upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-27 03:51:16 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

rename 'ret' to 'result'

Browse source 
purely to assuage my desire for consistency across modules,
result variables have been renamed to 'result' as they are
throughout most of BIND. there are no other changes.
This commit is contained in:
Evan Hunt 2023-04-13 09:25:13 -07:00
parent 6105a7d360
commit 96e8b0e782
1 changed files with 148 additions and 148 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

296
lib/dns/tsig.c
View file

@ -222,7 +222,7 @@ dns_tsigkey_createfromkey(const dns_name_t *name, dst_algorithm_t algorithm,
isc_stdtime_t expire, isc_mem_t *mctx,
dns_tsigkey_t **keyp) {
dns_tsigkey_t *tkey = NULL;
isc_result_t ret;
isc_result_t result;
REQUIRE(keyp != NULL && *keyp == NULL);
REQUIRE(name != NULL);
@ -243,11 +243,11 @@ dns_tsigkey_createfromkey(const dns_name_t *name, dst_algorithm_t algorithm,
if (algorithm != DST_ALG_UNKNOWN) {
if (dstkey != NULL && dst_key_alg(dstkey) != algorithm) {
ret = DNS_R_BADALG;
result = DNS_R_BADALG;
goto cleanup_name;
}
} else if (dstkey != NULL) {
ret = DNS_R_BADALG;
result = DNS_R_BADALG;
goto cleanup_name;
}
@ -298,7 +298,7 @@ dns_tsigkey_createfromkey(const dns_name_t *name, dst_algorithm_t algorithm,
cleanup_name:
isc_mem_put(mctx, tkey, sizeof(dns_tsigkey_t));
return (ret);
return (result);
}
static void
@ -575,7 +575,7 @@ dns_tsig_sign(dns_message_t *msg) {
isc_stdtime_t now;
isc_mem_t *mctx = NULL;
dst_context_t *ctx = NULL;
isc_result_t ret;
isc_result_t result;
unsigned char badtimedata[BADTIMELEN];
unsigned int sigsize = 0;
bool response;
@ -636,10 +636,10 @@ dns_tsig_sign(dns_message_t *msg) {
* has validated at this point. This is why we include a
* MAC length > 0 in the reply.
*/
ret = dst_context_create(key->key, mctx, DNS_LOGCATEGORY_DNSSEC,
true, 0, &ctx);
if (ret != ISC_R_SUCCESS) {
return (ret);
result = dst_context_create(
key->key, mctx, DNS_LOGCATEGORY_DNSSEC, true, 0, &ctx);
if (result != ISC_R_SUCCESS) {
return (result);
}
/*
@ -656,28 +656,28 @@ dns_tsig_sign(dns_message_t *msg) {
INSIST(msg->verified_sig);
ret = dns_rdataset_first(msg->querytsig);
if (ret != ISC_R_SUCCESS) {
result = dns_rdataset_first(msg->querytsig);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
dns_rdataset_current(msg->querytsig, &querytsigrdata);
ret = dns_rdata_tostruct(&querytsigrdata, &querytsig,
NULL);
if (ret != ISC_R_SUCCESS) {
result = dns_rdata_tostruct(&querytsigrdata, &querytsig,
NULL);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
isc_buffer_putuint16(&databuf, querytsig.siglen);
if (isc_buffer_availablelength(&databuf) <
querytsig.siglen)
{
ret = ISC_R_NOSPACE;
result = ISC_R_NOSPACE;
goto cleanup_context;
}
isc_buffer_putmem(&databuf, querytsig.signature,
querytsig.siglen);
isc_buffer_usedregion(&databuf, &r);
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS) {
result = dst_context_adddata(ctx, &r);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
querytsig_ok = true;
@ -689,8 +689,8 @@ dns_tsig_sign(dns_message_t *msg) {
isc_buffer_init(&headerbuf, header, sizeof(header));
dns_message_renderheader(msg, &headerbuf);
isc_buffer_usedregion(&headerbuf, &r);
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS) {
result = dst_context_adddata(ctx, &r);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
@ -699,8 +699,8 @@ dns_tsig_sign(dns_message_t *msg) {
*/
isc_buffer_usedregion(msg->buffer, &r);
isc_region_consume(&r, DNS_MESSAGE_HEADERLEN);
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS) {
result = dst_context_adddata(ctx, &r);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
@ -709,8 +709,8 @@ dns_tsig_sign(dns_message_t *msg) {
* Digest the name, class, ttl, alg.
*/
dns_name_toregion(key->name, &r);
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS) {
result = dst_context_adddata(ctx, &r);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
@ -718,14 +718,14 @@ dns_tsig_sign(dns_message_t *msg) {
isc_buffer_putuint16(&databuf, dns_rdataclass_any);
isc_buffer_putuint32(&databuf, 0); /* ttl */
isc_buffer_usedregion(&databuf, &r);
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS) {
result = dst_context_adddata(ctx, &r);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
dns_name_toregion(&tsig.algorithm, &r);
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS) {
