upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-01 04:19:36 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

- Fix text around serial arithmatic used for RRSIG times to refer

Browse source 
to correct RFC number.
This commit is contained in:
W.C.A. Wijngaards 2019-12-03 12:58:09 +01:00
parent cdbf091c0d
commit 5a00b31f86
2 changed files with 13 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
doc/Changelog
View file

@ -1,6 +1,8 @@
3 December 2019: Wouter
- Merge pull request #124 from rmetrich: Changed log lock
from 'quick' to 'basic' because this is an I/O lock.
- Fix text around serial arithmatic used for RRSIG times to refer
to correct RFC number.
2 December 2019: Wouter
- Merge pull request #122 from he32: In tcp_callback_writer(),

22
validator/val_sigcrypt.c
View file

@ -1225,11 +1225,11 @@ sigdate_error(const char* str, int32_t expi, int32_t incep, int32_t now)
(unsigned)incep, (unsigned)now);
}
/** RFC 1918 comparison, uses unsigned integers, and tries to avoid
/** RFC 1982 comparison, uses unsigned integers, and tries to avoid
* compiler optimization (eg. by avoiding a-b<0 comparisons),
* this routine matches compare_serial(), for SOA serial number checks */
static int
compare_1918(uint32_t a, uint32_t b)
compare_1982(uint32_t a, uint32_t b)
{
/* for 32 bit values */
const uint32_t cutoff = ((uint32_t) 1 << (32 - 1));
@ -1244,9 +1244,9 @@ compare_1918(uint32_t a, uint32_t b)
}
/** if we know that b is larger than a, return the difference between them,
* that is the distance between them. in RFC1918 arith */
* that is the distance between them. in RFC1982 arith */
static uint32_t
subtract_1918(uint32_t a, uint32_t b)
subtract_1982(uint32_t a, uint32_t b)
{
/* for 32 bit values */
const uint32_t cutoff = ((uint32_t) 1 << (32 - 1));
@ -1286,18 +1286,18 @@ check_dates(struct val_env* ve, uint32_t unow,
} else now = unow;
/* check them */
if(compare_1918(incep, expi) > 0) {
if(compare_1982(incep, expi) > 0) {
sigdate_error("verify: inception after expiration, "
"signature bad", expi, incep, now);
*reason = "signature inception after expiration";
return 0;
}
if(compare_1918(incep, now) > 0) {
if(compare_1982(incep, now) > 0) {
/* within skew ? (calc here to avoid calculation normally) */
uint32_t skew = subtract_1918(incep, expi)/10;
uint32_t skew = subtract_1982(incep, expi)/10;
if(skew < (uint32_t)ve->skew_min) skew = ve->skew_min;
if(skew > (uint32_t)ve->skew_max) skew = ve->skew_max;
if(subtract_1918(now, incep) > skew) {
if(subtract_1982(now, incep) > skew) {
sigdate_error("verify: signature bad, current time is"
" before inception date", expi, incep, now);
*reason = "signature before inception date";
@ -1306,11 +1306,11 @@ check_dates(struct val_env* ve, uint32_t unow,
sigdate_error("verify warning suspicious signature inception "
" or bad local clock", expi, incep, now);
}
if(compare_1918(now, expi) > 0) {
uint32_t skew = subtract_1918(incep, expi)/10;
if(compare_1982(now, expi) > 0) {
uint32_t skew = subtract_1982(incep, expi)/10;
if(skew < (uint32_t)ve->skew_min) skew = ve->skew_min;
if(skew > (uint32_t)ve->skew_max) skew = ve->skew_max;
if(subtract_1918(expi, now) > skew) {
if(subtract_1982(expi, now) > skew) {
sigdate_error("verify: signature expired", expi,
incep, now);
*reason = "signature expired";