upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-27 20:25:55 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

[9.20] fix: dev: standardize CHECK and RETERR macros

Browse source 
previously, there were over 40 separate definitions of CHECK macros, of which most used "goto cleanup", and the rest "goto failure" or "goto out". there were another 10 definitions of RETERR, of which most were identical to CHECK, but some simply returned a result code instead of jumping to a cleanup label.

this has now been standardized throughout the code base: RETERR is for returning an error code in the case of an error, and CHECK is for jumping to a cleanup tag, which is now always called "cleanup". both macros are defined in isc/util.h.

Backport of MR !10472

Merge branch 'each-check-and-cleanup-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!11069
This commit is contained in:
Evan Hunt 2025-12-04 04:21:30 +00:00
commit ef714e91ac
73 changed files with 1207 additions and 2044 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
bin/check/check-tool.c
View file

@ -57,13 +57,6 @@
#define CHECK_LOCAL 1
#endif /* ifndef CHECK_LOCAL */
#define CHECK(r) \
do { \
result = (r); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
#define ERR_IS_CNAME 1
#define ERR_NO_ADDRESSES 2
#define ERR_LOOKUP_FAILURE 3

7
bin/check/named-checkconf.c
View file

@ -46,13 +46,6 @@ static const char *program = "named-checkconf";
isc_log_t *logc = NULL;
#define CHECK(r) \
do { \
result = (r); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
/*% usage */
noreturn static void
usage(void);

7
bin/delv/delv.c
View file

@ -79,13 +79,6 @@
#include <irs/resconf.h>
#define CHECK(r) \
do { \
result = (r); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
#define MAXNAME (DNS_NAME_MAXTEXT + 1)
#define MAX_QUERIES 50

185
bin/dnssec/dnssec-ksr.c
View file

@ -97,23 +97,15 @@ static int min_dh = 128;
#define READLINE(lex, opt, token)
#define NEXTTOKEN(lex, opt, token) \
{ \
ret = isc_lex_gettoken(lex, opt, token); \
if (ret != ISC_R_SUCCESS) \
goto cleanup; \
#define NEXTTOKEN(lex, opt, token) \
{ \
CHECK(isc_lex_gettoken(lex, opt, token)); \
}
#define BADTOKEN() \
{ \
ret = ISC_R_UNEXPECTEDTOKEN; \
goto cleanup; \
}
#define CHECK(r) \
ret = (r); \
if (ret != ISC_R_SUCCESS) { \
goto fail; \
#define BADTOKEN() \
{ \
result = ISC_R_UNEXPECTEDTOKEN; \
goto cleanup; \
}
isc_bufferlist_t cleanup_list = ISC_LIST_INITIALIZER;
@ -219,15 +211,15 @@ get_dnskeys(ksr_ctx_t *ksr, dns_dnsseckeylist_t *keys) {
dns_dnsseckeylist_t keys_read;
dns_dnsseckey_t **keys_sorted;
int i = 0, n = 0;
isc_result_t ret;
isc_result_t result;
ISC_LIST_INIT(*keys);
ISC_LIST_INIT(keys_read);
ret = dns_dnssec_findmatchingkeys(name, NULL, ksr->keydir, NULL,
ksr->now, false, mctx, &keys_read);
if (ret != ISC_R_SUCCESS && ret != ISC_R_NOTFOUND) {
result = dns_dnssec_findmatchingkeys(name, NULL, ksr->keydir, NULL,
ksr->now, false, mctx, &keys_read);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
fatal("failed to load existing keys from %s: %s", ksr->keydir,
isc_result_totext(ret));
isc_result_totext(result));
}
/* Sort on keytag. */
for (dns_dnsseckey_t *dk = ISC_LIST_HEAD(keys_read); dk != NULL;
@ -344,7 +336,7 @@ create_key(ksr_ctx_t *ksr, dns_kasp_t *kasp, dns_kasp_key_t *kaspkey,
dst_key_t *key = NULL;
int options = (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC | DST_TYPE_STATE);
isc_buffer_t buf;
isc_result_t ret;
isc_result_t result;
isc_stdtime_t prepub;
uint16_t flags = DNS_KEYOWNER_ZONE;
@ -442,26 +434,26 @@ create_key(ksr_ctx_t *ksr, dns_kasp_t *kasp, dns_kasp_key_t *kaspkey,
"Generating key pair for bundle %s: ", timestr);
}
if (ksr->keystore != NULL && ksr->policy != NULL) {
ret = dns_keystore_keygen(
result = dns_keystore_keygen(
ksr->keystore, name, ksr->policy,
dns_rdataclass_in, mctx, ksr->alg, ksr->size,
flags, &key);
} else if (show_progress) {
ret = dst_key_generate(name, ksr->alg, ksr->size, 0,
flags, DNS_KEYPROTO_DNSSEC,
dns_rdataclass_in, NULL, mctx,
&key, &progress);
result = dst_key_generate(name, ksr->alg, ksr->size, 0,
flags, DNS_KEYPROTO_DNSSEC,
dns_rdataclass_in, NULL, mctx,
&key, &progress);
fflush(stderr);
} else {
ret = dst_key_generate(name, ksr->alg, ksr->size, 0,
flags, DNS_KEYPROTO_DNSSEC,
dns_rdataclass_in, NULL, mctx,
&key, NULL);
result = dst_key_generate(name, ksr->alg, ksr->size, 0,
flags, DNS_KEYPROTO_DNSSEC,
dns_rdataclass_in, NULL, mctx,
&key, NULL);
}
if (ret != ISC_R_SUCCESS) {
if (result != ISC_R_SUCCESS) {
fatal("failed to generate key %s/%s: %s\n", namestr,
algstr, isc_result_totext(ret));
algstr, isc_result_totext(result));
}
/* Do not overwrite an existing key. */
@ -472,9 +464,9 @@ create_key(ksr_ctx_t *ksr, dns_kasp_t *kasp, dns_kasp_key_t *kaspkey,
conflict = true;
if (verbose > 0) {
isc_buffer_clear(&buf);
ret = dst_key_buildfilename(key, 0, ksr->keydir,
&buf);
if (ret == ISC_R_SUCCESS) {
result = dst_key_buildfilename(
key, 0, ksr->keydir, &buf);
if (result == ISC_R_SUCCESS) {
fprintf(stderr,
"%s: %s already exists, or "
"might collide with another "
@ -522,20 +514,20 @@ create_key(ksr_ctx_t *ksr, dns_kasp_t *kasp, dns_kasp_key_t *kaspkey,
*expiration = 0;
}
ret = dst_key_tofile(key, options, ksr->keydir);
if (ret != ISC_R_SUCCESS) {
result = dst_key_tofile(key, options, ksr->keydir);
if (result != ISC_R_SUCCESS) {
char keystr[DST_KEY_FORMATSIZE];
dst_key_format(key, keystr, sizeof(keystr));
fatal("failed to write key %s: %s\n", keystr,
isc_result_totext(ret));
isc_result_totext(result));
}
output:
isc_buffer_clear(&buf);
ret = dst_key_buildfilename(key, 0, NULL, &buf);
if (ret != ISC_R_SUCCESS) {
result = dst_key_buildfilename(key, 0, NULL, &buf);
if (result != ISC_R_SUCCESS) {
fatal("dst_key_buildfilename returned: %s\n",
isc_result_totext(ret));
isc_result_totext(result));
}
printf("%s\n", filename);
fflush(stdout);
@ -548,12 +540,12 @@ static void
print_rdata(dns_rdataset_t *rrset) {
isc_buffer_t target;
isc_region_t r;
isc_result_t ret;
isc_result_t result;
char buf[4096];
isc_buffer_init(&target, buf, sizeof(buf));
ret = dns_rdataset_totext(rrset, name, false, false, &target);
if (ret != ISC_R_SUCCESS) {
result = dns_rdataset_totext(rrset, name, false, false, &target);
if (result != ISC_R_SUCCESS) {
fatal("failed to print rdata");
}
isc_buffer_usedregion(&target, &r);
@ -567,7 +559,7 @@ print_dnskeys(dns_kasp_key_t *kaspkey, dns_ttl_t ttl, dns_dnsseckeylist_t *keys,
char timestr[26]; /* Minimal buf as per ctime_r() spec. */
dns_rdatalist_t *rdatalist = NULL;
dns_rdataset_t rdataset = DNS_RDATASET_INIT;
isc_result_t ret = ISC_R_SUCCESS;
isc_result_t result = ISC_R_SUCCESS;
isc_stdtime_t next_bundle = next_inception;
isc_stdtime_tostring(inception, timestr, sizeof(timestr));
@ -636,11 +628,11 @@ print_dnskeys(dns_kasp_key_t *kaspkey, dns_ttl_t ttl, dns_dnsseckeylist_t *keys,
dns_rdatalist_tordataset(rdatalist, &rdataset);
print_rdata(&rdataset);
fail:
cleanup:
/* Cleanup */
freerrset(&rdataset);
if (ret != ISC_R_SUCCESS) {
if (result != ISC_R_SUCCESS) {
fatal("failed to print %s/%s zsk key pair found for bundle %s",
namestr, algstr, timestr);
}
@ -653,7 +645,7 @@ sign_rrset(ksr_ctx_t *ksr, isc_stdtime_t inception, isc_stdtime_t expiration,
dns_rdataset_t *rrset, dns_dnsseckeylist_t *keys) {
dns_rdatalist_t *rrsiglist = NULL;
dns_rdataset_t rrsigset = DNS_RDATASET_INIT;
isc_result_t ret;
isc_result_t result;
isc_stdtime_t next_bundle = expiration;
UNUSED(ksr);
@ -668,10 +660,10 @@ sign_rrset(ksr_ctx_t *ksr, isc_stdtime_t inception, isc_stdtime_t expiration,
isc_buffer_init(&timebuf, timestr, sizeof(timestr));
isc_stdtime_tostring(inception, timestr, sizeof(timestr));
isc_buffer_init(&b, utc, sizeof(utc));
ret = dns_time32_totext(inception, &b);
if (ret != ISC_R_SUCCESS) {
result = dns_time32_totext(inception, &b);
if (result != ISC_R_SUCCESS) {
fatal("failed to convert bundle time32 to text: %s",
isc_result_totext(ret));
isc_result_totext(result));
}
isc_buffer_usedregion(&b, &r);
fprintf(stdout, ";; SignedKeyResponse 1.0 %.*s (%s)\n",
@ -720,9 +712,9 @@ sign_rrset(ksr_ctx_t *ksr, isc_stdtime_t inception, isc_stdtime_t expiration,
rrsig = isc_mem_get(mctx, sizeof(*rrsig));
dns_rdata_init(rrsig);
isc_buffer_init(&buf, rdatabuf, sizeof(rdatabuf));
ret = dns_dnssec_sign(name, rrset, dk->key, &clockskew,
&expiration, mctx, &buf, &rdata);
if (ret != ISC_R_SUCCESS) {
result = dns_dnssec_sign(name, rrset, dk->key, &clockskew,
&expiration, mctx, &buf, &rdata);
if (result != ISC_R_SUCCESS) {
fatal("failed to sign KSR");
}
isc_buffer_usedregion(&buf, &rs);
@ -755,7 +747,7 @@ get_keymaterial(ksr_ctx_t *ksr, dns_kasp_t *kasp, isc_stdtime_t inception,
dns_rdatalist_t *dnskeylist = isc_mem_get(mctx, sizeof(*dnskeylist));
dns_rdatalist_t *cdnskeylist = isc_mem_get(mctx, sizeof(*cdnskeylist));
dns_rdatalist_t *cdslist = isc_mem_get(mctx, sizeof(*cdslist));
isc_result_t ret = ISC_R_SUCCESS;
isc_result_t result = ISC_R_SUCCESS;
isc_stdtime_t next_bundle = next_inception;
dns_rdatalist_init(dnskeylist);
@ -899,7 +891,7 @@ get_keymaterial(ksr_ctx_t *ksr, dns_kasp_t *kasp, isc_stdtime_t inception,
return next_bundle;
fail:
cleanup:
fatal("failed to create KSK/CDS/CDNSKEY");
return 0;
}
@ -996,7 +988,7 @@ parse_dnskey(isc_lex_t *lex, char *owner, isc_buffer_t *buf, dns_ttl_t *ttl) {
dns_name_t *dname = NULL;
dns_rdataclass_t rdclass = dns_rdataclass_in;
isc_buffer_t b;
isc_result_t ret;
isc_result_t result;
isc_token_t token;
unsigned int opt = ISC_LEXOPT_EOL;
@ -1010,13 +1002,12 @@ parse_dnskey(isc_lex_t *lex, char *owner, isc_buffer_t *buf, dns_ttl_t *ttl) {
dname = dns_fixedname_initname(&dfname);
isc_buffer_init(&b, owner, strlen(owner));
isc_buffer_add(&b, strlen(owner));
ret = dns_name_fromtext(dname, &b, dns_rootname, 0, NULL);
if (ret != ISC_R_SUCCESS) {
result = dns_name_fromtext(dname, &b, dns_rootname, 0, NULL);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
if (dns_name_compare(dname, name) != 0) {
ret = DNS_R_BADOWNERNAME;
goto cleanup;
CHECK(DNS_R_BADOWNERNAME);
}
isc_buffer_clear(&b);
@ -1027,8 +1018,8 @@ parse_dnskey(isc_lex_t *lex, char *owner, isc_buffer_t *buf, dns_ttl_t *ttl) {
}
/* If it's a TTL, read the next one */
ret = dns_ttl_fromtext(&token.value.as_textregion, ttl);
if (ret == ISC_R_SUCCESS) {
result = dns_ttl_fromtext(&token.value.as_textregion, ttl);
if (result == ISC_R_SUCCESS) {
NEXTTOKEN(lex, opt, &token);
}
if (token.type != isc_tokentype_string) {
@ -1036,8 +1027,8 @@ parse_dnskey(isc_lex_t *lex, char *owner, isc_buffer_t *buf, dns_ttl_t *ttl) {
}
/* If it's a class, read the next one */
ret = dns_rdataclass_fromtext(&rdclass, &token.value.as_textregion);
if (ret == ISC_R_SUCCESS) {
result = dns_rdataclass_fromtext(&rdclass, &token.value.as_textregion);
if (result == ISC_R_SUCCESS) {
NEXTTOKEN(lex, opt, &token);
}
if (token.type != isc_tokentype_string) {
@ -1049,12 +1040,12 @@ parse_dnskey(isc_lex_t *lex, char *owner, isc_buffer_t *buf, dns_ttl_t *ttl) {
BADTOKEN();
}
ret = dns_rdata_fromtext(NULL, rdclass, dns_rdatatype_dnskey, lex, name,
0, mctx, buf, NULL);
result = dns_rdata_fromtext(NULL, rdclass, dns_rdatatype_dnskey, lex,
name, 0, mctx, buf, NULL);
cleanup:
isc_lex_setcomments(lex, 0);
return ret;
return result;
}
static void
@ -1127,14 +1118,14 @@ request(ksr_ctx_t *ksr) {
char utc[sizeof("YYYYMMDDHHSSMM")];
isc_buffer_t b;
isc_region_t r;
isc_result_t ret;
isc_result_t result;
isc_stdtime_tostring(inception, timestr, sizeof(timestr));
isc_buffer_init(&b, utc, sizeof(utc));
ret = dns_time32_totext(inception, &b);
if (ret != ISC_R_SUCCESS) {
result = dns_time32_totext(inception, &b);
if (result != ISC_R_SUCCESS) {
fatal("failed to convert bundle time32 to text: %s",
isc_result_totext(ret));
isc_result_totext(result));
}
isc_buffer_usedregion(&b, &r);
fprintf(stdout, ";; KeySigningRequest 1.0 %.*s (%s)\n",
@ -1178,7 +1169,7 @@ sign(ksr_ctx_t *ksr) {
dns_dnsseckeylist_t keys;
dns_kasp_t *kasp = NULL;
dns_rdatalist_t *rdatalist = NULL;
isc_result_t ret;
isc_result_t result;
isc_stdtime_t inception;
isc_lex_t *lex = NULL;
isc_lexspecials_t specials;
@ -1204,14 +1195,15 @@ sign(ksr_ctx_t *ksr) {
specials[')'] = 1;
specials['"'] = 1;
isc_lex_setspecials(lex, specials);
ret = isc_lex_openfile(lex, ksr->file);
if (ret != ISC_R_SUCCESS) {
result = isc_lex_openfile(lex, ksr->file);
if (result != ISC_R_SUCCESS) {
fatal("unable to open KSR file %s: %s", ksr->file,
isc_result_totext(ret));
isc_result_totext(result));
}
for (ret = isc_lex_gettoken(lex, opt, &token); ret == ISC_R_SUCCESS;
ret = isc_lex_gettoken(lex, opt, &token))
for (result = isc_lex_gettoken(lex, opt, &token);
result == ISC_R_SUCCESS;
result = isc_lex_gettoken(lex, opt, &token))
{
if (token.type != isc_tokentype_string) {
fatal("bad KSR file %s(%lu): syntax error", ksr->file,
@ -1277,13 +1269,13 @@ sign(ksr_ctx_t *ksr) {
readline:
/* Read remainder of header line */
do {
ret = isc_lex_gettoken(lex, opt, &token);
if (ret != ISC_R_SUCCESS) {
result = isc_lex_gettoken(lex, opt, &token);
if (result != ISC_R_SUCCESS) {
fatal("bad KSR file %s(%lu): bad "
"header (%s)",
ksr->file,
isc_lex_getsourceline(lex),
isc_result_totext(ret));
isc_result_totext(result));
}
} while (token.type != isc_tokentype_eol);
} else {
@ -1300,11 +1292,11 @@ sign(ksr_ctx_t *ksr) {
rdata = isc_mem_get(mctx, sizeof(*rdata));
dns_rdata_init(rdata);
isc_buffer_init(&buf, rdatabuf, sizeof(rdatabuf));
ret = parse_dnskey(lex, STR(token), &buf, &ttl);
if (ret != ISC_R_SUCCESS) {
result = parse_dnskey(lex, STR(token), &buf, &ttl);
if (result != ISC_R_SUCCESS) {
fatal("bad KSR file %s(%lu): bad DNSKEY (%s)",
ksr->file, isc_lex_getsourceline(lex),
isc_result_totext(ret));
isc_result_totext(result));
}
isc_buffer_usedregion(&buf, &r);
isc_buffer_allocate(mctx, &newbuf, r.length);
@ -1322,7 +1314,7 @@ sign(ksr_ctx_t *ksr) {
}
}
if (ret != ISC_R_EOF) {
if (result != ISC_R_EOF) {
fatal("bad KSR file %s(%lu): trailing garbage data", ksr->file,
isc_lex_getsourceline(lex));
}
@ -1340,14 +1332,14 @@ sign(ksr_ctx_t *ksr) {
fprintf(stdout, ";; SignedKeyResponse 1.0 generated at %s by %s\n",
timestr, PACKAGE_VERSION);
fail:
cleanup:
isc_lex_destroy(&lex);
cleanup(&keys, kasp);
}
int
main(int argc, char *argv[]) {
isc_result_t ret;
isc_result_t result;
isc_buffer_t buf;
int ch;
char *endp;
@ -1388,10 +1380,10 @@ main(int argc, char *argv[]) {
break;
case 'K':
ksr.keydir = isc_commandline_argument;
ret = try_dir(ksr.keydir);
if (ret != ISC_R_SUCCESS) {
result = try_dir(ksr.keydir);
if (result != ISC_R_SUCCESS) {
fatal("cannot open directory %s: %s",
ksr.keydir, isc_result_totext(ret));
ksr.keydir, isc_result_totext(result));
}
break;
case 'k':
@ -1424,9 +1416,10 @@ main(int argc, char *argv[]) {
fatal("must provide a command and zone name");
}
ret = dst_lib_init(mctx, engine);
if (ret != ISC_R_SUCCESS) {
fatal("could not initialize dst: %s", isc_result_totext(ret));
result = dst_lib_init(mctx, engine);
if (result != ISC_R_SUCCESS) {
fatal("could not initialize dst: %s",
isc_result_totext(result));
}
/*
@ -1463,10 +1456,10 @@ main(int argc, char *argv[]) {
name = dns_fixedname_initname(&fname);
isc_buffer_init(&buf, argv[1], strlen(argv[1]));
isc_buffer_add(&buf, strlen(argv[1]));
ret = dns_name_fromtext(name, &buf, dns_rootname, 0, NULL);
if (ret != ISC_R_SUCCESS) {
result = dns_name_fromtext(name, &buf, dns_rootname, 0, NULL);
if (result != ISC_R_SUCCESS) {
fatal("invalid zone name %s: %s", argv[1],
isc_result_totext(ret));
isc_result_totext(result));
}
/* command */

8
bin/named/controlconf.c
View file

@ -149,14 +149,6 @@ ISC_REFCOUNT_DECL(controlconnection);
#define CLOCKSKEW 300
#define CHECK(x) \
{ \
result = (x); \
if (result != ISC_R_SUCCESS) { \
goto cleanup; \
} \
}
static void
free_controlkey(controlkey_t *key, isc_mem_t *mctx) {
if (key->keyname != NULL) {

7
bin/named/logconf.c
View file

@ -29,13 +29,6 @@
#include <named/log.h>
#include <named/logconf.h>
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
/*%
* Set up a logging category according to the named.conf data
* in 'ccat' and add it to 'logconfig'.

7
bin/named/server.c
View file

@ -181,13 +181,6 @@
* Check an operation for failure. Assumes that the function
* using it has a 'result' variable and a 'cleanup' label.
*/
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
#define TCHECK(op) \
do { \
tresult = (op); \

8
bin/named/statschannel.c
View file

@ -64,14 +64,6 @@
#define STATS_JSON_VERSION_MINOR "8"
#define STATS_JSON_VERSION STATS_JSON_VERSION_MAJOR "." STATS_JSON_VERSION_MINOR
#define CHECK(m) \
do { \
result = (m); \
if (result != ISC_R_SUCCESS) { \
goto cleanup; \
} \
} while (0)
struct named_statschannel {
/* Unlocked */
isc_httpdmgr_t *httpdmgr;

23
bin/named/tkeyconf.c
View file

@ -28,16 +28,8 @@
#include <isccfg/cfg.h>
#include <named/tkeyconf.h>
#define RETERR(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#include <named/log.h>
#include <named/tkeyconf.h>
#define LOG(msg) \
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, \
NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR, "%s", msg)
@ -47,18 +39,17 @@ named_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx,
dns_tkeyctx_t **tctxp) {
isc_result_t result;
dns_tkeyctx_t *tctx = NULL;
const char *s;
const char *s = NULL;
dns_fixedname_t fname;
dns_name_t *name;
dns_name_t *name = NULL;
isc_buffer_t b;
const cfg_obj_t *obj;
const cfg_obj_t *obj = NULL;
result = dns_tkeyctx_create(mctx, &tctx);
if (result != ISC_R_SUCCESS) {
return result;
}
obj = NULL;
result = cfg_map_get(options, "tkey-gssapi-credential", &obj);
if (result == ISC_R_SUCCESS) {
s = cfg_obj_asstring(obj);
@ -66,8 +57,8 @@ named_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx,
isc_buffer_constinit(&b, s, strlen(s));
isc_buffer_add(&b, strlen(s));
name = dns_fixedname_initname(&fname);
RETERR(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
RETERR(dst_gssapi_acquirecred(name, false, &tctx->gsscred));
CHECK(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
CHECK(dst_gssapi_acquirecred(name, false, &tctx->gsscred));
}
obj = NULL;
@ -80,7 +71,7 @@ named_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx,
*tctxp = tctx;
return ISC_R_SUCCESS;
failure:
cleanup:
dns_tkeyctx_destroy(&tctx);
return result;
}

42
bin/named/transportconf.c
View file

@ -27,18 +27,15 @@
#include <named/log.h>
#include <named/transportconf.h>
#define create_name(id, name) \
isc_buffer_t namesrc, namebuf; \
char namedata[DNS_NAME_FORMATSIZE + 1]; \
dns_name_init(name, NULL); \
isc_buffer_constinit(&namesrc, id, strlen(id)); \
isc_buffer_add(&namesrc, strlen(id)); \
isc_buffer_init(&namebuf, namedata, sizeof(namedata)); \
result = (dns_name_fromtext(name, &namesrc, dns_rootname, \
DNS_NAME_DOWNCASE, &namebuf)); \
if (result != ISC_R_SUCCESS) { \
goto failure; \
}
#define create_name(id, name) \
isc_buffer_t namesrc, namebuf; \
char namedata[DNS_NAME_FORMATSIZE + 1]; \
dns_name_init(name, NULL); \
isc_buffer_constinit(&namesrc, id, strlen(id)); \
isc_buffer_add(&namesrc, strlen(id)); \
isc_buffer_init(&namebuf, namedata, sizeof(namedata)); \
CHECK(dns_name_fromtext(name, &namesrc, dns_rootname, \
DNS_NAME_DOWNCASE, &namebuf));
#define parse_transport_option(map, transport, name, setter) \
{ \
@ -132,7 +129,7 @@ add_doh_transports(const cfg_obj_t *transportlist, dns_transport_list_t *list) {
}
return ISC_R_SUCCESS;
failure:
cleanup:
cfg_obj_log(doh, named_g_lctx, ISC_LOG_ERROR,
"configuring DoH '%s': %s", dohid,
isc_result_totext(result));
@ -156,8 +153,7 @@ add_tls_transports(const cfg_obj_t *transportlist, dns_transport_list_t *list) {
tlsid = cfg_obj_asstring(cfg_map_getname(tls));
if (!strcmp(tlsid, "ephemeral")) {
result = ISC_R_UNEXPECTEDTOKEN;
goto failure;
CHECK(ISC_R_UNEXPECTEDTOKEN);
}
create_name(tlsid, &tlsname);
@ -186,7 +182,7 @@ add_tls_transports(const cfg_obj_t *transportlist, dns_transport_list_t *list) {
}
return ISC_R_SUCCESS;
failure:
cleanup:
cfg_obj_log(tls, named_g_lctx, ISC_LOG_ERROR,
"configuring tls '%s': %s", tlsid,
isc_result_totext(result));
@ -194,11 +190,6 @@ failure:
return result;
}
#define CHECK(f) \
if ((result = f) != ISC_R_SUCCESS) { \
goto failure; \
}
static isc_result_t
transport_list_fromconfig(const cfg_obj_t *config, dns_transport_list_t *list) {
const cfg_obj_t *obj = NULL;
@ -233,7 +224,7 @@ transport_list_add_ephemeral(dns_transport_list_t *list) {
dns_transport_set_tlsname(transport, "ephemeral");
return;
failure:
cleanup:
RUNTIME_CHECK(result == ISC_R_SUCCESS);
}
@ -248,10 +239,7 @@ named_transports_fromconfig(const cfg_obj_t *config, const cfg_obj_t *vconfig,
transport_list_add_ephemeral(list);
if (config != NULL) {
result = transport_list_fromconfig(config, list);
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(transport_list_fromconfig(config, list));
}
if (vconfig != NULL) {
@ -261,7 +249,7 @@ named_transports_fromconfig(const cfg_obj_t *config, const cfg_obj_t *vconfig,
*listp = list;
return ISC_R_SUCCESS;
failure:
cleanup:
dns_transport_list_detach(&list);
return result;
}

7
bin/named/zoneconf.c
View file

@ -61,13 +61,6 @@ typedef enum {
allow_update_forwarding
} acl_type_t;
#define CHECK(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
/*%
* Convenience function for configuring a single zone ACL.
*/

8
bin/plugins/filter-a.c
View file

@ -48,14 +48,6 @@
#include <ns/query.h>
#include <ns/types.h>
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) { \
goto cleanup; \
} \
} while (0)
/*
* Possible values for the settings of filter-a-on-v6 and
* filter-a-on-v4: "no" is NONE, "yes" is FILTER, "break-dnssec"

8
bin/plugins/filter-aaaa.c
View file

@ -48,14 +48,6 @@
#include <ns/query.h>
#include <ns/types.h>
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) { \
goto cleanup; \
} \
} while (0)
/*
* Possible values for the settings of filter-aaaa-on-v4 and
* filter-aaaa-on-v6: "no" is NONE, "yes" is FILTER, "break-dnssec"

15
bin/tests/system/dlzexternal/driver/driver.c
View file

@ -49,13 +49,6 @@ dlz_dlopen_addrdataset_t dlz_addrdataset;
dlz_dlopen_subrdataset_t dlz_subrdataset;
dlz_dlopen_delrdataset_t dlz_delrdataset;
#define CHECK(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#define loginfo(...) \
({ \
if ((state != NULL) && (state->log != NULL)) \
@ -258,7 +251,6 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[], void **dbdata,
const char *helper_name;
va_list ap;
char soa_data[sizeof("@ hostmaster.root 123 900 600 86400 3600")];
isc_result_t result;
size_t n;
UNUSED(dlzname);
@ -306,7 +298,8 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[], void **dbdata,
}
if (n >= sizeof(soa_data)) {
CHECK(ISC_R_NOSPACE);
free(state);
return ISC_R_NOSPACE;
}
add_name(state, &state->current[0], state->zone_name, "soa", 3600,
@ -320,10 +313,6 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[], void **dbdata,
*dbdata = state;
return ISC_R_SUCCESS;
failure:
free(state);
return result;
}
/*

