC_R_SUCCESS;
failure:
cleanup:
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
}
@ -1193,15 +1166,12 @@ dns_nsec3_addnsec3sx(dns_db_t *db, dns_dbversion_t *version,
/*
* Find the NSEC3 parameters for this zone.
*/
result = dns_db_getoriginnode(db, &node);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_db_getoriginnode(db, &node));
result = dns_db_findrdataset(db, node, version, type, 0, 0, &prdataset,
NULL);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
goto failure;
CHECK(result);
}
result = dns_db_findrdataset(db, node, version,
@ -1210,9 +1180,7 @@ dns_nsec3_addnsec3sx(dns_db_t *db, dns_dbversion_t *version,
if (result == ISC_R_NOTFOUND) {
goto try_private;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
/*
* Update each active NSEC3 chain.
@ -1238,8 +1206,10 @@ dns_nsec3_addnsec3sx(dns_db_t *db, dns_dbversion_t *version,
try_private:
if (!dns_rdataset_isassociated(&prdataset)) {
goto success;
result = ISC_R_SUCCESS;
goto cleanup;
}
/*
* Update each active NSEC3 chain.
*/
@ -1270,9 +1240,9 @@ try_private:
nsecttl, unsecure, diff));
}
success:
result = ISC_R_SUCCESS;
failure:
cleanup:
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
}
@ -1380,9 +1350,7 @@ dns_nsec3_delnsec3(dns_db_t *db, dns_dbversion_t *version,
if (result == ISC_R_NOTFOUND || result == DNS_R_PARTIALMATCH) {
goto cleanup_orphaned_ents;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
CHECK(dns_dbiterator_current(dbit, &node, NULL));
CHECK(dns_dbiterator_pause(dbit));
@ -1392,9 +1360,7 @@ dns_nsec3_delnsec3(dns_db_t *db, dns_dbversion_t *version,
if (result == ISC_R_NOTFOUND) {
goto cleanup_orphaned_ents;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
/*
* If we find a existing NSEC3 for this chain then save the
@ -1408,7 +1374,8 @@ dns_nsec3_delnsec3(dns_db_t *db, dns_dbversion_t *version,
}
dns_rdataset_disassociate(&rdataset);
if (result == ISC_R_NOTFOUND) {
goto success;
result = ISC_R_SUCCESS;
goto cleanup;
}
/*
@ -1488,11 +1455,10 @@ cleanup_orphaned_ents:
salt_length));
result = dns_dbiterator_seek(dbit, hashname);
if (result == ISC_R_NOTFOUND || result == DNS_R_PARTIALMATCH) {
goto success;
}
if (result != ISC_R_SUCCESS) {
goto failure;
result = ISC_R_SUCCESS;
goto cleanup;
}
CHECK(result);
CHECK(dns_dbiterator_current(dbit, &node, NULL));
CHECK(dns_dbiterator_pause(dbit));
@ -1501,11 +1467,10 @@ cleanup_orphaned_ents:
(isc_stdtime_t)0, &rdataset, NULL);
dns_db_detachnode(&node);
if (result == ISC_R_NOTFOUND) {
goto success;
}
if (result != ISC_R_SUCCESS) {
goto failure;
result = ISC_R_SUCCESS;
goto cleanup;
}
CHECK(result);
result = find_nsec3(&nsec3, &rdataset, nsec3param);
if (result == ISC_R_SUCCESS) {
@ -1515,7 +1480,8 @@ cleanup_orphaned_ents:
}
dns_rdataset_disassociate(&rdataset);
if (result == ISC_R_NOTFOUND) {
goto success;
result = ISC_R_SUCCESS;
goto cleanup;
}
pass = 0;
@ -1570,10 +1536,9 @@ cleanup_orphaned_ents:
CHECK(delnsec3(db, version, hashname, nsec3param, diff));
} while (1);
success:
result = ISC_R_SUCCESS;
failure:
cleanup:
if (dbit != NULL) {
dns_dbiterator_destroy(&dbit);
}
@ -1606,10 +1571,7 @@ dns_nsec3_delnsec3sx(dns_db_t *db, dns_dbversion_t *version,
/*
* Find the NSEC3 parameters for this zone.
*/
result = dns_db_getoriginnode(db, &node);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_db_getoriginnode(db, &node));
result = dns_db_findrdataset(db, node, version,
dns_rdatatype_nsec3param, 0, 0, &rdataset,
@ -1617,9 +1579,7 @@ dns_nsec3_delnsec3sx(dns_db_t *db, dns_dbversion_t *version,
if (result == ISC_R_NOTFOUND) {
goto try_private;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
/*
* Update each active NSEC3 chain.
@ -1642,16 +1602,16 @@ dns_nsec3_delnsec3sx(dns_db_t *db, dns_dbversion_t *version,
try_private:
if (privatetype == 0) {
goto success;
result = ISC_R_SUCCESS;
goto cleanup;
}
result = dns_db_findrdataset(db, node, version, privatetype, 0, 0,
&rdataset, NULL);
if (result == ISC_R_NOTFOUND) {
goto success;
}
if (result != ISC_R_SUCCESS) {
goto failure;
result = ISC_R_SUCCESS;
goto cleanup;
}
CHECK(result);
/*
* Update each NSEC3 chain being built.
@ -1682,9 +1642,9 @@ try_private:
CHECK(dns_nsec3_delnsec3(db, version, name, &nsec3param, diff));
}
success:
result = ISC_R_SUCCESS;
failure:
cleanup:
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
}
@ -1713,10 +1673,7 @@ dns_nsec3_activex(dns_db_t *db, dns_dbversion_t *version, bool complete,
dns_rdataset_init(&rdataset);
result = dns_db_getoriginnode(db, &node);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_db_getoriginnode(db, &node));
result = dns_db_findrdataset(db, node, version,
dns_rdatatype_nsec3param, 0, 0, &rdataset,
@ -1839,10 +1796,7 @@ dns_nsec3_noexistnodata(dns_rdatatype_t type, const dns_name_t *name,
dns_rdataset_current(nsec3set, &rdata);
result = dns_rdata_tostruct(&rdata, &nsec3, NULL);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_rdata_tostruct(&rdata, &nsec3, NULL));
(*logit)(arg, ISC_LOG_DEBUG(3), "looking for relevant NSEC3");
@ -1904,10 +1858,7 @@ dns_nsec3_noexistnodata(dns_rdatatype_t type, const dns_name_t *name,
dns_name_getlabel(nsec3name, 0, &hashlabel);
isc_region_consume(&hashlabel, 1);
isc_buffer_init(&buffer, owner, sizeof(owner));
result = isc_base32hex_decoderegion(&hashlabel, &buffer);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(isc_base32hex_decoderegion(&hashlabel, &buffer));
/*
* The hash lengths should match. If not ignore the record.

12
lib/dns/nta.c
View file

@ -453,12 +453,7 @@ done:
static isc_result_t
putstr(isc_buffer_t *b, const char *str) {
isc_result_t result;
result = isc_buffer_reserve(b, strlen(str));
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(isc_buffer_reserve(b, strlen(str)));
isc_buffer_putstr(b, str);
return ISC_R_SUCCESS;
@ -509,10 +504,7 @@ dns_ntatable_totext(dns_ntatable_t *ntatable, const char *view,
}
first = false;
result = putstr(buf, obuf);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(putstr(buf, obuf));
}
cleanup:

24
lib/dns/openssl_link.c
View file

@ -46,25 +46,19 @@
#include "openssl_shim.h"
#define DST_RET(a) \
{ \
ret = a; \
goto err; \
}
static isc_result_t
dst__openssl_fromlabel_provider(int key_base_id, const char *label,
const char *pin, EVP_PKEY **ppub,
EVP_PKEY **ppriv) {
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
isc_result_t ret = DST_R_OPENSSLFAILURE;
isc_result_t result = DST_R_OPENSSLFAILURE;
OSSL_STORE_CTX *ctx = NULL;
UNUSED(pin);
ctx = OSSL_STORE_open(label, NULL, NULL, NULL, NULL);
if (!ctx) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
CLEANUP(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
while (!OSSL_STORE_eof(ctx)) {
@ -76,34 +70,34 @@ dst__openssl_fromlabel_provider(int key_base_id, const char *label,
case OSSL_STORE_INFO_PKEY:
if (*ppriv != NULL) {
OSSL_STORE_INFO_free(info);
DST_RET(DST_R_INVALIDPRIVATEKEY);
CLEANUP(DST_R_INVALIDPRIVATEKEY);
}
*ppriv = OSSL_STORE_INFO_get1_PKEY(info);
if (EVP_PKEY_get_base_id(*ppriv) != key_base_id) {
OSSL_STORE_INFO_free(info);
DST_RET(DST_R_BADKEYTYPE);
CLEANUP(DST_R_BADKEYTYPE);
}
break;
case OSSL_STORE_INFO_PUBKEY:
if (*ppub != NULL) {
OSSL_STORE_INFO_free(info);
DST_RET(DST_R_INVALIDPUBLICKEY);
CLEANUP(DST_R_INVALIDPUBLICKEY);
}
*ppub = OSSL_STORE_INFO_get1_PUBKEY(info);
if (EVP_PKEY_get_base_id(*ppub) != key_base_id) {
OSSL_STORE_INFO_free(info);
DST_RET(DST_R_BADKEYTYPE);
CLEANUP(DST_R_BADKEYTYPE);
}
break;
}
OSSL_STORE_INFO_free(info);
}
if (*ppriv != NULL && *ppub != NULL) {
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
}
err:
cleanup:
OSSL_STORE_close(ctx);
return ret;
return result;
#else
UNUSED(key_base_id);
UNUSED(label);