13
bin/tests/system/dyndb/driver/util.h
View file

@ -38,16 +38,3 @@
#include <dns/types.h>
#include "log.h"
#define CLEANUP_WITH(result_code) \
do { \
result = (result_code); \
goto cleanup; \
} while (0)
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)

11
bin/tests/system/dyndb/driver/zone.c
View file

@ -136,8 +136,8 @@ publish_zone(sample_instance_t *inst, dns_zone_t *zone) {
/* Return success if the zone is already in the view as expected. */
result = dns_view_findzone(inst->view, dns_zone_getorigin(zone),
DNS_ZTFIND_EXACT, &zone_in_view);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
goto cleanup;
if (result != ISC_R_NOTFOUND) {
CHECK(result);
}
view_in_zone = dns_zone_getview(zone);
@ -145,7 +145,8 @@ publish_zone(sample_instance_t *inst, dns_zone_t *zone) {
/* Zone has a view set -> view should contain the same zone. */
if (zone_in_view == zone) {
/* Zone is already published in the right view. */
CLEANUP_WITH(ISC_R_SUCCESS);
result = ISC_R_SUCCESS;
goto cleanup;
} else if (view_in_zone != inst->view) {
/*
* Un-published inactive zone will have
@ -155,7 +156,7 @@ publish_zone(sample_instance_t *inst, dns_zone_t *zone) {
dns_zone_log(zone, ISC_LOG_ERROR,
"zone->view doesn't "
"match data in the view");
CLEANUP_WITH(ISC_R_UNEXPECTED);
CHECK(ISC_R_UNEXPECTED);
}
}
@ -163,7 +164,7 @@ publish_zone(sample_instance_t *inst, dns_zone_t *zone) {
dns_zone_log(zone, ISC_LOG_ERROR,
"cannot publish zone: view already "
"contains another zone with this name");
CLEANUP_WITH(ISC_R_UNEXPECTED);
CHECK(ISC_R_UNEXPECTED);
}
if (inst->view->frozen) {

8
bin/tests/system/hooks/driver/test-async.c
View file

@ -36,14 +36,6 @@
#include <ns/query.h>
#include <ns/types.h>
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) { \
goto cleanup; \
} \
} while (0)
/*
* Persistent data for use by this module. This will be associated
* with client object address in the hash table, and will remain

14
bin/tests/system/pipelined/pipequeries.c
View file

@ -41,7 +41,7 @@
#include <dns/types.h>
#include <dns/view.h>
#define CHECK(str, x) \
#define CHECKM(str, x) \
{ \
if ((x) != ISC_R_SUCCESS) { \
fprintf(stderr, "I:%s: %s\n", (str), \
@ -84,7 +84,7 @@ recvresponse(void *arg) {
result = dns_request_getresponse(request, response,
DNS_MESSAGEPARSE_PRESERVEORDER);
CHECK("dns_request_getresponse", result);
CHECKM("dns_request_getresponse", result);
if (response->rcode != dns_rcode_noerror) {
result = dns_result_fromrcode(response->rcode);
@ -101,7 +101,7 @@ recvresponse(void *arg) {
result = dns_message_sectiontotext(
response, DNS_SECTION_ANSWER, &dns_master_style_simple,
DNS_MESSAGETEXTFLAG_NOCOMMENTS, &outbuf);
CHECK("dns_message_sectiontotext", result);
CHECKM("dns_message_sectiontotext", result);
printf("%.*s", (int)isc_buffer_usedlength(&outbuf),
(char *)isc_buffer_base(&outbuf));
fflush(stdout);
@ -140,7 +140,7 @@ sendquery(void) {
isc_buffer_add(&buf, strlen(host));
result = dns_name_fromtext(dns_fixedname_name(&queryname), &buf,
dns_rootname, 0, NULL);
CHECK("dns_name_fromtext", result);
CHECKM("dns_name_fromtext", result);
dns_message_create(mctx, NULL, NULL, DNS_MESSAGE_INTENTRENDER,
&message);
@ -164,7 +164,7 @@ sendquery(void) {
requestmgr, message, have_src ? &srcaddr : NULL, &dstaddr, NULL,
NULL, DNS_REQUESTOPT_TCP, NULL, TIMEOUT, 0, 0,
isc_loop_main(loopmgr), recvresponse, message, &request);
CHECK("dns_request_create", result);
CHECKM("dns_request_create", result);
return ISC_R_SUCCESS;
}
@ -261,13 +261,13 @@ main(int argc, char *argv[]) {
result = ISC_R_FAILURE;
if (inet_pton(AF_INET, "10.53.0.7", &inaddr) != 1) {
CHECK("inet_pton", result);
CHECKM("inet_pton", result);
}
isc_sockaddr_fromin(&srcaddr, &inaddr, 0);
result = ISC_R_FAILURE;
if (inet_pton(AF_INET, "10.53.0.4", &inaddr) != 1) {
CHECK("inet_pton", result);
CHECKM("inet_pton", result);
}
isc_sockaddr_fromin(&dstaddr, &inaddr, port);

24
bin/tests/system/rsabigexponent/bigkey.c
View file

@ -57,7 +57,7 @@ RSA *rsa;
BIGNUM *e;
EVP_PKEY *pkey;
#define CHECK(op, msg) \
#define CHECKM(op, msg) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) { \
@ -126,22 +126,20 @@ main(int argc, char **argv) {
name = dns_fixedname_initname(&fname);
isc_buffer_constinit(&buf, "example.", strlen("example."));
isc_buffer_add(&buf, strlen("example."));
CHECK(dns_name_fromtext(name, &buf, dns_rootname, 0, NULL), "dns_name_"
"fromtext("
"\"example."
"\")");
CHECKM(dns_name_fromtext(name, &buf, dns_rootname, 0, NULL),
"dns_name_fromtext(\"example.\")");
CHECK(dst_key_buildinternal(name, DNS_KEYALG_RSASHA256, bits,
DNS_KEYOWNER_ZONE, DNS_KEYPROTO_DNSSEC,
dns_rdataclass_in, pkey, mctx, &key),
"dst_key_buildinternal(...)");
CHECKM(dst_key_buildinternal(name, DNS_KEYALG_RSASHA256, bits,
DNS_KEYOWNER_ZONE, DNS_KEYPROTO_DNSSEC,
dns_rdataclass_in, pkey, mctx, &key),
"dst_key_buildinternal(...)");
CHECK(dst_key_tofile(key, DST_TYPE_PRIVATE | DST_TYPE_PUBLIC, NULL),
"dst_key_tofile()");
CHECKM(dst_key_tofile(key, DST_TYPE_PRIVATE | DST_TYPE_PUBLIC, NULL),
"dst_key_tofile()");
isc_buffer_init(&buf, filename, sizeof(filename) - 1);
isc_buffer_clear(&buf);
CHECK(dst_key_buildfilename(key, 0, NULL, &buf), "dst_key_"
"buildfilename()");
CHECKM(dst_key_buildfilename(key, 0, NULL, &buf),
"dst_key_buildfilename()");
printf("%s\n", filename);
dst_key_free(&key);

82
bin/tools/mdig.c
View file

@ -51,7 +51,7 @@
#include <dns/types.h>
#include <dns/view.h>
#define CHECK(str, x) \
#define CHECKM(str, x) \
{ \
if ((x) != ISC_R_SUCCESS) { \
fprintf(stderr, "mdig: %s failed with %s\n", (str), \
@ -222,7 +222,7 @@ recvresponse(void *arg) {
msgbuf = dns_request_getanswer(request);
result = dns_request_getresponse(request, response, parseflags);
CHECK("dns_request_getresponse", result);
CHECKM("dns_request_getresponse", result);
styleflags |= DNS_STYLEFLAG_REL_OWNER;
if (yaml) {
@ -278,7 +278,7 @@ recvresponse(void *arg) {
48, 80, 8, display_splitwidth,
mctx);
}
CHECK("dns_master_stylecreate2", result);
CHECKM("dns_master_stylecreate2", result);
flags = 0;
if (!display_headers) {
@ -342,7 +342,7 @@ recvresponse(void *arg) {
printf(" %s:\n", "response_message_data");
result = dns_message_headertotext(response, style, flags, buf);
CHECK("dns_message_headertotext", result);
CHECKM("dns_message_headertotext", result);
} else if (display_comments && !display_short_form) {
printf(";; Got answer:\n");
@ -405,7 +405,7 @@ repopulate_buffer:
isc_buffer_allocate(mctx, &buf, len);
goto repopulate_buffer;
}
CHECK("dns_message_pseudosectiontotext", result);
CHECKM("dns_message_pseudosectiontotext", result);
}
if (display_question && display_headers && !display_short_form) {
@ -414,7 +414,7 @@ repopulate_buffer:
if (result == ISC_R_NOSPACE) {
goto buftoosmall;
}
CHECK("dns_message_sectiontotext", result);
CHECKM("dns_message_sectiontotext", result);
}
if (display_answer && !display_short_form) {
@ -423,7 +423,7 @@ repopulate_buffer:
if (result == ISC_R_NOSPACE) {
goto buftoosmall;
}
CHECK("dns_message_sectiontotext", result);
CHECKM("dns_message_sectiontotext", result);
} else if (display_answer) {
dns_name_t *name;
dns_rdataset_t *rdataset;
@ -442,14 +442,14 @@ repopulate_buffer:
dns_name_init(&empty_name, NULL);
result = dns_message_firstname(response, DNS_SECTION_ANSWER);
if (result != ISC_R_NOMORE) {
CHECK("dns_message_firstname", result);
CHECKM("dns_message_firstname", result);
}
for (;;) {
if (result == ISC_R_NOMORE) {
break;
}
CHECK("dns_message_nextname", result);
CHECKM("dns_message_nextname", result);
name = NULL;
dns_message_currentname(response, DNS_SECTION_ANSWER,
&name);
@ -467,7 +467,7 @@ repopulate_buffer:
if (result == ISC_R_NOSPACE) {
goto buftoosmall;
}
CHECK("dns_rdata_tofmttext", result);
CHECKM("dns_rdata_tofmttext", result);
loopresult =
dns_rdataset_next(rdataset);
dns_rdata_reset(&rdata);
@ -490,7 +490,7 @@ repopulate_buffer:
if (result == ISC_R_NOSPACE) {
goto buftoosmall;
}
CHECK("dns_message_sectiontotext", result);
CHECKM("dns_message_sectiontotext", result);
}
if (display_additional && !display_short_form) {
@ -499,7 +499,7 @@ repopulate_buffer:
if (result == ISC_R_NOSPACE) {
goto buftoosmall;
}
CHECK("dns_message_sectiontotext", result);
CHECKM("dns_message_sectiontotext", result);
}
if (display_additional && !display_short_form && display_headers) {
@ -511,13 +511,13 @@ repopulate_buffer:
if (result == ISC_R_NOSPACE) {
goto buftoosmall;
}
CHECK("dns_message_pseudosectiontotext", result);
CHECKM("dns_message_pseudosectiontotext", result);
result = dns_message_pseudosectiontotext(
response, DNS_PSEUDOSECTION_SIG0, style, flags, buf);
if (result == ISC_R_NOSPACE) {
goto buftoosmall;
}
CHECK("dns_message_pseudosectiontotext", result);
CHECKM("dns_message_pseudosectiontotext", result);
}
if (display_headers && display_comments && !display_short_form && !yaml)
@ -561,9 +561,9 @@ add_opt(dns_message_t *msg, uint16_t udpsize, uint16_t edns, unsigned int flags,
result = dns_message_buildopt(msg, &rdataset, edns, udpsize, flags,
opts, count);
CHECK("dns_message_buildopt", result);
CHECKM("dns_message_buildopt", result);
result = dns_message_setopt(msg, rdataset);
CHECK("dns_message_setopt", result);
CHECKM("dns_message_setopt", result);
}
static void
@ -591,7 +591,7 @@ sendquery(struct query *query) {
isc_buffer_add(&buf, strlen(query->textname));
result = dns_name_fromtext(dns_fixedname_name(&queryname), &buf,
dns_rootname, 0, NULL);
CHECK("dns_name_fromtext", result);
CHECKM("dns_name_fromtext", result);
dns_message_create(mctx, NULL, NULL, DNS_MESSAGE_INTENTRENDER,
&message);
@ -666,7 +666,7 @@ sendquery(struct query *query) {
INSIST(i < DNS_EDNSOPTIONS);
opts[i].code = DNS_OPT_CLIENT_SUBNET;
opts[i].length = (uint16_t)addrl + 4;
CHECK("isc_buffer_allocate", result);
CHECKM("isc_buffer_allocate", result);
isc_buffer_init(&b, ecsbuf, sizeof(ecsbuf));
if (sa->sa_family == AF_INET) {
family = 1;
@ -712,7 +712,7 @@ sendquery(struct query *query) {
isc_buffer_init(&b, cookie, sizeof(cookie));
result = isc_hex_decodestring(query->cookie,
&b);
CHECK("isc_hex_decodestring", result);
CHECKM("isc_hex_decodestring", result);
opts[i].value = isc_buffer_base(&b);
opts[i].length = isc_buffer_usedlength(&b);
} else {
@ -754,7 +754,7 @@ sendquery(struct query *query) {
NULL, options, NULL, query->timeout, query->udptimeout,
query->udpretries, isc_loop_main(loopmgr), recvresponse,
message, &request);
CHECK("dns_request_create", result);
CHECKM("dns_request_create", result);
return ISC_R_SUCCESS;
}
@ -968,7 +968,7 @@ save_opt(struct query *query, char *code, char *value) {
buf = isc_mem_allocate(mctx, strlen(value) / 2 + 1);
isc_buffer_init(&b, buf, strlen(value) / 2 + 1);
result = isc_hex_decodestring(value, &b);
CHECK("isc_hex_decodestring", result);
CHECKM("isc_hex_decodestring", result);
query->ednsopts[query->ednsoptscnt].value = isc_buffer_base(&b);
query->ednsopts[query->ednsoptscnt].length =
isc_buffer_usedlength(&b);
@ -1065,9 +1065,9 @@ reverse_octets(const char *in, char **p, char *end) {
if (dot != NULL) {
isc_result_t result;
result = reverse_octets(dot + 1, p, end);
CHECK("reverse_octets", result);
CHECKM("reverse_octets", result);
result = append(".", 1, p, end);
CHECK("append", result);
CHECKM("append", result);
len = (int)(dot - in);
} else {
len = strlen(in);
@ -1090,7 +1090,7 @@ get_reverse(char *reverse, size_t len, const char *value) {
name = dns_fixedname_initname(&fname);
result = dns_byaddr_createptrname(&addr, name);
CHECK("dns_byaddr_createptrname", result);
CHECKM("dns_byaddr_createptrname", result);
dns_name_format(name, reverse, (unsigned int)len);
return;
} else {
@ -1104,10 +1104,10 @@ get_reverse(char *reverse, size_t len, const char *value) {
char *p = reverse;
char *end = reverse + len;
result = reverse_octets(value, &p, end);
CHECK("reverse_octets", result);
CHECKM("reverse_octets", result);
/* Append .in-addr.arpa. and a terminating NUL. */
result = append(".in-addr.arpa.", 15, &p, end);
CHECK("append", result);
CHECKM("append", result);
return;
}
}
@ -1224,7 +1224,7 @@ plus_option(char *option, struct query *query, bool global) {
}
result = parse_uint(&num, value, COMMSIZE,
"buffer size");
CHECK("parse_uint(buffer size)", result);
CHECKM("parse_uint(buffer size)", result);
query->udpsize = num;
break;
case 'r': /* burst */
@ -1334,8 +1334,8 @@ plus_option(char *option, struct query *query, bool global) {
result = parse_uint(&num, value,
255,
"edns");
CHECK("parse_uint(edns)",
result);
CHECKM("parse_uint(edns)",
result);
query->edns = num;
break;
case 'f':
@ -1351,8 +1351,8 @@ plus_option(char *option, struct query *query, bool global) {
result = parse_xint(
&num, value, 0xffff,
"ednsflags");
CHECK("parse_xint(ednsflags)",
result);
CHECKM("parse_xint(ednsflags)",
result);
if (query->edns == -1) {
query->edns = 1;
}
@ -1434,7 +1434,7 @@ plus_option(char *option, struct query *query, bool global) {
}
result = parse_uint(&query->udpretries, value,
MAXTRIES - 1, "udpretries");
CHECK("parse_uint(udpretries)", result);
CHECKM("parse_uint(udpretries)", result);
break;
default:
goto invalid_option;
@ -1498,7 +1498,7 @@ plus_option(char *option, struct query *query, bool global) {
if (display_splitwidth) {
display_splitwidth += 3;
}
CHECK("parse_uint(split)", result);
CHECKM("parse_uint(split)", result);
break;
case 'u': /* subnet */
FULLCHECK("subnet");
@ -1516,7 +1516,7 @@ plus_option(char *option, struct query *query, bool global) {
query->edns = 0;
}
result = parse_netprefix(&query->ecs_addr, value);
CHECK("parse_netprefix", result);
CHECKM("parse_netprefix", result);
break;
default:
goto invalid_option;
@ -1539,7 +1539,7 @@ plus_option(char *option, struct query *query, bool global) {
}
result = parse_uint(&query->timeout, value, MAXTIMEOUT,
"timeout");
CHECK("parse_uint(timeout)", result);
CHECKM("parse_uint(timeout)", result);
if (query->timeout == 0) {
query->timeout = 1;
}
@ -1554,7 +1554,7 @@ plus_option(char *option, struct query *query, bool global) {
}
result = parse_uint(&query->udpretries, value, MAXTRIES,
"udpretries");
CHECK("parse_uint(udpretries)", result);
CHECKM("parse_uint(udpretries)", result);
if (query->udpretries > 0) {
query->udpretries -= 1;
}
@ -1599,7 +1599,7 @@ plus_option(char *option, struct query *query, bool global) {
}
result = parse_uint(&query->udptimeout, value,
MAXTIMEOUT, "udptimeout");
CHECK("parse_uint(udptimeout)", result);
CHECKM("parse_uint(udptimeout)", result);
break;
case 'n':
FULLCHECK("unknownformat");
@ -1729,7 +1729,7 @@ dash_option(const char *option, char *next, struct query *query, bool global,
if (hash != NULL) {
result = parse_uint(&num, hash + 1, MAXPORT,
"port number");
CHECK("parse_uint(srcport)", result);
CHECKM("parse_uint(srcport)", result);
srcport = num;
*hash = '\0';
} else {
@ -1757,7 +1757,7 @@ dash_option(const char *option, char *next, struct query *query, bool global,
tr.length = strlen(value);
result = dns_rdataclass_fromtext(&rdclass,
(isc_textregion_t *)&tr);
CHECK("dns_rdataclass_fromtext", result);
CHECKM("dns_rdataclass_fromtext", result);
query->rdclass = rdclass;
return value_from_next;
case 'f':
@ -1766,7 +1766,7 @@ dash_option(const char *option, char *next, struct query *query, bool global,
case 'p':
GLOBAL();
result = parse_uint(&num, value, MAXPORT, "port number");
CHECK("parse_uint(port)", result);
CHECKM("parse_uint(port)", result);
port = num;
return value_from_next;
case 't':
@ -1774,7 +1774,7 @@ dash_option(const char *option, char *next, struct query *query, bool global,
tr.length = strlen(value);
result = dns_rdatatype_fromtext(&rdtype,
(isc_textregion_t *)&tr);
CHECK("dns_rdatatype_fromtext", result);
CHECKM("dns_rdatatype_fromtext", result);
query->rdtype = rdtype;
return value_from_next;
case 'x':

2
fuzz/dns_qpkey_name.c
View file

@ -43,6 +43,7 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
dns_name_t *namein, *nameout, *namecmp;
isc_buffer_t buf;
dns_qpkey_t key, cmp;
isc_result_t result;
namein = dns_fixedname_initname(&fixedin);
nameout = dns_fixedname_initname(&fixedout);
@ -73,5 +74,6 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
assert((namerel == 0) == (keyrel == 0));
assert((namerel > 0) == (keyrel > 0));
cleanup:
return 0;
}

1
fuzz/dns_rdata_fromwire_text.c
View file

@ -210,5 +210,6 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
assert(target.used == size);
assert(!memcmp(target.base, data, size));
cleanup:
return 0;
}

5
fuzz/fuzz.h
View file

@ -36,9 +36,4 @@ LLVMFuzzerInitialize(int *argc ISC_ATTR_UNUSED, char ***argv ISC_ATTR_UNUSED);
int
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
#define CHECK(x) \
if ((x) != ISC_R_SUCCESS) { \
return (0); \
}
ISC_LANG_ENDDECLS

1
fuzz/isc_lex_getmastertoken.c
View file

@ -71,5 +71,6 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
result = isc_lex_getmastertoken(lex, &token, expect, eol);
} while (result == ISC_R_SUCCESS && token.type != isc_tokentype_eof);
cleanup:
return 0;
}

1
fuzz/isc_lex_gettoken.c
View file

@ -50,5 +50,6 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
result = isc_lex_gettoken(lex, 0, &token);
} while (result == ISC_R_SUCCESS);
cleanup:
return 0;
}

7
lib/dns/client.c
View file

@ -59,13 +59,6 @@
#define UCTX_MAGIC ISC_MAGIC('U', 'c', 't', 'x')
#define UCTX_VALID(c) ISC_MAGIC_VALID(c, UCTX_MAGIC)
#define CHECK(r) \
do { \
result = (r); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
/*%
* DNS client object
*/

11
lib/dns/diff.c
View file

@ -36,13 +36,6 @@
#include <dns/rdatatype.h>
#include <dns/time.h>
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#define DIFF_COMMON_LOGARGS \
dns_lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_DIFF
@ -515,7 +508,7 @@ diff_apply(const dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *ver,
}
return ISC_R_SUCCESS;
failure:
cleanup:
if (node != NULL) {
dns_db_detachnode(db, &node);
}
@ -604,7 +597,7 @@ dns_diff_load(const dns_diff_t *diff, dns_rdatacallbacks_t *callbacks) {
}
result = ISC_R_SUCCESS;
failure:
cleanup:
if (callbacks->commit != NULL) {
callbacks->commit(callbacks->add_private);
}

159
lib/dns/dnssec.c
View file

@ -45,13 +45,6 @@ isc_stats_t *dns_dnssec_stats;
#define is_response(msg) ((msg->flags & DNS_MESSAGEFLAG_QR) != 0)
#define RETERR(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#define TYPE_SIGN 0
#define TYPE_VERIFY 1
@ -787,25 +780,25 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) {
isc_buffer_init(&databuf, data, sizeof(data));
RETERR(dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, true, 0,
&ctx));
CHECK(dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, true, 0,
&ctx));
/*
* Digest the fields of the SIG - we can cheat and use
* dns_rdata_fromstruct. Since siglen is 0, the digested data
* is identical to dns format.
*/
RETERR(dns_rdata_fromstruct(NULL, dns_rdataclass_any,
dns_rdatatype_sig /* SIG(0) */, &sig,
&databuf));
CHECK(dns_rdata_fromstruct(NULL, dns_rdataclass_any,
dns_rdatatype_sig /* SIG(0) */, &sig,
&databuf));
isc_buffer_usedregion(&databuf, &r);
RETERR(dst_context_adddata(ctx, &r));
CHECK(dst_context_adddata(ctx, &r));
/*
* If this is a response, digest the query.
*/
if (is_response(msg)) {
RETERR(dst_context_adddata(ctx, &msg->query));
CHECK(dst_context_adddata(ctx, &msg->query));
}
/*
@ -814,29 +807,29 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) {
isc_buffer_init(&headerbuf, header, sizeof(header));
dns_message_renderheader(msg, &headerbuf);
isc_buffer_usedregion(&headerbuf, &r);
RETERR(dst_context_adddata(ctx, &r));
CHECK(dst_context_adddata(ctx, &r));
/*
* Digest the remainder of the message.
*/
isc_buffer_usedregion(msg->buffer, &r);
isc_region_consume(&r, DNS_MESSAGE_HEADERLEN);
RETERR(dst_context_adddata(ctx, &r));
CHECK(dst_context_adddata(ctx, &r));
RETERR(dst_key_sigsize(key, &sigsize));
CHECK(dst_key_sigsize(key, &sigsize));
sig.siglen = sigsize;
sig.signature = isc_mem_get(mctx, sig.siglen);
isc_buffer_init(&sigbuf, sig.signature, sig.siglen);
RETERR(dst_context_sign(ctx, &sigbuf));
CHECK(dst_context_sign(ctx, &sigbuf));
dst_context_destroy(&ctx);
rdata = NULL;
dns_message_gettemprdata(msg, &rdata);
isc_buffer_allocate(msg->mctx, &dynbuf, 1024);
RETERR(dns_rdata_fromstruct(rdata, dns_rdataclass_any,
dns_rdatatype_sig /* SIG(0) */, &sig,
dynbuf));
CHECK(dns_rdata_fromstruct(rdata, dns_rdataclass_any,
dns_rdatatype_sig /* SIG(0) */, &sig,
dynbuf));
isc_mem_put(mctx, sig.signature, sig.siglen);
@ -854,7 +847,7 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) {
return ISC_R_SUCCESS;
failure:
cleanup:
if (dynbuf != NULL) {
isc_buffer_free(&dynbuf);
}
@ -900,21 +893,19 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
isc_buffer_usedregion(source, &source_r);
RETERR(dns_rdataset_first(msg->sig0));
CHECK(dns_rdataset_first(msg->sig0));
dns_rdataset_current(msg->sig0, &rdata);
RETERR(dns_rdata_tostruct(&rdata, &sig, NULL));
CHECK(dns_rdata_tostruct(&rdata, &sig, NULL));
signeedsfree = true;
if (sig.labels != 0) {
result = DNS_R_SIGINVALID;
goto failure;
CHECK(DNS_R_SIGINVALID);
}
if (isc_serial_lt(sig.timeexpire, sig.timesigned)) {
result = DNS_R_SIGINVALID;
msg->sig0status = dns_tsigerror_badtime;
goto failure;
CHECK(DNS_R_SIGINVALID);
}
if (msg->fuzzing) {
@ -924,36 +915,33 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
}
if (isc_serial_lt((uint32_t)now, sig.timesigned)) {
result = DNS_R_SIGFUTURE;
msg->sig0status = dns_tsigerror_badtime;
goto failure;
CHECK(DNS_R_SIGFUTURE);
} else if (isc_serial_lt(sig.timeexpire, (uint32_t)now)) {
result = DNS_R_SIGEXPIRED;
msg->sig0status = dns_tsigerror_badtime;
goto failure;
CHECK(DNS_R_SIGEXPIRED);
}
if (!dns_name_equal(dst_key_name(key), &sig.signer)) {
result = DNS_R_SIGINVALID;
msg->sig0status = dns_tsigerror_badkey;
goto failure;
CHECK(DNS_R_SIGINVALID);
}
RETERR(dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, false, 0,
&ctx));
CHECK(dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, false, 0,
&ctx));
/*
* Digest the SIG(0) record, except for the signature.
*/
dns_rdata_toregion(&rdata, &r);
r.length -= sig.siglen;
RETERR(dst_context_adddata(ctx, &r));
CHECK(dst_context_adddata(ctx, &r));
/*
* If this is a response, digest the query.
*/
if (is_response(msg)) {
RETERR(dst_context_adddata(ctx, &msg->query));
CHECK(dst_context_adddata(ctx, &msg->query));
}
/*
@ -974,21 +962,21 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
*/
header_r.base = (unsigned char *)header;
header_r.length = DNS_MESSAGE_HEADERLEN;
RETERR(dst_context_adddata(ctx, &header_r));
CHECK(dst_context_adddata(ctx, &header_r));
/*
* Digest all non-SIG(0) records.
*/
r.base = source_r.base + DNS_MESSAGE_HEADERLEN;
r.length = msg->sigstart - DNS_MESSAGE_HEADERLEN;
RETERR(dst_context_adddata(ctx, &r));
CHECK(dst_context_adddata(ctx, &r));
sig_r.base = sig.signature;
sig_r.length = sig.siglen;
result = dst_context_verify(ctx, &sig_r);
if (result != ISC_R_SUCCESS) {
msg->sig0status = dns_tsigerror_badsig;
goto failure;
goto cleanup;
}
msg->verified_sig = 1;
@ -999,7 +987,7 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
return ISC_R_SUCCESS;
failure:
cleanup:
if (signeedsfree) {
dns_rdata_freestruct(&sig);
}
@ -1214,7 +1202,7 @@ findmatchingkeys(const char *directory, bool rrtypekey, char *namebuf,
directory = ".";
}
RETERR(isc_dir_open(&dir, directory));
CHECK(isc_dir_open(&dir, directory));
dir_open = true;
while (isc_dir_read(&dir) == ISC_R_SUCCESS) {
@ -1293,7 +1281,7 @@ findmatchingkeys(const char *directory, bool rrtypekey, char *namebuf,
}
result = match ? ISC_R_SUCCESS : ISC_R_NOTFOUND;
failure:
cleanup:
if (dir_open) {
isc_dir_close(&dir);
}
@ -1323,15 +1311,15 @@ dns_dnssec_findmatchingkeys(const dns_name_t *origin, dns_kasp_t *kasp,
ISC_LIST_INIT(list);
isc_buffer_init(&b, namebuf, sizeof(namebuf) - 1);
RETERR(dns_name_tofilenametext(origin, false, &b));
CHECK(dns_name_tofilenametext(origin, false, &b));
len = isc_buffer_usedlength(&b);
namebuf[len] = '\0';
if (kasp == NULL || (strcmp(dns_kasp_getname(kasp), "none") == 0) ||
(strcmp(dns_kasp_getname(kasp), "insecure") == 0))
{
RETERR(findmatchingkeys(keydir, rrtypekey, namebuf, len, mctx,
now, &list));
CHECK(findmatchingkeys(keydir, rrtypekey, namebuf, len, mctx,
now, &list));
} else if (keystores != NULL) {
for (dns_keystore_t *keystore = ISC_LIST_HEAD(*keystores);
keystore != NULL; keystore = ISC_LIST_NEXT(keystore, link))
@ -1344,7 +1332,7 @@ dns_dnssec_findmatchingkeys(const dns_name_t *origin, dns_kasp_t *kasp,
const char *directory =
dns_keystore_directory(keystore,
keydir);
RETERR(findmatchingkeys(
CHECK(findmatchingkeys(
directory, rrtypekey, namebuf,
len, mctx, now, &list));
break;
@ -1360,7 +1348,7 @@ dns_dnssec_findmatchingkeys(const dns_name_t *origin, dns_kasp_t *kasp,
result = ISC_R_NOTFOUND;
}
failure:
cleanup:
while ((key = ISC_LIST_HEAD(list)) != NULL) {
ISC_LIST_UNLINK(list, key, link);
INSIST(key->key != NULL);
@ -1546,7 +1534,7 @@ dns_dnssec_keylistfromrdataset(const dns_name_t *origin, dns_kasp_t *kasp,
goto skip;
}
RETERR(dns_dnssec_keyfromrdata(origin, &rdata, mctx, &dnskey));
CHECK(dns_dnssec_keyfromrdata(origin, &rdata, mctx, &dnskey));
dst_key_setttl(dnskey, keys.ttl);
if (!is_zone_key(dnskey)) {
@ -1570,7 +1558,7 @@ dns_dnssec_keylistfromrdataset(const dns_name_t *origin, dns_kasp_t *kasp,
if (result == ISC_R_FILENOTFOUND || result == ISC_R_NOPERM) {
result = ISC_R_SUCCESS;
}
RETERR(result);
CHECK(result);
if (kasp != NULL && dns_kasp_offlineksk(kasp) &&
(dst_key_flags(dnskey) & DNS_KEYFLAG_KSK) != 0)
@ -1653,7 +1641,7 @@ dns_dnssec_keylistfromrdataset(const dns_name_t *origin, dns_kasp_t *kasp,
}
goto skip;
}
RETERR(result);
CHECK(result);
/*
* Whatever the key's default TTL may have
@ -1679,16 +1667,16 @@ dns_dnssec_keylistfromrdataset(const dns_name_t *origin, dns_kasp_t *kasp,
}
if (keysigs != NULL && dns_rdataset_isassociated(keysigs)) {
RETERR(mark_active_keys(keylist, keysigs));
CHECK(mark_active_keys(keylist, keysigs));
}
if (soasigs != NULL && dns_rdataset_isassociated(soasigs)) {
RETERR(mark_active_keys(keylist, soasigs));
CHECK(mark_active_keys(keylist, soasigs));
}
result = ISC_R_SUCCESS;
failure:
cleanup:
if (dns_rdataset_isassociated(&keys)) {
dns_rdataset_disassociate(&keys);
}
@ -1727,29 +1715,25 @@ dns_dnssec_make_dnskey(dst_key_t *key, unsigned char *buf, int bufsize,
static isc_result_t
addrdata(dns_rdata_t *rdata, dns_diff_t *diff, const dns_name_t *origin,
dns_ttl_t ttl, isc_mem_t *mctx) {
isc_result_t result;
dns_difftuple_t *tuple = NULL;
RETERR(dns_difftuple_create(mctx, DNS_DIFFOP_ADD, origin, ttl, rdata,
&tuple));
dns_diff_appendminimal(diff, &tuple);
failure:
return result;
return ISC_R_SUCCESS;
}
static isc_result_t
delrdata(dns_rdata_t *rdata, dns_diff_t *diff, const dns_name_t *origin,
dns_ttl_t ttl, isc_mem_t *mctx) {
isc_result_t result;
dns_difftuple_t *tuple = NULL;
RETERR(dns_difftuple_create(mctx, DNS_DIFFOP_DEL, origin, ttl, rdata,
&tuple));
dns_diff_appendminimal(diff, &tuple);
failure:
return result;
return ISC_R_SUCCESS;
}
static isc_result_t
@ -1762,7 +1746,7 @@ publish_key(dns_diff_t *diff, dns_dnsseckey_t *key, const dns_name_t *origin,
dns_rdata_t dnskey = DNS_RDATA_INIT;
dns_rdata_reset(&dnskey);
RETERR(dns_dnssec_make_dnskey(key->key, buf, sizeof(buf), &dnskey));
CHECK(dns_dnssec_make_dnskey(key->key, buf, sizeof(buf), &dnskey));
dst_key_format(key->key, keystr, sizeof(keystr));
report("Fetching %s (%s) from key %s.", keystr,
@ -1783,7 +1767,7 @@ publish_key(dns_diff_t *diff, dns_dnsseckey_t *key, const dns_name_t *origin,
/* publish key */
result = addrdata(&dnskey, diff, origin, ttl, mctx);
failure:
cleanup:
return result;
}
@ -1802,10 +1786,10 @@ remove_key(dns_diff_t *diff, dns_dnsseckey_t *key, const dns_name_t *origin,
report("Removing %s key %s/%d/%s from DNSKEY RRset.", reason, namebuf,
dst_key_id(key->key), alg);
RETERR(dns_dnssec_make_dnskey(key->key, buf, sizeof(buf), &dnskey));
CHECK(dns_dnssec_make_dnskey(key->key, buf, sizeof(buf), &dnskey));
result = delrdata(&dnskey, diff, origin, ttl, mctx);
failure:
cleanup:
return result;
}
@ -1924,8 +1908,8 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys,
dns_rdata_t cdnskeyrdata = DNS_RDATA_INIT;
dns_name_t *origin = dst_key_name(key->key);
RETERR(dns_dnssec_make_dnskey(key->key, keybuf, sizeof(keybuf),
&cdnskeyrdata));
CHECK(dns_dnssec_make_dnskey(key->key, keybuf, sizeof(keybuf),
&cdnskeyrdata));
cdnskeyrdata.type = dns_rdatatype_cdnskey;
if (syncpublish(key->key, now)) {
@ -1935,10 +1919,9 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys,
for (dns_kasp_digest_t *alg = ISC_LIST_HEAD(*digests);
alg != NULL; alg = ISC_LIST_NEXT(alg, link))
{
RETERR(add_cds(key, &cdnskeyrdata,
(const char *)keystr, cds,
alg->digest, cdsttl, diff,
mctx));
CHECK(add_cds(key, &cdnskeyrdata,
(const char *)keystr, cds,
alg->digest, cdsttl, diff, mctx));
}
if (gencdnskey &&
@ -2007,8 +1990,8 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys,
char keystr[DST_KEY_FORMATSIZE];
dst_key_format(key->key, keystr, sizeof(keystr));
RETERR(dns_dnssec_make_dnskey(key->key, keybuf, sizeof(keybuf),
&cdnskeyrdata));
CHECK(dns_dnssec_make_dnskey(key->key, keybuf, sizeof(keybuf),
&cdnskeyrdata));
if (dns_rdataset_isassociated(cds)) {
delete_cds(key, &cdnskeyrdata, (const char *)keystr,
@ -2034,7 +2017,7 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys,
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -2049,7 +2032,6 @@ dns_dnssec_syncdelete(dns_rdataset_t *cds, dns_rdataset_t *cdnskey,
dns_rdata_t cds_delete = DNS_RDATA_INIT;
dns_rdata_t cdnskey_delete = DNS_RDATA_INIT;
isc_region_t r;
isc_result_t result;
r.base = keybuf;
r.length = sizeof(keybuf);
@ -2112,10 +2094,7 @@ dns_dnssec_syncdelete(dns_rdataset_t *cds, dns_rdataset_t *cdnskey,
}
}
result = ISC_R_SUCCESS;
failure:
return result;
return ISC_R_SUCCESS;
}
/*
@ -2149,8 +2128,8 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
if (key->source == dns_keysource_user &&
(key->hint_publish || key->force_publish))
{
RETERR(publish_key(diff, key, origin, ttl, mctx,
report));
CHECK(publish_key(diff, key, origin, ttl, mctx,
report));
}
if (key->source == dns_keysource_zoneapex) {
ttl = dst_key_getttl(key->key);
@ -2224,8 +2203,8 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
if (key1->source != dns_keysource_zoneapex &&
(key1->hint_publish || key1->force_publish))
{
RETERR(publish_key(diff, key1, origin, ttl,
mctx, report));
CHECK(publish_key(diff, key1, origin, ttl, mctx,
report));
isc_log_write(
dns_lctx, DNS_LOGCATEGORY_DNSSEC,
DNS_LOGMODULE_DNSSEC, ISC_LOG_INFO,
@ -2260,8 +2239,8 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
/* Match found: remove or update it as needed */
if (key1->hint_remove) {
RETERR(remove_key(diff, key2, origin, ttl, mctx,
"expired", report));
CHECK(remove_key(diff, key2, origin, ttl, mctx,
"expired", report));
ISC_LIST_UNLINK(*keys, key2, link);
if (removed != NULL) {
@ -2284,8 +2263,8 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
* We need to remove the old version and pull
* in the new one.
*/
RETERR(remove_key(diff, key2, origin, ttl, mctx,
"revoked", report));
CHECK(remove_key(diff, key2, origin, ttl, mctx,
"revoked", report));
ISC_LIST_UNLINK(*keys, key2, link);
if (removed != NULL) {
ISC_LIST_APPEND(*removed, key2, link);
@ -2302,8 +2281,8 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
dns_dnsseckey_destroy(mctx, &key2);
}
RETERR(publish_key(diff, key1, origin, ttl, mctx,
report));
CHECK(publish_key(diff, key1, origin, ttl, mctx,
report));
ISC_LIST_UNLINK(*newkeys, key1, link);
ISC_LIST_APPEND(*keys, key1, link);
@ -2354,7 +2333,7 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}

7
lib/dns/dnstap.c
View file

@ -121,13 +121,6 @@ struct dns_dtenv {
isc_stats_t *stats;
};
#define CHECK(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
typedef struct ioq {
unsigned int generation;
struct fstrm_iothr_queue *ioq;

265
lib/dns/dst_api.c
View file

@ -68,35 +68,35 @@
#define DST_AS_STR(t) ((t).value.as_textregion.base)
#define NEXTTOKEN(lex, opt, token) \
{ \
ret = isc_lex_gettoken(lex, opt, token); \
if (ret != ISC_R_SUCCESS) \
goto cleanup; \
#define NEXTTOKEN(lex, opt, token) \
{ \
CHECK(isc_lex_gettoken(lex, opt, token)); \
}
#define NEXTTOKEN_OR_EOF(lex, opt, token) \
do { \
ret = isc_lex_gettoken(lex, opt, token); \
if (ret == ISC_R_EOF) \
break; \
if (ret != ISC_R_SUCCESS) \
goto cleanup; \
#define NEXTTOKEN_OR_EOF(lex, opt, token) \
do { \
result = isc_lex_gettoken(lex, opt, token); \
if (result == ISC_R_EOF) { \
break; \
} \
if (result != ISC_R_SUCCESS) { \
goto cleanup; \
} \
} while ((*token).type == isc_tokentype_eol);
#define READLINE(lex, opt, token) \
do { \
ret = isc_lex_gettoken(lex, opt, token); \
if (ret == ISC_R_EOF) \
break; \
if (ret != ISC_R_SUCCESS) \
goto cleanup; \
#define READLINE(lex, opt, token) \
do { \
result = isc_lex_gettoken(lex, opt, token); \
if (result == ISC_R_EOF) \
break; \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while ((*token).type != isc_tokentype_eol)
#define BADTOKEN() \
{ \
ret = ISC_R_UNEXPECTEDTOKEN; \
goto cleanup; \
#define BADTOKEN() \
{ \
result = ISC_R_UNEXPECTEDTOKEN; \
goto cleanup; \
}
static const char *numerictags[DST_MAX_NUMERIC] = {
@ -188,13 +188,6 @@ static isc_result_t
addsuffix(char *filename, int len, const char *dirname, const char *ofilename,
const char *suffix);
#define RETERR(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto out; \
} while (0)
#define CHECKALG(alg) \
do { \
isc_result_t _r; \
@ -213,41 +206,41 @@ dst_lib_init(isc_mem_t *mctx, const char *engine) {
UNUSED(engine);
memset(dst_t_func, 0, sizeof(dst_t_func));
RETERR(dst__openssl_init(engine)); /* Sets FIPS mode. */
RETERR(dst__hmacmd5_init(&dst_t_func[DST_ALG_HMACMD5]));
RETERR(dst__hmacsha1_init(&dst_t_func[DST_ALG_HMACSHA1]));
RETERR(dst__hmacsha224_init(&dst_t_func[DST_ALG_HMACSHA224]));
RETERR(dst__hmacsha256_init(&dst_t_func[DST_ALG_HMACSHA256]));
RETERR(dst__hmacsha384_init(&dst_t_func[DST_ALG_HMACSHA384]));
RETERR(dst__hmacsha512_init(&dst_t_func[DST_ALG_HMACSHA512]));
CHECK(dst__openssl_init(engine)); /* Sets FIPS mode. */
CHECK(dst__hmacmd5_init(&dst_t_func[DST_ALG_HMACMD5]));
CHECK(dst__hmacsha1_init(&dst_t_func[DST_ALG_HMACSHA1]));
CHECK(dst__hmacsha224_init(&dst_t_func[DST_ALG_HMACSHA224]));
CHECK(dst__hmacsha256_init(&dst_t_func[DST_ALG_HMACSHA256]));
CHECK(dst__hmacsha384_init(&dst_t_func[DST_ALG_HMACSHA384]));
CHECK(dst__hmacsha512_init(&dst_t_func[DST_ALG_HMACSHA512]));
/* RSASHA1 (NSEC3RSASHA1) is verify only in FIPS mode. */
RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA1],
DST_ALG_RSASHA1));
RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_NSEC3RSASHA1],
DST_ALG_NSEC3RSASHA1));
RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA256],
DST_ALG_RSASHA256));
RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA512],
DST_ALG_RSASHA512));
RETERR(dst__opensslecdsa_init(&dst_t_func[DST_ALG_ECDSA256]));
RETERR(dst__opensslecdsa_init(&dst_t_func[DST_ALG_ECDSA384]));
CHECK(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA1],
DST_ALG_RSASHA1));
CHECK(dst__opensslrsa_init(&dst_t_func[DST_ALG_NSEC3RSASHA1],
DST_ALG_NSEC3RSASHA1));
CHECK(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA256],
DST_ALG_RSASHA256));
CHECK(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA512],
DST_ALG_RSASHA512));
CHECK(dst__opensslecdsa_init(&dst_t_func[DST_ALG_ECDSA256]));
CHECK(dst__opensslecdsa_init(&dst_t_func[DST_ALG_ECDSA384]));
#ifdef HAVE_OPENSSL_ED25519
RETERR(dst__openssleddsa_init(&dst_t_func[DST_ALG_ED25519],
DST_ALG_ED25519));
CHECK(dst__openssleddsa_init(&dst_t_func[DST_ALG_ED25519],
DST_ALG_ED25519));
#endif /* ifdef HAVE_OPENSSL_ED25519 */
#ifdef HAVE_OPENSSL_ED448
RETERR(dst__openssleddsa_init(&dst_t_func[DST_ALG_ED448],
DST_ALG_ED448));
CHECK(dst__openssleddsa_init(&dst_t_func[DST_ALG_ED448],
DST_ALG_ED448));
#endif /* ifdef HAVE_OPENSSL_ED448 */
#if HAVE_GSSAPI
RETERR(dst__gssapi_init(&dst_t_func[DST_ALG_GSSAPI]));
CHECK(dst__gssapi_init(&dst_t_func[DST_ALG_GSSAPI]));
#endif /* HAVE_GSSAPI */
dst_initialized = true;
return ISC_R_SUCCESS;
out:
cleanup:
/* avoid immediate crash! */
dst_initialized = true;
dst_lib_destroy();
@ -442,9 +435,6 @@ dst_key_computesecret(const dst_key_t *pub, const dst_key_t *priv,
isc_result_t
dst_key_tofile(const dst_key_t *key, int type, const char *directory) {
isc_result_t ret = ISC_R_SUCCESS;
REQUIRE(dst_initialized);
REQUIRE(VALID_KEY(key));
REQUIRE((type &
(DST_TYPE_PRIVATE | DST_TYPE_PUBLIC | DST_TYPE_STATE)) != 0);
@ -456,17 +446,11 @@ dst_key_tofile(const dst_key_t *key, int type, const char *directory) {
}
if ((type & DST_TYPE_PUBLIC) != 0) {
ret = write_public_key(key, type, directory);
if (ret != ISC_R_SUCCESS) {
return ret;
}
RETERR(write_public_key(key, type, directory));
}
if ((type & DST_TYPE_STATE) != 0) {
ret = write_key_state(key, type, directory);
if (ret != ISC_R_SUCCESS) {
return ret;
}
RETERR(write_key_state(key, type, directory));
}
if (((type & DST_TYPE_PRIVATE) != 0) &&
@ -559,32 +543,20 @@ dst_key_fromfile(dns_name_t *name, dns_keytag_t id, unsigned int alg, int type,
key = NULL;
isc_buffer_init(&buf, filename, NAME_MAX);
result = dst_key_getfilename(name, id, alg, type, NULL, mctx, &buf);
if (result != ISC_R_SUCCESS) {
goto out;
}
result = dst_key_fromnamedfile(filename, directory, type, mctx, &key);
if (result != ISC_R_SUCCESS) {
goto out;
}
result = computeid(key);
if (result != ISC_R_SUCCESS) {
goto out;
}
CHECK(dst_key_getfilename(name, id, alg, type, NULL, mctx, &buf));
CHECK(dst_key_fromnamedfile(filename, directory, type, mctx, &key));
CHECK(computeid(key));
if (!dns_name_equal(name, key->key_name) || id != key->key_id ||
alg != key->key_alg)
{
result = DST_R_INVALIDPRIVATEKEY;
goto out;
CHECK(DST_R_INVALIDPRIVATEKEY);
}
*keyp = key;
result = ISC_R_SUCCESS;
out:
cleanup:
if ((key != NULL) && (result != ISC_R_SUCCESS)) {
dst_key_free(&key);
}
@ -621,7 +593,7 @@ dst_key_fromnamedfile(const char *filename, const char *dirname, int type,
".key");
INSIST(result == ISC_R_SUCCESS);
RETERR(dst_key_read_public(newfilename, type, mctx, &pubkey));
CHECK(dst_key_read_public(newfilename, type, mctx, &pubkey));
isc_mem_put(mctx, newfilename, newfilenamelen);
/*
@ -647,20 +619,20 @@ dst_key_fromnamedfile(const char *filename, const char *dirname, int type,
/* Having no state is valid. */
result = ISC_R_SUCCESS;
}
RETERR(result);
CHECK(result);
}
if ((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC)) == DST_TYPE_PUBLIC ||
(pubkey->key_flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY)
{
RETERR(computeid(pubkey));
CHECK(computeid(pubkey));
pubkey->modified = false;
*keyp = pubkey;
pubkey = NULL;
goto out;
goto cleanup;
}
RETERR(algorithm_status(pubkey->key_alg));
CHECK(algorithm_status(pubkey->key_alg));
key = get_key_struct(pubkey->key_name, pubkey->key_alg,
pubkey->key_flags, pubkey->key_proto,
@ -668,7 +640,7 @@ dst_key_fromnamedfile(const char *filename, const char *dirname, int type,
pubkey->key_ttl, mctx);
if (key->func->parse == NULL) {
RETERR(DST_R_UNSUPPORTEDALG);
CHECK(DST_R_UNSUPPORTEDALG);
}
newfilenamelen = strlen(filename) + 9;
@ -681,10 +653,10 @@ dst_key_fromnamedfile(const char *filename, const char *dirname, int type,
INSIST(result == ISC_R_SUCCESS);
isc_lex_create(mctx, 1500, &lex);
RETERR(isc_lex_openfile(lex, newfilename));
CHECK(isc_lex_openfile(lex, newfilename));
isc_mem_put(mctx, newfilename, newfilenamelen);
RETERR(key->func->parse(key, lex, pubkey));
CHECK(key->func->parse(key, lex, pubkey));
isc_lex_destroy(&lex);
key->kasp = false;
@ -696,13 +668,13 @@ dst_key_fromnamedfile(const char *filename, const char *dirname, int type,
/* Having no state is valid. */
result = ISC_R_SUCCESS;
}
RETERR(result);
CHECK(result);
}
RETERR(computeid(key));
CHECK(computeid(key));
if (pubkey->key_id != key->key_id) {
RETERR(DST_R_INVALIDPRIVATEKEY);
CHECK(DST_R_INVALIDPRIVATEKEY);
}
key->modified = false;
@ -713,7 +685,7 @@ dst_key_fromnamedfile(const char *filename, const char *dirname, int type,
*keyp = key;
key = NULL;
out:
cleanup:
if (pubkey != NULL) {
dst_key_free(&pubkey);
}
@ -868,13 +840,14 @@ dst_key_privatefrombuffer(dst_key_t *key, isc_buffer_t *buffer) {
REQUIRE(buffer != NULL);
if (key->func->parse == NULL) {
RETERR(DST_R_UNSUPPORTEDALG);
CHECK(DST_R_UNSUPPORTEDALG);
}
isc_lex_create(key->mctx, 1500, &lex);
RETERR(isc_lex_openbuffer(lex, buffer));
RETERR(key->func->parse(key, lex, NULL));
out:
CHECK(isc_lex_openbuffer(lex, buffer));
CHECK(key->func->parse(key, lex, NULL));
cleanup:
if (lex != NULL) {
isc_lex_destroy(&lex);
}
@ -907,13 +880,13 @@ dst_key_fromgssapi(const dns_name_t *name, dns_gss_ctx_id_t gssctx,
*/
isc_buffer_allocate(key->mctx, &key->key_tkeytoken,
intoken->length);
RETERR(isc_buffer_copyregion(key->key_tkeytoken, intoken));
CHECK(isc_buffer_copyregion(key->key_tkeytoken, intoken));
}
key->keydata.gssctx = gssctx;
*keyp = key;
result = ISC_R_SUCCESS;
out:
cleanup:
if (result != ISC_R_SUCCESS) {
dst_key_free(&key);
}
@ -1056,7 +1029,7 @@ dst_key_generate(const dns_name_t *name, unsigned int alg, unsigned int bits,
dns_rdataclass_t rdclass, const char *label, isc_mem_t *mctx,
dst_key_t **keyp, void (*callback)(int)) {
dst_key_t *key;
isc_result_t ret;
isc_result_t result;
REQUIRE(dst_initialized);
REQUIRE(dns_name_isabsolute(name));
@ -1083,16 +1056,16 @@ dst_key_generate(const dns_name_t *name, unsigned int alg, unsigned int bits,
return DST_R_UNSUPPORTEDALG;
}
ret = key->func->generate(key, param, callback);
if (ret != ISC_R_SUCCESS) {
result = key->func->generate(key, param, callback);
if (result != ISC_R_SUCCESS) {
dst_key_free(&key);
return ret;
return result;
}
ret = computeid(key);
if (ret != ISC_R_SUCCESS) {
result = computeid(key);
if (result != ISC_R_SUCCESS) {
dst_key_free(&key);
return ret;
return result;
}
*keyp = key;
@ -1637,13 +1610,12 @@ dst_key_read_public(const char *filename, int type, isc_mem_t *mctx,
dns_fixedname_t name;
isc_lex_t *lex = NULL;
isc_token_t token;
isc_result_t ret;
isc_result_t result;
dns_rdata_t rdata = DNS_RDATA_INIT;
unsigned int opt = ISC_LEXOPT_DNSMULTILINE | ISC_LEXOPT_ESCAPE;
dns_rdataclass_t rdclass = dns_rdataclass_in;
isc_lexspecials_t specials;
uint32_t ttl = 0;
isc_result_t result;
dns_rdatatype_t keytype;
/*
@ -1663,10 +1635,7 @@ dst_key_read_public(const char *filename, int type, isc_mem_t *mctx,
isc_lex_setspecials(lex, specials);
isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE);
ret = isc_lex_openfile(lex, filename);
if (ret != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(isc_lex_openfile(lex, filename));
/* Read the domain name */
NEXTTOKEN(lex, opt, &token);
@ -1684,11 +1653,8 @@ dst_key_read_public(const char *filename, int type, isc_mem_t *mctx,
dns_fixedname_init(&name);
isc_buffer_init(&b, DST_AS_STR(token), strlen(DST_AS_STR(token)));
isc_buffer_add(&b, strlen(DST_AS_STR(token)));
ret = dns_name_fromtext(dns_fixedname_name(&name), &b, dns_rootname, 0,
NULL);
if (ret != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_name_fromtext(dns_fixedname_name(&name), &b, dns_rootname, 0,
NULL));
/* Read the next word: either TTL, class, or 'KEY' */
NEXTTOKEN(lex, opt, &token);
@ -1707,8 +1673,8 @@ dst_key_read_public(const char *filename, int type, isc_mem_t *mctx,
BADTOKEN();
}
ret = dns_rdataclass_fromtext(&rdclass, &token.value.as_textregion);
if (ret == ISC_R_SUCCESS) {
result = dns_rdataclass_fromtext(&rdclass, &token.value.as_textregion);
if (result == ISC_R_SUCCESS) {
NEXTTOKEN(lex, opt, &token);
}
@ -1727,22 +1693,16 @@ dst_key_read_public(const char *filename, int type, isc_mem_t *mctx,
if (((type & DST_TYPE_KEY) != 0 && keytype != dns_rdatatype_key) ||
((type & DST_TYPE_KEY) == 0 && keytype != dns_rdatatype_dnskey))
{
ret = DST_R_BADKEYTYPE;
result = DST_R_BADKEYTYPE;
goto cleanup;
}
isc_buffer_init(&b, rdatabuf, sizeof(rdatabuf));
ret = dns_rdata_fromtext(&rdata, rdclass, keytype, lex, NULL, false,
mctx, &b, NULL);
if (ret != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_rdata_fromtext(&rdata, rdclass, keytype, lex, NULL, false,
mctx, &b, NULL));
ret = dst_key_fromdns(dns_fixedname_name(&name), rdclass, &b, mctx,
keyp);
if (ret != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dst_key_fromdns(dns_fixedname_name(&name), rdclass, &b, mctx,
keyp));
dst_key_setttl(*keyp, ttl);
@ -1750,7 +1710,7 @@ cleanup:
if (lex != NULL) {
isc_lex_destroy(&lex);
}
return ret;
return result;
}
static int
@ -1801,16 +1761,13 @@ isc_result_t
dst_key_read_state(const char *filename, isc_mem_t *mctx, dst_key_t **keyp) {
isc_lex_t *lex = NULL;
isc_token_t token;
isc_result_t ret;
isc_result_t result;
unsigned int opt = ISC_LEXOPT_EOL;
isc_lex_create(mctx, 1500, &lex);
isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE);
ret = isc_lex_openfile(lex, filename);
if (ret != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(isc_lex_openfile(lex, filename));
/*
* Read the comment line.
@ -1862,7 +1819,7 @@ dst_key_read_state(const char *filename, isc_mem_t *mctx, dst_key_t **keyp) {
int tag;
NEXTTOKEN_OR_EOF(lex, opt, &token);
if (ret == ISC_R_EOF) {
if (result == ISC_R_EOF) {
break;
}
if (token.type != isc_tokentype_string) {
@ -1915,10 +1872,7 @@ dst_key_read_state(const char *filename, isc_mem_t *mctx, dst_key_t **keyp) {
BADTOKEN();
}
ret = dns_time32_fromtext(DST_AS_STR(token), &when);
if (ret != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_time32_fromtext(DST_AS_STR(token), &when));
dst_key_settime(*keyp, tag, when);
goto next;
@ -1936,10 +1890,7 @@ dst_key_read_state(const char *filename, isc_mem_t *mctx, dst_key_t **keyp) {
BADTOKEN();
}
ret = keystate_fromtext(DST_AS_STR(token), &state);
if (ret != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(keystate_fromtext(DST_AS_STR(token), &state));
dst_key_setstate(*keyp, tag, state);
goto next;
@ -1950,13 +1901,13 @@ dst_key_read_state(const char *filename, isc_mem_t *mctx, dst_key_t **keyp) {
}
/* Done, successfully parsed the whole file. */
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
cleanup:
if (lex != NULL) {
isc_lex_destroy(&lex);
}
return ret;
return result;
}
static bool
@ -2320,13 +2271,9 @@ computeid(dst_key_t *key) {
isc_buffer_t dnsbuf;
unsigned char dns_array[DST_KEY_MAXSIZE];
isc_region_t r;
isc_result_t ret;
isc_buffer_init(&dnsbuf, dns_array, sizeof(dns_array));
ret = dst_key_todns(key, &dnsbuf);
if (ret != ISC_R_SUCCESS) {
return ret;
}
RETERR(dst_key_todns(key, &dnsbuf));
isc_buffer_usedregion(&dnsbuf, &r);
key->key_id = dst_region_computeid(&r);
@ -2340,7 +2287,7 @@ frombuffer(const dns_name_t *name, unsigned int alg, unsigned int flags,
isc_buffer_t *source, isc_mem_t *mctx, bool no_rdata,
dst_key_t **keyp) {
dst_key_t *key;
isc_result_t ret;
isc_result_t result;
REQUIRE(dns_name_isabsolute(name));
REQUIRE(source != NULL);
@ -2350,10 +2297,10 @@ frombuffer(const dns_name_t *name, unsigned int alg, unsigned int flags,
key = get_key_struct(name, alg, flags, protocol, 0, rdclass, 0, mctx);
if (isc_buffer_remaininglength(source) > 0) {
ret = algorithm_status(alg);
if (ret != ISC_R_SUCCESS) {
result = algorithm_status(alg);
if (result != ISC_R_SUCCESS) {
dst_key_free(&key);
return ret;
return result;
}
if (key->func->fromdns == NULL) {
dst_key_free(&key);
@ -2361,10 +2308,10 @@ frombuffer(const dns_name_t *name, unsigned int alg, unsigned int flags,
}
if (!no_rdata) {
ret = key->func->fromdns(key, source);
if (ret != ISC_R_SUCCESS) {
result = key->func->fromdns(key, source);
if (result != ISC_R_SUCCESS) {
dst_key_free(&key);
return ret;
return result;
}
}
}