321
lib/dns/opensslecdsa_link.c
View file

@ -50,12 +50,6 @@
#define MAX_PRIVKEY_SIZE (MAX_PUBKEY_SIZE / 2)
#define DST_RET(a) \
{ \
ret = a; \
goto err; \
}
#if OPENSSL_VERSION_NUMBER >= 0x30200000L
static isc_result_t
opensslecdsa_set_deterministic(EVP_PKEY_CTX *pctx, unsigned int key_alg) {
@ -170,7 +164,7 @@ static isc_result_t
opensslecdsa_create_pkey_params(unsigned int key_alg, bool private,
const unsigned char *key, size_t key_len,
EVP_PKEY **pkey) {
isc_result_t ret;
isc_result_t result;
int status;
int group_nid = opensslecdsa_key_alg_to_group_nid(key_alg);
const char *groupname = opensslecdsa_key_alg_to_group_name(key_alg);
@ -184,13 +178,13 @@ opensslecdsa_create_pkey_params(unsigned int key_alg, bool private,
bld = OSSL_PARAM_BLD_new();
if (bld == NULL) {
DST_RET(dst__openssl_toresult2("OSSL_PARAM_BLD_new",
CLEANUP(dst__openssl_toresult2("OSSL_PARAM_BLD_new",
DST_R_OPENSSLFAILURE));
}
status = OSSL_PARAM_BLD_push_utf8_string(
bld, OSSL_PKEY_PARAM_GROUP_NAME, groupname, 0);
if (status != 1) {
DST_RET(dst__openssl_toresult2("OSSL_PARAM_BLD_push_"
CLEANUP(dst__openssl_toresult2("OSSL_PARAM_BLD_push_"
"utf8_string",
DST_R_OPENSSLFAILURE));
}
@ -198,27 +192,27 @@ opensslecdsa_create_pkey_params(unsigned int key_alg, bool private,
if (private) {
group = EC_GROUP_new_by_curve_name(group_nid);
if (group == NULL) {
DST_RET(dst__openssl_toresult2("EC_GROUP_new_by_"
CLEANUP(dst__openssl_toresult2("EC_GROUP_new_by_"
"curve_name",
DST_R_OPENSSLFAILURE));
}
priv = BN_bin2bn(key, key_len, NULL);
if (priv == NULL) {
DST_RET(dst__openssl_toresult2("BN_bin2bn",
CLEANUP(dst__openssl_toresult2("BN_bin2bn",
DST_R_OPENSSLFAILURE));
}
status = OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
priv);
if (status != 1) {
DST_RET(dst__openssl_toresult2("OSSL_PARAM_BLD_push_BN",
CLEANUP(dst__openssl_toresult2("OSSL_PARAM_BLD_push_BN",
DST_R_OPENSSLFAILURE));
}
pubkey = opensslecdsa_generate_public_key(group, priv);
if (pubkey == NULL) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
CLEANUP(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
key = buf;
@ -226,7 +220,7 @@ opensslecdsa_create_pkey_params(unsigned int key_alg, bool private,
POINT_CONVERSION_UNCOMPRESSED, buf,
sizeof(buf), NULL);
if (key_len == 0) {
DST_RET(dst__openssl_toresult2("EC_POINT_point2oct",
CLEANUP(dst__openssl_toresult2("EC_POINT_point2oct",
DST_R_OPENSSLFAILURE));
}
} else {
@ -240,38 +234,38 @@ opensslecdsa_create_pkey_params(unsigned int key_alg, bool private,
status = OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_PUB_KEY,
key, key_len);
if (status != 1) {
DST_RET(dst__openssl_toresult2("OSSL_PARAM_BLD_push_"
CLEANUP(dst__openssl_toresult2("OSSL_PARAM_BLD_push_"
"octet_string",
DST_R_OPENSSLFAILURE));
}
params = OSSL_PARAM_BLD_to_param(bld);
if (params == NULL) {
DST_RET(dst__openssl_toresult2("OSSL_PARAM_BLD_to_param",
CLEANUP(dst__openssl_toresult2("OSSL_PARAM_BLD_to_param",
DST_R_OPENSSLFAILURE));
}
ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL);
if (ctx == NULL) {
DST_RET(dst__openssl_toresult2("EVP_PKEY_CTX_new_from_name",
CLEANUP(dst__openssl_toresult2("EVP_PKEY_CTX_new_from_name",
DST_R_OPENSSLFAILURE));
}
status = EVP_PKEY_fromdata_init(ctx);
if (status != 1) {
/* This will fail if the default provider is an engine.
* Return ISC_R_FAILURE to retry using the legacy API. */
DST_RET(dst__openssl_toresult(ISC_R_FAILURE));
CLEANUP(dst__openssl_toresult(ISC_R_FAILURE));
}
status = EVP_PKEY_fromdata(
ctx, pkey, private ? EVP_PKEY_KEYPAIR : EVP_PKEY_PUBLIC_KEY,
params);
if (status != 1 || *pkey == NULL) {
DST_RET(dst__openssl_toresult2("EVP_PKEY_fromdata",
CLEANUP(dst__openssl_toresult2("EVP_PKEY_fromdata",
DST_R_OPENSSLFAILURE));
}
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
OSSL_PARAM_free(params);
OSSL_PARAM_BLD_free(bld);
EVP_PKEY_CTX_free(ctx);
@ -279,7 +273,7 @@ err:
EC_POINT_free(pubkey);
EC_GROUP_free(group);
return ret;
return result;
}
static bool
@ -310,7 +304,7 @@ static isc_result_t
opensslecdsa_create_pkey_legacy(unsigned int key_alg, bool private,
const unsigned char *key, size_t key_len,
EVP_PKEY **retkey) {
isc_result_t ret = ISC_R_SUCCESS;
isc_result_t result = ISC_R_SUCCESS;
EC_KEY *eckey = NULL;
EVP_PKEY *pkey = NULL;
BIGNUM *privkey = NULL;
@ -320,7 +314,7 @@ opensslecdsa_create_pkey_legacy(unsigned int key_alg, bool private,
eckey = EC_KEY_new_by_curve_name(group_nid);
if (eckey == NULL) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
CLEANUP(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
if (private) {
@ -328,18 +322,18 @@ opensslecdsa_create_pkey_legacy(unsigned int key_alg, bool private,
privkey = BN_bin2bn(key, key_len, NULL);
if (privkey == NULL) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
CLEANUP(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
if (!EC_KEY_set_private_key(eckey, privkey)) {
DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
CLEANUP(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
}
pubkey = opensslecdsa_generate_public_key(group, privkey);
if (pubkey == NULL) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
CLEANUP(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
if (EC_KEY_set_public_key(eckey, pubkey) != 1) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
CLEANUP(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
} else {
const unsigned char *cp = buf;
@ -347,30 +341,30 @@ opensslecdsa_create_pkey_legacy(unsigned int key_alg, bool private,
buf[0] = POINT_CONVERSION_UNCOMPRESSED;
memmove(buf + 1, key, key_len);
if (o2i_ECPublicKey(&eckey, &cp, key_len + 1) == NULL) {
DST_RET(dst__openssl_toresult(DST_R_INVALIDPUBLICKEY));
CLEANUP(dst__openssl_toresult(DST_R_INVALIDPUBLICKEY));
}
if (EC_KEY_check_key(eckey) != 1) {
DST_RET(dst__openssl_toresult(DST_R_INVALIDPUBLICKEY));
CLEANUP(dst__openssl_toresult(DST_R_INVALIDPUBLICKEY));
}
}
pkey = EVP_PKEY_new();
if (pkey == NULL) {
DST_RET(dst__openssl_toresult(ISC_R_NOMEMORY));
CLEANUP(dst__openssl_toresult(ISC_R_NOMEMORY));
}
if (!EVP_PKEY_set1_EC_KEY(pkey, eckey)) {
DST_RET(dst__openssl_toresult(ISC_R_FAILURE));
CLEANUP(dst__openssl_toresult(ISC_R_FAILURE));
}
*retkey = pkey;
pkey = NULL;
err:
cleanup:
BN_clear_free(privkey);
EC_POINT_free(pubkey);
EC_KEY_free(eckey);
EVP_PKEY_free(pkey);
return ret;
return result;
}
static bool
@ -419,18 +413,18 @@ static isc_result_t
opensslecdsa_create_pkey(unsigned int key_alg, bool private,
const unsigned char *key, size_t key_len,
EVP_PKEY **retkey) {
isc_result_t ret;
isc_result_t result;
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
ret = opensslecdsa_create_pkey_params(key_alg, private, key, key_len,
retkey);
if (ret != ISC_R_FAILURE) {
return ret;
result = opensslecdsa_create_pkey_params(key_alg, private, key, key_len,
retkey);
if (result != ISC_R_FAILURE) {
return result;
}
#else
ret = opensslecdsa_create_pkey_legacy(key_alg, private, key, key_len,
retkey);
if (ret == ISC_R_SUCCESS) {
return ret;
result = opensslecdsa_create_pkey_legacy(key_alg, private, key, key_len,
retkey);
if (result == ISC_R_SUCCESS) {
return result;
}
#endif
return DST_R_OPENSSLFAILURE;
@ -442,7 +436,7 @@ static isc_result_t
opensslecdsa_generate_pkey_with_uri(int group_nid, const char *label,
EVP_PKEY **retkey) {
int status;
isc_result_t ret;
isc_result_t result;
char *uri = UNCONST(label);
EVP_PKEY_CTX *ctx = NULL;
OSSL_PARAM params[3];
@ -455,19 +449,19 @@ opensslecdsa_generate_pkey_with_uri(int group_nid, const char *label,
ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", "provider=pkcs11");
if (ctx == NULL) {
DST_RET(dst__openssl_toresult2("EVP_PKEY_CTX_new_from_name",
CLEANUP(dst__openssl_toresult2("EVP_PKEY_CTX_new_from_name",
DST_R_OPENSSLFAILURE));
}
status = EVP_PKEY_keygen_init(ctx);
if (status != 1) {
DST_RET(dst__openssl_toresult2("EVP_PKEY_keygen_init",
CLEANUP(dst__openssl_toresult2("EVP_PKEY_keygen_init",
DST_R_OPENSSLFAILURE));
}
status = EVP_PKEY_CTX_set_params(ctx, params);
if (status != 1) {
DST_RET(dst__openssl_toresult2("EVP_PKEY_CTX_set_params",
CLEANUP(dst__openssl_toresult2("EVP_PKEY_CTX_set_params",
DST_R_OPENSSLFAILURE));
}
/*
@ -478,7 +472,7 @@ opensslecdsa_generate_pkey_with_uri(int group_nid, const char *label,
*/
status = EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, group_nid);
if (status != 1) {
DST_RET(dst__openssl_toresult2("EVP_PKEY_CTX_set_ec_paramgen_"
CLEANUP(dst__openssl_toresult2("EVP_PKEY_CTX_set_ec_paramgen_"
"curve_nid",
DST_R_OPENSSLFAILURE));
}
@ -486,21 +480,21 @@ opensslecdsa_generate_pkey_with_uri(int group_nid, const char *label,
/* Generate the key. */
status = EVP_PKEY_generate(ctx, retkey);
if (status != 1) {
DST_RET(dst__openssl_toresult2("EVP_PKEY_generate",
CLEANUP(dst__openssl_toresult2("EVP_PKEY_generate",
DST_R_OPENSSLFAILURE));
}
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
EVP_PKEY_CTX_free(ctx);
return ret;
return result;
}
static isc_result_t
opensslecdsa_generate_pkey(unsigned int key_alg, const char *label,
EVP_PKEY **retkey) {
isc_result_t ret;
isc_result_t result;
EVP_PKEY_CTX *ctx = NULL;
EVP_PKEY *params_pkey = NULL;
int group_nid = opensslecdsa_key_alg_to_group_nid(key_alg);
@ -514,23 +508,23 @@ opensslecdsa_generate_pkey(unsigned int key_alg, const char *label,
/* Generate the key's parameters. */
ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL);
if (ctx == NULL) {
DST_RET(dst__openssl_toresult2("EVP_PKEY_CTX_new_from_name",
CLEANUP(dst__openssl_toresult2("EVP_PKEY_CTX_new_from_name",
DST_R_OPENSSLFAILURE));
}
status = EVP_PKEY_paramgen_init(ctx);
if (status != 1) {
DST_RET(dst__openssl_toresult2("EVP_PKEY_paramgen_init",
CLEANUP(dst__openssl_toresult2("EVP_PKEY_paramgen_init",
DST_R_OPENSSLFAILURE));
}
status = EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, group_nid);
if (status != 1) {
DST_RET(dst__openssl_toresult2("EVP_PKEY_CTX_set_ec_paramgen_"
CLEANUP(dst__openssl_toresult2("EVP_PKEY_CTX_set_ec_paramgen_"
"curve_nid",
DST_R_OPENSSLFAILURE));
}
status = EVP_PKEY_paramgen(ctx, &params_pkey);
if (status != 1 || params_pkey == NULL) {
DST_RET(dst__openssl_toresult2("EVP_PKEY_paramgen",
CLEANUP(dst__openssl_toresult2("EVP_PKEY_paramgen",
DST_R_OPENSSLFAILURE));
}
EVP_PKEY_CTX_free(ctx);
@ -538,26 +532,26 @@ opensslecdsa_generate_pkey(unsigned int key_alg, const char *label,
/* Generate the key. */
ctx = EVP_PKEY_CTX_new(params_pkey, NULL);
if (ctx == NULL) {
DST_RET(dst__openssl_toresult2("EVP_PKEY_CTX_new",
CLEANUP(dst__openssl_toresult2("EVP_PKEY_CTX_new",
DST_R_OPENSSLFAILURE));
}
status = EVP_PKEY_keygen_init(ctx);
if (status != 1) {
DST_RET(dst__openssl_toresult2("EVP_PKEY_keygen_init",
CLEANUP(dst__openssl_toresult2("EVP_PKEY_keygen_init",
DST_R_OPENSSLFAILURE));
}
status = EVP_PKEY_keygen(ctx, retkey);
if (status != 1) {
DST_RET(dst__openssl_toresult2("EVP_PKEY_keygen",
CLEANUP(dst__openssl_toresult2("EVP_PKEY_keygen",
DST_R_OPENSSLFAILURE));
}
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
EVP_PKEY_free(params_pkey);
EVP_PKEY_CTX_free(ctx);
return ret;
return result;
}
static isc_result_t
@ -594,7 +588,7 @@ opensslecdsa_extract_private_key(const dst_key_t *key, unsigned char *buf,
static isc_result_t
opensslecdsa_generate_pkey(unsigned int key_alg, const char *label,
EVP_PKEY **retkey) {
isc_result_t ret;
isc_result_t result;
EC_KEY *eckey = NULL;
EVP_PKEY *pkey = NULL;
int group_nid;
@ -605,31 +599,31 @@ opensslecdsa_generate_pkey(unsigned int key_alg, const char *label,
eckey = EC_KEY_new_by_curve_name(group_nid);
if (eckey == NULL) {
DST_RET(dst__openssl_toresult2("EC_KEY_new_by_curve_name",
CLEANUP(dst__openssl_toresult2("EC_KEY_new_by_curve_name",
DST_R_OPENSSLFAILURE));
}
if (EC_KEY_generate_key(eckey) != 1) {
DST_RET(dst__openssl_toresult2("EC_KEY_generate_key",
CLEANUP(dst__openssl_toresult2("EC_KEY_generate_key",
DST_R_OPENSSLFAILURE));
}
pkey = EVP_PKEY_new();
if (pkey == NULL) {
DST_RET(dst__openssl_toresult(ISC_R_NOMEMORY));
CLEANUP(dst__openssl_toresult(ISC_R_NOMEMORY));
}
if (EVP_PKEY_set1_EC_KEY(pkey, eckey) != 1) {
DST_RET(dst__openssl_toresult2("EVP_PKEY_set1_EC_KEY",
CLEANUP(dst__openssl_toresult2("EVP_PKEY_set1_EC_KEY",
DST_R_OPENSSLFAILURE));
}
*retkey = pkey;
pkey = NULL;
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
EC_KEY_free(eckey);
EVP_PKEY_free(pkey);
return ret;
return result;
}
static isc_result_t
@ -676,7 +670,7 @@ opensslecdsa_extract_private_key(const dst_key_t *key, unsigned char *buf,
static isc_result_t
opensslecdsa_createctx(dst_key_t *key, dst_context_t *dctx) {
isc_result_t ret = ISC_R_SUCCESS;
isc_result_t result = ISC_R_SUCCESS;
EVP_MD_CTX *evp_md_ctx;
EVP_PKEY_CTX *pctx = NULL;
const EVP_MD *type = NULL;