99
lib/dns/dst_parse.c
View file

@ -398,7 +398,7 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
unsigned char *data = NULL;
unsigned int opt = ISC_LEXOPT_EOL;
isc_stdtime_t when;
isc_result_t ret;
isc_result_t result;
bool external = false;
REQUIRE(priv != NULL);
@ -406,20 +406,19 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
priv->nelements = 0;
memset(priv->elements, 0, sizeof(priv->elements));
#define NEXTTOKEN(lex, opt, token) \
do { \
ret = isc_lex_gettoken(lex, opt, token); \
if (ret != ISC_R_SUCCESS) \
goto fail; \
#define NEXTTOKEN(lex, opt, token) \
do { \
CHECK(isc_lex_gettoken(lex, opt, token)); \
} while (0)
#define READLINE(lex, opt, token) \
do { \
ret = isc_lex_gettoken(lex, opt, token); \
if (ret == ISC_R_EOF) \
break; \
else if (ret != ISC_R_SUCCESS) \
goto fail; \
#define READLINE(lex, opt, token) \
do { \
result = isc_lex_gettoken(lex, opt, token); \
if (result == ISC_R_EOF) { \
break; \
} else if (result != ISC_R_SUCCESS) { \
goto cleanup; \
} \
} while ((*token).type != isc_tokentype_eol)
/*
@ -429,24 +428,24 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
if (token.type != isc_tokentype_string ||
strcmp(DST_AS_STR(token), PRIVATE_KEY_STR) != 0)
{
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
NEXTTOKEN(lex, opt, &token);
if (token.type != isc_tokentype_string || (DST_AS_STR(token))[0] != 'v')
{
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
if (sscanf(DST_AS_STR(token), "v%d.%d", &major, &minor) != 2) {
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
if (major > DST_MAJOR_VERSION) {
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
/*
@ -463,16 +462,16 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
if (token.type != isc_tokentype_string ||
strcmp(DST_AS_STR(token), ALGORITHM_STR) != 0)
{
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
NEXTTOKEN(lex, opt | ISC_LEXOPT_NUMBER, &token);
if (token.type != isc_tokentype_number ||
token.value.as_ulong != (unsigned long)dst_key_alg(key))
{
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
READLINE(lex, opt, &token);
@ -484,18 +483,18 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
int tag;
isc_region_t r;
do {
ret = isc_lex_gettoken(lex, opt, &token);
if (ret == ISC_R_EOF) {
result = isc_lex_gettoken(lex, opt, &token);
if (result == ISC_R_EOF) {
goto done;
}
if (ret != ISC_R_SUCCESS) {
goto fail;
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
} while (token.type == isc_tokentype_eol);
if (token.type != isc_tokentype_string) {
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
if (strcmp(DST_AS_STR(token), "External:") == 0) {
@ -510,8 +509,8 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
NEXTTOKEN(lex, opt | ISC_LEXOPT_NUMBER, &token);
if (token.type != isc_tokentype_number) {
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
dst_key_setnum(key, tag, token.value.as_ulong);
@ -525,14 +524,11 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
NEXTTOKEN(lex, opt, &token);
if (token.type != isc_tokentype_string) {
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
ret = dns_time32_fromtext(DST_AS_STR(token), &when);
if (ret != ISC_R_SUCCESS) {
goto fail;
}
CHECK(dns_time32_fromtext(DST_AS_STR(token), &when));
dst_key_settime(key, tag, when);
@ -544,8 +540,8 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
if (tag < 0 && minor > DST_MINOR_VERSION) {
goto next;
} else if (tag < 0) {
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
priv->elements[n].tag = tag;
@ -553,10 +549,7 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
data = isc_mem_get(mctx, MAXFIELDSIZE);
isc_buffer_init(&b, data, MAXFIELDSIZE);
ret = isc_base64_tobuffer(lex, &b, -1);
if (ret != ISC_R_SUCCESS) {
goto fail;
}
CHECK(isc_base64_tobuffer(lex, &b, -1));
isc_buffer_usedregion(&b, &r);
priv->elements[n].length = r.length;
@ -570,30 +563,30 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
done:
if (external && priv->nelements != 0) {
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
check = check_data(priv, alg, true, external);
if (check < 0) {
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
} else if (check != ISC_R_SUCCESS) {
ret = check;
goto fail;
result = check;
goto cleanup;
}
key->external = external;
return ISC_R_SUCCESS;
fail:
cleanup:
dst__privstruct_free(priv, mctx);
if (data != NULL) {
isc_mem_put(mctx, data, MAXFIELDSIZE);
}
return ret;
return result;
}
isc_result_t

7
lib/dns/dyndb.c
View file

@ -29,13 +29,6 @@
#include <dns/view.h>
#include <dns/zone.h>
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
typedef struct dyndb_implementation dyndb_implementation_t;
struct dyndb_implementation {
isc_mem_t *mctx;

27
lib/dns/gssapictx.c
View file

@ -92,13 +92,6 @@ static gss_OID_desc __gss_spnego_mechanism_oid_desc = {
(r).base = (gb).value; \
} while (0)
#define RETERR(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto out; \
} while (0)
static void
name_to_gbuffer(const dns_name_t *name, isc_buffer_t *buffer,
gss_buffer_desc *gbuffer) {
@ -592,8 +585,7 @@ dst_gssapi_initctx(const dns_name_t *name, isc_buffer_t *intoken,
gret = gss_import_name(&minor, &gnamebuf, GSS_C_NO_OID, &gname);
if (gret != GSS_S_COMPLETE) {
gss_err_message(mctx, gret, minor, err_message);
result = ISC_R_FAILURE;
goto out;
CHECK(ISC_R_FAILURE);
}
if (intoken != NULL) {
@ -624,8 +616,7 @@ dst_gssapi_initctx(const dns_name_t *name, isc_buffer_t *intoken,
gss_log(3, "Failure initiating security context");
}
result = ISC_R_FAILURE;
goto out;
CHECK(ISC_R_FAILURE);
}
/*
@ -638,7 +629,7 @@ dst_gssapi_initctx(const dns_name_t *name, isc_buffer_t *intoken,
*/
if (gouttoken.length != 0U) {
GBUFFER_TO_REGION(gouttoken, r);
RETERR(isc_buffer_copyregion(outtoken, &r));
CHECK(isc_buffer_copyregion(outtoken, &r));
}
if (gret == GSS_S_COMPLETE) {
@ -647,7 +638,7 @@ dst_gssapi_initctx(const dns_name_t *name, isc_buffer_t *intoken,
result = DNS_R_CONTINUE;
}
out:
cleanup:
if (gouttoken.length != 0U) {
(void)gss_release_buffer(&minor, &gouttoken);
}
@ -752,7 +743,7 @@ dst_gssapi_acceptctx(dns_gss_cred_id_t cred, const char *gssapi_keytab,
isc_buffer_allocate(mctx, outtoken,
(unsigned int)gouttoken.length);
GBUFFER_TO_REGION(gouttoken, r);
RETERR(isc_buffer_copyregion(*outtoken, &r));
CHECK(isc_buffer_copyregion(*outtoken, &r));
(void)gss_release_buffer(&minor, &gouttoken);
}
@ -762,7 +753,7 @@ dst_gssapi_acceptctx(dns_gss_cred_id_t cred, const char *gssapi_keytab,
gss_log(3, "failed gss_display_name: %s",
gss_error_tostring(gret, minor, buf,
sizeof(buf)));
RETERR(ISC_R_FAILURE);
CHECK(ISC_R_FAILURE);
}
/*
@ -784,8 +775,8 @@ dst_gssapi_acceptctx(dns_gss_cred_id_t cred, const char *gssapi_keytab,
isc_buffer_init(&namebuf, r.base, r.length);
isc_buffer_add(&namebuf, r.length);
RETERR(dns_name_fromtext(principal, &namebuf, dns_rootname, 0,
NULL));
CHECK(dns_name_fromtext(principal, &namebuf, dns_rootname, 0,
NULL));
if (gnamebuf.length != 0U) {
gret = gss_release_buffer(&minor, &gnamebuf);
@ -801,7 +792,7 @@ dst_gssapi_acceptctx(dns_gss_cred_id_t cred, const char *gssapi_keytab,
*ctxout = context;
out:
cleanup:
if (gname != NULL) {
gret = gss_release_name(&minor, &gname);
if (gret != GSS_S_COMPLETE) {

88
lib/dns/journal.c
View file

@ -86,25 +86,6 @@
#define JOURNAL_DEBUG_LOGARGS(n) JOURNAL_COMMON_LOGARGS, ISC_LOG_DEBUG(n)
/*%
* It would be non-sensical (or at least obtuse) to use FAIL() with an
* ISC_R_SUCCESS code, but the test is there to keep the Solaris compiler
* from complaining about "end-of-loop code not reached".
*/
#define FAIL(code) \
do { \
result = (code); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#define JOURNAL_SERIALSET 0x01U
static isc_result_t
@ -647,14 +628,14 @@ journal_open(isc_mem_t *mctx, const char *filename, bool writable, bool create,
*/
result = isc_stdio_open(j->filename, "rb+", &fp);
} else {
FAIL(ISC_R_NOTFOUND);
CHECK(ISC_R_NOTFOUND);
}
}
if (result != ISC_R_SUCCESS) {
isc_log_write(JOURNAL_COMMON_LOGARGS, ISC_LOG_ERROR,
"%s: open: %s", j->filename,
isc_result_totext(result));
FAIL(ISC_R_UNEXPECTED);
CHECK(ISC_R_UNEXPECTED);
}
j->fp = fp;
@ -692,7 +673,7 @@ journal_open(isc_mem_t *mctx, const char *filename, bool writable, bool create,
} else {
isc_log_write(JOURNAL_COMMON_LOGARGS, ISC_LOG_ERROR,
"%s: journal format not recognized", j->filename);
FAIL(ISC_R_UNEXPECTED);
CHECK(ISC_R_UNEXPECTED);
}
journal_header_decode(&rawheader, &j->header);
@ -745,7 +726,7 @@ journal_open(isc_mem_t *mctx, const char *filename, bool writable, bool create,
*journalp = j;
return ISC_R_SUCCESS;
failure:
cleanup:
j->magic = 0;
if (j->rawindex != NULL) {
isc_mem_cput(j->mctx, j->rawindex, j->header.index_size,
@ -921,7 +902,7 @@ maybe_fixup_xhdr(dns_journal_t *j, journal_xhdr_t *xhdr, uint32_t serial,
j->recovered = true;
}
failure:
cleanup:
return result;
}
@ -1001,7 +982,7 @@ journal_next(dns_journal_t *j, journal_pos_t *pos) {
pos->serial = xhdr.serial1;
return ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -1182,7 +1163,7 @@ dns_journal_begin_transaction(dns_journal_t *j) {
j->state = JOURNAL_STATE_TRANSACTION;
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -1272,7 +1253,7 @@ dns_journal_writediff(dns_journal_t *j, dns_diff_t *diff) {
result = ISC_R_SUCCESS;
failure:
cleanup:
if (mem != NULL) {
isc_mem_put(j->mctx, mem, size);
}
@ -1415,7 +1396,7 @@ dns_journal_commit(dns_journal_t *j) {
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -1428,7 +1409,7 @@ dns_journal_write_transaction(dns_journal_t *j, dns_diff_t *diff) {
CHECK(dns_journal_writediff(j, diff));
CHECK(dns_journal_commit(j));
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -1565,7 +1546,7 @@ dns_journal_rollforward(dns_journal_t *j, dns_db_t *db, unsigned int options) {
"%s: journal file corrupt: missing "
"initial SOA",
j->filename);
FAIL(ISC_R_UNEXPECTED);
CHECK(ISC_R_UNEXPECTED);
}
if ((options & DNS_JOURNALOPT_RESIGN) != 0) {
op = (n_soa == 1) ? DNS_DIFFOP_DELRESIGN
@ -1602,7 +1583,7 @@ dns_journal_rollforward(dns_journal_t *j, dns_db_t *db, unsigned int options) {
dns_diff_clear(&diff);
}
failure:
cleanup:
if (ver != NULL) {
dns_db_closeversion(db, &ver,
result == ISC_R_SUCCESS ? true : false);
@ -1708,7 +1689,7 @@ dns_journal_print(isc_mem_t *mctx, uint32_t flags, const char *filename,
"%s: journal file corrupt: missing "
"initial SOA",
j->filename);
FAIL(ISC_R_UNEXPECTED);
CHECK(ISC_R_UNEXPECTED);
}
if (print) {
@ -1750,13 +1731,13 @@ dns_journal_print(isc_mem_t *mctx, uint32_t flags, const char *filename,
result = dns_diff_print(&diff, file);
dns_diff_clear(&diff);
}
goto cleanup;
goto done;
failure:
cleanup:
isc_log_write(JOURNAL_COMMON_LOGARGS, ISC_LOG_ERROR,
"%s: cannot print: journal file corrupt", j->filename);
cleanup:
done:
if (source.base != NULL) {
isc_mem_put(j->mctx, source.base, source.length);
}
@ -1921,7 +1902,7 @@ dns_journal_iter_init(dns_journal_t *j, uint32_t begin_serial,
}
result = ISC_R_SUCCESS;
failure:
cleanup:
j->it.result = result;
return j->it.result;
}
@ -1942,7 +1923,7 @@ dns_journal_first_rr(dns_journal_t *j) {
return read_one_rr(j);
failure:
cleanup:
return result;
}
@ -1976,7 +1957,7 @@ read_one_rr(dns_journal_t *j) {
isc_log_write(JOURNAL_COMMON_LOGARGS, ISC_LOG_ERROR,
"%s: journal corrupt: empty transaction",
j->filename);
FAIL(ISC_R_UNEXPECTED);
CHECK(ISC_R_UNEXPECTED);
}
if (j->header_ver1) {
@ -1992,7 +1973,7 @@ read_one_rr(dns_journal_t *j) {
"expected serial %u, got %u",
j->filename, j->it.current_serial,
xhdr.serial0);
FAIL(ISC_R_UNEXPECTED);
CHECK(ISC_R_UNEXPECTED);
}
j->it.xsize = xhdr.size;
@ -2014,7 +1995,7 @@ read_one_rr(dns_journal_t *j) {
"%s: journal corrupt: impossible RR size "
"(%d bytes)",
j->filename, rrhdr.size);
FAIL(ISC_R_UNEXPECTED);
CHECK(ISC_R_UNEXPECTED);
}
CHECK(size_buffer(j->mctx, &j->it.source, rrhdr.size));
@ -2043,7 +2024,7 @@ read_one_rr(dns_journal_t *j) {
* Check that the RR header is there, and parse it.
*/
if (isc_buffer_remaininglength(&j->it.source) < 10) {
FAIL(DNS_R_FORMERR);
CHECK(DNS_R_FORMERR);
}
rdtype = isc_buffer_getuint16(&j->it.source);
@ -2056,14 +2037,14 @@ read_one_rr(dns_journal_t *j) {
"%s: journal corrupt: impossible rdlen "
"(%u bytes)",
j->filename, rdlen);
FAIL(ISC_R_FAILURE);
CHECK(ISC_R_FAILURE);
}
/*
* Parse the rdata.
*/
if (isc_buffer_remaininglength(&j->it.source) != rdlen) {
FAIL(DNS_R_FORMERR);
CHECK(DNS_R_FORMERR);
}
isc_buffer_setactive(&j->it.source, rdlen);
dns_rdata_reset(&j->it.rdata);
@ -2079,7 +2060,7 @@ read_one_rr(dns_journal_t *j) {
result = ISC_R_SUCCESS;
failure:
cleanup:
j->it.result = result;
return result;
}
@ -2255,7 +2236,7 @@ dns_diff_subtract(dns_diff_t diff[2], dns_diff_t *r) {
ISC_LIST_APPENDLIST(r->tuples, del, link);
ISC_LIST_APPENDLIST(r->tuples, add, link);
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -2347,16 +2328,16 @@ diff_namespace(dns_db_t *dba, dns_dbversion_t *dbvera, dns_db_t *dbb,
next:;
}
if (itresult[0] != ISC_R_NOMORE) {
FAIL(itresult[0]);
CHECK(itresult[0]);
}
if (itresult[1] != ISC_R_NOMORE) {
FAIL(itresult[1]);
CHECK(itresult[1]);
}
INSIST(ISC_LIST_EMPTY(diff[0].tuples));
INSIST(ISC_LIST_EMPTY(diff[1].tuples));
failure:
cleanup:
dns_dbiterator_destroy(&dbit[1]);
cleanup_iterator:
@ -2412,7 +2393,7 @@ dns_db_diffx(dns_diff_t *diff, dns_db_t *dba, dns_dbversion_t *dbvera,
}
}
failure:
cleanup:
if (journal != NULL) {
dns_journal_destroy(&journal);
}
@ -2797,7 +2778,7 @@ dns_journal_compact(isc_mem_t *mctx, char *filename, uint32_t serial,
if (result != ISC_R_SUCCESS &&
result != ISC_R_FILENOTFOUND)
{
goto failure;
CHECK(result);
}
if (rename(filename, backup) == -1) {
goto maperrno;
@ -2808,14 +2789,13 @@ dns_journal_compact(isc_mem_t *mctx, char *filename, uint32_t serial,
(void)isc_file_remove(backup);
} else {
maperrno:
result = ISC_R_FAILURE;
goto failure;
CHECK(ISC_R_FAILURE);
}
}
result = ISC_R_SUCCESS;
failure:
cleanup:
(void)isc_file_remove(newname);
if (buf != NULL) {
isc_mem_put(mctx, buf, size);
@ -2853,6 +2833,6 @@ index_to_disk(dns_journal_t *j) {
CHECK(journal_seek(j, sizeof(journal_rawheader_t)));
CHECK(journal_write(j, j->rawindex, rawbytes));
}
failure:
cleanup:
return result;
}

152
lib/dns/keymgr.c
View file

@ -34,13 +34,6 @@
#include <dst/dst.h>
#define RETERR(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
/*
* Set key state to `target` state and change last changed
* to `time`, only if key state has not been set before.
@ -524,16 +517,16 @@ keymgr_createkey(dns_kasp_key_t *kkey, const dns_name_t *origin,
result = dns_dnssec_findmatchingkeys(origin, NULL, keydir, NULL, now,
true, mctx, &keykeys);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
goto failure;
goto cleanup;
}
do {
if (keystore == NULL) {
RETERR(dst_key_generate(origin, alg, size, 0, flags,
DNS_KEYPROTO_DNSSEC, rdclass,
NULL, mctx, &newkey, NULL));
CHECK(dst_key_generate(origin, alg, size, 0, flags,
DNS_KEYPROTO_DNSSEC, rdclass,
NULL, mctx, &newkey, NULL));
} else {
RETERR(dns_keystore_keygen(
CHECK(dns_keystore_keygen(
keystore, origin, dns_kasp_getname(kasp),
rdclass, mctx, alg, size, flags, &newkey));
}
@ -571,7 +564,7 @@ keymgr_createkey(dns_kasp_key_t *kkey, const dns_name_t *origin,
*dst_key = newkey;
result = ISC_R_SUCCESS;
failure:
cleanup:
while (!ISC_LIST_EMPTY(keykeys)) {
dns_dnsseckey_t *key = ISC_LIST_HEAD(keykeys);
ISC_LIST_UNLINK(keykeys, key, link);
@ -2394,9 +2387,9 @@ dns_keymgr_run(const dns_name_t *origin, dns_rdataclass_t rdclass,
}
/* See if this key requires a rollover. */
RETERR(keymgr_key_rollover(
kkey, active_key, keyring, &newkeys, origin, rdclass,
kasp, keydir, lifetime, opts, now, nexttime, mctx));
CHECK(keymgr_key_rollover(kkey, active_key, keyring, &newkeys,
origin, rdclass, kasp, keydir,
lifetime, opts, now, nexttime, mctx));
opts &= ~DNS_KEYMGRATTR_NOROLL;
}
@ -2439,7 +2432,7 @@ dns_keymgr_run(const dns_name_t *origin, dns_rdataclass_t rdclass,
}
dns_dnssec_get_hints(dkey, now);
RETERR(dst_key_tofile(dkey->key, options, directory));
CHECK(dst_key_tofile(dkey->key, options, directory));
dst_key_setmodified(dkey->key, false);
if (!isc_log_wouldlog(dns_lctx, ISC_LOG_DEBUG(3))) {
@ -2457,7 +2450,7 @@ dns_keymgr_run(const dns_name_t *origin, dns_rdataclass_t rdclass,
}
result = retval;
failure:
cleanup:
if (result != ISC_R_SUCCESS && result != DNS_R_UNCHANGED) {
while ((newkey = ISC_LIST_HEAD(newkeys)) != NULL) {
ISC_LIST_UNLINK(newkeys, newkey, link);
@ -2585,22 +2578,22 @@ keytime_status(dst_key_t *key, isc_stdtime_t now, isc_buffer_t *buf,
isc_stdtime_t when = 0;
dst_key_state_t state = NA;
RETERR(isc_buffer_printf(buf, "%s", pre));
CHECK(isc_buffer_printf(buf, "%s", pre));
(void)dst_key_getstate(key, ks, &state);
isc_result_t r = dst_key_gettime(key, kt, &when);
if (state == RUMOURED || state == OMNIPRESENT) {
RETERR(isc_buffer_printf(buf, "yes - since "));
CHECK(isc_buffer_printf(buf, "yes - since "));
} else if (now < when) {
RETERR(isc_buffer_printf(buf, "no - scheduled "));
CHECK(isc_buffer_printf(buf, "no - scheduled "));
} else {
return isc_buffer_printf(buf, "no\n");
}
if (r == ISC_R_SUCCESS) {
isc_stdtime_tostring(when, timestr, sizeof(timestr));
RETERR(isc_buffer_printf(buf, "%s\n", timestr));
CHECK(isc_buffer_printf(buf, "%s\n", timestr));
}
failure:
cleanup:
return result;
}
@ -2624,7 +2617,7 @@ rollover_status(dns_dnsseckey_t *dkey, dns_kasp_t *kasp, isc_stdtime_t now,
retire = DST_TIME_DELETE;
}
RETERR(isc_buffer_printf(buf, "\n"));
CHECK(isc_buffer_printf(buf, "\n"));
(void)dst_key_getstate(key, DST_KEY_GOAL, &goal);
(void)dst_key_getstate(key, rrsig, &state);
@ -2643,16 +2636,16 @@ rollover_status(dns_dnsseckey_t *dkey, dns_kasp_t *kasp, isc_stdtime_t now,
result = dst_key_gettime(key, DST_TIME_DELETE,
&remove_time);
if (result == ISC_R_SUCCESS) {
RETERR(isc_buffer_printf(
buf, " Key is retired, will be "
"removed on "));
CHECK(isc_buffer_printf(buf, " Key is "
"retired, will be "
"removed on "));
isc_stdtime_tostring(remove_time, timestr,
sizeof(timestr));
RETERR(isc_buffer_printf(buf, "%s", timestr));
CHECK(isc_buffer_printf(buf, "%s", timestr));
}
} else {
RETERR(isc_buffer_printf(buf, " Key has been removed "
"from the zone"));
CHECK(isc_buffer_printf(buf, " Key has been removed "
"from the zone"));
}
} else {
isc_stdtime_t retire_time = 0;
@ -2660,31 +2653,31 @@ rollover_status(dns_dnsseckey_t *dkey, dns_kasp_t *kasp, isc_stdtime_t now,
if (result == ISC_R_SUCCESS) {
if (now < retire_time) {
if (goal == OMNIPRESENT) {
RETERR(isc_buffer_printf(
CHECK(isc_buffer_printf(
buf, " Next rollover "
"scheduled on "));
retire_time = keymgr_prepublication_time(
dkey, kasp,
retire_time - active_time, now);
} else {
RETERR(isc_buffer_printf(
CHECK(isc_buffer_printf(
buf, " Key will retire on "));
}
} else {
RETERR(isc_buffer_printf(buf, " Rollover is "
"due since "));
CHECK(isc_buffer_printf(buf, " Rollover is "
"due since "));
}
isc_stdtime_tostring(retire_time, timestr,
sizeof(timestr));
RETERR(isc_buffer_printf(buf, "%s", timestr));
CHECK(isc_buffer_printf(buf, "%s", timestr));
} else {
RETERR(isc_buffer_printf(buf,
" No rollover scheduled"));
CHECK(isc_buffer_printf(buf,
" No rollover scheduled"));
}
}
RETERR(isc_buffer_printf(buf, "\n"));
CHECK(isc_buffer_printf(buf, "\n"));
failure:
cleanup:
return result;
}
@ -2696,16 +2689,16 @@ keystate_status(dst_key_t *key, isc_buffer_t *buf, const char *pre, int ks) {
(void)dst_key_getstate(key, ks, &state);
switch (state) {
case HIDDEN:
RETERR(isc_buffer_printf(buf, " - %shidden\n", pre));
CHECK(isc_buffer_printf(buf, " - %shidden\n", pre));
break;
case RUMOURED:
RETERR(isc_buffer_printf(buf, " - %srumoured\n", pre));
CHECK(isc_buffer_printf(buf, " - %srumoured\n", pre));
break;
case OMNIPRESENT:
RETERR(isc_buffer_printf(buf, " - %somnipresent\n", pre));
CHECK(isc_buffer_printf(buf, " - %somnipresent\n", pre));
break;
case UNRETENTIVE:
RETERR(isc_buffer_printf(buf, " - %sunretentive\n", pre));
CHECK(isc_buffer_printf(buf, " - %sunretentive\n", pre));
break;
case NA:
default:
@ -2713,7 +2706,7 @@ keystate_status(dst_key_t *key, isc_buffer_t *buf, const char *pre, int ks) {
break;
}
failure:
cleanup:
return result;
}
@ -2731,11 +2724,11 @@ dns_keymgr_status(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
isc_buffer_init(&buf, out, out_len);
// policy name
RETERR(isc_buffer_printf(&buf, "dnssec-policy: %s\n",
dns_kasp_getname(kasp)));
RETERR(isc_buffer_printf(&buf, "current time: "));
CHECK(isc_buffer_printf(&buf, "dnssec-policy: %s\n",
dns_kasp_getname(kasp)));
CHECK(isc_buffer_printf(&buf, "current time: "));
isc_stdtime_tostring(now, timestr, sizeof(timestr));
RETERR(isc_buffer_printf(&buf, "%s\n", timestr));
CHECK(isc_buffer_printf(&buf, "%s\n", timestr));
for (dns_dnsseckey_t *dkey = ISC_LIST_HEAD(*keyring); dkey != NULL;
dkey = ISC_LIST_NEXT(dkey, link))
@ -2750,46 +2743,45 @@ dns_keymgr_status(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
// key data
dns_secalg_format((dns_secalg_t)dst_key_alg(dkey->key), algstr,
sizeof(algstr));
RETERR(isc_buffer_printf(&buf, "\nkey: %d (%s), %s\n",
dst_key_id(dkey->key), algstr,
keymgr_keyrole(dkey->key)));
CHECK(isc_buffer_printf(&buf, "\nkey: %d (%s), %s\n",
dst_key_id(dkey->key), algstr,
keymgr_keyrole(dkey->key)));
// publish status
RETERR(keytime_status(dkey->key, now, &buf,
" published: ", DST_KEY_DNSKEY,
DST_TIME_PUBLISH));
CHECK(keytime_status(dkey->key, now, &buf, " published: ",
DST_KEY_DNSKEY, DST_TIME_PUBLISH));
// signing status
result = dst_key_getbool(dkey->key, DST_BOOL_KSK, &ksk);
if (result == ISC_R_SUCCESS && ksk) {
RETERR(keytime_status(
dkey->key, now, &buf, " key signing: ",
DST_KEY_KRRSIG, DST_TIME_PUBLISH));
CHECK(keytime_status(dkey->key, now, &buf,
" key signing: ",
DST_KEY_KRRSIG, DST_TIME_PUBLISH));
}
result = dst_key_getbool(dkey->key, DST_BOOL_ZSK, &zsk);
if (result == ISC_R_SUCCESS && zsk) {
RETERR(keytime_status(
CHECK(keytime_status(
dkey->key, now, &buf, " zone signing: ",
DST_KEY_ZRRSIG, DST_TIME_ACTIVATE));
}
// rollover status
RETERR(rollover_status(dkey, kasp, now, &buf, zsk));
CHECK(rollover_status(dkey, kasp, now, &buf, zsk));
// key states
RETERR(keystate_status(dkey->key, &buf,
"goal: ", DST_KEY_GOAL));
RETERR(keystate_status(dkey->key, &buf,
"dnskey: ", DST_KEY_DNSKEY));
RETERR(keystate_status(dkey->key, &buf,
"ds: ", DST_KEY_DS));
RETERR(keystate_status(dkey->key, &buf,
"zone rrsig: ", DST_KEY_ZRRSIG));
RETERR(keystate_status(dkey->key, &buf,
"key rrsig: ", DST_KEY_KRRSIG));
CHECK(keystate_status(dkey->key, &buf,
"goal: ", DST_KEY_GOAL));
CHECK(keystate_status(dkey->key, &buf,
"dnskey: ", DST_KEY_DNSKEY));
CHECK(keystate_status(dkey->key, &buf,
"ds: ", DST_KEY_DS));
CHECK(keystate_status(dkey->key, &buf,
"zone rrsig: ", DST_KEY_ZRRSIG));
CHECK(keystate_status(dkey->key, &buf,
"key rrsig: ", DST_KEY_KRRSIG));
}
failure:
cleanup:
return result;
}
@ -2903,15 +2895,13 @@ dns_keymgr_offline(const dns_name_t *origin, dns_dnsseckeylist_t *keyring,
dns_keymgr_key_init(dkey, kasp, now, false);
/* Get current metadata */
RETERR(dst_key_getstate(dkey->key, DST_KEY_DNSKEY,
&current_dnskey));
RETERR(dst_key_getstate(dkey->key, DST_KEY_ZRRSIG,
&current_zrrsig));
RETERR(dst_key_getstate(dkey->key, DST_KEY_GOAL,
&current_goal));
RETERR(dst_key_gettime(dkey->key, DST_TIME_PUBLISH,
&published));
RETERR(dst_key_gettime(dkey->key, DST_TIME_ACTIVATE, &active));
CHECK(dst_key_getstate(dkey->key, DST_KEY_DNSKEY,
&current_dnskey));
CHECK(dst_key_getstate(dkey->key, DST_KEY_ZRRSIG,
&current_zrrsig));
CHECK(dst_key_getstate(dkey->key, DST_KEY_GOAL, &current_goal));
CHECK(dst_key_gettime(dkey->key, DST_TIME_PUBLISH, &published));
CHECK(dst_key_gettime(dkey->key, DST_TIME_ACTIVATE, &active));
(void)dst_key_gettime(dkey->key, DST_TIME_INACTIVE, &inactive);
(void)dst_key_gettime(dkey->key, DST_TIME_DELETE, &remove);
@ -3015,7 +3005,7 @@ dns_keymgr_offline(const dns_name_t *origin, dns_dnsseckeylist_t *keyring,
dns_dnssec_get_hints(dkey, now);
RETERR(dst_key_tofile(dkey->key, options, directory));
CHECK(dst_key_tofile(dkey->key, options, directory));
dst_key_setmodified(dkey->key, false);
if (!isc_log_wouldlog(dns_lctx, ISC_LOG_DEBUG(3))) {
@ -3034,7 +3024,7 @@ dns_keymgr_offline(const dns_name_t *origin, dns_dnsseckeylist_t *keyring,
result = ISC_R_SUCCESS;
failure:
cleanup:
if (isc_log_wouldlog(dns_lctx, ISC_LOG_DEBUG(3))) {
char namebuf[DNS_NAME_FORMATSIZE];
dns_name_format(origin, namebuf, sizeof(namebuf));

13
lib/dns/masterdump.c
View file

@ -51,19 +51,6 @@
#define DNS_DCTX_MAGIC ISC_MAGIC('D', 'c', 't', 'x')
#define DNS_DCTX_VALID(d) ISC_MAGIC_VALID(d, DNS_DCTX_MAGIC)
#define RETERR(x) \
do { \
isc_result_t _r = (x); \
if (_r != ISC_R_SUCCESS) \
return ((_r)); \
} while (0)
#define CHECK(x) \
do { \
if ((x) != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
struct dns_master_style {
dns_masterstyle_flags_t flags; /* DNS_STYLEFLAG_* */
unsigned int ttl_column;

151
lib/dns/nsec3.c
View file

@ -41,13 +41,6 @@
#include <dst/dst.h>
#define CHECK(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#define OPTOUT(x) (((x) & DNS_NSEC3FLAG_OPTOUT) != 0)
#define CREATE(x) (((x) & DNS_NSEC3FLAG_CREATE) != 0)
#define INITIAL(x) (((x) & DNS_NSEC3FLAG_INITIAL) != 0)
@ -442,22 +435,16 @@ delnsec3(dns_db_t *db, dns_dbversion_t *version, const dns_name_t *name,
continue;
}
result = dns_difftuple_create(diff->mctx, DNS_DIFFOP_DEL, name,
rdataset.ttl, &rdata, &tuple);
if (result != ISC_R_SUCCESS) {
goto failure;
}
result = do_one_tuple(&tuple, db, version, diff);
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_DEL, name,
rdataset.ttl, &rdata, &tuple));
CHECK(do_one_tuple(&tuple, db, version, diff));
}
if (result != ISC_R_NOMORE) {
goto failure;
goto cleanup;
}
result = ISC_R_SUCCESS;
failure:
cleanup:
dns_rdataset_disassociate(&rdataset);
cleanup_node:
dns_db_detachnode(db, &node);
@ -530,7 +517,7 @@ find_nsec3(dns_rdata_nsec3_t *nsec3, dns_rdataset_t *rdataset,
break;
}
}
failure:
cleanup:
return result;
}
@ -638,14 +625,14 @@ dns_nsec3_addnsec3(dns_db_t *db, dns_dbversion_t *version,
} else if (CREATE(nsec3param->flags) && OPTOUT(flags)) {
result = dns_nsec3_delnsec3(db, version, name,
nsec3param, diff);
goto failure;
goto cleanup;
} else {
maybe_remove_unsecure = true;
}
} else {
dns_rdataset_disassociate(&rdataset);
if (result != ISC_R_NOMORE) {
goto failure;
goto cleanup;
}
}
}
@ -675,9 +662,7 @@ dns_nsec3_addnsec3(dns_db_t *db, dns_dbversion_t *version,
dns_rdataset_disassociate(&rdataset);
continue;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
if (maybe_remove_unsecure) {
dns_rdataset_disassociate(&rdataset);
@ -689,7 +674,7 @@ dns_nsec3_addnsec3(dns_db_t *db, dns_dbversion_t *version,
if (OPTOUT(nsec3.flags)) {
result = dns_nsec3_delnsec3(db, version, name,
nsec3param, diff);
goto failure;
goto cleanup;
}
goto addnsec3;
} else {
@ -699,7 +684,7 @@ dns_nsec3_addnsec3(dns_db_t *db, dns_dbversion_t *version,
*/
if (OPTOUT(nsec3.flags) && unsecure) {
dns_rdataset_disassociate(&rdataset);
goto failure;
goto cleanup;
}
}
@ -793,7 +778,7 @@ addnsec3:
break;
}
if (result != ISC_R_NOMORE) {
goto failure;
goto cleanup;
}
} else if (result == ISC_R_NOTFOUND) {
/*
@ -833,9 +818,7 @@ addnsec3:
dns_rdataset_disassociate(&rdataset);
continue;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
old_next = nsec3.next;
old_length = nsec3.next_length;
@ -895,7 +878,7 @@ addnsec3:
/* result cannot be ISC_R_NOMORE here */
INSIST(result != ISC_R_NOMORE);
failure:
cleanup:
if (dbit != NULL) {
dns_dbiterator_destroy(&dbit);
}
@ -969,7 +952,7 @@ dns_nsec3_addnsec3s(dns_db_t *db, dns_dbversion_t *version,
result = ISC_R_SUCCESS;
}
failure:
cleanup:
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
}
@ -1042,7 +1025,7 @@ rr_exists(dns_db_t *db, dns_dbversion_t *ver, const dns_name_t *name,
if (result == ISC_R_NOTFOUND) {
*flag = false;
result = ISC_R_SUCCESS;
goto failure;
goto cleanup;
}
for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS;
@ -1062,7 +1045,7 @@ rr_exists(dns_db_t *db, dns_dbversion_t *ver, const dns_name_t *name,
result = ISC_R_SUCCESS;
}
failure:
cleanup:
if (node != NULL) {
dns_db_detachnode(db, &node);
}
@ -1134,9 +1117,7 @@ dns_nsec3param_deletechains(dns_db_t *db, dns_dbversion_t *ver,
if (result == ISC_R_NOTFOUND) {
goto try_private;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS;
result = dns_rdataset_next(&rdataset))
@ -1163,23 +1144,23 @@ dns_nsec3param_deletechains(dns_db_t *db, dns_dbversion_t *ver,
dns_rdata_reset(&rdata);
}
if (result != ISC_R_NOMORE) {
goto failure;
goto cleanup;
}
dns_rdataset_disassociate(&rdataset);
try_private:
if (privatetype == 0) {
goto success;
result = ISC_R_SUCCESS;
goto cleanup;
}
result = dns_db_findrdataset(db, node, ver, privatetype, 0,
(isc_stdtime_t)0, &rdataset, NULL);
if (result == ISC_R_NOTFOUND) {
goto success;
}
if (result != ISC_R_SUCCESS) {
goto failure;
result = ISC_R_SUCCESS;
goto cleanup;
}
CHECK(result);
for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS;
result = dns_rdataset_next(&rdataset))
@ -1221,12 +1202,12 @@ try_private:
}
}
if (result != ISC_R_NOMORE) {
goto failure;
goto cleanup;
}
success:
result = ISC_R_SUCCESS;
failure:
cleanup:
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
}
@ -1258,7 +1239,7 @@ dns_nsec3_addnsec3sx(dns_db_t *db, dns_dbversion_t *version,
result = dns_db_findrdataset(db, node, version, type, 0, 0, &prdataset,
NULL);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
goto failure;
CHECK(result);
}
result = dns_db_findrdataset(db, node, version,
@ -1267,9 +1248,7 @@ dns_nsec3_addnsec3sx(dns_db_t *db, dns_dbversion_t *version,
if (result == ISC_R_NOTFOUND) {
goto try_private;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
/*
* Update each active NSEC3 chain.
@ -1293,15 +1272,17 @@ dns_nsec3_addnsec3sx(dns_db_t *db, dns_dbversion_t *version,
nsecttl, unsecure, diff));
}
if (result != ISC_R_NOMORE) {
goto failure;
goto cleanup;
}
dns_rdataset_disassociate(&rdataset);
try_private:
if (!dns_rdataset_isassociated(&prdataset)) {
goto success;
result = ISC_R_SUCCESS;
goto cleanup;
}
/*
* Update each active NSEC3 chain.
*/
@ -1334,10 +1315,10 @@ try_private:
nsecttl, unsecure, diff));
}
if (result == ISC_R_NOMORE) {
success:
result = ISC_R_SUCCESS;
}
failure:
cleanup:
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
}
@ -1445,9 +1426,7 @@ dns_nsec3_delnsec3(dns_db_t *db, dns_dbversion_t *version,
if (result == ISC_R_NOTFOUND || result == DNS_R_PARTIALMATCH) {
goto cleanup_orphaned_ents;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
CHECK(dns_dbiterator_current(dbit, &node, NULL));
CHECK(dns_dbiterator_pause(dbit));
@ -1457,9 +1436,7 @@ dns_nsec3_delnsec3(dns_db_t *db, dns_dbversion_t *version,
if (result == ISC_R_NOTFOUND) {
goto cleanup_orphaned_ents;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
/*
* If we find a existing NSEC3 for this chain then save the
@ -1473,11 +1450,9 @@ dns_nsec3_delnsec3(dns_db_t *db, dns_dbversion_t *version,
}
dns_rdataset_disassociate(&rdataset);
if (result == ISC_R_NOMORE) {
goto success;
}
if (result != ISC_R_SUCCESS) {
goto failure;
result = ISC_R_SUCCESS;
}
CHECK(result);
/*
* Find the previous NSEC3 and update it.
@ -1503,9 +1478,7 @@ dns_nsec3_delnsec3(dns_db_t *db, dns_dbversion_t *version,
dns_rdataset_disassociate(&rdataset);
continue;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
/*
* Delete the old previous NSEC3.
@ -1559,11 +1532,10 @@ cleanup_orphaned_ents:
salt_length));
result = dns_dbiterator_seek(dbit, hashname);
if (result == ISC_R_NOTFOUND || result == DNS_R_PARTIALMATCH) {
goto success;
}
if (result != ISC_R_SUCCESS) {
goto failure;
result = ISC_R_SUCCESS;
goto cleanup;
}
CHECK(result);
CHECK(dns_dbiterator_current(dbit, &node, NULL));
CHECK(dns_dbiterator_pause(dbit));
@ -1572,11 +1544,10 @@ cleanup_orphaned_ents:
(isc_stdtime_t)0, &rdataset, NULL);
dns_db_detachnode(db, &node);
if (result == ISC_R_NOTFOUND) {
goto success;
}
if (result != ISC_R_SUCCESS) {
goto failure;
result = ISC_R_SUCCESS;
goto cleanup;
}
CHECK(result);
result = find_nsec3(&nsec3, &rdataset, nsec3param);
if (result == ISC_R_SUCCESS) {
@ -1586,11 +1557,9 @@ cleanup_orphaned_ents:
}
dns_rdataset_disassociate(&rdataset);
if (result == ISC_R_NOMORE) {
goto success;
}
if (result != ISC_R_SUCCESS) {
goto failure;
result = ISC_R_SUCCESS;
}
CHECK(result);
pass = 0;
do {
@ -1613,9 +1582,7 @@ cleanup_orphaned_ents:
dns_rdataset_disassociate(&rdataset);
continue;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
/*
* Delete the old previous NSEC3.
@ -1648,10 +1615,9 @@ cleanup_orphaned_ents:
CHECK(delnsec3(db, version, hashname, nsec3param, diff));
} while (1);
success:
result = ISC_R_SUCCESS;
failure:
cleanup:
if (dbit != NULL) {
dns_dbiterator_destroy(&dbit);
}
@ -1695,9 +1661,7 @@ dns_nsec3_delnsec3sx(dns_db_t *db, dns_dbversion_t *version,
if (result == ISC_R_NOTFOUND) {
goto try_private;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
/*
* Update each active NSEC3 chain.
@ -1722,16 +1686,16 @@ dns_nsec3_delnsec3sx(dns_db_t *db, dns_dbversion_t *version,
try_private:
if (privatetype == 0) {
goto success;
result = ISC_R_SUCCESS;
goto cleanup;
}
result = dns_db_findrdataset(db, node, version, privatetype, 0, 0,
&rdataset, NULL);
if (result == ISC_R_NOTFOUND) {
goto success;
}
if (result != ISC_R_SUCCESS) {
goto failure;
result = ISC_R_SUCCESS;
goto cleanup;
}
CHECK(result);
/*
* Update each NSEC3 chain being built.
@ -1764,11 +1728,10 @@ try_private:
CHECK(dns_nsec3_delnsec3(db, version, name, &nsec3param, diff));
}
if (result == ISC_R_NOMORE) {
success:
result = ISC_R_SUCCESS;
}
failure:
cleanup:
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
}

22
lib/dns/openssl_link.c
View file

@ -52,10 +52,10 @@
#include "openssl_shim.h"
#define DST_RET(a) \
{ \
ret = a; \
goto err; \
#define DST_RET(a) \
{ \
result = a; \
goto cleanup; \
}
#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000
@ -232,7 +232,7 @@ dst__openssl_fromlabel_engine(int key_base_id, const char *engine,
const char *label, const char *pin,
EVP_PKEY **ppub, EVP_PKEY **ppriv) {
#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000
isc_result_t ret = ISC_R_SUCCESS;
isc_result_t result = ISC_R_SUCCESS;
ENGINE *e = NULL;
UNUSED(pin);
@ -259,8 +259,8 @@ dst__openssl_fromlabel_engine(int key_base_id, const char *engine,
if (EVP_PKEY_base_id(*ppriv) != key_base_id) {
DST_RET(DST_R_BADKEYTYPE);
}
err:
return ret;
cleanup:
return result;
#else /* if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000 */
UNUSED(key_base_id);
UNUSED(engine);
@ -277,7 +277,7 @@ dst__openssl_fromlabel_provider(int key_base_id, const char *label,
const char *pin, EVP_PKEY **ppub,
EVP_PKEY **ppriv) {
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
isc_result_t ret = DST_R_OPENSSLFAILURE;
isc_result_t result = DST_R_OPENSSLFAILURE;
OSSL_STORE_CTX *ctx = NULL;
UNUSED(pin);
@ -319,11 +319,11 @@ dst__openssl_fromlabel_provider(int key_base_id, const char *label,
OSSL_STORE_INFO_free(info);
}
if (*ppriv != NULL && *ppub != NULL) {
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
}
err:
cleanup:
OSSL_STORE_close(ctx);
return ret;
return result;
#else
UNUSED(key_base_id);
UNUSED(label);

180
lib/dns/opensslecdsa_link.c
View file

@ -50,10 +50,10 @@
#define MAX_PRIVKEY_SIZE (MAX_PUBKEY_SIZE / 2)
#define DST_RET(a) \
{ \
ret = a; \
goto err; \
#define DST_RET(a) \
{ \
result = a; \
goto cleanup; \
}
static bool
@ -139,7 +139,7 @@ static isc_result_t
opensslecdsa_create_pkey_params(unsigned int key_alg, bool private,
const unsigned char *key, size_t key_len,
EVP_PKEY **pkey) {
isc_result_t ret;
isc_result_t result;
int status;
int group_nid = opensslecdsa_key_alg_to_group_nid(key_alg);
const char *groupname = opensslecdsa_key_alg_to_group_name(key_alg);
@ -238,9 +238,9 @@ opensslecdsa_create_pkey_params(unsigned int key_alg, bool private,
DST_R_OPENSSLFAILURE));
}
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
OSSL_PARAM_free(params);
OSSL_PARAM_BLD_free(bld);
EVP_PKEY_CTX_free(ctx);
@ -248,7 +248,7 @@ err:
EC_POINT_free(pubkey);
EC_GROUP_free(group);
return ret;
return result;
}
static bool
@ -279,7 +279,7 @@ static isc_result_t
opensslecdsa_create_pkey_legacy(unsigned int key_alg, bool private,
const unsigned char *key, size_t key_len,
EVP_PKEY **retkey) {
isc_result_t ret = ISC_R_SUCCESS;
isc_result_t result = ISC_R_SUCCESS;
EC_KEY *eckey = NULL;
EVP_PKEY *pkey = NULL;
BIGNUM *privkey = NULL;
@ -334,12 +334,12 @@ opensslecdsa_create_pkey_legacy(unsigned int key_alg, bool private,
*retkey = pkey;
pkey = NULL;
err:
cleanup:
BN_clear_free(privkey);
EC_POINT_free(pubkey);
EC_KEY_free(eckey);
EVP_PKEY_free(pkey);
return ret;
return result;
}
static bool
@ -389,19 +389,19 @@ static isc_result_t
opensslecdsa_create_pkey(unsigned int key_alg, bool private,
const unsigned char *key, size_t key_len,
EVP_PKEY **retkey) {
isc_result_t ret;
isc_result_t result;
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
ret = opensslecdsa_create_pkey_params(key_alg, private, key, key_len,
retkey);
if (ret != ISC_R_FAILURE) {
return ret;
result = opensslecdsa_create_pkey_params(key_alg, private, key, key_len,
retkey);
if (result != ISC_R_FAILURE) {
return result;
}
#endif
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
ret = opensslecdsa_create_pkey_legacy(key_alg, private, key, key_len,
retkey);
if (ret == ISC_R_SUCCESS) {
return ret;
result = opensslecdsa_create_pkey_legacy(key_alg, private, key, key_len,
retkey);
if (result == ISC_R_SUCCESS) {
return result;
}
#endif
return DST_R_OPENSSLFAILURE;
@ -413,7 +413,7 @@ static isc_result_t
opensslecdsa_generate_pkey_with_uri(int group_nid, const char *label,
EVP_PKEY **retkey) {
int status;
isc_result_t ret;
isc_result_t result;
char *uri = UNCONST(label);
EVP_PKEY_CTX *ctx = NULL;
OSSL_PARAM params[3];
@ -461,17 +461,17 @@ opensslecdsa_generate_pkey_with_uri(int group_nid, const char *label,
DST_R_OPENSSLFAILURE));
}
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
EVP_PKEY_CTX_free(ctx);
return ret;
return result;
}
static isc_result_t
opensslecdsa_generate_pkey(unsigned int key_alg, const char *label,
EVP_PKEY **retkey) {
isc_result_t ret;
isc_result_t result;
EVP_PKEY_CTX *ctx = NULL;
EVP_PKEY *params_pkey = NULL;
int group_nid = opensslecdsa_key_alg_to_group_nid(key_alg);
@ -523,12 +523,12 @@ opensslecdsa_generate_pkey(unsigned int key_alg, const char *label,
DST_RET(dst__openssl_toresult2("EVP_PKEY_keygen",
DST_R_OPENSSLFAILURE));
}
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
EVP_PKEY_free(params_pkey);
EVP_PKEY_CTX_free(ctx);
return ret;
return result;
}
static isc_result_t
@ -565,7 +565,7 @@ opensslecdsa_extract_private_key(const dst_key_t *key, unsigned char *buf,
static isc_result_t
opensslecdsa_generate_pkey(unsigned int key_alg, const char *label,
EVP_PKEY **retkey) {
isc_result_t ret;
isc_result_t result;
EC_KEY *eckey = NULL;
EVP_PKEY *pkey = NULL;
int group_nid;
@ -595,12 +595,12 @@ opensslecdsa_generate_pkey(unsigned int key_alg, const char *label,
}
*retkey = pkey;
pkey = NULL;
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
EC_KEY_free(eckey);
EVP_PKEY_free(pkey);
return ret;
return result;
}
static isc_result_t
@ -647,7 +647,7 @@ opensslecdsa_extract_private_key(const dst_key_t *key, unsigned char *buf,
static isc_result_t
opensslecdsa_createctx(dst_key_t *key, dst_context_t *dctx) {
isc_result_t ret = ISC_R_SUCCESS;
isc_result_t result = ISC_R_SUCCESS;
EVP_MD_CTX *evp_md_ctx;
const EVP_MD *type = NULL;
@ -687,8 +687,8 @@ opensslecdsa_createctx(dst_key_t *key, dst_context_t *dctx) {
dctx->ctxdata.evp_md_ctx = evp_md_ctx;
err:
return ret;
cleanup:
return result;
}
static void
@ -706,7 +706,7 @@ opensslecdsa_destroyctx(dst_context_t *dctx) {
static isc_result_t
opensslecdsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
isc_result_t ret = ISC_R_SUCCESS;
isc_result_t result = ISC_R_SUCCESS;
EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
REQUIRE(opensslecdsa_valid_key_alg(dctx->key->key_alg));
@ -730,13 +730,13 @@ opensslecdsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
}
}
err:
return ret;
cleanup:
return result;
}
static isc_result_t
opensslecdsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
isc_result_t ret;
isc_result_t result;
dst_key_t *key = dctx->key;
isc_region_t region;
EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
@ -786,19 +786,19 @@ opensslecdsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
isc_region_consume(&region, siglen / 2);
ECDSA_SIG_free(ecdsasig);
isc_buffer_add(sig, siglen);
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
if (sigder != NULL && sigder_alloced != 0) {
isc_mem_put(dctx->mctx, sigder, sigder_alloced);
}
return ret;
return result;
}
static isc_result_t
opensslecdsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
isc_result_t ret;
isc_result_t result;
dst_key_t *key = dctx->key;
int status;
unsigned char *cp = sig->base;
@ -853,19 +853,19 @@ opensslecdsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
switch (status) {
case 1:
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
break;
case 0:
ret = dst__openssl_toresult(DST_R_VERIFYFAILURE);
result = dst__openssl_toresult(DST_R_VERIFYFAILURE);
break;
default:
ret = dst__openssl_toresult3(dctx->category,
"EVP_DigestVerifyFinal",
DST_R_VERIFYFAILURE);
result = dst__openssl_toresult3(dctx->category,
"EVP_DigestVerifyFinal",
DST_R_VERIFYFAILURE);
break;
}
err:
cleanup:
if (ecdsasig != NULL) {
ECDSA_SIG_free(ecdsasig);
}
@ -873,7 +873,7 @@ err:
isc_mem_put(dctx->mctx, sigder, sigder_alloced);
}
return ret;
return result;
}
static isc_result_t
@ -898,7 +898,7 @@ opensslecdsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
static isc_result_t
opensslecdsa_todns(const dst_key_t *key, isc_buffer_t *data) {
isc_result_t ret;
isc_result_t result;
isc_region_t r;
size_t keysize;
@ -915,15 +915,15 @@ opensslecdsa_todns(const dst_key_t *key, isc_buffer_t *data) {
}
isc_buffer_add(data, keysize);
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
return ret;
cleanup:
return result;
}
static isc_result_t
opensslecdsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
isc_result_t ret;
isc_result_t result;
EVP_PKEY *pkey = NULL;
isc_region_t r;
size_t len;
@ -939,23 +939,21 @@ opensslecdsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
DST_RET(DST_R_INVALIDPUBLICKEY);
}
ret = opensslecdsa_create_pkey(key->key_alg, false, r.base, len, &pkey);
if (ret != ISC_R_SUCCESS) {
DST_RET(ret);
}
CHECK(opensslecdsa_create_pkey(key->key_alg, false, r.base, len,
&pkey));
isc_buffer_forward(data, len);
key->key_size = EVP_PKEY_bits(pkey);
key->keydata.pkeypair.pub = pkey;
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
return ret;
cleanup:
return result;
}
static isc_result_t
opensslecdsa_tofile(const dst_key_t *key, const char *directory) {
isc_result_t ret;
isc_result_t result;
dst_private_t priv;
unsigned char buf[MAX_PRIVKEY_SIZE];
size_t keylen = 0;
@ -1001,11 +999,11 @@ opensslecdsa_tofile(const dst_key_t *key, const char *directory) {
}
priv.nelements = i;
ret = dst__privstruct_writefile(key, &priv, directory);
result = dst__privstruct_writefile(key, &priv, directory);
err:
cleanup:
isc_safe_memwipe(buf, keylen);
return ret;
return result;
}
static isc_result_t
@ -1015,7 +1013,7 @@ opensslecdsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
static isc_result_t
opensslecdsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
dst_private_t priv;
isc_result_t ret;
isc_result_t result;
EVP_PKEY *pkey = NULL;
const char *engine = NULL;
const char *label = NULL;
@ -1024,11 +1022,8 @@ opensslecdsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
REQUIRE(opensslecdsa_valid_key_alg(key->key_alg));
/* read private key file */
ret = dst__privstruct_parse(key, DST_ALG_ECDSA256, lexer, key->mctx,
&priv);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(dst__privstruct_parse(key, DST_ALG_ECDSA256, lexer, key->mctx,
&priv));
if (key->external) {
if (priv.nelements != 0 || pub == NULL) {
@ -1058,10 +1053,7 @@ opensslecdsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
}
if (label != NULL) {
ret = opensslecdsa_fromlabel(key, engine, label, NULL);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(opensslecdsa_fromlabel(key, engine, label, NULL));
/* Check that the public component matches if given */
if (pub != NULL && EVP_PKEY_eq(key->keydata.pkeypair.pub,
pub->keydata.pkeypair.pub) != 1)
@ -1075,12 +1067,9 @@ opensslecdsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
}
ret = opensslecdsa_create_pkey(
CHECK(opensslecdsa_create_pkey(
key->key_alg, true, priv.elements[privkey_index].data,
priv.elements[privkey_index].length, &pkey);
if (ret != ISC_R_SUCCESS) {
goto err;
}
priv.elements[privkey_index].length, &pkey));
/* Check that the public component matches if given */
if (pub != NULL && EVP_PKEY_eq(pkey, pub->keydata.pkeypair.pub) != 1) {
@ -1092,40 +1081,31 @@ opensslecdsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
key->keydata.pkeypair.pub = pkey;
pkey = NULL;
err:
cleanup:
EVP_PKEY_free(pkey);
if (ret != ISC_R_SUCCESS) {
if (result != ISC_R_SUCCESS) {
key->keydata.generic = NULL;
}
dst__privstruct_free(&priv, key->mctx);
isc_safe_memwipe(&priv, sizeof(priv));
return ret;
return result;
}
static isc_result_t
opensslecdsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
const char *pin) {
EVP_PKEY *privpkey = NULL, *pubpkey = NULL;
isc_result_t ret;
isc_result_t result;
REQUIRE(opensslecdsa_valid_key_alg(key->key_alg));
UNUSED(pin);
ret = dst__openssl_fromlabel(EVP_PKEY_EC, engine, label, pin, &pubpkey,
&privpkey);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(dst__openssl_fromlabel(EVP_PKEY_EC, engine, label, pin, &pubpkey,
&privpkey));
ret = opensslecdsa_validate_pkey_group(key->key_alg, privpkey);
if (ret != ISC_R_SUCCESS) {
goto err;
}
ret = opensslecdsa_validate_pkey_group(key->key_alg, pubpkey);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(opensslecdsa_validate_pkey_group(key->key_alg, privpkey));
CHECK(opensslecdsa_validate_pkey_group(key->key_alg, pubpkey));
if (engine != NULL) {
key->engine = isc_mem_strdup(key->mctx, engine);
@ -1137,10 +1117,10 @@ opensslecdsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
privpkey = NULL;
pubpkey = NULL;
err:
cleanup:
EVP_PKEY_free(privpkey);
EVP_PKEY_free(pubpkey);
return ret;
return result;
}
static dst_func_t opensslecdsa_functions = {