@ -687,7 +681,7 @@ opensslecdsa_createctx(dst_key_t *key, dst_context_t *dctx) {
evp_md_ctx = EVP_MD_CTX_create();
if (evp_md_ctx == NULL) {
DST_RET(dst__openssl_toresult(ISC_R_NOMEMORY));
CLEANUP(dst__openssl_toresult(ISC_R_NOMEMORY));
}
if (dctx->key->key_alg == DST_ALG_ECDSA256) {
type = isc__crypto_sha256;
@ -700,18 +694,15 @@ opensslecdsa_createctx(dst_key_t *key, dst_context_t *dctx) {
dctx->key->keydata.pkeypair.priv) != 1)
{
EVP_MD_CTX_destroy(evp_md_ctx);
DST_RET(dst__openssl_toresult3(dctx->category,
CLEANUP(dst__openssl_toresult3(dctx->category,
"EVP_DigestSignInit",
ISC_R_FAILURE));
}
#if OPENSSL_VERSION_NUMBER >= 0x30200000L
if (!isc_crypto_fips_mode()) {
ret = opensslecdsa_set_deterministic(
pctx, dctx->key->key_alg);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(opensslecdsa_set_deterministic(
pctx, dctx->key->key_alg));
}
#endif /* OPENSSL_VERSION_NUMBER >= 0x30200000L */
@ -720,7 +711,7 @@ opensslecdsa_createctx(dst_key_t *key, dst_context_t *dctx) {
dctx->key->keydata.pkeypair.pub) != 1)
{
EVP_MD_CTX_destroy(evp_md_ctx);
DST_RET(dst__openssl_toresult3(dctx->category,
CLEANUP(dst__openssl_toresult3(dctx->category,
"EVP_DigestVerifyInit",
ISC_R_FAILURE));
}
@ -728,8 +719,8 @@ opensslecdsa_createctx(dst_key_t *key, dst_context_t *dctx) {
dctx->ctxdata.evp_md_ctx = evp_md_ctx;
err:
return ret;
cleanup:
return result;
}
static void
@ -747,7 +738,7 @@ opensslecdsa_destroyctx(dst_context_t *dctx) {
static isc_result_t
opensslecdsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
isc_result_t ret = ISC_R_SUCCESS;
isc_result_t result = ISC_R_SUCCESS;
EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
REQUIRE(opensslecdsa_valid_key_alg(dctx->key->key_alg));
@ -757,7 +748,7 @@ opensslecdsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
if (EVP_DigestSignUpdate(evp_md_ctx, data->base,
data->length) != 1)
{
DST_RET(dst__openssl_toresult3(dctx->category,
CLEANUP(dst__openssl_toresult3(dctx->category,
"EVP_DigestSignUpdate",
ISC_R_FAILURE));
}
@ -765,19 +756,19 @@ opensslecdsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
if (EVP_DigestVerifyUpdate(evp_md_ctx, data->base,
data->length) != 1)
{
DST_RET(dst__openssl_toresult3(dctx->category,
CLEANUP(dst__openssl_toresult3(dctx->category,
"EVP_DigestVerifyUpdate",
ISC_R_FAILURE));
}
}
err:
return ret;
cleanup:
return result;
}
static isc_result_t
opensslecdsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
isc_result_t ret;
isc_result_t result;
dst_key_t *key = dctx->key;
isc_region_t region;
EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
@ -798,25 +789,25 @@ opensslecdsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
isc_buffer_availableregion(sig, &region);
if (region.length < siglen) {
DST_RET(ISC_R_NOSPACE);
CLEANUP(ISC_R_NOSPACE);
}
if (EVP_DigestSignFinal(evp_md_ctx, NULL, &sigder_len) != 1) {
DST_RET(dst__openssl_toresult3(
CLEANUP(dst__openssl_toresult3(
dctx->category, "EVP_DigestSignFinal", ISC_R_FAILURE));
}
if (sigder_len == 0) {
DST_RET(ISC_R_FAILURE);
CLEANUP(ISC_R_FAILURE);
}
sigder = isc_mem_get(dctx->mctx, sigder_len);
sigder_alloced = sigder_len;
if (EVP_DigestSignFinal(evp_md_ctx, sigder, &sigder_len) != 1) {
DST_RET(dst__openssl_toresult3(
CLEANUP(dst__openssl_toresult3(
dctx->category, "EVP_DigestSignFinal", ISC_R_FAILURE));
}
sigder_copy = sigder;
if (d2i_ECDSA_SIG(&ecdsasig, &sigder_copy, sigder_len) == NULL) {
DST_RET(dst__openssl_toresult3(dctx->category, "d2i_ECDSA_SIG",
CLEANUP(dst__openssl_toresult3(dctx->category, "d2i_ECDSA_SIG",
ISC_R_FAILURE));
}
@ -827,19 +818,19 @@ opensslecdsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
isc_region_consume(&region, siglen / 2);
ECDSA_SIG_free(ecdsasig);
isc_buffer_add(sig, siglen);
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
if (sigder != NULL && sigder_alloced != 0) {
isc_mem_put(dctx->mctx, sigder, sigder_alloced);
}
return ret;
return result;
}
static isc_result_t
opensslecdsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
isc_result_t ret;
isc_result_t result;
dst_key_t *key = dctx->key;
int status;
unsigned char *cp = sig->base;
@ -860,12 +851,12 @@ opensslecdsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
}
if (sig->length != siglen) {
DST_RET(DST_R_VERIFYFAILURE);
CLEANUP(DST_R_VERIFYFAILURE);
}
ecdsasig = ECDSA_SIG_new();
if (ecdsasig == NULL) {
DST_RET(dst__openssl_toresult(ISC_R_NOMEMORY));
CLEANUP(dst__openssl_toresult(ISC_R_NOMEMORY));
}
r = BN_bin2bn(cp, siglen / 2, NULL);
cp += siglen / 2;
@ -875,7 +866,7 @@ opensslecdsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
status = i2d_ECDSA_SIG(ecdsasig, NULL);
if (status < 0) {
DST_RET(dst__openssl_toresult3(dctx->category, "i2d_ECDSA_SIG",
CLEANUP(dst__openssl_toresult3(dctx->category, "i2d_ECDSA_SIG",
DST_R_VERIFYFAILURE));
}
@ -886,7 +877,7 @@ opensslecdsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
sigder_copy = sigder;
status = i2d_ECDSA_SIG(ecdsasig, &sigder_copy);
if (status < 0) {
DST_RET(dst__openssl_toresult3(dctx->category, "i2d_ECDSA_SIG",
CLEANUP(dst__openssl_toresult3(dctx->category, "i2d_ECDSA_SIG",
DST_R_VERIFYFAILURE));
}
@ -894,19 +885,19 @@ opensslecdsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
switch (status) {
case 1:
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
break;
case 0:
ret = dst__openssl_toresult(DST_R_VERIFYFAILURE);
result = dst__openssl_toresult(DST_R_VERIFYFAILURE);
break;
default:
ret = dst__openssl_toresult3(dctx->category,
"EVP_DigestVerifyFinal",
DST_R_VERIFYFAILURE);
result = dst__openssl_toresult3(dctx->category,
"EVP_DigestVerifyFinal",
DST_R_VERIFYFAILURE);
break;
}
err:
cleanup:
if (ecdsasig != NULL) {
ECDSA_SIG_free(ecdsasig);
}
@ -914,32 +905,28 @@ err:
isc_mem_put(dctx->mctx, sigder, sigder_alloced);
}
return ret;
return result;
}
static isc_result_t
opensslecdsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
isc_result_t ret;
EVP_PKEY *pkey = NULL;
REQUIRE(opensslecdsa_valid_key_alg(key->key_alg));
UNUSED(unused);
UNUSED(callback);
ret = opensslecdsa_generate_pkey(key->key_alg, key->label, &pkey);
if (ret != ISC_R_SUCCESS) {
return ret;
}
RETERR(opensslecdsa_generate_pkey(key->key_alg, key->label, &pkey));
key->key_size = EVP_PKEY_bits(pkey);
key->keydata.pkeypair.priv = pkey;
key->keydata.pkeypair.pub = pkey;
return ret;
return ISC_R_SUCCESS;
}
static isc_result_t
opensslecdsa_todns(const dst_key_t *key, isc_buffer_t *data) {
isc_result_t ret;
isc_result_t result;
isc_region_t r;
size_t keysize;
@ -949,22 +936,22 @@ opensslecdsa_todns(const dst_key_t *key, isc_buffer_t *data) {
keysize = opensslecdsa_key_alg_to_publickey_size(key->key_alg);
isc_buffer_availableregion(data, &r);
if (r.length < keysize) {
DST_RET(ISC_R_NOSPACE);
CLEANUP(ISC_R_NOSPACE);
}
if (!opensslecdsa_extract_public_key(key, r.base, keysize)) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
CLEANUP(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
isc_buffer_add(data, keysize);
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
return ret;
cleanup:
return result;
}
static isc_result_t
opensslecdsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
isc_result_t ret;
isc_result_t result;
EVP_PKEY *pkey = NULL;
isc_region_t r;
size_t len;
@ -974,45 +961,43 @@ opensslecdsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
isc_buffer_remainingregion(data, &r);
if (r.length == 0) {
DST_RET(ISC_R_SUCCESS);
CLEANUP(ISC_R_SUCCESS);
}
if (r.length != len) {
DST_RET(DST_R_INVALIDPUBLICKEY);
CLEANUP(DST_R_INVALIDPUBLICKEY);
}
ret = opensslecdsa_create_pkey(key->key_alg, false, r.base, len, &pkey);
if (ret != ISC_R_SUCCESS) {
DST_RET(ret);
}
CHECK(opensslecdsa_create_pkey(key->key_alg, false, r.base, len,
&pkey));
isc_buffer_forward(data, len);
key->key_size = EVP_PKEY_bits(pkey);
key->keydata.pkeypair.pub = pkey;
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
return ret;
cleanup:
return result;
}
static isc_result_t
opensslecdsa_tofile(const dst_key_t *key, const char *directory) {
isc_result_t ret;
isc_result_t result;
dst_private_t priv;
unsigned char buf[MAX_PRIVKEY_SIZE];
size_t keylen = 0;
unsigned short i;
if (key->keydata.pkeypair.pub == NULL) {
DST_RET(DST_R_NULLKEY);
CLEANUP(DST_R_NULLKEY);
}
if (key->external) {
priv.nelements = 0;
DST_RET(dst__privstruct_writefile(key, &priv, directory));
CLEANUP(dst__privstruct_writefile(key, &priv, directory));
}
if (key->keydata.pkeypair.priv == NULL) {
DST_RET(DST_R_NULLKEY);
CLEANUP(DST_R_NULLKEY);
}
keylen = opensslecdsa_key_alg_to_publickey_size(key->key_alg) / 2;
@ -1035,11 +1020,11 @@ opensslecdsa_tofile(const dst_key_t *key, const char *directory) {
}
priv.nelements = i;
ret = dst__privstruct_writefile(key, &priv, directory);
result = dst__privstruct_writefile(key, &priv, directory);
err:
cleanup:
isc_safe_memwipe(buf, keylen);
return ret;
return result;
}
static isc_result_t
@ -1048,7 +1033,7 @@ opensslecdsa_fromlabel(dst_key_t *key, const char *label, const char *pin);
static isc_result_t
opensslecdsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
dst_private_t priv;
isc_result_t ret;
isc_result_t result;
EVP_PKEY *pkey = NULL;
const char *label = NULL;
int i, privkey_index = -1;
@ -1056,21 +1041,18 @@ opensslecdsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
REQUIRE(opensslecdsa_valid_key_alg(key->key_alg));
/* read private key file */
ret = dst__privstruct_parse(key, DST_ALG_ECDSA256, lexer, key->mctx,
&priv);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(dst__privstruct_parse(key, DST_ALG_ECDSA256, lexer, key->mctx,
&priv));
if (key->external) {
if (priv.nelements != 0 || pub == NULL) {
DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
CLEANUP(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
}
key->keydata.pkeypair.priv = pub->keydata.pkeypair.priv;
key->keydata.pkeypair.pub = pub->keydata.pkeypair.pub;
pub->keydata.pkeypair.priv = NULL;
pub->keydata.pkeypair.pub = NULL;
DST_RET(ISC_R_SUCCESS);
CLEANUP(ISC_R_SUCCESS);
}
for (i = 0; i < priv.nelements; i++) {
@ -1090,33 +1072,27 @@ opensslecdsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
}
if (label != NULL) {
ret = opensslecdsa_fromlabel(key, label, NULL);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(opensslecdsa_fromlabel(key, label, NULL));
/* Check that the public component matches if given */
if (pub != NULL && EVP_PKEY_eq(key->keydata.pkeypair.pub,
pub->keydata.pkeypair.pub) != 1)
{
DST_RET(DST_R_INVALIDPRIVATEKEY);
CLEANUP(DST_R_INVALIDPRIVATEKEY);
}
DST_RET(ISC_R_SUCCESS);
CLEANUP(ISC_R_SUCCESS);
}
if (privkey_index < 0) {
DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
CLEANUP(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
}
ret = opensslecdsa_create_pkey(
CHECK(opensslecdsa_create_pkey(
key->key_alg, true, priv.elements[privkey_index].data,
priv.elements[privkey_index].length, &pkey);
if (ret != ISC_R_SUCCESS) {
goto err;
}
priv.elements[privkey_index].length, &pkey));
/* Check that the public component matches if given */
if (pub != NULL && EVP_PKEY_eq(pkey, pub->keydata.pkeypair.pub) != 1) {
DST_RET(DST_R_INVALIDPRIVATEKEY);
CLEANUP(DST_R_INVALIDPRIVATEKEY);
}
key->key_size = EVP_PKEY_bits(pkey);
@ -1124,39 +1100,30 @@ opensslecdsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
key->keydata.pkeypair.pub = pkey;
pkey = NULL;
err:
cleanup:
EVP_PKEY_free(pkey);
if (ret != ISC_R_SUCCESS) {
if (result != ISC_R_SUCCESS) {
key->keydata.generic = NULL;
}
dst__privstruct_free(&priv, key->mctx);
isc_safe_memwipe(&priv, sizeof(priv));
return ret;
return result;
}
static isc_result_t
opensslecdsa_fromlabel(dst_key_t *key, const char *label, const char *pin) {
EVP_PKEY *privpkey = NULL, *pubpkey = NULL;
isc_result_t ret;
isc_result_t result;
REQUIRE(opensslecdsa_valid_key_alg(key->key_alg));
UNUSED(pin);
ret = dst__openssl_fromlabel(EVP_PKEY_EC, label, pin, &pubpkey,
&privpkey);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(dst__openssl_fromlabel(EVP_PKEY_EC, label, pin, &pubpkey,
&privpkey));
ret = opensslecdsa_validate_pkey_group(key->key_alg, privpkey);
if (ret != ISC_R_SUCCESS) {
goto err;
}
ret = opensslecdsa_validate_pkey_group(key->key_alg, pubpkey);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(opensslecdsa_validate_pkey_group(key->key_alg, privpkey));
CHECK(opensslecdsa_validate_pkey_group(key->key_alg, pubpkey));
key->label = isc_mem_strdup(key->mctx, label);
key->key_size = EVP_PKEY_bits(privpkey);
@ -1165,10 +1132,10 @@ opensslecdsa_fromlabel(dst_key_t *key, const char *label, const char *pin) {
privpkey = NULL;
pubpkey = NULL;
err:
cleanup:
EVP_PKEY_free(privpkey);
EVP_PKEY_free(pubpkey);
return ret;
return result;
}
static dst_func_t opensslecdsa_functions = {