104
lib/dns/openssleddsa_link.c
View file

@ -35,10 +35,10 @@
#include "dst_parse.h"
#include "openssl_shim.h"
#define DST_RET(a) \
{ \
ret = a; \
goto err; \
#define DST_RET(a) \
{ \
result = a; \
goto cleanup; \
}
#if HAVE_OPENSSL_ED25519
@ -88,13 +88,13 @@ openssleddsa_alg_info(unsigned int key_alg) {
static isc_result_t
raw_key_to_ossl(const eddsa_alginfo_t *alginfo, int private,
const unsigned char *key, size_t *key_len, EVP_PKEY **pkey) {
isc_result_t ret;
isc_result_t result;
int pkey_type = alginfo->pkey_type;
size_t len = alginfo->key_size;
ret = (private ? DST_R_INVALIDPRIVATEKEY : DST_R_INVALIDPUBLICKEY);
result = (private ? DST_R_INVALIDPRIVATEKEY : DST_R_INVALIDPUBLICKEY);
if (*key_len < len) {
return ret;
return result;
}
if (private) {
@ -103,7 +103,7 @@ raw_key_to_ossl(const eddsa_alginfo_t *alginfo, int private,
*pkey = EVP_PKEY_new_raw_public_key(pkey_type, NULL, key, len);
}
if (*pkey == NULL) {
return dst__openssl_toresult(ret);
return dst__openssl_toresult(result);
}
*key_len = len;
@ -172,7 +172,7 @@ openssleddsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
static isc_result_t
openssleddsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
isc_result_t ret;
isc_result_t result;
dst_key_t *key = dctx->key;
isc_region_t tbsreg;
isc_region_t sigreg;
@ -207,19 +207,19 @@ openssleddsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
DST_R_SIGNFAILURE));
}
isc_buffer_add(sig, (unsigned int)siglen);
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
EVP_MD_CTX_free(ctx);
isc_buffer_free(&buf);
dctx->ctxdata.generic = NULL;
return ret;
return result;
}
static isc_result_t
openssleddsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
isc_result_t ret;
isc_result_t result;
dst_key_t *key = dctx->key;
int status;
isc_region_t tbsreg;
@ -250,28 +250,29 @@ openssleddsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
switch (status) {
case 1:
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
break;
case 0:
ret = dst__openssl_toresult(DST_R_VERIFYFAILURE);
result = dst__openssl_toresult(DST_R_VERIFYFAILURE);
break;
default:
ret = dst__openssl_toresult3(dctx->category, "EVP_DigestVerify",
DST_R_VERIFYFAILURE);
result = dst__openssl_toresult3(dctx->category,
"EVP_DigestVerify",
DST_R_VERIFYFAILURE);
break;
}
err:
cleanup:
EVP_MD_CTX_free(ctx);
isc_buffer_free(&buf);
dctx->ctxdata.generic = NULL;
return ret;
return result;
}
static isc_result_t
openssleddsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
isc_result_t ret;
isc_result_t result;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
const eddsa_alginfo_t *alginfo = openssleddsa_alg_info(key->key_alg);
@ -302,11 +303,11 @@ openssleddsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
key->key_size = alginfo->key_size * 8;
key->keydata.pkeypair.priv = pkey;
key->keydata.pkeypair.pub = pkey;
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
EVP_PKEY_CTX_free(ctx);
return ret;
return result;
}
static isc_result_t
@ -363,7 +364,7 @@ openssleddsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
static isc_result_t
openssleddsa_tofile(const dst_key_t *key, const char *directory) {
const eddsa_alginfo_t *alginfo = openssleddsa_alg_info(key->key_alg);
isc_result_t ret;
isc_result_t result;
dst_private_t priv;
unsigned char *buf = NULL;
size_t len;
@ -411,20 +412,20 @@ openssleddsa_tofile(const dst_key_t *key, const char *directory) {
}
priv.nelements = i;
ret = dst__privstruct_writefile(key, &priv, directory);
result = dst__privstruct_writefile(key, &priv, directory);
err:
cleanup:
if (buf != NULL) {
isc_mem_put(key->mctx, buf, len);
}
return ret;
return result;
}
static isc_result_t
openssleddsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
const eddsa_alginfo_t *alginfo = openssleddsa_alg_info(key->key_alg);
dst_private_t priv;
isc_result_t ret;
isc_result_t result;
int i, privkey_index = -1;
const char *engine = NULL, *label = NULL;
EVP_PKEY *pkey = NULL;
@ -434,10 +435,7 @@ openssleddsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
REQUIRE(alginfo != NULL);
/* read private key file */
ret = dst__privstruct_parse(key, DST_ALG_ED25519, lexer, mctx, &priv);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(dst__privstruct_parse(key, DST_ALG_ED25519, lexer, mctx, &priv));
if (key->external) {
if (priv.nelements != 0) {
@ -470,10 +468,7 @@ openssleddsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
}
if (label != NULL) {
ret = openssleddsa_fromlabel(key, engine, label, NULL);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(openssleddsa_fromlabel(key, engine, label, NULL));
/* Check that the public component matches if given */
if (pub != NULL && EVP_PKEY_eq(key->keydata.pkeypair.pub,
pub->keydata.pkeypair.pub) != 1)
@ -488,11 +483,8 @@ openssleddsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
}
len = priv.elements[privkey_index].length;
ret = raw_key_to_ossl(alginfo, 1, priv.elements[privkey_index].data,
&len, &pkey);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(raw_key_to_ossl(alginfo, 1, priv.elements[privkey_index].data,
&len, &pkey));
/* Check that the public component matches if given */
if (pub != NULL && EVP_PKEY_eq(pkey, pub->keydata.pkeypair.pub) != 1) {
DST_RET(DST_R_INVALIDPRIVATEKEY);
@ -502,13 +494,13 @@ openssleddsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
key->keydata.pkeypair.pub = pkey;
key->key_size = len * 8;
pkey = NULL;
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
EVP_PKEY_free(pkey);
dst__privstruct_free(&priv, mctx);
isc_safe_memwipe(&priv, sizeof(priv));
return ret;
return result;
}
static isc_result_t
@ -516,16 +508,13 @@ openssleddsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
const char *pin) {
const eddsa_alginfo_t *alginfo = openssleddsa_alg_info(key->key_alg);
EVP_PKEY *privpkey = NULL, *pubpkey = NULL;
isc_result_t ret;
isc_result_t result;
REQUIRE(alginfo != NULL);
UNUSED(pin);
ret = dst__openssl_fromlabel(alginfo->pkey_type, engine, label, pin,
&pubpkey, &privpkey);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(dst__openssl_fromlabel(alginfo->pkey_type, engine, label, pin,
&pubpkey, &privpkey));
if (engine != NULL) {
key->engine = isc_mem_strdup(key->mctx, engine);
@ -537,10 +526,10 @@ openssleddsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
privpkey = NULL;
pubpkey = NULL;
err:
cleanup:
EVP_PKEY_free(privpkey);
EVP_PKEY_free(pubpkey);
return ret;
return result;
}
static dst_func_t openssleddsa_functions = {
@ -605,7 +594,7 @@ check_algorithm(unsigned char algorithm) {
const unsigned char *key = NULL;
const unsigned char *sig = NULL;
const unsigned char test[] = "test";
isc_result_t ret = ISC_R_SUCCESS;
isc_result_t result = ISC_R_SUCCESS;
size_t key_len, sig_len;
if (evp_md_ctx == NULL) {
@ -636,10 +625,7 @@ check_algorithm(unsigned char algorithm) {
}
INSIST(alginfo != NULL);
ret = raw_key_to_ossl(alginfo, 0, key, &key_len, &pkey);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(raw_key_to_ossl(alginfo, 0, key, &key_len, &pkey));
/*
* Check that we can verify the signature.
@ -651,7 +637,7 @@ check_algorithm(unsigned char algorithm) {
DST_RET(ISC_R_NOTIMPLEMENTED);
}
err:
cleanup:
if (pkey != NULL) {
EVP_PKEY_free(pkey);
}
@ -659,7 +645,7 @@ err:
EVP_MD_CTX_destroy(evp_md_ctx);
}
ERR_clear_error();
return ret;
return result;
}
isc_result_t

145
lib/dns/opensslrsa_link.c
View file

@ -37,10 +37,10 @@
#include "dst_parse.h"
#include "openssl_shim.h"
#define DST_RET(a) \
{ \
ret = a; \
goto err; \
#define DST_RET(a) \
{ \
result = a; \
goto cleanup; \
}
typedef struct rsa_components {
@ -370,7 +370,7 @@ opensslrsa_generate_pkey(unsigned int key_size, const char *label, BIGNUM *e,
RSA *rsa = NULL;
EVP_PKEY *pkey = NULL;
BN_GENCB *cb = NULL;
isc_result_t ret;
isc_result_t result;
UNUSED(label);
@ -398,18 +398,18 @@ opensslrsa_generate_pkey(unsigned int key_size, const char *label, BIGNUM *e,
}
*retkey = pkey;
pkey = NULL;
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
EVP_PKEY_free(pkey);
RSA_free(rsa);
BN_GENCB_free(cb);
return ret;
return result;
}
static isc_result_t
opensslrsa_build_pkey(bool private, rsa_components_t *c, EVP_PKEY **retpkey) {
isc_result_t ret;
isc_result_t result;
EVP_PKEY *pkey = NULL;
RSA *rsa = RSA_new();
int status;
@ -474,13 +474,13 @@ opensslrsa_build_pkey(bool private, rsa_components_t *c, EVP_PKEY **retpkey) {
*retpkey = pkey;
pkey = NULL;
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
EVP_PKEY_free(pkey);
RSA_free(rsa);
opensslrsa_components_free(c);
return ret;
return result;
}
#else
static int
@ -501,7 +501,7 @@ opensslrsa_generate_pkey_with_uri(size_t key_size, const char *label,
EVP_PKEY_CTX *ctx = NULL;
OSSL_PARAM params[4];
char *uri = UNCONST(label);
isc_result_t ret;
isc_result_t result;
int status;
params[0] = OSSL_PARAM_construct_utf8_string("pkcs11_uri", uri, 0);
@ -534,17 +534,17 @@ opensslrsa_generate_pkey_with_uri(size_t key_size, const char *label,
DST_R_OPENSSLFAILURE));
}
ret = ISC_R_SUCCESS;
err:
result = ISC_R_SUCCESS;
cleanup:
EVP_PKEY_CTX_free(ctx);
return ret;
return result;
}
static isc_result_t
opensslrsa_generate_pkey(unsigned int key_size, const char *label, BIGNUM *e,
void (*callback)(int), EVP_PKEY **retkey) {
EVP_PKEY_CTX *ctx;
isc_result_t ret;
isc_result_t result;
if (label != NULL) {
return opensslrsa_generate_pkey_with_uri(key_size, label,
@ -577,15 +577,15 @@ opensslrsa_generate_pkey(unsigned int key_size, const char *label, BIGNUM *e,
DST_RET(dst__openssl_toresult2("EVP_PKEY_keygen",
DST_R_OPENSSLFAILURE));
}
ret = ISC_R_SUCCESS;
err:
result = ISC_R_SUCCESS;
cleanup:
EVP_PKEY_CTX_free(ctx);
return ret;
return result;
}
static isc_result_t
opensslrsa_build_pkey(bool private, rsa_components_t *c, EVP_PKEY **retpkey) {
isc_result_t ret;
isc_result_t result;
int status;
OSSL_PARAM_BLD *bld = NULL;
OSSL_PARAM *params = NULL;
@ -666,19 +666,19 @@ opensslrsa_build_pkey(bool private, rsa_components_t *c, EVP_PKEY **retpkey) {
DST_RET(dst__openssl_toresult2("EVP_PKEY_fromdata",
DST_R_OPENSSLFAILURE));
}
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
EVP_PKEY_CTX_free(ctx);
OSSL_PARAM_free(params);
OSSL_PARAM_BLD_free(bld);
return ret;
return result;
}
#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
static isc_result_t
opensslrsa_generate(dst_key_t *key, int exp, void (*callback)(int)) {
isc_result_t ret;
isc_result_t result;
BIGNUM *e = BN_new();
EVP_PKEY *pkey = NULL;
@ -723,21 +723,18 @@ opensslrsa_generate(dst_key_t *key, int exp, void (*callback)(int)) {
BN_set_bit(e, 32);
}
ret = opensslrsa_generate_pkey(key->key_size, key->label, e, callback,
&pkey);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(opensslrsa_generate_pkey(key->key_size, key->label, e, callback,
&pkey));
key->keydata.pkeypair.pub = pkey;
key->keydata.pkeypair.priv = pkey;
pkey = NULL;
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
EVP_PKEY_free(pkey);
BN_free(e);
return ret;
return result;
}
static isc_result_t
@ -745,17 +742,14 @@ opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) {
isc_region_t r;
unsigned int e_bytes;
unsigned int mod_bytes;
isc_result_t ret;
isc_result_t result;
rsa_components_t c = { 0 };
REQUIRE(key->keydata.pkeypair.pub != NULL);
isc_buffer_availableregion(data, &r);
ret = opensslrsa_components_get(key, &c, false);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(opensslrsa_components_get(key, &c, false));
mod_bytes = BN_num_bytes(c.n);
e_bytes = BN_num_bytes(c.e);
@ -786,15 +780,15 @@ opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) {
isc_buffer_add(data, e_bytes + mod_bytes);
ret = ISC_R_SUCCESS;
err:
result = ISC_R_SUCCESS;
cleanup:
opensslrsa_components_free(&c);
return ret;
return result;
}
static isc_result_t
opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
isc_result_t ret;
isc_result_t result;
isc_region_t r;
unsigned int e_bytes;
unsigned int length;
@ -836,16 +830,16 @@ opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
isc_buffer_forward(data, length);
key->key_size = BN_num_bits(c.n);
ret = opensslrsa_build_pkey(false, &c, &key->keydata.pkeypair.pub);
result = opensslrsa_build_pkey(false, &c, &key->keydata.pkeypair.pub);
err:
cleanup:
opensslrsa_components_free(&c);
return ret;
return result;
}
static isc_result_t
opensslrsa_tofile(const dst_key_t *key, const char *directory) {
isc_result_t ret;
isc_result_t result;
dst_private_t priv = { 0 };
unsigned char *bufs[8] = { NULL };
unsigned short i = 0;
@ -855,10 +849,7 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) {
return dst__privstruct_writefile(key, &priv, directory);
}
ret = opensslrsa_components_get(key, &c, true);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(opensslrsa_components_get(key, &c, true));
priv.elements[i].tag = TAG_RSA_MODULUS;
priv.elements[i].length = BN_num_bytes(c.n);
@ -951,9 +942,9 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) {
}
priv.nelements = i;
ret = dst__privstruct_writefile(key, &priv, directory);
result = dst__privstruct_writefile(key, &priv, directory);
err:
cleanup:
for (i = 0; i < ARRAY_SIZE(bufs); i++) {
if (bufs[i] != NULL) {
isc_mem_put(key->mctx, bufs[i],
@ -962,7 +953,7 @@ err:
}
opensslrsa_components_free(&c);
return ret;
return result;
}
static isc_result_t
@ -972,7 +963,7 @@ opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
static isc_result_t
opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
dst_private_t priv;
isc_result_t ret;
isc_result_t result;
int i;
isc_mem_t *mctx = NULL;
const char *engine = NULL, *label = NULL;
@ -985,10 +976,7 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
mctx = key->mctx;
/* read private key file */
ret = dst__privstruct_parse(key, DST_ALG_RSA, lexer, mctx, &priv);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(dst__privstruct_parse(key, DST_ALG_RSA, lexer, mctx, &priv));
if (key->external) {
if (priv.nelements != 0 || pub == NULL) {
@ -1020,9 +1008,9 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
* See if we can fetch it.
*/
if (label != NULL) {
ret = opensslrsa_fromlabel(key, engine, label, NULL);
if (ret != ISC_R_SUCCESS) {
DST_RET(ret);
result = opensslrsa_fromlabel(key, engine, label, NULL);
if (result != ISC_R_SUCCESS) {
DST_RET(result);
}
/* Check that the public component matches if given */
if (pub != NULL && EVP_PKEY_eq(key->keydata.pkeypair.pub,
@ -1086,10 +1074,7 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
}
key->key_size = BN_num_bits(c.n);
ret = opensslrsa_build_pkey(true, &c, &pkey);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(opensslrsa_build_pkey(true, &c, &pkey));
/* Check that the public component matches if given */
if (pub != NULL && EVP_PKEY_eq(pkey, pub->keydata.pkeypair.pub) != 1) {
@ -1100,30 +1085,27 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
key->keydata.pkeypair.priv = pkey;
pkey = NULL;
err:
cleanup:
opensslrsa_components_free(&c);
EVP_PKEY_free(pkey);
if (ret != ISC_R_SUCCESS) {
if (result != ISC_R_SUCCESS) {
key->keydata.generic = NULL;
}
dst__privstruct_free(&priv, mctx);
isc_safe_memwipe(&priv, sizeof(priv));
return ret;
return result;
}
static isc_result_t
opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
const char *pin) {
EVP_PKEY *privpkey = NULL, *pubpkey = NULL;
isc_result_t ret;
isc_result_t result;
ret = dst__openssl_fromlabel(EVP_PKEY_RSA, engine, label, pin, &pubpkey,
&privpkey);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(dst__openssl_fromlabel(EVP_PKEY_RSA, engine, label, pin, &pubpkey,
&privpkey));
if (!opensslrsa_check_exponent_bits(pubpkey, RSA_MAX_PUBEXP_BITS)) {
DST_RET(ISC_R_RANGE);
@ -1139,10 +1121,10 @@ opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
privpkey = NULL;
pubpkey = NULL;
err:
cleanup:
EVP_PKEY_free(privpkey);
EVP_PKEY_free(pubpkey);
return ret;
return result;
}
static dst_func_t opensslrsa_functions = {
@ -1252,7 +1234,7 @@ check_algorithm(unsigned char algorithm) {
EVP_PKEY *pkey = NULL;
const EVP_MD *type = NULL;
const unsigned char *sig = NULL;
isc_result_t ret = ISC_R_SUCCESS;
isc_result_t result = ISC_R_SUCCESS;
size_t len;
if (evp_md_ctx == NULL) {
@ -1293,10 +1275,7 @@ check_algorithm(unsigned char algorithm) {
DST_RET(ISC_R_NOMEMORY);
}
ret = opensslrsa_build_pkey(false, &c, &pkey);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(opensslrsa_build_pkey(false, &c, &pkey));
/*
* Check that we can verify the signature.
@ -1308,12 +1287,12 @@ check_algorithm(unsigned char algorithm) {
DST_RET(ISC_R_NOTIMPLEMENTED);
}
err:
cleanup:
opensslrsa_components_free(&c);
EVP_PKEY_free(pkey);
EVP_MD_CTX_destroy(evp_md_ctx);
ERR_clear_error();
return ret;
return result;
}
isc_result_t

23
lib/dns/private.c
View file

@ -43,13 +43,6 @@
#define INITIAL(x) (((x) & DNS_NSEC3FLAG_INITIAL) != 0)
#define NONSEC(x) (((x) & DNS_NSEC3FLAG_NONSEC) != 0)
#define CHECK(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
/*
* Work out if 'param' should be ignored or not (i.e. it is in the process
* of being removed).
@ -125,14 +118,14 @@ dns_private_chains(dns_db_t *db, dns_dbversion_t *ver,
result = dns_db_findrdataset(db, node, ver, dns_rdatatype_nsec, 0,
(isc_stdtime_t)0, &nsecset, NULL);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
goto failure;
if (result != ISC_R_NOTFOUND) {
CHECK(result);
}
result = dns_db_findrdataset(db, node, ver, dns_rdatatype_nsec3param, 0,
(isc_stdtime_t)0, &nsec3paramset, NULL);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
goto failure;
if (result != ISC_R_NOTFOUND) {
CHECK(result);
}
if (dns_rdataset_isassociated(&nsecset) &&
@ -147,8 +140,8 @@ dns_private_chains(dns_db_t *db, dns_dbversion_t *ver,
result = dns_db_findrdataset(db, node, ver, privatetype, 0,
(isc_stdtime_t)0, &privateset,
NULL);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
goto failure;
if (result != ISC_R_NOTFOUND) {
CHECK(result);
}
}
@ -301,7 +294,7 @@ dns_private_chains(dns_db_t *db, dns_dbversion_t *ver,
success:
result = ISC_R_SUCCESS;
failure:
cleanup:
if (dns_rdataset_isassociated(&nsecset)) {
dns_rdataset_disassociate(&nsecset);
}
@ -395,6 +388,6 @@ dns_private_totext(dns_rdata_t *private, isc_buffer_t *buf) {
isc_buffer_putuint8(buf, 0);
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}

7
lib/dns/qpcache.c
View file

@ -61,13 +61,6 @@
#include "db_p.h"
#include "qpcache_p.h"
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#define EXISTS(header) \
((atomic_load_acquire(&(header)->attributes) & \
DNS_SLABHEADERATTR_NONEXISTENT) == 0)

7
lib/dns/qpzone.c
View file

@ -64,13 +64,6 @@
#include "db_p.h"
#include "qpzone_p.h"
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#define NONEXISTENT(header) \
((atomic_load_acquire(&(header)->attributes) & \
DNS_SLABHEADERATTR_NONEXISTENT) != 0)

7
lib/dns/rbt-cachedb.c
View file

@ -64,13 +64,6 @@
#include "db_p.h"
#include "rbtdb_p.h"
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
/*%
* Whether to rate-limit updating the LRU to avoid possible thread contention.
* Updating LRU requires write locking, so we don't do it every time the

7
lib/dns/rbt-zonedb.c
View file

@ -64,13 +64,6 @@
#include "db_p.h"
#include "rbtdb_p.h"
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#define EXISTS(header) \
((atomic_load_acquire(&(header)->attributes) & \
DNS_SLABHEADERATTR_NONEXISTENT) == 0)

7
lib/dns/rbt.c
View file

@ -41,13 +41,6 @@
#include <dns/log.h>
#include <dns/rbt.h>
#define CHECK(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
#define RBT_MAGIC ISC_MAGIC('R', 'B', 'T', '+')
#define VALID_RBT(rbt) ISC_MAGIC_VALID(rbt, RBT_MAGIC)

7
lib/dns/rbtdb.c
View file

@ -64,13 +64,6 @@
#include "db_p.h"
#include "rbtdb_p.h"
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#define EXISTS(header) \
((atomic_load_acquire(&(header)->attributes) & \
DNS_SLABHEADERATTR_NONEXISTENT) == 0)

7
lib/dns/rcode.c
View file

@ -37,13 +37,6 @@
#include <dns/secalg.h>
#include <dns/secproto.h>
#define RETERR(x) \
do { \
isc_result_t _r = (x); \
if (_r != ISC_R_SUCCESS) \
return ((_r)); \
} while (0)
#define NUMBERSIZE sizeof("037777777777") /* 2^32-1 octal + NUL */
#define TOTEXTONLY 0x01

14
lib/dns/rdata.c
View file

@ -52,13 +52,6 @@
#include <dns/time.h>
#include <dns/ttl.h>
#define RETERR(x) \
do { \
isc_result_t _r = (x); \
if (_r != ISC_R_SUCCESS) \
return ((_r)); \
} while (0)
#define RETTOK(x) \
do { \
isc_result_t _r = (x); \
@ -68,13 +61,6 @@
} \
} while (0)
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
#define CHECKTOK(op) \
do { \
result = (op); \

7
lib/dns/resconf.c
View file

@ -76,13 +76,6 @@
#define RESCONFMAXLINELEN 256U /*%< max size of a line */
#define RESCONFMAXSORTLIST 10U /*%< max 10 */
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
/*!
* configuration data structure
*/