144
lib/dns/openssleddsa_link.c
View file

@ -33,12 +33,6 @@
#include "dst_parse.h"
#include "openssl_shim.h"
#define DST_RET(a) \
{ \
ret = a; \
goto err; \
}
#ifndef NID_ED25519
#error "Ed25519 group is not known (NID_ED25519)"
#endif /* ifndef NID_ED25519 */
@ -82,13 +76,13 @@ openssleddsa_alg_info(unsigned int key_alg) {
static isc_result_t
raw_key_to_ossl(const eddsa_alginfo_t *alginfo, int private,
const unsigned char *key, size_t *key_len, EVP_PKEY **pkey) {
isc_result_t ret;
isc_result_t result;
int pkey_type = alginfo->pkey_type;
size_t len = alginfo->key_size;
ret = (private ? DST_R_INVALIDPRIVATEKEY : DST_R_INVALIDPUBLICKEY);
result = (private ? DST_R_INVALIDPRIVATEKEY : DST_R_INVALIDPUBLICKEY);
if (*key_len < len) {
return ret;
return result;
}
if (private) {
@ -97,7 +91,7 @@ raw_key_to_ossl(const eddsa_alginfo_t *alginfo, int private,
*pkey = EVP_PKEY_new_raw_public_key(pkey_type, NULL, key, len);
}
if (*pkey == NULL) {
return dst__openssl_toresult(ret);
return dst__openssl_toresult(result);
}
*key_len = len;
@ -165,7 +159,7 @@ openssleddsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
static isc_result_t
openssleddsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
isc_result_t ret;
isc_result_t result;
dst_key_t *key = dctx->key;
isc_region_t tbsreg;
isc_region_t sigreg;
@ -184,35 +178,35 @@ openssleddsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
siglen = alginfo->sig_size;
isc_buffer_availableregion(sig, &sigreg);
if (sigreg.length < (unsigned int)siglen) {
DST_RET(ISC_R_NOSPACE);
CLEANUP(ISC_R_NOSPACE);
}
isc_buffer_usedregion(buf, &tbsreg);
if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1) {
DST_RET(dst__openssl_toresult3(
CLEANUP(dst__openssl_toresult3(
dctx->category, "EVP_DigestSignInit", ISC_R_FAILURE));
}
if (EVP_DigestSign(ctx, sigreg.base, &siglen, tbsreg.base,
tbsreg.length) != 1)
{
DST_RET(dst__openssl_toresult3(dctx->category, "EVP_DigestSign",
CLEANUP(dst__openssl_toresult3(dctx->category, "EVP_DigestSign",
DST_R_SIGNFAILURE));
}
isc_buffer_add(sig, (unsigned int)siglen);
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
EVP_MD_CTX_free(ctx);
isc_buffer_free(&buf);
dctx->ctxdata.generic = NULL;
return ret;
return result;
}
static isc_result_t
openssleddsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
isc_result_t ret;
isc_result_t result;
dst_key_t *key = dctx->key;
int status;
isc_region_t tbsreg;
@ -228,13 +222,13 @@ openssleddsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
}
if (sig->length != alginfo->sig_size) {
DST_RET(DST_R_VERIFYFAILURE);
CLEANUP(DST_R_VERIFYFAILURE);
}
isc_buffer_usedregion(buf, &tbsreg);
if (EVP_DigestVerifyInit(ctx, NULL, NULL, NULL, pkey) != 1) {
DST_RET(dst__openssl_toresult3(
CLEANUP(dst__openssl_toresult3(
dctx->category, "EVP_DigestVerifyInit", ISC_R_FAILURE));
}
@ -243,28 +237,29 @@ openssleddsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
switch (status) {
case 1:
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
break;
case 0:
ret = dst__openssl_toresult(DST_R_VERIFYFAILURE);
result = dst__openssl_toresult(DST_R_VERIFYFAILURE);
break;
default:
ret = dst__openssl_toresult3(dctx->category, "EVP_DigestVerify",
DST_R_VERIFYFAILURE);
result = dst__openssl_toresult3(dctx->category,
"EVP_DigestVerify",
DST_R_VERIFYFAILURE);
break;
}
err:
cleanup:
EVP_MD_CTX_free(ctx);
isc_buffer_free(&buf);
dctx->ctxdata.generic = NULL;
return ret;
return result;
}
static isc_result_t
openssleddsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
isc_result_t ret;
isc_result_t result;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
const eddsa_alginfo_t *alginfo = openssleddsa_alg_info(key->key_alg);
@ -282,24 +277,24 @@ openssleddsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
status = EVP_PKEY_keygen_init(ctx);
if (status != 1) {
DST_RET(dst__openssl_toresult2("EVP_PKEY_keygen_init",
CLEANUP(dst__openssl_toresult2("EVP_PKEY_keygen_init",
DST_R_OPENSSLFAILURE));
}
status = EVP_PKEY_keygen(ctx, &pkey);
if (status != 1) {
DST_RET(dst__openssl_toresult2("EVP_PKEY_keygen",
CLEANUP(dst__openssl_toresult2("EVP_PKEY_keygen",
DST_R_OPENSSLFAILURE));
}
key->key_size = alginfo->key_size * 8;
key->keydata.pkeypair.priv = pkey;
key->keydata.pkeypair.pub = pkey;
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
EVP_PKEY_CTX_free(ctx);
return ret;
return result;
}
static isc_result_t
@ -329,7 +324,6 @@ openssleddsa_todns(const dst_key_t *key, isc_buffer_t *data) {
static isc_result_t
openssleddsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
const eddsa_alginfo_t *alginfo = openssleddsa_alg_info(key->key_alg);
isc_result_t ret;
isc_region_t r;
size_t len;
EVP_PKEY *pkey = NULL;
@ -342,10 +336,7 @@ openssleddsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
}
len = r.length;
ret = raw_key_to_ossl(alginfo, 0, r.base, &len, &pkey);
if (ret != ISC_R_SUCCESS) {
return ret;
}
RETERR(raw_key_to_ossl(alginfo, 0, r.base, &len, &pkey));
isc_buffer_forward(data, len);
key->keydata.pkeypair.pub = pkey;
@ -356,7 +347,7 @@ openssleddsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
static isc_result_t
openssleddsa_tofile(const dst_key_t *key, const char *directory) {
const eddsa_alginfo_t *alginfo = openssleddsa_alg_info(key->key_alg);
isc_result_t ret;
isc_result_t result;
dst_private_t priv;
unsigned char *buf = NULL;
size_t len;
@ -381,7 +372,7 @@ openssleddsa_tofile(const dst_key_t *key, const char *directory) {
if (EVP_PKEY_get_raw_private_key(key->keydata.pkeypair.priv,
buf, &len) != 1)
{
DST_RET(dst__openssl_toresult(ISC_R_FAILURE));
CLEANUP(dst__openssl_toresult(ISC_R_FAILURE));
}
priv.elements[i].tag = TAG_EDDSA_PRIVATEKEY;
priv.elements[i].length = len;
@ -397,20 +388,20 @@ openssleddsa_tofile(const dst_key_t *key, const char *directory) {
}
priv.nelements = i;
ret = dst__privstruct_writefile(key, &priv, directory);
result = dst__privstruct_writefile(key, &priv, directory);
err:
cleanup:
if (buf != NULL) {
isc_mem_put(key->mctx, buf, len);
}
return ret;
return result;
}
static isc_result_t
openssleddsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
const eddsa_alginfo_t *alginfo = openssleddsa_alg_info(key->key_alg);
dst_private_t priv;
isc_result_t ret;
isc_result_t result;
int i, privkey_index = -1;
const char *label = NULL;
EVP_PKEY *pkey = NULL;
@ -420,23 +411,20 @@ openssleddsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
REQUIRE(alginfo != NULL);
/* read private key file */
ret = dst__privstruct_parse(key, DST_ALG_ED25519, lexer, mctx, &priv);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(dst__privstruct_parse(key, DST_ALG_ED25519, lexer, mctx, &priv));
if (key->external) {
if (priv.nelements != 0) {
DST_RET(DST_R_INVALIDPRIVATEKEY);
CLEANUP(DST_R_INVALIDPRIVATEKEY);
}
if (pub == NULL) {
DST_RET(DST_R_INVALIDPRIVATEKEY);
CLEANUP(DST_R_INVALIDPRIVATEKEY);
}
key->keydata.pkeypair.priv = pub->keydata.pkeypair.priv;
key->keydata.pkeypair.pub = pub->keydata.pkeypair.pub;
pub->keydata.pkeypair.priv = NULL;
pub->keydata.pkeypair.pub = NULL;
DST_RET(ISC_R_SUCCESS);
CLEANUP(ISC_R_SUCCESS);
}
for (i = 0; i < priv.nelements; i++) {
@ -456,61 +444,52 @@ openssleddsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
}
if (label != NULL) {
ret = openssleddsa_fromlabel(key, label, NULL);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(openssleddsa_fromlabel(key, label, NULL));
/* Check that the public component matches if given */
if (pub != NULL && EVP_PKEY_eq(key->keydata.pkeypair.pub,
pub->keydata.pkeypair.pub) != 1)
{
DST_RET(DST_R_INVALIDPRIVATEKEY);
CLEANUP(DST_R_INVALIDPRIVATEKEY);
}
DST_RET(ISC_R_SUCCESS);
CLEANUP(ISC_R_SUCCESS);
}
if (privkey_index < 0) {
DST_RET(DST_R_INVALIDPRIVATEKEY);
CLEANUP(DST_R_INVALIDPRIVATEKEY);
}
len = priv.elements[privkey_index].length;
ret = raw_key_to_ossl(alginfo, 1, priv.elements[privkey_index].data,
&len, &pkey);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(raw_key_to_ossl(alginfo, 1, priv.elements[privkey_index].data,
&len, &pkey));
/* Check that the public component matches if given */
if (pub != NULL && EVP_PKEY_eq(pkey, pub->keydata.pkeypair.pub) != 1) {
DST_RET(DST_R_INVALIDPRIVATEKEY);
CLEANUP(DST_R_INVALIDPRIVATEKEY);
}
key->keydata.pkeypair.priv = pkey;
key->keydata.pkeypair.pub = pkey;
key->key_size = len * 8;
pkey = NULL;
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
EVP_PKEY_free(pkey);
dst__privstruct_free(&priv, mctx);
isc_safe_memwipe(&priv, sizeof(priv));
return ret;
return result;
}
static isc_result_t
openssleddsa_fromlabel(dst_key_t *key, const char *label, const char *pin) {
const eddsa_alginfo_t *alginfo = openssleddsa_alg_info(key->key_alg);
EVP_PKEY *privpkey = NULL, *pubpkey = NULL;
isc_result_t ret;
isc_result_t result;
REQUIRE(alginfo != NULL);
UNUSED(pin);
ret = dst__openssl_fromlabel(alginfo->pkey_type, label, pin, &pubpkey,
&privpkey);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(dst__openssl_fromlabel(alginfo->pkey_type, label, pin, &pubpkey,
&privpkey));
key->label = isc_mem_strdup(key->mctx, label);
key->key_size = EVP_PKEY_bits(privpkey);
@ -519,10 +498,10 @@ openssleddsa_fromlabel(dst_key_t *key, const char *label, const char *pin) {
privpkey = NULL;
pubpkey = NULL;
err:
cleanup:
EVP_PKEY_free(privpkey);
EVP_PKEY_free(pubpkey);
return ret;
return result;
}
static dst_func_t openssleddsa_functions = {
@ -578,11 +557,11 @@ check_algorithm(unsigned char algorithm) {
const unsigned char *key = NULL;
const unsigned char *sig = NULL;
const unsigned char test[] = "test";
isc_result_t ret = ISC_R_SUCCESS;
isc_result_t result = ISC_R_SUCCESS;
size_t key_len, sig_len;
if (evp_md_ctx == NULL) {
DST_RET(ISC_R_NOMEMORY);
CLEANUP(ISC_R_NOMEMORY);
}
switch (algorithm) {
@ -603,14 +582,11 @@ check_algorithm(unsigned char algorithm) {
alginfo = openssleddsa_alg_info(algorithm);
break;
default:
DST_RET(ISC_R_NOTIMPLEMENTED);
CLEANUP(ISC_R_NOTIMPLEMENTED);
}
INSIST(alginfo != NULL);
ret = raw_key_to_ossl(alginfo, 0, key, &key_len, &pkey);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(raw_key_to_ossl(alginfo, 0, key, &key_len, &pkey));
/*
* Check that we can verify the signature.
@ -619,10 +595,10 @@ check_algorithm(unsigned char algorithm) {
EVP_DigestVerify(evp_md_ctx, sig, sig_len, test,
sizeof(test) - 1) != 1)
{
DST_RET(ISC_R_NOTIMPLEMENTED);
CLEANUP(ISC_R_NOTIMPLEMENTED);
}
err:
cleanup:
if (pkey != NULL) {
EVP_PKEY_free(pkey);
}
@ -630,7 +606,7 @@ err:
EVP_MD_CTX_destroy(evp_md_ctx);
}
ERR_clear_error();
return ret;
return result;
}
void

261
lib/dns/opensslrsa_link.c
View file

@ -37,12 +37,6 @@
#include "dst_parse.h"
#include "openssl_shim.h"
#define DST_RET(a) \
{ \
ret = a; \
goto err; \
}
#define OPENSSLRSA_MAX_MODULUS_BITS 4096
typedef struct rsa_components {
@ -428,46 +422,46 @@ opensslrsa_generate_pkey(unsigned int key_size, const char *label, BIGNUM *e,
RSA *rsa = NULL;
EVP_PKEY *pkey = NULL;
BN_GENCB *cb = NULL;
isc_result_t ret;
isc_result_t result;
UNUSED(label);
rsa = RSA_new();
pkey = EVP_PKEY_new();
if (rsa == NULL || pkey == NULL) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
CLEANUP(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
if (EVP_PKEY_set1_RSA(pkey, rsa) != 1) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
CLEANUP(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
if (callback != NULL) {
cb = BN_GENCB_new();
if (cb == NULL) {
DST_RET(dst__openssl_toresult(ISC_R_NOMEMORY));
CLEANUP(dst__openssl_toresult(ISC_R_NOMEMORY));
}
BN_GENCB_set(cb, progress_cb, (void *)callback);
}
if (RSA_generate_key_ex(rsa, key_size, e, cb) != 1) {
DST_RET(dst__openssl_toresult2("RSA_generate_key_ex",
CLEANUP(dst__openssl_toresult2("RSA_generate_key_ex",
DST_R_OPENSSLFAILURE));
}
*retkey = pkey;
pkey = NULL;
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
EVP_PKEY_free(pkey);
RSA_free(rsa);
BN_GENCB_free(cb);
return ret;
return result;
}
static isc_result_t
opensslrsa_build_pkey(bool private, rsa_components_t *c, EVP_PKEY **retpkey) {
isc_result_t ret;
isc_result_t result;
EVP_PKEY *pkey = NULL;
RSA *rsa = RSA_new();
int status;
@ -476,20 +470,20 @@ opensslrsa_build_pkey(bool private, rsa_components_t *c, EVP_PKEY **retpkey) {
if (c->n == NULL || c->e == NULL) {
if (private) {
DST_RET(DST_R_INVALIDPRIVATEKEY);
CLEANUP(DST_R_INVALIDPRIVATEKEY);
}
DST_RET(DST_R_INVALIDPUBLICKEY);
CLEANUP(DST_R_INVALIDPUBLICKEY);
}
if (rsa == NULL) {
DST_RET(dst__openssl_toresult2("RSA_new",
CLEANUP(dst__openssl_toresult2("RSA_new",
DST_R_OPENSSLFAILURE));
}
if (RSA_set0_key(rsa, (BIGNUM *)c->n, (BIGNUM *)c->e, (BIGNUM *)c->d) !=
1)
{
DST_RET(dst__openssl_toresult2("RSA_set0_key",
CLEANUP(dst__openssl_toresult2("RSA_set0_key",
DST_R_OPENSSLFAILURE));
}
c->n = NULL;
@ -499,7 +493,7 @@ opensslrsa_build_pkey(bool private, rsa_components_t *c, EVP_PKEY **retpkey) {
if (c->p != NULL || c->q != NULL) {
if (RSA_set0_factors(rsa, (BIGNUM *)c->p, (BIGNUM *)c->q) != 1)
{
DST_RET(dst__openssl_toresult2("RSA_set0_factors",
CLEANUP(dst__openssl_toresult2("RSA_set0_factors",
DST_R_OPENSSLFAILURE));
}
c->p = NULL;
@ -511,7 +505,7 @@ opensslrsa_build_pkey(bool private, rsa_components_t *c, EVP_PKEY **retpkey) {
(BIGNUM *)c->dmq1,
(BIGNUM *)c->iqmp) == 0)
{
DST_RET(dst__openssl_toresult2("RSA_set0_crt_params",
CLEANUP(dst__openssl_toresult2("RSA_set0_crt_params",
DST_R_OPENSSLFAILURE));
}
c->dmp1 = NULL;
@ -521,24 +515,24 @@ opensslrsa_build_pkey(bool private, rsa_components_t *c, EVP_PKEY **retpkey) {
pkey = EVP_PKEY_new();
if (pkey == NULL) {
DST_RET(dst__openssl_toresult2("EVP_PKEY_new",
CLEANUP(dst__openssl_toresult2("EVP_PKEY_new",
DST_R_OPENSSLFAILURE));
}
status = EVP_PKEY_set1_RSA(pkey, rsa);
if (status != 1) {
DST_RET(dst__openssl_toresult2("EVP_PKEY_set1_RSA",
CLEANUP(dst__openssl_toresult2("EVP_PKEY_set1_RSA",
DST_R_OPENSSLFAILURE));
}
*retpkey = pkey;
pkey = NULL;
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
EVP_PKEY_free(pkey);
RSA_free(rsa);
opensslrsa_components_free(c);
return ret;
return result;
}
#else
static int
@ -559,7 +553,7 @@ opensslrsa_generate_pkey_with_uri(size_t key_size, const char *label,
EVP_PKEY_CTX *ctx = NULL;
OSSL_PARAM params[4];
char *uri = UNCONST(label);
isc_result_t ret;
isc_result_t result;
int status;
params[0] = OSSL_PARAM_construct_utf8_string("pkcs11_uri", uri, 0);
@ -570,39 +564,39 @@ opensslrsa_generate_pkey_with_uri(size_t key_size, const char *label,
ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", "provider=pkcs11");
if (ctx == NULL) {
DST_RET(dst__openssl_toresult2("EVP_PKEY_CTX_new_from_name",
CLEANUP(dst__openssl_toresult2("EVP_PKEY_CTX_new_from_name",
DST_R_OPENSSLFAILURE));
}
status = EVP_PKEY_keygen_init(ctx);
if (status != 1) {
DST_RET(dst__openssl_toresult2("EVP_PKEY_keygen_init",
CLEANUP(dst__openssl_toresult2("EVP_PKEY_keygen_init",
DST_R_OPENSSLFAILURE));
}
status = EVP_PKEY_CTX_set_params(ctx, params);
if (status != 1) {
DST_RET(dst__openssl_toresult2("EVP_PKEY_CTX_set_params",
CLEANUP(dst__openssl_toresult2("EVP_PKEY_CTX_set_params",
DST_R_OPENSSLFAILURE));
}
status = EVP_PKEY_generate(ctx, retkey);
if (status != 1) {
DST_RET(dst__openssl_toresult2("EVP_PKEY_generate",
CLEANUP(dst__openssl_toresult2("EVP_PKEY_generate",
DST_R_OPENSSLFAILURE));
}
ret = ISC_R_SUCCESS;
err:
result = ISC_R_SUCCESS;
cleanup:
EVP_PKEY_CTX_free(ctx);
return ret;
return result;
}
static isc_result_t
opensslrsa_generate_pkey(unsigned int key_size, const char *label, BIGNUM *e,
void (*callback)(int), EVP_PKEY **retkey) {
EVP_PKEY_CTX *ctx;
isc_result_t ret;
isc_result_t result;
if (label != NULL) {
return opensslrsa_generate_pkey_with_uri(key_size, label,
@ -611,19 +605,19 @@ opensslrsa_generate_pkey(unsigned int key_size, const char *label, BIGNUM *e,
ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
if (ctx == NULL) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
CLEANUP(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
if (EVP_PKEY_keygen_init(ctx) != 1) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
CLEANUP(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, (int)key_size) != 1) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
CLEANUP(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
if (EVP_PKEY_CTX_set1_rsa_keygen_pubexp(ctx, e) != 1) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
CLEANUP(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
if (callback != NULL) {
@ -632,18 +626,18 @@ opensslrsa_generate_pkey(unsigned int key_size, const char *label, BIGNUM *e,
}
if (EVP_PKEY_keygen(ctx, retkey) != 1) {
DST_RET(dst__openssl_toresult2("EVP_PKEY_keygen",
CLEANUP(dst__openssl_toresult2("EVP_PKEY_keygen",
DST_R_OPENSSLFAILURE));
}
ret = ISC_R_SUCCESS;
err:
result = ISC_R_SUCCESS;
cleanup:
EVP_PKEY_CTX_free(ctx);
return ret;
return result;
}
static isc_result_t
opensslrsa_build_pkey(bool private, rsa_components_t *c, EVP_PKEY **retpkey) {
isc_result_t ret;
isc_result_t result;
int status;
OSSL_PARAM_BLD *bld = NULL;
OSSL_PARAM *params = NULL;
@ -651,69 +645,69 @@ opensslrsa_build_pkey(bool private, rsa_components_t *c, EVP_PKEY **retpkey) {
bld = OSSL_PARAM_BLD_new();
if (bld == NULL) {
DST_RET(dst__openssl_toresult2("OSSL_PARAM_BLD_new",
CLEANUP(dst__openssl_toresult2("OSSL_PARAM_BLD_new",
DST_R_OPENSSLFAILURE));
}
if (OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, c->n) != 1 ||
OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, c->e) != 1)
{
DST_RET(dst__openssl_toresult2("OSSL_PARAM_BLD_push_BN",
CLEANUP(dst__openssl_toresult2("OSSL_PARAM_BLD_push_BN",
DST_R_OPENSSLFAILURE));
}
if (c->d != NULL &&
OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, c->d) != 1)
{
DST_RET(dst__openssl_toresult2("OSSL_PARAM_BLD_push_BN",
CLEANUP(dst__openssl_toresult2("OSSL_PARAM_BLD_push_BN",
DST_R_OPENSSLFAILURE));
}
if (c->p != NULL &&
OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR1, c->p) != 1)
{
DST_RET(dst__openssl_toresult2("OSSL_PARAM_BLD_push_BN",
CLEANUP(dst__openssl_toresult2("OSSL_PARAM_BLD_push_BN",
DST_R_OPENSSLFAILURE));
}
if (c->q != NULL &&
OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR2, c->q) != 1)
{
DST_RET(dst__openssl_toresult2("OSSL_PARAM_BLD_push_BN",
CLEANUP(dst__openssl_toresult2("OSSL_PARAM_BLD_push_BN",
DST_R_OPENSSLFAILURE));
}
if (c->dmp1 != NULL &&
OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_EXPONENT1,
c->dmp1) != 1)
{
DST_RET(dst__openssl_toresult2("OSSL_PARAM_BLD_push_BN",
CLEANUP(dst__openssl_toresult2("OSSL_PARAM_BLD_push_BN",
DST_R_OPENSSLFAILURE));
}
if (c->dmq1 != NULL &&
OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_EXPONENT2,
c->dmq1) != 1)
{
DST_RET(dst__openssl_toresult2("OSSL_PARAM_BLD_push_BN",
CLEANUP(dst__openssl_toresult2("OSSL_PARAM_BLD_push_BN",
DST_R_OPENSSLFAILURE));
}
if (c->iqmp != NULL &&
OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_COEFFICIENT1,
c->iqmp) != 1)
{
DST_RET(dst__openssl_toresult2("OSSL_PARAM_BLD_push_BN",
CLEANUP(dst__openssl_toresult2("OSSL_PARAM_BLD_push_BN",
DST_R_OPENSSLFAILURE));
}
params = OSSL_PARAM_BLD_to_param(bld);
if (params == NULL) {
DST_RET(dst__openssl_toresult2("OSSL_PARAM_BLD_to_param",
CLEANUP(dst__openssl_toresult2("OSSL_PARAM_BLD_to_param",
DST_R_OPENSSLFAILURE));
}
ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
if (ctx == NULL) {
DST_RET(dst__openssl_toresult2("EVP_PKEY_CTX_new_from_name",
CLEANUP(dst__openssl_toresult2("EVP_PKEY_CTX_new_from_name",
DST_R_OPENSSLFAILURE));
}
status = EVP_PKEY_fromdata_init(ctx);
if (status != 1) {
DST_RET(dst__openssl_toresult2("EVP_PKEY_fromdata_init",
CLEANUP(dst__openssl_toresult2("EVP_PKEY_fromdata_init",
DST_R_OPENSSLFAILURE));
}
@ -721,29 +715,29 @@ opensslrsa_build_pkey(bool private, rsa_components_t *c, EVP_PKEY **retpkey) {
ctx, retpkey, private ? EVP_PKEY_KEYPAIR : EVP_PKEY_PUBLIC_KEY,
params);
if (status != 1) {
DST_RET(dst__openssl_toresult2("EVP_PKEY_fromdata",
CLEANUP(dst__openssl_toresult2("EVP_PKEY_fromdata",
DST_R_OPENSSLFAILURE));
}
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
EVP_PKEY_CTX_free(ctx);
OSSL_PARAM_free(params);
OSSL_PARAM_BLD_free(bld);
return ret;
return result;
}
#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
static isc_result_t
opensslrsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
isc_result_t ret;
isc_result_t result;
BIGNUM *e = BN_new();
EVP_PKEY *pkey = NULL;
UNUSED(unused);
if (e == NULL) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
CLEANUP(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
/*
@ -754,21 +748,21 @@ opensslrsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
case DST_ALG_NSEC3RSASHA1:
/* From RFC 3110 */
if (key->key_size > 4096) {
DST_RET(DST_R_INVALIDPARAM);
CLEANUP(DST_R_INVALIDPARAM);
}
break;
case DST_ALG_RSASHA256:
case DST_ALG_RSASHA256PRIVATEOID:
/* From RFC 5702 */
if (key->key_size < 512 || key->key_size > 4096) {
DST_RET(DST_R_INVALIDPARAM);
CLEANUP(DST_R_INVALIDPARAM);
}
break;
case DST_ALG_RSASHA512:
case DST_ALG_RSASHA512PRIVATEOID:
/* From RFC 5702 */
if (key->key_size < 1024 || key->key_size > 4096) {
DST_RET(DST_R_INVALIDPARAM);