55
lib/dns/skr.c
View file

@ -25,26 +25,17 @@
#include <dns/time.h>
#include <dns/ttl.h>
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#define READLINE(lex, opt, token)
#define NEXTTOKEN(lex, opt, token) \
{ \
ret = isc_lex_gettoken(lex, opt, token); \
if (ret != ISC_R_SUCCESS) \
goto cleanup; \
#define NEXTTOKEN(lex, opt, token) \
{ \
CHECK(isc_lex_gettoken(lex, opt, token)); \
}
#define BADTOKEN() \
{ \
ret = ISC_R_UNEXPECTEDTOKEN; \
goto cleanup; \
#define BADTOKEN() \
{ \
result = ISC_R_UNEXPECTEDTOKEN; \
goto cleanup; \
}
#define TOKENSIZ (8 * 1024)
@ -61,7 +52,7 @@ parse_rr(isc_lex_t *lex, isc_mem_t *mctx, char *owner, dns_name_t *origin,
isc_buffer_t b;
isc_token_t token;
unsigned int opt = ISC_LEXOPT_EOL;
isc_result_t ret = ISC_R_SUCCESS;
isc_result_t result = ISC_R_SUCCESS;
isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE);
@ -72,13 +63,9 @@ parse_rr(isc_lex_t *lex, isc_mem_t *mctx, char *owner, dns_name_t *origin,
dname = dns_fixedname_initname(&dfname);
isc_buffer_init(&b, owner, strlen(owner));
isc_buffer_add(&b, strlen(owner));
ret = dns_name_fromtext(dname, &b, dns_rootname, 0, NULL);
if (ret != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_name_fromtext(dname, &b, dns_rootname, 0, NULL));
if (dns_name_compare(dname, origin) != 0) {
ret = DNS_R_BADOWNERNAME;
goto cleanup;
CHECK(DNS_R_BADOWNERNAME);
}
isc_buffer_clear(&b);
@ -89,8 +76,8 @@ parse_rr(isc_lex_t *lex, isc_mem_t *mctx, char *owner, dns_name_t *origin,
}
/* If it's a TTL, read the next one */
ret = dns_ttl_fromtext(&token.value.as_textregion, ttl);
if (ret == ISC_R_SUCCESS) {
result = dns_ttl_fromtext(&token.value.as_textregion, ttl);
if (result == ISC_R_SUCCESS) {
NEXTTOKEN(lex, opt, &token);
}
if (token.type != isc_tokentype_string) {
@ -98,8 +85,8 @@ parse_rr(isc_lex_t *lex, isc_mem_t *mctx, char *owner, dns_name_t *origin,
}
/* If it's a class, read the next one */
ret = dns_rdataclass_fromtext(&clas, &token.value.as_textregion);
if (ret == ISC_R_SUCCESS) {
result = dns_rdataclass_fromtext(&clas, &token.value.as_textregion);
if (result == ISC_R_SUCCESS) {
if (clas != rdclass) {
BADTOKEN();
}
@ -110,8 +97,8 @@ parse_rr(isc_lex_t *lex, isc_mem_t *mctx, char *owner, dns_name_t *origin,
}
/* Must be the record type */
ret = dns_rdatatype_fromtext(rdtype, &token.value.as_textregion);
if (ret != ISC_R_SUCCESS) {
result = dns_rdatatype_fromtext(rdtype, &token.value.as_textregion);
if (result != ISC_R_SUCCESS) {
BADTOKEN();
}
switch (*rdtype) {
@ -126,11 +113,11 @@ parse_rr(isc_lex_t *lex, isc_mem_t *mctx, char *owner, dns_name_t *origin,
}
dns_rdatacallbacks_init(&callbacks);
ret = dns_rdata_fromtext(*rdata, rdclass, *rdtype, lex, dname, 0, mctx,
buf, &callbacks);
result = dns_rdata_fromtext(*rdata, rdclass, *rdtype, lex, dname, 0,
mctx, buf, &callbacks);
cleanup:
isc_lex_setcomments(lex, 0);
return ret;
return result;
}
static void
@ -350,7 +337,7 @@ dns_skr_read(isc_mem_t *mctx, const char *filename, dns_name_t *origin,
filename, isc_lex_getsourceline(lex),
isc_result_totext(result));
isc_mem_put(mctx, rdata, sizeof(*rdata));
goto failure;
goto cleanup;
}
/* Create new diff tuple */
@ -379,7 +366,7 @@ dns_skr_read(isc_mem_t *mctx, const char *filename, dns_name_t *origin,
addbundle(*skrp, &bundle);
}
failure:
cleanup:
if (result != ISC_R_SUCCESS) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
DNS_LOGMODULE_ZONE, ISC_LOG_DEBUG(1),

86
lib/dns/tkey.c
View file

@ -55,13 +55,6 @@
#define TEMP_BUFFER_SZ 8192
#define TKEY_RANDOM_AMOUNT 16
#define RETERR(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
static void
tkey_log(const char *fmt, ...) ISC_FORMAT_PRINTF(1, 2);
@ -222,7 +215,7 @@ process_gsstkey(dns_message_t *msg, dns_name_t *name, dns_rdata_tkey_t *tkeyin,
return ISC_R_SUCCESS;
}
if (result != DNS_R_CONTINUE && result != ISC_R_SUCCESS) {
goto failure;
CHECK(result);
}
/*
@ -238,8 +231,8 @@ process_gsstkey(dns_message_t *msg, dns_name_t *name, dns_rdata_tkey_t *tkeyin,
#endif /* HAVE_GSSAPI */
uint32_t expire;
RETERR(dst_key_fromgssapi(name, gss_ctx, ring->mctx, &dstkey,
&intoken));
CHECK(dst_key_fromgssapi(name, gss_ctx, ring->mctx, &dstkey,
&intoken));
/*
* Limit keys to 1 hour or the context's lifetime whichever
* is smaller.
@ -251,11 +244,11 @@ process_gsstkey(dns_message_t *msg, dns_name_t *name, dns_rdata_tkey_t *tkeyin,
expire = now + lifetime;
}
#endif /* HAVE_GSSAPI */
RETERR(dns_tsigkey_createfromkey(
CHECK(dns_tsigkey_createfromkey(
name, dns__tsig_algfromname(&tkeyin->algorithm), dstkey,
true, false, principal, now, expire, ring->mctx,
&tsigkey));
RETERR(dns_tsigkeyring_add(ring, tsigkey));
CHECK(dns_tsigkeyring_add(ring, tsigkey));
dst_key_free(&dstkey);
tkeyout->inception = now;
tkeyout->expire = expire;
@ -291,7 +284,7 @@ process_gsstkey(dns_message_t *msg, dns_name_t *name, dns_rdata_tkey_t *tkeyin,
return ISC_R_SUCCESS;
failure:
cleanup:
if (tsigkey != NULL) {
dns_tsigkey_detach(&tsigkey);
}
@ -379,24 +372,21 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx,
result = dns_message_findname(msg, DNS_SECTION_ADDITIONAL, qname,
dns_rdatatype_tkey, 0, &name, &tkeyset);
if (result != ISC_R_SUCCESS) {
result = DNS_R_FORMERR;
tkey_log("dns_tkey_processquery: couldn't find a TKEY "
"matching the question");
goto failure;
CHECK(DNS_R_FORMERR);
}
result = dns_rdataset_first(tkeyset);
if (result != ISC_R_SUCCESS) {
result = DNS_R_FORMERR;
goto failure;
CHECK(DNS_R_FORMERR);
}
dns_rdataset_current(tkeyset, &rdata);
RETERR(dns_rdata_tostruct(&rdata, &tkeyin, NULL));
CHECK(dns_rdata_tostruct(&rdata, &tkeyin, NULL));
if (tkeyin.error != dns_rcode_noerror) {
result = DNS_R_FORMERR;
goto failure;
CHECK(DNS_R_FORMERR);
}
/*
@ -412,8 +402,7 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx,
{
tkey_log("dns_tkey_processquery: query was not "
"properly signed - rejecting");
result = DNS_R_FORMERR;
goto failure;
CHECK(DNS_R_FORMERR);
}
tkeyout = (dns_rdata_tkey_t){
@ -431,8 +420,8 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx,
/*
* A delete operation uses the fully specified qname.
*/
RETERR(process_deletetkey(signer, qname, &tkeyin, &tkeyout,
ring));
CHECK(process_deletetkey(signer, qname, &tkeyin, &tkeyout,
ring));
break;
case DNS_TKEYMODE_GSSAPI:
keyname = dns_fixedname_initname(&fkeyname);
@ -452,11 +441,11 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx,
isc_nonce_buf(randomdata, sizeof(randomdata));
isc_buffer_init(&b, randomtext, sizeof(randomtext));
RETERR(isc_hex_totext(&r, 2, "", &b));
RETERR(dns_name_fromtext(keyname, &b, NULL, 0, NULL));
CHECK(isc_hex_totext(&r, 2, "", &b));
CHECK(dns_name_fromtext(keyname, &b, NULL, 0, NULL));
}
RETERR(dns_name_concatenate(keyname, dns_rootname, keyname,
NULL));
CHECK(dns_name_concatenate(keyname, dns_rootname, keyname,
NULL));
result = dns_tsigkey_find(&tsigkey, keyname, NULL, ring);
if (result == ISC_R_SUCCESS) {
@ -464,15 +453,15 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx,
dns_tsigkey_detach(&tsigkey);
break;
} else if (result == ISC_R_NOTFOUND) {
RETERR(process_gsstkey(msg, keyname, &tkeyin, tctx,
&tkeyout, ring));
CHECK(process_gsstkey(msg, keyname, &tkeyin, tctx,
&tkeyout, ring));
break;
}
goto failure;
goto cleanup;
case DNS_TKEYMODE_SERVERASSIGNED:
case DNS_TKEYMODE_RESOLVERASSIGNED:
result = DNS_R_NOTIMP;
goto failure;
goto cleanup;
default:
tkeyout.error = dns_tsigerror_badmode;
}
@ -485,9 +474,9 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx,
if (tkeyout.key != NULL) {
isc_mem_put(tkeyout.mctx, tkeyout.key, tkeyout.keylen);
}
RETERR(result);
CHECK(result);
RETERR(dns_message_reply(msg, true));
CHECK(dns_message_reply(msg, true));
add_rdata_to_list(msg, keyname, &rdata, 0, &namelist);
while ((name = ISC_LIST_HEAD(namelist)) != NULL) {
ISC_LIST_UNLINK(namelist, name, link);
@ -495,7 +484,7 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx,
}
return ISC_R_SUCCESS;
failure:
cleanup:
free_namelist(msg, &namelist);
return result;
}
@ -647,11 +636,11 @@ dns_tkey_gssnegotiate(dns_message_t *qmsg, dns_message_t *rmsg,
return dns_result_fromrcode(rmsg->rcode);
}
RETERR(find_tkey(rmsg, &tkeyname, &rtkeyrdata, DNS_SECTION_ANSWER));
RETERR(dns_rdata_tostruct(&rtkeyrdata, &rtkey, NULL));
CHECK(find_tkey(rmsg, &tkeyname, &rtkeyrdata, DNS_SECTION_ANSWER));
CHECK(dns_rdata_tostruct(&rtkeyrdata, &rtkey, NULL));
RETERR(find_tkey(qmsg, &tkeyname, &qtkeyrdata, DNS_SECTION_ADDITIONAL));
RETERR(dns_rdata_tostruct(&qtkeyrdata, &qtkey, NULL));
CHECK(find_tkey(qmsg, &tkeyname, &qtkeyrdata, DNS_SECTION_ADDITIONAL));
CHECK(dns_rdata_tostruct(&qtkeyrdata, &qtkey, NULL));
if (rtkey.error != dns_rcode_noerror ||
rtkey.mode != DNS_TKEYMODE_GSSAPI ||
@ -659,8 +648,7 @@ dns_tkey_gssnegotiate(dns_message_t *qmsg, dns_message_t *rmsg,
{
tkey_log("dns_tkey_gssnegotiate: tkey mode invalid "
"or error set(4)");
result = DNS_R_INVALIDTKEY;
goto failure;
CHECK(DNS_R_INVALIDTKEY);
}
isc_buffer_init(&intoken, rtkey.key, rtkey.keylen);
@ -688,22 +676,22 @@ dns_tkey_gssnegotiate(dns_message_t *qmsg, dns_message_t *rmsg,
dns_name_clone(DNS_TSIG_GSSAPI_NAME, &tkey.algorithm);
dns_message_reset(qmsg, DNS_MESSAGE_INTENTRENDER);
RETERR(buildquery(qmsg, tkeyname, &tkey));
CHECK(buildquery(qmsg, tkeyname, &tkey));
return DNS_R_CONTINUE;
}
RETERR(dst_key_fromgssapi(dns_rootname, *context, rmsg->mctx, &dstkey,
NULL));
CHECK(dst_key_fromgssapi(dns_rootname, *context, rmsg->mctx, &dstkey,
NULL));
/*
* XXXSRA This seems confused. If we got CONTINUE from initctx,
* the GSS negotiation hasn't completed yet, so we can't sign
* anything yet.
*/
RETERR(dns_tsigkey_createfromkey(tkeyname, DST_ALG_GSSAPI, dstkey, true,
false, NULL, rtkey.inception,
rtkey.expire, ring->mctx, &tsigkey));
RETERR(dns_tsigkeyring_add(ring, tsigkey));
CHECK(dns_tsigkey_createfromkey(tkeyname, DST_ALG_GSSAPI, dstkey, true,
false, NULL, rtkey.inception,
rtkey.expire, ring->mctx, &tsigkey));
CHECK(dns_tsigkeyring_add(ring, tsigkey));
if (outkey == NULL) {
dns_tsigkey_detach(&tsigkey);
} else {
@ -713,7 +701,7 @@ dns_tkey_gssnegotiate(dns_message_t *qmsg, dns_message_t *rmsg,
dst_key_free(&dstkey);
return result;
failure:
cleanup:
if (tsigkey != NULL) {
dns_tsigkey_detach(&tsigkey);
}

7
lib/dns/ttl.c
View file

@ -30,13 +30,6 @@
#include <dns/ttl.h>
#define RETERR(x) \
do { \
isc_result_t _r = (x); \
if (_r != ISC_R_SUCCESS) \
return ((_r)); \
} while (0)
static isc_result_t
bind_ttl(isc_textregion_t *source, uint32_t *ttl);

145
lib/dns/update.c
View file

@ -71,116 +71,6 @@
*/
#define LOGLEVEL_DEBUG ISC_LOG_DEBUG(8)
/*%
* Check an operation for failure. These macros all assume that
* the function using them has a 'result' variable and a 'failure'
* label.
*/
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
/*%
* Fail unconditionally with result 'code', which must not
* be ISC_R_SUCCESS. The reason for failure presumably has
* been logged already.
*
* The test against ISC_R_SUCCESS is there to keep the Solaris compiler
* from complaining about "end-of-loop code not reached".
*/
#define FAIL(code) \
do { \
result = (code); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
/*%
* Fail unconditionally and log as a client error.
* The test against ISC_R_SUCCESS is there to keep the Solaris compiler
* from complaining about "end-of-loop code not reached".
*/
#define FAILC(code, msg) \
do { \
const char *_what = "failed"; \
result = (code); \
switch (result) { \
case DNS_R_NXDOMAIN: \
case DNS_R_YXDOMAIN: \
case DNS_R_YXRRSET: \
case DNS_R_NXRRSET: \
_what = "unsuccessful"; \
} \
update_log(log, zone, LOGLEVEL_PROTOCOL, "update %s: %s (%s)", \
_what, msg, isc_result_totext(result)); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#define FAILN(code, name, msg) \
do { \
const char *_what = "failed"; \
result = (code); \
switch (result) { \
case DNS_R_NXDOMAIN: \
case DNS_R_YXDOMAIN: \
case DNS_R_YXRRSET: \
case DNS_R_NXRRSET: \
_what = "unsuccessful"; \
} \
if (isc_log_wouldlog(dns_lctx, LOGLEVEL_PROTOCOL)) { \
char _nbuf[DNS_NAME_FORMATSIZE]; \
dns_name_format(name, _nbuf, sizeof(_nbuf)); \
update_log(log, zone, LOGLEVEL_PROTOCOL, \
"update %s: %s: %s (%s)", _what, _nbuf, \
msg, isc_result_totext(result)); \
} \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#define FAILNT(code, name, type, msg) \
do { \
const char *_what = "failed"; \
result = (code); \
switch (result) { \
case DNS_R_NXDOMAIN: \
case DNS_R_YXDOMAIN: \
case DNS_R_YXRRSET: \
case DNS_R_NXRRSET: \
_what = "unsuccessful"; \
} \
if (isc_log_wouldlog(dns_lctx, LOGLEVEL_PROTOCOL)) { \
char _nbuf[DNS_NAME_FORMATSIZE]; \
char _tbuf[DNS_RDATATYPE_FORMATSIZE]; \
dns_name_format(name, _nbuf, sizeof(_nbuf)); \
dns_rdatatype_format(type, _tbuf, sizeof(_tbuf)); \
update_log(log, zone, LOGLEVEL_PROTOCOL, \
"update %s: %s/%s: %s (%s)", _what, _nbuf, \
_tbuf, msg, isc_result_totext(result)); \
} \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
/*%
* Fail unconditionally and log as a server error.
* The test against ISC_R_SUCCESS is there to keep the Solaris compiler
* from complaining about "end-of-loop code not reached".
*/
#define FAILS(code, msg) \
do { \
result = (code); \
update_log(log, zone, LOGLEVEL_PROTOCOL, "error: %s: %s", msg, \
isc_result_totext(result)); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
/**************************************************************************/
typedef struct rr rr_t;
@ -733,7 +623,7 @@ namelist_append_name(dns_diff_t *list, dns_name_t *name) {
CHECK(dns_difftuple_create(list->mctx, DNS_DIFFOP_EXISTS, name, 0,
&dummy_rdata, &tuple));
dns_diff_append(list, &tuple);
failure:
cleanup:
return result;
}
@ -763,7 +653,7 @@ namelist_append_subdomain(dns_db_t *db, dns_name_t *name,
if (result == ISC_R_NOMORE) {
result = ISC_R_SUCCESS;
}
failure:
cleanup:
if (dbit != NULL) {
dns_dbiterator_destroy(&dbit);
}
@ -834,7 +724,7 @@ uniqify_name_list(dns_diff_t *list) {
} while (1);
p = ISC_LIST_NEXT(p, link);
}
failure:
cleanup:
return result;
}
@ -930,8 +820,7 @@ next_active(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
if (wraps == 2) {
update_log(log, zone, ISC_LOG_ERROR,
"secure zone with no NSECs");
result = DNS_R_BADZONE;
goto failure;
CHECK(DNS_R_BADZONE);
}
}
CHECK(dns_dbiterator_current(dbit, &node, newname));
@ -967,7 +856,7 @@ next_active(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
}
}
} while (!has_nsec);
failure:
cleanup:
if (dbit != NULL) {
dns_dbiterator_destroy(&dbit);
}
@ -1019,7 +908,7 @@ add_nsec(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
CHECK(do_one_tuple(&tuple, db, ver, diff));
INSIST(tuple == NULL);
failure:
cleanup:
if (node != NULL) {
dns_db_detachnode(db, &node);
}
@ -1044,7 +933,7 @@ add_placeholder_nsec(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_ADD, name, 0, &rdata,
&tuple));
CHECK(do_one_tuple(&tuple, db, ver, diff));
failure:
cleanup:
return result;
}
@ -1283,7 +1172,7 @@ add_sigs(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
result = ISC_R_NOTFOUND;
}
failure:
cleanup:
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
}
@ -1314,9 +1203,8 @@ del_keysigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
if (result == ISC_R_NOTFOUND) {
return ISC_R_SUCCESS;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
result = dns_db_findrdataset(db, node, ver, dns_rdatatype_rrsig,
dns_rdatatype_dnskey, (isc_stdtime_t)0,
&rdataset, NULL);
@ -1325,9 +1213,7 @@ del_keysigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
if (result == ISC_R_NOTFOUND) {
return ISC_R_SUCCESS;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS;
result = dns_rdataset_next(&rdataset))
@ -1371,7 +1257,8 @@ del_keysigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
if (result == ISC_R_NOMORE) {
result = ISC_R_SUCCESS;
}
failure:
cleanup:
if (node != NULL) {
dns_db_detachnode(db, &node);
}
@ -1570,7 +1457,7 @@ dns_update_signaturesinc(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
update_log(log, zone, ISC_LOG_ERROR,
"could not get zone keys for secure "
"dynamic update");
goto failure;
goto cleanup;
}
state->now = isc_stdtime_now();
@ -2000,7 +1887,7 @@ next_state:
if (!state->build_nsec3) {
update_log(log, zone, ISC_LOG_DEBUG(3),
"no NSEC3 chains to rebuild");
goto failure;
goto cleanup;
}
update_log(log, zone, ISC_LOG_DEBUG(3),
@ -2172,7 +2059,7 @@ next_state:
UNREACHABLE();
}
failure:
cleanup:
if (node != NULL) {
dns_db_detachnode(db, &node);
}

7
lib/dns/view.c
View file

@ -65,13 +65,6 @@
#include <dns/zone.h>
#include <dns/zt.h>
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
#define DNS_VIEW_DELONLYHASH 111
/*%

131
lib/dns/xfrin.c
View file

@ -54,14 +54,6 @@
* Incoming AXFR and IXFR.
*/
#define CHECK(op) \
{ \
result = (op); \
if (result != ISC_R_SUCCESS) { \
goto failure; \
} \
}
/*%
* The states of the *XFR state machine. We handle both IXFR and AXFR
* with a single integrated state machine because they cannot be distinguished
@ -301,7 +293,7 @@ axfr_init(dns_xfrin_t *xfr) {
dns_rdatacallbacks_init(&xfr->axfr);
CHECK(dns_db_beginload(xfr->db, &xfr->axfr));
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -338,7 +330,7 @@ axfr_putdata(dns_xfrin_t *xfr, dns_diffop_t op, dns_name_t *name, dns_ttl_t ttl,
dns_diff_append(&xfr->diff, &tuple);
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -357,20 +349,18 @@ axfr_apply(void *arg) {
uint64_t records;
if (atomic_load(&xfr->shuttingdown)) {
result = ISC_R_SHUTTINGDOWN;
goto failure;
CHECK(ISC_R_SHUTTINGDOWN);
}
CHECK(dns_diff_load(&xfr->diff, &xfr->axfr));
if (xfr->maxrecords != 0U) {
result = dns_db_getsize(xfr->db, xfr->ver, &records, NULL);
if (result == ISC_R_SUCCESS && records > xfr->maxrecords) {
result = DNS_R_TOOMANYRECORDS;
goto failure;
CHECK(DNS_R_TOOMANYRECORDS);
}
}
failure:
cleanup:
dns_diff_clear(&xfr->diff);
work->result = result;
}
@ -397,7 +387,7 @@ axfr_apply_done(void *arg) {
(void)dns_db_endload(xfr->db, &xfr->axfr);
}
failure:
cleanup:
xfr->diff_running = false;
isc_mem_put(xfr->mctx, work, sizeof(*work));
@ -469,7 +459,7 @@ ixfr_init(dns_xfrin_t *xfr) {
}
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -490,7 +480,7 @@ ixfr_putdata(dns_xfrin_t *xfr, dns_diffop_t op, dns_name_t *name, dns_ttl_t ttl,
&tuple));
dns_diff_append(&xfr->diff, &tuple);
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -501,7 +491,7 @@ ixfr_begin_transaction(dns_xfrin_t *xfr) {
if (xfr->ixfr.journal != NULL) {
CHECK(dns_journal_begin_transaction(xfr->ixfr.journal));
}
failure:
cleanup:
return result;
}
@ -514,7 +504,7 @@ ixfr_end_transaction(dns_xfrin_t *xfr) {
if (xfr->ixfr.journal != NULL) {
CHECK(dns_journal_commit(xfr->ixfr.journal));
}
failure:
cleanup:
return result;
}
@ -529,8 +519,7 @@ ixfr_apply_one(dns_xfrin_t *xfr, ixfr_apply_data_t *data) {
if (xfr->maxrecords != 0U) {
result = dns_db_getsize(xfr->db, xfr->ver, &records, NULL);
if (result == ISC_R_SUCCESS && records > xfr->maxrecords) {
result = DNS_R_TOOMANYRECORDS;
goto failure;
CHECK(DNS_R_TOOMANYRECORDS);
}
}
if (xfr->ixfr.journal != NULL) {
@ -540,7 +529,7 @@ ixfr_apply_one(dns_xfrin_t *xfr, ixfr_apply_data_t *data) {
result = ixfr_end_transaction(xfr);
return result;
failure:
cleanup:
/* We need to end the transaction, but keep the previous error */
(void)ixfr_end_transaction(xfr);
@ -603,9 +592,7 @@ ixfr_apply_done(void *arg) {
result = ISC_R_SHUTTINGDOWN;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
/* Reschedule */
if (!cds_wfcq_empty(&xfr->diff_head, &xfr->diff_tail)) {
@ -613,7 +600,7 @@ ixfr_apply_done(void *arg) {
return;
}
failure:
cleanup:
xfr->diff_running = false;
isc_mem_put(xfr->mctx, work, sizeof(*work));
@ -667,7 +654,7 @@ ixfr_commit(dns_xfrin_t *xfr) {
isc_work_enqueue(xfr->loop, ixfr_apply, ixfr_apply_done, work);
}
failure:
cleanup:
return result;
}
@ -694,8 +681,7 @@ xfr_rr(dns_xfrin_t *xfr, dns_name_t *name, uint32_t ttl, dns_rdata_t *rdata) {
dns_rdatatype_format(rdata->type, buf, sizeof(buf));
xfrin_log(xfr, ISC_LOG_NOTICE,
"Unexpected %s record in zone transfer", buf);
result = DNS_R_FORMERR;
goto failure;
CHECK(DNS_R_FORMERR);
}
/*
@ -710,8 +696,7 @@ xfr_rr(dns_xfrin_t *xfr, dns_name_t *name, uint32_t ttl, dns_rdata_t *rdata) {
dns_name_format(name, namebuf, sizeof(namebuf));
xfrin_log(xfr, ISC_LOG_DEBUG(3), "SOA name mismatch: '%s'",
namebuf);
result = DNS_R_NOTZONETOP;
goto failure;
CHECK(DNS_R_NOTZONETOP);
}
redo:
@ -720,8 +705,7 @@ redo:
if (rdata->type != dns_rdatatype_soa) {
xfrin_log(xfr, ISC_LOG_NOTICE,
"non-SOA response to SOA query");
result = DNS_R_FORMERR;
goto failure;
CHECK(DNS_R_FORMERR);
}
end_serial = dns_soa_getserial(rdata);
atomic_store_relaxed(&xfr->end_serial, end_serial);
@ -732,8 +716,7 @@ redo:
"requested serial %u, "
"primary has %" PRIuFAST32 ", not updating",
xfr->ixfr.request_serial, end_serial);
result = DNS_R_UPTODATE;
goto failure;
CHECK(DNS_R_UPTODATE);
}
atomic_store(&xfr->state, XFRST_GOTSOA);
break;
@ -748,8 +731,7 @@ redo:
if (rdata->type != dns_rdatatype_soa) {
xfrin_log(xfr, ISC_LOG_NOTICE,
"first RR in zone transfer must be SOA");
result = DNS_R_FORMERR;
goto failure;
CHECK(DNS_R_FORMERR);
}
/*
* Remember the serial number in the initial SOA.
@ -770,8 +752,7 @@ redo:
"requested serial %u, "
"primary has %" PRIuFAST32 ", not updating",
xfr->ixfr.request_serial, end_serial);
result = DNS_R_UPTODATE;
goto failure;
CHECK(DNS_R_UPTODATE);
}
xfr->firstsoa = *rdata;
if (xfr->firstsoa_data != NULL) {
@ -839,8 +820,7 @@ redo:
"IXFR out of sync: "
"expected serial %u, got %u",
xfr->ixfr.current_serial, soa_serial);
result = DNS_R_FORMERR;
goto failure;
CHECK(DNS_R_FORMERR);
} else {
CHECK(ixfr_commit(xfr));
atomic_store(&xfr->state, XFRST_IXFR_DELSOA);
@ -850,8 +830,7 @@ redo:
if (rdata->type == dns_rdatatype_ns &&
dns_name_iswildcard(name))
{
result = DNS_R_INVALIDNS;
goto failure;
CHECK(DNS_R_INVALIDNS);
}
CHECK(ixfr_putdata(xfr, DNS_DIFFOP_ADD, name, ttl, rdata));
break;
@ -876,8 +855,7 @@ redo:
xfrin_log(xfr, ISC_LOG_NOTICE,
"start and ending SOA records "
"mismatch");
result = DNS_R_FORMERR;
goto failure;
CHECK(DNS_R_FORMERR);
}
axfr_commit(xfr);
atomic_store(&xfr->state, XFRST_AXFR_END);
@ -886,13 +864,13 @@ redo:
break;
case XFRST_AXFR_END:
case XFRST_IXFR_END:
result = DNS_R_EXTRADATA;
goto failure;
CHECK(DNS_R_EXTRADATA);
break;
default:
UNREACHABLE();
}
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -1303,16 +1281,13 @@ xfrin_start(dns_xfrin_t *xfr) {
dns_dispatchmgr_t *dispmgr = dns_view_getdispatchmgr(xfr->view);
if (dispmgr == NULL) {
result = ISC_R_SHUTTINGDOWN;
goto failure;
CHECK(ISC_R_SHUTTINGDOWN);
} else {
result = dns_dispatch_createtcp(
dispmgr, &xfr->sourceaddr, &xfr->primaryaddr,
xfr->transport, DNS_DISPATCHOPT_UNSHARED, &xfr->disp);
dns_dispatchmgr_detach(&dispmgr);
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
}
LIBDNS_XFRIN_START(xfr, xfr->info);
@ -1373,7 +1348,7 @@ xfrin_start(dns_xfrin_t *xfr) {
return ISC_R_SUCCESS;
failure:
cleanup:
xfrin_cancelio(xfr);
dns_xfrin_detach(&xfr);
@ -1395,7 +1370,7 @@ render(dns_message_t *msg, isc_mem_t *mctx, isc_buffer_t *buf) {
CHECK(dns_message_rendersection(msg, DNS_SECTION_ADDITIONAL, 0));
CHECK(dns_message_renderend(msg));
result = ISC_R_SUCCESS;
failure:
cleanup:
dns_compress_invalidate(&cctx);
return result;
}
@ -1422,13 +1397,13 @@ xfrin_connect_done(isc_result_t result, isc_region_t *region ISC_ATTR_UNUSED,
if (result != ISC_R_SUCCESS) {
xfrin_fail(xfr, result, "failed to connect");
goto failure;
goto cleanup;
}
result = dns_dispatch_checkperm(xfr->disp);
if (result != ISC_R_SUCCESS) {
xfrin_fail(xfr, result, "connected but unable to transfer");
goto failure;
goto cleanup;
}
zmgr = dns_zone_getmgr(xfr->zone);
@ -1456,7 +1431,7 @@ xfrin_connect_done(isc_result_t result, isc_region_t *region ISC_ATTR_UNUSED,
return;
failure:
cleanup:
switch (result) {
case ISC_R_NETDOWN:
case ISC_R_HOSTDOWN:
@ -1674,7 +1649,7 @@ xfrin_send_request(dns_xfrin_t *xfr) {
xfrin_log(xfr, ISC_LOG_DEBUG(3), "sending %s request, QID %d",
request_type(xfr), xfr->id);
failure:
cleanup:
dns_message_detach(&msg);
if (soatuple != NULL) {
dns_difftuple_free(&soatuple);
@ -1704,7 +1679,7 @@ xfrin_send_done(isc_result_t result, isc_region_t *region, void *arg) {
xfrin_log(xfr, ISC_LOG_DEBUG(3), "sent request data");
failure:
cleanup:
if (result != ISC_R_SUCCESS) {
xfrin_fail(xfr, result, "failed sending request data");
}
@ -1859,7 +1834,7 @@ xfrin_recv_done(isc_result_t result, isc_region_t *region, void *arg) {
if (xfr->reqtype == dns_rdatatype_axfr ||
xfr->reqtype == dns_rdatatype_soa)
{
goto failure;
goto cleanup;
}
xfrin_log(xfr, ISC_LOG_DEBUG(3), "got %s, retrying with AXFR",
@ -1889,8 +1864,7 @@ xfrin_recv_done(isc_result_t result, isc_region_t *region, void *arg) {
if (msg->counts[DNS_SECTION_QUESTION] > 1) {
xfrin_log(xfr, ISC_LOG_NOTICE, "too many questions (%u)",
msg->counts[DNS_SECTION_QUESTION]);
result = DNS_R_FORMERR;
goto failure;
CHECK(DNS_R_FORMERR);
}
if ((atomic_load(&xfr->state) == XFRST_SOAQUERY ||
@ -1898,8 +1872,7 @@ xfrin_recv_done(isc_result_t result, isc_region_t *region, void *arg) {
msg->counts[DNS_SECTION_QUESTION] != 1)
{
xfrin_log(xfr, ISC_LOG_NOTICE, "missing question section");
result = DNS_R_FORMERR;
goto failure;
CHECK(DNS_R_FORMERR);
}
for (result = dns_message_firstname(msg, DNS_SECTION_QUESTION);
@ -1915,26 +1888,23 @@ xfrin_recv_done(isc_result_t result, isc_region_t *region, void *arg) {
if (!dns_name_equal(name, &xfr->name)) {
xfrin_log(xfr, ISC_LOG_NOTICE,
"question name mismatch");
result = DNS_R_FORMERR;
goto failure;
CHECK(DNS_R_FORMERR);
}
rds = ISC_LIST_HEAD(name->list);
INSIST(rds != NULL);
if (rds->type != xfr->reqtype) {
xfrin_log(xfr, ISC_LOG_NOTICE,
"question type mismatch");
result = DNS_R_FORMERR;
goto failure;
CHECK(DNS_R_FORMERR);
}
if (rds->rdclass != xfr->rdclass) {
xfrin_log(xfr, ISC_LOG_NOTICE,
"question class mismatch");
result = DNS_R_FORMERR;
goto failure;
CHECK(DNS_R_FORMERR);
}
}
if (result != ISC_R_NOMORE) {
goto failure;
goto cleanup;
}
/*
@ -1955,15 +1925,14 @@ xfrin_recv_done(isc_result_t result, isc_region_t *region, void *arg) {
if (xfr->reqtype == dns_rdatatype_soa &&
(msg->flags & DNS_MESSAGEFLAG_AA) == 0)
{
result = DNS_R_NOTAUTHORITATIVE;
goto failure;
CHECK(DNS_R_NOTAUTHORITATIVE);
}
result = dns_message_checksig(msg, xfr->view);
if (result != ISC_R_SUCCESS) {
xfrin_log(xfr, ISC_LOG_DEBUG(3), "TSIG check failed: %s",
isc_result_totext(result));
goto failure;
goto cleanup;
}
for (result = dns_message_firstname(msg, DNS_SECTION_ANSWER);
@ -2018,8 +1987,7 @@ xfrin_recv_done(isc_result_t result, isc_region_t *region, void *arg) {
atomic_load(&xfr->state) == XFRST_AXFR_END ||
atomic_load(&xfr->state) == XFRST_IXFR_END)
{
result = DNS_R_EXPECTEDTSIG;
goto failure;
CHECK(DNS_R_EXPECTEDTSIG);
}
}
@ -2059,10 +2027,7 @@ xfrin_recv_done(isc_result_t result, isc_region_t *region, void *arg) {
* Read the next message.
*/
dns_message_detach(&msg);
result = dns_dispatch_getnext(xfr->dispentry);
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(dns_dispatch_getnext(xfr->dispentry));
isc_interval_t interval;
isc_interval_set(&interval, dns_zone_getidlein(xfr->zone), 0);
@ -2073,7 +2038,7 @@ xfrin_recv_done(isc_result_t result, isc_region_t *region, void *arg) {
return;
}
failure:
cleanup:
if (result != ISC_R_SUCCESS) {
xfrin_fail(xfr, result, "failed while receiving responses");
}