CLEANUP(DST_R_INVALIDPARAM);
}
break;
default:
@ -779,21 +773,18 @@ opensslrsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
BN_set_bit(e, 0);
BN_set_bit(e, 16);
ret = opensslrsa_generate_pkey(key->key_size, key->label, e, callback,
&pkey);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(opensslrsa_generate_pkey(key->key_size, key->label, e, callback,
&pkey));
key->keydata.pkeypair.pub = pkey;
key->keydata.pkeypair.priv = pkey;
pkey = NULL;
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
EVP_PKEY_free(pkey);
BN_free(e);
return ret;
return result;
}
static isc_result_t
@ -801,7 +792,7 @@ opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) {
isc_region_t r;
unsigned int e_bytes;
unsigned int mod_bytes;
isc_result_t ret;
isc_result_t result;
rsa_components_t c = { 0 };
REQUIRE(key->keydata.pkeypair.pub != NULL);
@ -814,37 +805,34 @@ opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) {
switch (key->key_alg) {
case DST_ALG_RSASHA256PRIVATEOID:
if (r.length < sizeof(oid_rsasha256)) {
DST_RET(ISC_R_NOSPACE);
CLEANUP(ISC_R_NOSPACE);
}
isc_buffer_putmem(data, oid_rsasha256, sizeof(oid_rsasha256));
isc_region_consume(&r, sizeof(oid_rsasha256));
break;
case DST_ALG_RSASHA512PRIVATEOID:
if (r.length < sizeof(oid_rsasha512)) {
DST_RET(ISC_R_NOSPACE);
CLEANUP(ISC_R_NOSPACE);
}
isc_buffer_putmem(data, oid_rsasha512, sizeof(oid_rsasha512));
isc_region_consume(&r, sizeof(oid_rsasha512));
break;
}
ret = opensslrsa_components_get(key, &c, false);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(opensslrsa_components_get(key, &c, false));
mod_bytes = BN_num_bytes(c.n);
e_bytes = BN_num_bytes(c.e);
if (e_bytes < 256) { /*%< key exponent is <= 2040 bits */
if (r.length < 1) {
DST_RET(ISC_R_NOSPACE);
CLEANUP(ISC_R_NOSPACE);
}
isc_buffer_putuint8(data, (uint8_t)e_bytes);
isc_region_consume(&r, 1);
} else {
if (r.length < 3) {
DST_RET(ISC_R_NOSPACE);
CLEANUP(ISC_R_NOSPACE);
}
isc_buffer_putuint8(data, 0);
isc_buffer_putuint16(data, (uint16_t)e_bytes);
@ -852,7 +840,7 @@ opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) {
}
if (r.length < e_bytes + mod_bytes) {
DST_RET(ISC_R_NOSPACE);
CLEANUP(ISC_R_NOSPACE);
}
BN_bn2bin(c.e, r.base);
@ -862,15 +850,15 @@ opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) {
isc_buffer_add(data, e_bytes + mod_bytes);
ret = ISC_R_SUCCESS;
err:
result = ISC_R_SUCCESS;
cleanup:
opensslrsa_components_free(&c);
return ret;
return result;
}
static isc_result_t
opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
isc_result_t ret;
isc_result_t result;
isc_region_t r;
unsigned int e_bytes;
unsigned int length;
@ -880,7 +868,7 @@ opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
isc_buffer_remainingregion(data, &r);
if (r.length == 0) {
DST_RET(ISC_R_SUCCESS);
CLEANUP(ISC_R_SUCCESS);
}
/*
@ -891,7 +879,7 @@ opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
if (r.length < sizeof(oid_rsasha256) ||
memcmp(r.base, oid_rsasha256, sizeof(oid_rsasha256)) != 0)
{
DST_RET(DST_R_INVALIDPUBLICKEY);
CLEANUP(DST_R_INVALIDPUBLICKEY);
}
isc_region_consume(&r, sizeof(oid_rsasha256));
isc_buffer_forward(data, sizeof(oid_rsasha256));
@ -900,7 +888,7 @@ opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
if (r.length < sizeof(oid_rsasha512) ||
memcmp(r.base, oid_rsasha512, sizeof(oid_rsasha512)) != 0)
{
DST_RET(DST_R_INVALIDPUBLICKEY);
CLEANUP(DST_R_INVALIDPUBLICKEY);
}
isc_region_consume(&r, sizeof(oid_rsasha512));
isc_buffer_forward(data, sizeof(oid_rsasha512));
@ -909,7 +897,7 @@ opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
length = r.length;
if (r.length < 1) {
DST_RET(DST_R_INVALIDPUBLICKEY);
CLEANUP(DST_R_INVALIDPUBLICKEY);
}
e_bytes = *r.base;
@ -917,7 +905,7 @@ opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
if (e_bytes == 0) {
if (r.length < 2) {
DST_RET(DST_R_INVALIDPUBLICKEY);
CLEANUP(DST_R_INVALIDPUBLICKEY);
}
e_bytes = (*r.base) << 8;
isc_region_consume(&r, 1);
@ -926,27 +914,27 @@ opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
}
if (r.length < e_bytes) {
DST_RET(DST_R_INVALIDPUBLICKEY);
CLEANUP(DST_R_INVALIDPUBLICKEY);
}
c.e = BN_bin2bn(r.base, e_bytes, NULL);
isc_region_consume(&r, e_bytes);
c.n = BN_bin2bn(r.base, r.length, NULL);
if (c.e == NULL || c.n == NULL) {
DST_RET(ISC_R_NOMEMORY);
CLEANUP(ISC_R_NOMEMORY);
}
isc_buffer_forward(data, length);
key->key_size = BN_num_bits(c.n);
ret = opensslrsa_build_pkey(false, &c, &key->keydata.pkeypair.pub);
result = opensslrsa_build_pkey(false, &c, &key->keydata.pkeypair.pub);
err:
cleanup:
opensslrsa_components_free(&c);
return ret;
return result;
}
static isc_result_t
opensslrsa_tofile(const dst_key_t *key, const char *directory) {
isc_result_t ret;
isc_result_t result;
dst_private_t priv = { 0 };
unsigned char *bufs[8] = { NULL };
unsigned short i = 0;
@ -956,10 +944,7 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) {
return dst__privstruct_writefile(key, &priv, directory);
}
ret = opensslrsa_components_get(key, &c, true);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(opensslrsa_components_get(key, &c, true));
priv.elements[i].tag = TAG_RSA_MODULUS;
priv.elements[i].length = BN_num_bytes(c.n);
@ -1044,9 +1029,9 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) {
}
priv.nelements = i;
ret = dst__privstruct_writefile(key, &priv, directory);
result = dst__privstruct_writefile(key, &priv, directory);
err:
cleanup:
for (i = 0; i < ARRAY_SIZE(bufs); i++) {
if (bufs[i] != NULL) {
isc_mem_put(key->mctx, bufs[i],
@ -1055,7 +1040,7 @@ err:
}
opensslrsa_components_free(&c);
return ret;
return result;
}
static isc_result_t
@ -1064,7 +1049,7 @@ opensslrsa_fromlabel(dst_key_t *key, const char *label, const char *pin);
static isc_result_t
opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
dst_private_t priv;
isc_result_t ret;
isc_result_t result;
int i;
isc_mem_t *mctx = NULL;
const char *label = NULL;
@ -1077,21 +1062,18 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
mctx = key->mctx;
/* read private key file */
ret = dst__privstruct_parse(key, DST_ALG_RSA, lexer, mctx, &priv);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(dst__privstruct_parse(key, DST_ALG_RSA, lexer, mctx, &priv));
if (key->external) {
if (priv.nelements != 0 || pub == NULL) {
DST_RET(DST_R_INVALIDPRIVATEKEY);
CLEANUP(DST_R_INVALIDPRIVATEKEY);
}
key->keydata.pkeypair.pub = pub->keydata.pkeypair.pub;
key->keydata.pkeypair.priv = pub->keydata.pkeypair.priv;
pub->keydata.pkeypair.pub = NULL;
pub->keydata.pkeypair.priv = NULL;
key->key_size = pub->key_size;
DST_RET(ISC_R_SUCCESS);
CLEANUP(ISC_R_SUCCESS);
}
for (i = 0; i < priv.nelements; i++) {
@ -1112,17 +1094,14 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
* See if we can fetch it.
*/
if (label != NULL) {
ret = opensslrsa_fromlabel(key, label, NULL);
if (ret != ISC_R_SUCCESS) {
DST_RET(ret);
}
CHECK(opensslrsa_fromlabel(key, label, NULL));
/* Check that the public component matches if given */
if (pub != NULL && EVP_PKEY_eq(key->keydata.pkeypair.pub,
pub->keydata.pkeypair.pub) != 1)
{
DST_RET(DST_R_INVALIDPRIVATEKEY);
CLEANUP(DST_R_INVALIDPRIVATEKEY);
}
DST_RET(ISC_R_SUCCESS);
CLEANUP(ISC_R_SUCCESS);
}
for (i = 0; i < priv.nelements; i++) {
@ -1136,7 +1115,7 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
bn = BN_bin2bn(priv.elements[i].data,
priv.elements[i].length, NULL);
if (bn == NULL) {
DST_RET(ISC_R_NOMEMORY);
CLEANUP(ISC_R_NOMEMORY);
}
switch (priv.elements[i].tag) {
case TAG_RSA_MODULUS:
@ -1171,53 +1150,47 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
/* Basic sanity check for public key portion */
if (c.n == NULL || c.e == NULL) {
DST_RET(DST_R_INVALIDPRIVATEKEY);
CLEANUP(DST_R_INVALIDPRIVATEKEY);
}
if (BN_num_bits(c.e) > RSA_MAX_PUBEXP_BITS) {
DST_RET(ISC_R_RANGE);
CLEANUP(ISC_R_RANGE);
}
key->key_size = BN_num_bits(c.n);
ret = opensslrsa_build_pkey(true, &c, &pkey);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(opensslrsa_build_pkey(true, &c, &pkey));
/* Check that the public component matches if given */
if (pub != NULL && EVP_PKEY_eq(pkey, pub->keydata.pkeypair.pub) != 1) {
DST_RET(DST_R_INVALIDPRIVATEKEY);
CLEANUP(DST_R_INVALIDPRIVATEKEY);
}
key->keydata.pkeypair.pub = pkey;
key->keydata.pkeypair.priv = pkey;
pkey = NULL;
err:
cleanup:
opensslrsa_components_free(&c);
EVP_PKEY_free(pkey);
if (ret != ISC_R_SUCCESS) {
if (result != ISC_R_SUCCESS) {
key->keydata.generic = NULL;
}
dst__privstruct_free(&priv, mctx);
isc_safe_memwipe(&priv, sizeof(priv));
return ret;
return result;
}
static isc_result_t
opensslrsa_fromlabel(dst_key_t *key, const char *label, const char *pin) {
EVP_PKEY *privpkey = NULL, *pubpkey = NULL;
isc_result_t ret;
isc_result_t result;
ret = dst__openssl_fromlabel(EVP_PKEY_RSA, label, pin, &pubpkey,
&privpkey);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(dst__openssl_fromlabel(EVP_PKEY_RSA, label, pin, &pubpkey,
&privpkey));
if (!opensslrsa_check_exponent_bits(pubpkey, RSA_MAX_PUBEXP_BITS)) {
DST_RET(ISC_R_RANGE);
CLEANUP(ISC_R_RANGE);
}
key->label = isc_mem_strdup(key->mctx, label);
@ -1227,10 +1200,10 @@ opensslrsa_fromlabel(dst_key_t *key, const char *label, const char *pin) {
privpkey = NULL;
pubpkey = NULL;
err:
cleanup:
EVP_PKEY_free(privpkey);
EVP_PKEY_free(pubpkey);
return ret;
return result;
}
static dst_func_t opensslrsa_functions = {
@ -1333,7 +1306,7 @@ check_algorithm(unsigned short algorithm) {
EVP_PKEY *pkey = NULL;
const EVP_MD *type = NULL;
const unsigned char *sig = NULL;
isc_result_t ret = ISC_R_SUCCESS;
isc_result_t result = ISC_R_SUCCESS;
size_t len;
switch (algorithm) {
@ -1356,7 +1329,7 @@ check_algorithm(unsigned short algorithm) {
len = sizeof(sha512_sig) - 1;
break;
default:
DST_RET(ISC_R_NOTIMPLEMENTED);
CLEANUP(ISC_R_NOTIMPLEMENTED);
}
/*
@ -1365,8 +1338,8 @@ check_algorithm(unsigned short algorithm) {
c.e = BN_bin2bn(e_bytes, sizeof(e_bytes) - 1, NULL);
c.n = BN_bin2bn(n_bytes, sizeof(n_bytes) - 1, NULL);
ret = opensslrsa_build_pkey(false, &c, &pkey);
INSIST(ret == ISC_R_SUCCESS);
result = opensslrsa_build_pkey(false, &c, &pkey);
INSIST(result == ISC_R_SUCCESS);
/*
* Check that we can verify the signature.
@ -1375,15 +1348,15 @@ check_algorithm(unsigned short algorithm) {
EVP_DigestUpdate(evp_md_ctx, "test", 4) != 1 ||
EVP_VerifyFinal(evp_md_ctx, sig, len, pkey) != 1)
{
DST_RET(ISC_R_NOTIMPLEMENTED);
CLEANUP(ISC_R_NOTIMPLEMENTED);
}
err:
cleanup:
opensslrsa_components_free(&c);
EVP_PKEY_free(pkey);
EVP_MD_CTX_destroy(evp_md_ctx);
ERR_clear_error();
return ret;
return result;
}
void