501
lib/dns/zone.c
View file

File diff suppressed because it is too large Load diff

7
lib/isc/base32.c
View file

@ -22,13 +22,6 @@
#include <isc/string.h>
#include <isc/util.h>
#define RETERR(x) \
do { \
isc_result_t _r = (x); \
if (_r != ISC_R_SUCCESS) \
return ((_r)); \
} while (0)
/*@{*/
/*!
* These static functions are also present in lib/dns/rdata.c. I'm not

7
lib/isc/base64.c
View file

@ -21,13 +21,6 @@
#include <isc/string.h>
#include <isc/util.h>
#define RETERR(x) \
do { \
isc_result_t _r = (x); \
if (_r != ISC_R_SUCCESS) \
return ((_r)); \
} while (0)
/*@{*/
/*!
* These static functions are also present in lib/dns/rdata.c. I'm not

7
lib/isc/hex.c
View file

@ -38,13 +38,6 @@ const uint8_t isc__hex_char[256] = {
#undef U
#undef L
#define RETERR(x) \
do { \
isc_result_t _r = (x); \
if (_r != ISC_R_SUCCESS) \
return ((_r)); \
} while (0)
/*
* BEW: These static functions are copied from lib/dns/rdata.c.
*/

8
lib/isc/httpd.c
View file

@ -37,14 +37,6 @@
#include <zlib.h>
#endif /* ifdef HAVE_ZLIB */
#define CHECK(m) \
do { \
result = (m); \
if (result != ISC_R_SUCCESS) { \
goto cleanup; \
} \
} while (0)
/*
* Size the recv buffer to hold at maximum two full buffers from isc_nm_read(),
* so we don't have to handle the truncation.

23
lib/isc/include/isc/util.h
View file

@ -384,6 +384,29 @@ mock_assert(const int result, const char *const expression,
#endif /* UNIT_TESTING */
/*
* Check for ISC_R_SUCCESS. On any other result, jump to a cleanup
* label. (This macro requires the function to define `result`
* and `cleanup:`.)
*/
#define CHECK(r) \
do { \
result = (r); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
/*
* Check for ISC_R_SUCCESS and continue if found. For any other
* result, return the result.
*/
#define RETERR(x) \
do { \
isc_result_t _r = (x); \
if (_r != ISC_R_SUCCESS) \
return ((_r)); \
} while (0)
/*%
* Runtime check which logs the error value returned by a POSIX Threads
* function and the error string that corresponds to it

8
lib/isccfg/namedconf.c
View file

@ -33,14 +33,6 @@
#define TOKEN_STRING(pctx) (pctx->token.value.as_textregion.base)
/*% Check a return value. */
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
/*% Clean up a configuration object if non-NULL. */
#define CLEANUP_OBJ(obj) \
do { \

8
lib/isccfg/parser.c
View file

@ -77,14 +77,6 @@
#define TOKEN_STRING(pctx) (pctx->token.value.as_textregion.base)
/* Check a return value. */
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
/* Clean up a configuration object if non-NULL. */
#define CLEANUP_OBJ(obj) \
do { \

8
lib/ns/hooks.c
View file

@ -33,14 +33,6 @@
#include <ns/log.h>
#include <ns/query.h>
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) { \
goto cleanup; \
} \
} while (0)
struct ns_plugin {
isc_mem_t *mctx;
uv_lib_t handle;

148
lib/ns/update.c
View file

@ -75,34 +75,6 @@
*/
#define LOGLEVEL_DEBUG ISC_LOG_DEBUG(8)
/*%
* Check an operation for failure. These macros all assume that
* the function using them has a 'result' variable and a 'failure'
* label.
*/
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
/*%
* Fail unconditionally with result 'code', which must not
* be ISC_R_SUCCESS. The reason for failure presumably has
* been logged already.
*
* The test against ISC_R_SUCCESS is there to keep the Solaris compiler
* from complaining about "end-of-loop code not reached".
*/
#define FAIL(code) \
do { \
result = (code); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
/*%
* Fail unconditionally and log as a client error.
* The test against ISC_R_SUCCESS is there to keep the Solaris compiler
@ -125,7 +97,7 @@
"update %s: %s (%s)", _what, msg, \
isc_result_totext(result)); \
if (result != ISC_R_SUCCESS) \
goto failure; \
goto cleanup; \
} while (0)
#define PREREQFAILC(code, msg) \
do { \
@ -154,7 +126,7 @@
msg, isc_result_totext(result)); \
} \
if (result != ISC_R_SUCCESS) \
goto failure; \
goto cleanup; \
} while (0)
#define PREREQFAILN(code, name, msg) \
do { \
@ -185,7 +157,7 @@
_tbuf, msg, isc_result_totext(result)); \
} \
if (result != ISC_R_SUCCESS) \
goto failure; \
goto cleanup; \
} while (0)
#define PREREQFAILNT(code, name, type, msg) \
do { \
@ -204,7 +176,7 @@
update_log(client, zone, LOGLEVEL_PROTOCOL, "error: %s: %s", \
msg, isc_result_totext(result)); \
if (result != ISC_R_SUCCESS) \
goto failure; \
goto cleanup; \
} while (0)
/*
@ -491,7 +463,7 @@ do_diff(dns_diff_t *updates, dns_db_t *db, dns_dbversion_t *ver,
}
return ISC_R_SUCCESS;
failure:
cleanup:
dns_diff_clear(diff);
return result;
}
@ -1061,7 +1033,7 @@ temp_append(dns_diff_t *diff, dns_name_t *name, dns_rdata_t *rdata) {
CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_EXISTS, name, 0,
rdata, &tuple));
ISC_LIST_APPEND(diff->tuples, tuple, link);
failure:
cleanup:
return result;
}
@ -1206,18 +1178,12 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db,
{
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdataset_current(&rdataset, &rdata);
result = temp_append(&d_rrs, name, &rdata);
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(temp_append(&d_rrs, name, &rdata));
}
if (result != ISC_R_NOMORE) {
goto failure;
}
result = dns_diff_sort(&d_rrs, temp_order);
if (result != ISC_R_SUCCESS) {
goto failure;
goto cleanup;
}
CHECK(dns_diff_sort(&d_rrs, temp_order));
/*
* Collect all update RRs for this name and type
@ -1234,11 +1200,8 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db,
}
/* Compare the two sorted lists. */
result = temp_check_rrset(ISC_LIST_HEAD(u_rrs.tuples),
ISC_LIST_HEAD(d_rrs.tuples));
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(temp_check_rrset(ISC_LIST_HEAD(u_rrs.tuples),
ISC_LIST_HEAD(d_rrs.tuples)));
/*
* We are done with the tuples, but we can't free
@ -1251,7 +1214,7 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db,
continue;
failure:
cleanup:
dns_diff_clear(&d_rrs);
dns_diff_clear(&u_rrs);
dns_diff_clear(&trash);
@ -1514,7 +1477,7 @@ add_rr_prepare_action(void *data, rr_t *rr) {
dns_diff_append(&ctx->add_diff, &tuple);
}
}
failure:
cleanup:
return result;
}
@ -1582,7 +1545,7 @@ update_soa_serial(dns_db_t *db, dns_dbversion_t *ver, dns_diff_t *diff,
CHECK(do_one_tuple(&addtuple, db, ver, diff));
result = ISC_R_SUCCESS;
failure:
cleanup:
if (addtuple != NULL) {
dns_difftuple_free(&addtuple);
}
@ -1731,7 +1694,7 @@ send_update(ns_client_t *client, dns_zone_t *zone) {
}
result = dns_zone_checknames(zone, name, &rdata);
if (result != ISC_R_SUCCESS) {
FAIL(DNS_R_REFUSED);
CHECK(DNS_R_REFUSED);
}
if ((options & DNS_ZONEOPT_CHECKSVCB) != 0 &&
rdata.type == dns_rdatatype_svcb)
@ -1759,7 +1722,7 @@ send_update(ns_client_t *client, dns_zone_t *zone) {
update_log(client, zone, ISC_LOG_WARNING,
"update RR has incorrect class %d",
update_class);
FAIL(DNS_R_FORMERR);
CHECK(DNS_R_FORMERR);
}
/*
@ -1875,7 +1838,7 @@ send_update(ns_client_t *client, dns_zone_t *zone) {
}
}
if (result != ISC_R_NOMORE) {
FAIL(result);
CHECK(result);
}
update_log(client, zone, LOGLEVEL_DEBUG, "update section prescan OK");
@ -1903,7 +1866,7 @@ send_update(ns_client_t *client, dns_zone_t *zone) {
isc_async_run(dns_zone_getloop(zone), update_action, uev);
maxbytype = NULL;
failure:
cleanup:
if (db != NULL) {
dns_db_closeversion(db, &ver, false);
dns_db_detach(&db);
@ -2010,9 +1973,7 @@ ns_update_start(ns_client_t *client, isc_nmhandle_t *handle,
* We can now fail due to a bad signature as we now know
* that we are the primary.
*/
if (sigresult != ISC_R_SUCCESS) {
FAIL(sigresult);
}
CHECK(sigresult);
dns_message_clonebuffer(client->message);
CHECK(send_update(client, zone));
break;
@ -2026,7 +1987,7 @@ ns_update_start(ns_client_t *client, isc_nmhandle_t *handle,
}
return;
failure:
cleanup:
if (result == DNS_R_REFUSED) {
inc_stats(client, zone, ns_statscounter_updaterej);
}
@ -2085,7 +2046,7 @@ remove_orphaned_ds(dns_db_t *db, dns_dbversion_t *newver, dns_diff_t *diff) {
}
result = ISC_R_SUCCESS;
failure:
cleanup:
for (tuple = ISC_LIST_HEAD(temp_diff.tuples); tuple != NULL;
tuple = ISC_LIST_HEAD(temp_diff.tuples))
{
@ -2223,7 +2184,7 @@ rr_exists(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
if (result == ISC_R_NOTFOUND) {
*flag = false;
result = ISC_R_SUCCESS;
goto failure;
goto cleanup;
} else {
CHECK(result);
}
@ -2232,7 +2193,7 @@ rr_exists(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
if (result == ISC_R_NOTFOUND) {
*flag = false;
result = ISC_R_SUCCESS;
goto failure;
goto cleanup;
}
for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS;
@ -2252,7 +2213,7 @@ rr_exists(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
result = ISC_R_SUCCESS;
}
failure:
cleanup:
if (node != NULL) {
dns_db_detachnode(db, &node);
}
@ -2279,9 +2240,7 @@ get_iterations(dns_db_t *db, dns_dbversion_t *ver, dns_rdatatype_t privatetype,
if (result == ISC_R_NOTFOUND) {
goto try_private;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS;
result = dns_rdataset_next(&rdataset))
@ -2297,7 +2256,7 @@ get_iterations(dns_db_t *db, dns_dbversion_t *ver, dns_rdatatype_t privatetype,
}
}
if (result != ISC_R_NOMORE) {
goto failure;
goto cleanup;
}
dns_rdataset_disassociate(&rdataset);
@ -2312,9 +2271,7 @@ try_private:
if (result == ISC_R_NOTFOUND) {
goto success;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS;
result = dns_rdataset_next(&rdataset))
@ -2338,14 +2295,14 @@ try_private:
}
}
if (result != ISC_R_NOMORE) {
goto failure;
goto cleanup;
}
success:
*iterationsp = iterations;
result = ISC_R_SUCCESS;
failure:
cleanup:
if (node != NULL) {
dns_db_detachnode(db, &node);
}
@ -2370,8 +2327,7 @@ check_dnssec(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
if (!dns_zone_check_dnskey_nsec3(zone, db, ver, diff, NULL, 0)) {
update_log(client, zone, ISC_LOG_ERROR,
"NSEC only DNSKEYs and NSEC3 chains not allowed");
result = DNS_R_REFUSED;
goto failure;
CHECK(DNS_R_REFUSED);
}
/* Verify NSEC3 params */
@ -2379,11 +2335,10 @@ check_dnssec(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
if (iterations > dns_nsec3_maxiterations()) {
update_log(client, zone, ISC_LOG_ERROR,
"too many NSEC3 iterations (%u)", iterations);
result = DNS_R_REFUSED;
goto failure;
CHECK(DNS_R_REFUSED);
}
failure:
cleanup:
return result;
}
@ -2658,7 +2613,7 @@ add_nsec3param_records(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
}
result = ISC_R_SUCCESS;
failure:
cleanup:
dns_diff_clear(&temp_diff);
return result;
}
@ -2717,7 +2672,7 @@ rollback_private(dns_db_t *db, dns_rdatatype_t privatetype,
}
result = ISC_R_SUCCESS;
failure:
cleanup:
dns_diff_clear(&temp_diff);
return result;
}
@ -2871,14 +2826,14 @@ update_action(void *arg) {
UNEXPECTED_ERROR(
"temp entry creation failed: %s",
isc_result_totext(result));
FAIL(ISC_R_UNEXPECTED);
CHECK(ISC_R_UNEXPECTED);
}
} else {
PREREQFAILC(DNS_R_FORMERR, "malformed prerequisite");
}
}
if (result != ISC_R_NOMORE) {
FAIL(result);
CHECK(result);
}
/*
@ -3145,7 +3100,7 @@ update_action(void *arg) {
if (result != ISC_R_SUCCESS) {
dns_diff_clear(&ctx.del_diff);
dns_diff_clear(&ctx.add_diff);
goto failure;
goto cleanup;
}
result = update_one_rr(
db, ver, &diff, DNS_DIFFOP_ADD,
@ -3157,7 +3112,7 @@ update_action(void *arg) {
"failed: %s",
isc_result_totext(
result));
goto failure;
goto cleanup;
}
}
}
@ -3248,13 +3203,9 @@ update_action(void *arg) {
* that are in use (under our control).
*/
if (dns_rdatatype_iskeymaterial(rdata.type)) {
isc_result_t r;
bool inuse = false;
r = dns_zone_dnskey_inuse(zone, &rdata,
&inuse);
if (r != ISC_R_SUCCESS) {
FAIL(r);
}
CHECK(dns_zone_dnskey_inuse(
zone, &rdata, &inuse));
if (inuse) {
char typebuf
[DNS_RDATATYPE_FORMATSIZE];
@ -3281,7 +3232,7 @@ update_action(void *arg) {
}
}
if (result != ISC_R_NOMORE) {
FAIL(result);
CHECK(result);
}
/*
@ -3300,8 +3251,7 @@ update_action(void *arg) {
update_log(client, zone, LOGLEVEL_PROTOCOL,
"update rejected: post update name server "
"sanity check failed");
result = DNS_R_REFUSED;
goto failure;
CHECK(DNS_R_REFUSED);
}
}
if (!ISC_LIST_EMPTY(diff.tuples) && is_signing) {
@ -3310,12 +3260,9 @@ update_action(void *arg) {
update_log(client, zone, LOGLEVEL_PROTOCOL,
"update rejected: bad %s RRset",
result == DNS_R_BADCDS ? "CDS" : "CDNSKEY");
result = DNS_R_REFUSED;
goto failure;
}
if (result != ISC_R_SUCCESS) {
goto failure;
CHECK(DNS_R_REFUSED);
}
CHECK(result);
}
/*
@ -3375,7 +3322,7 @@ update_action(void *arg) {
update_log(client, zone, ISC_LOG_ERROR,
"RRSIG/NSEC/NSEC3 update failed: %s",
isc_result_totext(result));
goto failure;
goto cleanup;
}
}
@ -3387,8 +3334,7 @@ update_action(void *arg) {
"records in zone (%" PRIu64
") exceeds max-records (%u)",
records, maxrecords);
result = DNS_R_TOOMANYRECORDS;
goto failure;
CHECK(DNS_R_TOOMANYRECORDS);
}
}
@ -3439,7 +3385,7 @@ update_action(void *arg) {
result = ISC_R_SUCCESS;
goto common;
failure:
cleanup:
/*
* The reason for failure should have been logged at this point.
*/

28
lib/ns/xfrout.c
View file

@ -80,7 +80,7 @@
"bad zone transfer request: %s (%s)", msg, \
isc_result_totext(code)); \
if (result != ISC_R_SUCCESS) \
goto failure; \
goto cleanup; \
} while (0)
#define FAILQ(code, msg, question, rdclass) \
@ -95,14 +95,7 @@
"bad zone transfer request: '%s/%s': %s (%s)", \
_buf1, _buf2, msg, isc_result_totext(code)); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto failure; \
goto cleanup; \
} while (0)
/**************************************************************************/
@ -249,7 +242,7 @@ ixfr_rrstream_create(isc_mem_t *mctx, const char *journal_filename,
*sp = (rrstream_t *)s;
return ISC_R_SUCCESS;
failure:
cleanup:
ixfr_rrstream_destroy((rrstream_t **)(void *)&s);
return result;
}
@ -330,7 +323,7 @@ axfr_rrstream_create(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *ver,
*sp = (rrstream_t *)s;
return ISC_R_SUCCESS;
failure:
cleanup:
axfr_rrstream_destroy((rrstream_t **)(void *)&s);
return result;
}
@ -450,7 +443,7 @@ soa_rrstream_create(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *ver,
*sp = (rrstream_t *)s;
return ISC_R_SUCCESS;
failure:
cleanup:
soa_rrstream_destroy((rrstream_t **)(void *)&s);
return result;
}
@ -831,7 +824,7 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
ISC_LOG_ERROR,
"zone transfer '%s/%s' denied",
_buf1, _buf2);
goto failure;
goto cleanup;
}
if (result != ISC_R_SUCCESS) {
FAILQ(DNS_R_NOTAUTH, "non-authoritative zone",
@ -1172,7 +1165,7 @@ have_stream:
result = ISC_R_SUCCESS;
failure:
cleanup:
if (result == DNS_R_REFUSED) {
inc_stats(client, zone, ns_statscounter_xfrrej);
}
@ -1282,7 +1275,7 @@ xfrout_ctx_create(isc_mem_t *mctx, ns_client_t *client, unsigned int id,
xfr->txmemlen = len;
/*
* These MUST be after the last "goto failure;" / CHECK to
* These MUST be after the last "goto cleanup;" / CHECK to
* prevent a double free by the caller.
*/
xfr->stream = stream;
@ -1522,8 +1515,7 @@ sendstream(xfrout_ctx_t *xfr) {
"(%d bytes)",
size);
/* XXX DNS_R_RRTOOLARGE? */
result = ISC_R_NOSPACE;
goto failure;
CHECK(ISC_R_NOSPACE);
}
break;
}
@ -1621,7 +1613,7 @@ sendstream(xfrout_ctx_t *xfr) {
/* Advance lasttsig to be the last TSIG generated */
CHECK(dns_message_getquerytsig(msg, xfr->mctx, &xfr->lasttsig));
failure:
cleanup:
if (tcpmsg != NULL) {
dns_message_detach(&tcpmsg);
}

22
tests/bench/load-names.c
View file

@ -79,7 +79,7 @@ const dns_qpmethods_t qpmethods = {
testname,
};
#define CHECK(count, result) \
#define CHECKN(count, result) \
do { \
if (result != ISC_R_SUCCESS) { \
dns_name_t *name = &item[count].fixed.name; \
@ -157,14 +157,14 @@ thread_lfht(void *arg0) {
isc_time_t t0 = isc_time_now_hires();
for (size_t n = arg->start; n < arg->end; n++) {
isc_result_t result = add_lfht(arg->map, n);
CHECK(n, result);
CHECKN(n, result);
}
isc_time_t t1 = isc_time_now_hires();
for (size_t n = arg->start; n < arg->end; n++) {
void *pval = NULL;
isc_result_t result = get_lfht(arg->map, n, &pval);
CHECK(n, result);
CHECKN(n, result);
assert(pval == &item[n]);
}
@ -220,7 +220,7 @@ thread_hashmap(void *arg0) {
WRLOCK(&rwl);
for (size_t n = arg->start; n < arg->end; n++) {
isc_result_t result = add_hashmap(arg->map, n);
CHECK(n, result);
CHECKN(n, result);
}
WRUNLOCK(&rwl);
@ -229,7 +229,7 @@ thread_hashmap(void *arg0) {
for (size_t n = arg->start; n < arg->end; n++) {
void *pval = NULL;
isc_result_t result = get_hashmap(arg->map, n, &pval);
CHECK(n, result);
CHECKN(n, result);
assert(pval == &item[n]);
}
RDUNLOCK(&rwl);
@ -277,7 +277,7 @@ thread_ht(void *arg0) {
WRLOCK(&rwl);
for (size_t n = arg->start; n < arg->end; n++) {
isc_result_t result = add_ht(arg->map, n);
CHECK(n, result);
CHECKN(n, result);
}
WRUNLOCK(&rwl);
@ -286,7 +286,7 @@ thread_ht(void *arg0) {
for (size_t n = arg->start; n < arg->end; n++) {
void *pval = NULL;
isc_result_t result = get_ht(arg->map, n, &pval);
CHECK(n, result);
CHECKN(n, result);
assert(pval == &item[n]);
}
RDUNLOCK(&rwl);
@ -348,7 +348,7 @@ thread_rbt(void *arg0) {
WRLOCK(&rwl);
for (size_t n = arg->start; n < arg->end; n++) {
isc_result_t result = add_rbt(arg->map, n);
CHECK(n, result);
CHECKN(n, result);
}
WRUNLOCK(&rwl);
@ -357,7 +357,7 @@ thread_rbt(void *arg0) {
for (size_t n = arg->start; n < arg->end; n++) {
void *pval = NULL;
isc_result_t result = get_rbt(arg->map, n, &pval);
CHECK(n, result);
CHECKN(n, result);
assert(pval == &item[n]);
}
RDUNLOCK(&rwl);
@ -409,7 +409,7 @@ _thread_qp(void *arg0, bool sqz, bool brr) {
isc_time_t t0 = isc_time_now_hires();
for (size_t n = arg->start; n < arg->end; n++) {
isc_result_t result = add_qp(qp, n);
CHECK(n, result);
CHECKN(n, result);
}
if (sqz) {
sqz_qp(qp);
@ -427,7 +427,7 @@ _thread_qp(void *arg0, bool sqz, bool brr) {
for (size_t n = arg->start; n < arg->end; n++) {
void *pval = NULL;
isc_result_t result = get_qp(&qpr, n, &pval);
CHECK(n, result);
CHECKN(n, result);
assert(pval == &item[n]);
}

2
tests/dns/qpdb_test.c
View file

@ -35,11 +35,9 @@
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wshadow"
#undef CHECK
#include "qpcache.c"
#pragma GCC diagnostic pop
#undef CHECK
#include <tests/dns.h>
/* Set to true (or use -v option) for verbose output */

2
tests/dns/qpzone_test.c
View file

@ -36,11 +36,9 @@
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wshadow"
#undef CHECK
#include "qpzone.c"
#pragma GCC diagnostic pop
#undef CHECK
#include <tests/dns.h>
#define CASESET(header) \

8
tests/dns/tsig_test.c
View file

@ -38,14 +38,6 @@
#define TEST_ORIGIN "test"
#define CHECK(r) \
{ \
result = (r); \
if (result != ISC_R_SUCCESS) { \
goto cleanup; \
} \
}
static int
setup_test(void **state) {
isc_result_t result;

2
tests/dns/update_test.c
View file

@ -38,11 +38,9 @@
*/
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wshadow"
#undef CHECK
#include "update.c"
#pragma GCC diagnostic pop
#undef CHECK
#include <tests/dns.h>
static int