7
lib/dns/peer.c
View file

@ -485,11 +485,8 @@ dns_peer_setkeybycharp(dns_peer_t *peer, const char *keyval) {
dns_fixedname_init(&fname);
isc_buffer_constinit(&b, keyval, strlen(keyval));
isc_buffer_add(&b, strlen(keyval));
result = dns_name_fromtext(dns_fixedname_name(&fname), &b, dns_rootname,
0);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_name_fromtext(dns_fixedname_name(&fname), &b, dns_rootname,
0));
name = isc_mem_get(peer->mem, sizeof(dns_name_t));

25
lib/dns/private.c
View file

@ -43,13 +43,6 @@
#define INITIAL(x) (((x) & DNS_NSEC3FLAG_INITIAL) != 0)
#define NONSEC(x) (((x) & DNS_NSEC3FLAG_NONSEC) != 0)
#define CHECK(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
/*
* Work out if 'param' should be ignored or not (i.e. it is in the process
* of being removed).
@ -121,14 +114,14 @@ dns_private_chains(dns_db_t *db, dns_dbversion_t *ver,
result = dns_db_findrdataset(db, node, ver, dns_rdatatype_nsec, 0,
(isc_stdtime_t)0, &nsecset, NULL);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
goto failure;
if (result != ISC_R_NOTFOUND) {
CHECK(result);
}
result = dns_db_findrdataset(db, node, ver, dns_rdatatype_nsec3param, 0,
(isc_stdtime_t)0, &nsec3paramset, NULL);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
goto failure;
if (result != ISC_R_NOTFOUND) {
CHECK(result);
}
if (dns_rdataset_isassociated(&nsecset) &&
@ -143,8 +136,8 @@ dns_private_chains(dns_db_t *db, dns_dbversion_t *ver,
result = dns_db_findrdataset(db, node, ver, privatetype, 0,
(isc_stdtime_t)0, &privateset,
NULL);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
goto failure;
if (result != ISC_R_NOTFOUND) {
CHECK(result);
}
}
@ -278,7 +271,7 @@ dns_private_chains(dns_db_t *db, dns_dbversion_t *ver,
success:
result = ISC_R_SUCCESS;
failure:
cleanup:
if (dns_rdataset_isassociated(&nsecset)) {
dns_rdataset_disassociate(&nsecset);
}
@ -313,7 +306,7 @@ dns_private_totext(dns_rdata_t *private, isc_buffer_t *buf) {
if (!dns_nsec3param_fromprivate(private, &rdata, nsec3buf,
sizeof(nsec3buf)))
{
CHECK(ISC_R_FAILURE);
CLEANUP(ISC_R_FAILURE);
}
CHECK(dns_rdata_tostruct(&rdata, &nsec3param, NULL));
@ -400,6 +393,6 @@ dns_private_totext(dns_rdata_t *private, isc_buffer_t *buf) {
isc_buffer_putuint8(buf, 0);
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}

48
lib/dns/qpcache.c
View file

@ -66,13 +66,6 @@
#define DNS_QPCACHE_LOG_STATS_LEVEL 3
#endif
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#define STALE_TTL(header, qpdb) \
(NXDOMAIN(header) ? 0 : qpdb->common.serve_stale_ttl)
@ -1515,11 +1508,8 @@ find_coveringnsec(qpc_search_t *search, const dns_name_t *name,
* Lookup the predecessor in the normal namespace.
*/
node = NULL;
result = dns_qp_getname(search->qpdb->tree, predecessor,
DNS_DBNAMESPACE_NORMAL, (void **)&node, NULL);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_qp_getname(search->qpdb->tree, predecessor,
DNS_DBNAMESPACE_NORMAL, (void **)&node, NULL));
dns_name_copy(&node->name, fname);
nlock = &search->qpdb->buckets[node->locknum].lock;
@ -2988,15 +2978,9 @@ addnoqname(isc_mem_t *mctx, dns_slabheader_t *newheader, uint32_t maxrrperset,
result = dns_rdataset_getnoqname(rdataset, &name, &neg, &negsig);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
result = dns_rdataslab_fromrdataset(&neg, mctx, &r1, maxrrperset);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_rdataslab_fromrdataset(&neg, mctx, &r1, maxrrperset));
result = dns_rdataslab_fromrdataset(&negsig, mctx, &r2, maxrrperset);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_rdataslab_fromrdataset(&negsig, mctx, &r2, maxrrperset));
noqname = isc_mem_get(mctx, sizeof(*noqname));
*noqname = (dns_slabheader_proof_t){
@ -3027,15 +3011,9 @@ addclosest(isc_mem_t *mctx, dns_slabheader_t *newheader, uint32_t maxrrperset,
result = dns_rdataset_getclosest(rdataset, &name, &neg, &negsig);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
result = dns_rdataslab_fromrdataset(&neg, mctx, &r1, maxrrperset);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_rdataslab_fromrdataset(&neg, mctx, &r1, maxrrperset));
result = dns_rdataslab_fromrdataset(&negsig, mctx, &r2, maxrrperset);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_rdataslab_fromrdataset(&negsig, mctx, &r2, maxrrperset));
closest = isc_mem_get(mctx, sizeof(*closest));
*closest = (dns_slabheader_proof_t){
@ -3120,18 +3098,12 @@ qpcache_addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
DNS_SLABHEADER_SETATTR(newheader, DNS_SLABHEADERATTR_OPTOUT);
}
if (rdataset->attributes.noqname) {
result = addnoqname(qpnode->mctx, newheader, qpdb->maxrrperset,
rdataset);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(addnoqname(qpnode->mctx, newheader, qpdb->maxrrperset,
rdataset));
}
if (rdataset->attributes.closest) {
result = addclosest(qpnode->mctx, newheader, qpdb->maxrrperset,
rdataset);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(addclosest(qpnode->mctx, newheader, qpdb->maxrrperset,
rdataset));
}
nlock = &qpdb->buckets[qpnode->locknum].lock;

8
lib/dns/qpzone.c
View file

@ -64,14 +64,6 @@
#include "qpzone_p.h"
#include "rdataslab_p.h"
#define CHECK(op) \
{ \
result = (op); \
if (result != ISC_R_SUCCESS) { \
goto failure; \
} \
}
#define HEADERNODE(h) ((qpznode_t *)((h)->node))
#define QPDB_ATTR_LOADED 0x01

7
lib/dns/rcode.c
View file

@ -39,13 +39,6 @@
#include <dst/dst.h>
#define RETERR(x) \
do { \
isc_result_t _r = (x); \
if (_r != ISC_R_SUCCESS) \
return ((_r)); \
} while (0)
#define NUMBERSIZE sizeof("037777777777") /* 2^32-1 octal + NUL */
#define TOTEXTONLY 0x01

50
lib/dns/rdata.c
View file

@ -52,13 +52,6 @@
#include <dns/time.h>
#include <dns/ttl.h>
#define RETERR(x) \
do { \
isc_result_t _r = (x); \
if (_r != ISC_R_SUCCESS) \
return ((_r)); \
} while (0)
#define RETTOK(x) \
do { \
isc_result_t _r = (x); \
@ -68,13 +61,6 @@
} \
} while (0)
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
#define CHECKTOK(op) \
do { \
result = (op); \
@ -1104,14 +1090,10 @@ unknown_fromtext(dns_rdataclass_t rdclass, dns_rdatatype_t type,
isc_buffer_allocate(mctx, &buf, token.value.as_ulong);
if (token.value.as_ulong != 0U) {
result = isc_hex_tobuffer(lexer, buf,
(unsigned int)token.value.as_ulong);
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(isc_hex_tobuffer(lexer, buf,
(unsigned int)token.value.as_ulong));
if (isc_buffer_usedlength(buf) != token.value.as_ulong) {
result = ISC_R_UNEXPECTEDEND;
goto failure;
CLEANUP(ISC_R_UNEXPECTEDEND);
}
}
@ -1122,14 +1104,12 @@ unknown_fromtext(dns_rdataclass_t rdclass, dns_rdatatype_t type,
isc_buffer_usedregion(buf, &r);
result = isc_buffer_copyregion(target, &r);
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
isc_buffer_free(&buf);
return ISC_R_SUCCESS;
failure:
cleanup:
isc_buffer_free(&buf);
return result;
}
@ -1272,33 +1252,23 @@ dns_rdata_fromtext(dns_rdata_t *rdata, dns_rdataclass_t rdclass,
static isc_result_t
unknown_totext(dns_rdata_t *rdata, dns_rdata_textctx_t *tctx,
isc_buffer_t *target) {
isc_result_t result;
isc_result_t result = ISC_R_SUCCESS;
char buf[sizeof("65535")];
isc_region_t sr;
strlcpy(buf, "\\# ", sizeof(buf));
result = str_totext(buf, target);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(str_totext(buf, target));
dns_rdata_toregion(rdata, &sr);
INSIST(sr.length < 65536);
snprintf(buf, sizeof(buf), "%u", sr.length);
result = str_totext(buf, target);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(str_totext(buf, target));
if (sr.length != 0U) {
if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) {
result = str_totext(" ( ", target);
RETERR(str_totext(" ( ", target));
} else {
result = str_totext(" ", target);
}
if (result != ISC_R_SUCCESS) {
return result;
RETERR(str_totext(" ", target));
}
if (tctx->width == 0) { /* No splitting */

6
lib/dns/rdata/generic/lp_107.c
View file

@ -187,7 +187,6 @@ static isc_result_t
additionaldata_lp(ARGS_ADDLDATA) {
dns_name_t name;
isc_region_t region;
isc_result_t result;
REQUIRE(rdata->type == dns_rdatatype_lp);
@ -198,10 +197,7 @@ additionaldata_lp(ARGS_ADDLDATA) {
isc_region_consume(&region, 2);
dns_name_fromregion(&name, &region);
result = (add)(arg, &name, dns_rdatatype_l32, NULL DNS__DB_FILELINE);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR((add)(arg, &name, dns_rdatatype_l32, NULL DNS__DB_FILELINE));
return (add)(arg, &name, dns_rdatatype_l64, NULL DNS__DB_FILELINE);
}

6
lib/dns/rdata/generic/minfo_14.c
View file

@ -255,17 +255,13 @@ static isc_result_t
digest_minfo(ARGS_DIGEST) {
isc_region_t r;
dns_name_t name;
isc_result_t result;
REQUIRE(rdata->type == dns_rdatatype_minfo);
dns_rdata_toregion(rdata, &r);
dns_name_init(&name);
dns_name_fromregion(&name, &r);
result = dns_name_digest(&name, digest, arg);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_name_digest(&name, digest, arg));
isc_region_consume(&r, name_length(&name));
dns_name_init(&name);
dns_name_fromregion(&name, &r);

5
lib/dns/rdata/generic/mx_15.c
View file

@ -282,10 +282,7 @@ additionaldata_mx(ARGS_ADDLDATA) {
return ISC_R_SUCCESS;
}
result = (add)(arg, &name, dns_rdatatype_a, NULL DNS__DB_FILELINE);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR((add)(arg, &name, dns_rdatatype_a, NULL DNS__DB_FILELINE));
dns_fixedname_init(&fixed);
result = dns_name_concatenate(&port25, &name,

6
lib/dns/rdata/generic/naptr_35.c
View file

@ -626,7 +626,6 @@ static isc_result_t
digest_naptr(ARGS_DIGEST) {
isc_region_t r1, r2;
unsigned int length, n;
isc_result_t result;
dns_name_t name;
REQUIRE(rdata->type == dns_rdatatype_naptr);
@ -666,10 +665,7 @@ digest_naptr(ARGS_DIGEST) {
* Digest the RR up to the replacement name.
*/
r1.length = length;
result = (digest)(arg, &r1);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR((digest)(arg, &r1));
/*
* Replacement.

6
lib/dns/rdata/generic/nxt_30.c
View file

@ -290,17 +290,13 @@ static isc_result_t
digest_nxt(ARGS_DIGEST) {
isc_region_t r;
dns_name_t name;
isc_result_t result;
REQUIRE(rdata->type == dns_rdatatype_nxt);
dns_rdata_toregion(rdata, &r);
dns_name_init(&name);
dns_name_fromregion(&name, &r);
result = dns_name_digest(&name, digest, arg);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_name_digest(&name, digest, arg));
isc_region_consume(&r, name_length(&name));
return (digest)(arg, &r);

17
lib/dns/rdata/generic/rt_21.c
View file

@ -239,7 +239,6 @@ static isc_result_t
additionaldata_rt(ARGS_ADDLDATA) {
dns_name_t name;
isc_region_t region;
isc_result_t result;
REQUIRE(rdata->type == dns_rdatatype_rt);
@ -250,21 +249,14 @@ additionaldata_rt(ARGS_ADDLDATA) {
isc_region_consume(&region, 2);
dns_name_fromregion(&name, &region);
result = (add)(arg, &name, dns_rdatatype_x25, NULL DNS__DB_FILELINE);
if (result != ISC_R_SUCCESS) {
return result;
}
result = (add)(arg, &name, dns_rdatatype_isdn, NULL DNS__DB_FILELINE);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR((add)(arg, &name, dns_rdatatype_x25, NULL DNS__DB_FILELINE));
RETERR((add)(arg, &name, dns_rdatatype_isdn, NULL DNS__DB_FILELINE));
return (add)(arg, &name, dns_rdatatype_a, NULL DNS__DB_FILELINE);
}
static isc_result_t
digest_rt(ARGS_DIGEST) {
isc_region_t r1, r2;
isc_result_t result;
dns_name_t name;
REQUIRE(rdata->type == dns_rdatatype_rt);
@ -273,10 +265,7 @@ digest_rt(ARGS_DIGEST) {
r2 = r1;
isc_region_consume(&r2, 2);
r1.length = 2;
result = (digest)(arg, &r1);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR((digest)(arg, &r1));
dns_name_init(&name);
dns_name_fromregion(&name, &r2);
return dns_name_digest(&name, digest, arg);

7
lib/dns/rdata/generic/txt_16.c
View file

@ -71,17 +71,12 @@ generic_totext_txt(ARGS_TOTEXT) {
static isc_result_t
generic_fromwire_txt(ARGS_FROMWIRE) {
isc_result_t result;
UNUSED(type);
UNUSED(dctx);
UNUSED(rdclass);
do {
result = txt_fromwire(source, target);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(txt_fromwire(source, target));
} while (!buffer_empty(source));
return ISC_R_SUCCESS;
}

6
lib/dns/rdata/in_1/a6_38.c
View file

@ -415,7 +415,6 @@ static isc_result_t
digest_in_a6(ARGS_DIGEST) {
isc_region_t r1, r2;
unsigned char prefixlen, octets;
isc_result_t result;
dns_name_t name;
REQUIRE(rdata->type == dns_rdatatype_a6);
@ -427,10 +426,7 @@ digest_in_a6(ARGS_DIGEST) {
octets = 1 + 16 - prefixlen / 8;
r1.length = octets;
result = (digest)(arg, &r1);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR((digest)(arg, &r1));
if (prefixlen == 0) {
return ISC_R_SUCCESS;
}

11
lib/dns/rdata/in_1/px_26.c
View file

@ -309,7 +309,6 @@ static isc_result_t
digest_in_px(ARGS_DIGEST) {
isc_region_t r1, r2;
dns_name_t name;
isc_result_t result;
REQUIRE(rdata->type == dns_rdatatype_px);
REQUIRE(rdata->rdclass == dns_rdataclass_in);
@ -318,16 +317,10 @@ digest_in_px(ARGS_DIGEST) {
r2 = r1;
isc_region_consume(&r2, 2);
r1.length = 2;
result = (digest)(arg, &r1);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR((digest)(arg, &r1));
dns_name_init(&name);
dns_name_fromregion(&name, &r2);
result = dns_name_digest(&name, digest, arg);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_name_digest(&name, digest, arg));
isc_region_consume(&r2, name_length(&name));
dns_name_init(&name);
dns_name_fromregion(&name, &r2);

5
lib/dns/rdata/in_1/srv_33.c
View file

@ -328,10 +328,7 @@ additionaldata_in_srv(ARGS_ADDLDATA) {
return ISC_R_SUCCESS;
}
result = (add)(arg, &name, dns_rdatatype_a, NULL DNS__DB_FILELINE);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR((add)(arg, &name, dns_rdatatype_a, NULL DNS__DB_FILELINE));
dns_fixedname_init(&fixed);
snprintf(buf, sizeof(buf), "_%u._tcp", port);

30
lib/dns/rdataset.c
View file

@ -324,18 +324,12 @@ towire_answer(dns_rdataset_t *rdataset, const dns_name_t *name,
for (size_t i = start; i < count; i++) {
dns_rdata_t rdata = DNS_RDATA_INIT;
result = towire_addtypeclass(rdataset, name, cctx, target,
rrbuffer, sizeof(dns_ttl_t) + 2);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(towire_addtypeclass(rdataset, name, cctx, target,
rrbuffer, sizeof(dns_ttl_t) + 2));
towire_addttl(rdataset, target, &rdlen);
dns_rdataset_current(rdataset, &rdata);
result = towire_addrdata(&rdata, cctx, target, &rdlen);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(towire_addrdata(&rdata, cctx, target, &rdlen));
added++;
result = dns_rdataset_next(rdataset);
@ -348,17 +342,11 @@ towire_answer(dns_rdataset_t *rdataset, const dns_name_t *name,
}
for (size_t i = 0; i < start; i++) {
result = towire_addtypeclass(rdataset, name, cctx, target,
rrbuffer, sizeof(dns_ttl_t) + 2);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(towire_addtypeclass(rdataset, name, cctx, target,
rrbuffer, sizeof(dns_ttl_t) + 2));
towire_addttl(rdataset, target, &rdlen);
result = towire_addrdata(&rdatas[i], cctx, target, &rdlen);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(towire_addrdata(&rdatas[i], cctx, target, &rdlen));
added++;
}
@ -459,13 +447,9 @@ dns_rdataset_additionaldata(dns_rdataset_t *rdataset,
}
DNS_RDATASET_FOREACH(rdataset) {
isc_result_t result;
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdataset_current(rdataset, &rdata);
result = dns_rdata_additionaldata(&rdata, owner_name, add, arg);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_rdata_additionaldata(&rdata, owner_name, add, arg));
}
return ISC_R_SUCCESS;

21
lib/dns/rdataslab.c
View file

@ -514,8 +514,7 @@ dns_rdataslab_merge(dns_slabheader_t *oheader, dns_slabheader_t *nheader,
* than ncount, then we found such a duplicate.
*/
if (((flags & DNS_RDATASLAB_EXACT) != 0) && (tcount < ncount)) {
result = DNS_R_NOTEXACT;
goto cleanup;
CLEANUP(DNS_R_NOTEXACT);
}
/*
@ -523,8 +522,7 @@ dns_rdataslab_merge(dns_slabheader_t *oheader, dns_slabheader_t *nheader,
* FORCE flag isn't set, we're done.
*/
if (tcount == 0 && (flags & DNS_RDATASLAB_FORCE) == 0) {
result = DNS_R_UNCHANGED;
goto cleanup;
CLEANUP(DNS_R_UNCHANGED);
}
/* Add to tcount the total number of items from the old slab. */
@ -535,13 +533,11 @@ dns_rdataslab_merge(dns_slabheader_t *oheader, dns_slabheader_t *nheader,
/* Single types can't have more than one RR. */
if (tcount > 1 && dns_rdatatype_issingleton(type)) {
result = DNS_R_SINGLETON;
goto cleanup;
CLEANUP(DNS_R_SINGLETON);
}
if (tcount > 0xffff) {
result = ISC_R_NOSPACE;
goto cleanup;
CLEANUP(ISC_R_NOSPACE);
}
/* Allocate the target buffer and copy the new slab's header */
@ -677,8 +673,7 @@ dns_rdataslab_subtract(dns_slabheader_t *oheader, dns_slabheader_t *sheader,
* duplicates.)
*/
if ((flags & DNS_RDATASLAB_EXACT) != 0 && rcount != scount) {
result = DNS_R_NOTEXACT;
goto cleanup;
CLEANUP(DNS_R_NOTEXACT);
}
/*
@ -686,16 +681,14 @@ dns_rdataslab_subtract(dns_slabheader_t *oheader, dns_slabheader_t *sheader,
* create a new buffer, just return.
*/
if (tcount == 0) {
result = DNS_R_NXRRSET;
goto cleanup;
CLEANUP(DNS_R_NXRRSET);
}
/*
* If nothing is going to change, stop.
*/
if (rcount == 0) {
result = DNS_R_UNCHANGED;
goto cleanup;
CLEANUP(DNS_R_UNCHANGED);
}
/*

96
lib/dns/request.c
View file

@ -463,17 +463,11 @@ dns_request_createraw(dns_requestmgr_t *requestmgr, isc_buffer_t *msgbuf,
timeout, udptimeout, udpretries);
isc_buffer_allocate(mctx, &request->query, r.length + (tcp ? 2 : 0));
result = isc_buffer_copyregion(request->query, &r);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(isc_buffer_copyregion(request->query, &r));
again:
result = get_dispatch(tcp, newtcp, requestmgr, srcaddr, destaddr,
transport, &request->dispatch);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(get_dispatch(tcp, newtcp, requestmgr, srcaddr, destaddr,
transport, &request->dispatch));
if ((options & DNS_REQUESTOPT_FIXEDID) != 0) {
id = (r.base[0] << 8) | r.base[1];
@ -589,26 +583,17 @@ dns_request_create(dns_requestmgr_t *requestmgr, dns_message_t *message,
dns_tsigkey_attach(key, &request->tsigkey);
}
result = dns_message_settsigkey(message, request->tsigkey);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_message_settsigkey(message, request->tsigkey));
again:
result = get_dispatch(tcp, false, requestmgr, srcaddr, destaddr,
transport, &request->dispatch);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(get_dispatch(tcp, false, requestmgr, srcaddr, destaddr, transport,
&request->dispatch));
result = dns_dispatch_add(request->dispatch, loop, 0,
request->connect_timeout, request->timeout,
destaddr, transport, tlsctx_cache,
req_connected, req_senddone, req_response,
request, &id, &request->dispentry);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_dispatch_add(request->dispatch, loop, 0,
request->connect_timeout, request->timeout,
destaddr, transport, tlsctx_cache, req_connected,
req_senddone, req_response, request, &id,
&request->dispentry));
message->id = id;
result = req_render(message, &request->query, options, mctx);
@ -624,10 +609,7 @@ again:
goto cleanup;
}
result = dns_message_getquerytsig(message, mctx, &request->tsig);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_message_getquerytsig(message, mctx, &request->tsig));
request->destaddr = *destaddr;
request->flags |= DNS_REQUEST_F_CONNECTING;
@ -692,44 +674,22 @@ req_render(dns_message_t *message, isc_buffer_t **bufferp, unsigned int options,
/*
* Render message.
*/
result = dns_message_renderbegin(message, &cctx, buf1);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
result = dns_message_rendersection(message, DNS_SECTION_QUESTION, 0);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
result = dns_message_rendersection(message, DNS_SECTION_ANSWER, 0);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
result = dns_message_rendersection(message, DNS_SECTION_AUTHORITY, 0);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
result = dns_message_rendersection(message, DNS_SECTION_ADDITIONAL, 0);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
result = dns_message_renderend(message);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_message_renderbegin(message, &cctx, buf1));
CHECK(dns_message_rendersection(message, DNS_SECTION_QUESTION, 0));
CHECK(dns_message_rendersection(message, DNS_SECTION_ANSWER, 0));
CHECK(dns_message_rendersection(message, DNS_SECTION_AUTHORITY, 0));
CHECK(dns_message_rendersection(message, DNS_SECTION_ADDITIONAL, 0));
CHECK(dns_message_renderend(message));
/*
* Copy rendered message to exact sized buffer.
*/
isc_buffer_usedregion(buf1, &r);
if ((options & DNS_REQUESTOPT_TCP) == 0 && r.length > 512) {
result = DNS_R_USETCP;
goto cleanup;
CLEANUP(DNS_R_USETCP);
}
isc_buffer_allocate(mctx, &buf2, r.length);
result = isc_buffer_copyregion(buf2, &r);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(isc_buffer_copyregion(buf2, &r));
/*
* Cleanup and return.
@ -788,8 +748,6 @@ dns_request_cancel(dns_request_t *request) {
isc_result_t
dns_request_getresponse(dns_request_t *request, dns_message_t *message,
unsigned int options) {
isc_result_t result;
REQUIRE(VALID_REQUEST(request));
REQUIRE(request->tid == isc_tid());
REQUIRE(request->answer != NULL);
@ -797,18 +755,12 @@ dns_request_getresponse(dns_request_t *request, dns_message_t *message,
req_log(ISC_LOG_DEBUG(3), "%s: request %p", __func__, request);
dns_message_setquerytsig(message, request->tsig);
result = dns_message_settsigkey(message, request->tsigkey);
if (result != ISC_R_SUCCESS) {
return result;
}
result = dns_message_parse(message, request->answer, options);
if (result != ISC_R_SUCCESS) {
return result;
}
RETERR(dns_message_settsigkey(message, request->tsigkey));
RETERR(dns_message_parse(message, request->answer, options));
if (request->tsigkey != NULL) {
result = dns_tsig_verify(request->answer, message, NULL, NULL);
RETERR(dns_tsig_verify(request->answer, message, NULL, NULL));
}
return result;
return ISC_R_SUCCESS;
}
isc_buffer_t *

Some files were not shown because too many files have changed in this diff Show more