result = dst_context_adddata(ctx, &r);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
}
@ -737,8 +737,8 @@ dns_tsig_sign(dns_message_t *msg) {
isc_buffer_putuint48(&databuf, tsig.timesigned);
isc_buffer_putuint16(&databuf, tsig.fudge);
isc_buffer_usedregion(&databuf, &r);
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS) {
result = dst_context_adddata(ctx, &r);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
@ -751,8 +751,8 @@ dns_tsig_sign(dns_message_t *msg) {
isc_buffer_putuint16(&databuf, tsig.otherlen);
isc_buffer_usedregion(&databuf, &r);
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS) {
result = dst_context_adddata(ctx, &r);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
@ -762,22 +762,22 @@ dns_tsig_sign(dns_message_t *msg) {
if (tsig.otherlen > 0) {
r.length = tsig.otherlen;
r.base = tsig.other;
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS) {
result = dst_context_adddata(ctx, &r);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
}
}
ret = dst_key_sigsize(key->key, &sigsize);
if (ret != ISC_R_SUCCESS) {
result = dst_key_sigsize(key->key, &sigsize);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
tsig.signature = isc_mem_get(mctx, sigsize);
isc_buffer_init(&sigbuf, tsig.signature, sigsize);
ret = dst_context_sign(ctx, &sigbuf);
if (ret != ISC_R_SUCCESS) {
result = dst_context_sign(ctx, &sigbuf);
if (result != ISC_R_SUCCESS) {
goto cleanup_signature;
}
dst_context_destroy(&ctx);
@ -801,9 +801,9 @@ dns_tsig_sign(dns_message_t *msg) {
dns_message_gettemprdata(msg, &rdata);
isc_buffer_allocate(msg->mctx, &dynbuf, 512);
ret = dns_rdata_fromstruct(rdata, dns_rdataclass_any,
dns_rdatatype_tsig, &tsig, dynbuf);
if (ret != ISC_R_SUCCESS) {
result = dns_rdata_fromstruct(rdata, dns_rdataclass_any,
dns_rdatatype_tsig, &tsig, dynbuf);
if (result != ISC_R_SUCCESS) {
goto cleanup_dynbuf;
}
@ -843,7 +843,7 @@ cleanup_context:
if (ctx != NULL) {
dst_context_destroy(&ctx);
}
return (ret);
return (result);
}
isc_result_t
@ -856,7 +856,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
dns_name_t *keyname = NULL;
dns_rdata_t rdata = DNS_RDATA_INIT;
isc_stdtime_t now;
isc_result_t ret;
isc_result_t result;
dns_tsigkey_t *tsigkey = NULL;
dst_key_t *key = NULL;
unsigned char header[DNS_MESSAGE_HEADERLEN];
@ -908,25 +908,25 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
*/
keyname = msg->tsigname;
ret = dns_rdataset_first(msg->tsig);
if (ret != ISC_R_SUCCESS) {
return (ret);
result = dns_rdataset_first(msg->tsig);
if (result != ISC_R_SUCCESS) {
return (result);
}
dns_rdataset_current(msg->tsig, &rdata);
ret = dns_rdata_tostruct(&rdata, &tsig, NULL);
if (ret != ISC_R_SUCCESS) {
return (ret);
result = dns_rdata_tostruct(&rdata, &tsig, NULL);
if (result != ISC_R_SUCCESS) {
return (result);
}
dns_rdata_reset(&rdata);
if (response) {
ret = dns_rdataset_first(msg->querytsig);
if (ret != ISC_R_SUCCESS) {
return (ret);
result = dns_rdataset_first(msg->querytsig);
if (result != ISC_R_SUCCESS) {
return (result);
}
dns_rdataset_current(msg->querytsig, &rdata);
ret = dns_rdata_tostruct(&rdata, &querytsig, NULL);
if (ret != ISC_R_SUCCESS) {
return (ret);
result = dns_rdata_tostruct(&rdata, &querytsig, NULL);
if (result != ISC_R_SUCCESS) {
return (result);
}
}
@ -956,22 +956,22 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
* Find dns_tsigkey_t based on keyname.
*/
if (tsigkey == NULL) {
ret = ISC_R_NOTFOUND;
result = ISC_R_NOTFOUND;
if (ring1 != NULL) {
ret = dns_tsigkey_find(&tsigkey, keyname,
&tsig.algorithm, ring1);
result = dns_tsigkey_find(&tsigkey, keyname,
&tsig.algorithm, ring1);
}
if (ret == ISC_R_NOTFOUND && ring2 != NULL) {
ret = dns_tsigkey_find(&tsigkey, keyname,
&tsig.algorithm, ring2);
if (result == ISC_R_NOTFOUND && ring2 != NULL) {
result = dns_tsigkey_find(&tsigkey, keyname,
&tsig.algorithm, ring2);
}
if (ret != ISC_R_SUCCESS) {
if (result != ISC_R_SUCCESS) {
msg->tsigstatus = dns_tsigerror_badkey;
ret = dns_tsigkey_create(
result = dns_tsigkey_create(
keyname, dns__tsig_algfromname(&tsig.algorithm),
NULL, 0, mctx, &msg->tsigkey);
if (ret != ISC_R_SUCCESS) {
return (ret);
if (result != ISC_R_SUCCESS) {
return (result);
}
tsig_log(msg->tsigkey, 2, "unknown key");
return (DNS_R_TSIGVERIFYFAILURE);
@ -985,9 +985,9 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
* Check digest length.
*/
alg = dst_key_alg(key);
ret = dst_key_sigsize(key, &siglen);
if (ret != ISC_R_SUCCESS) {
return (ret);
result = dst_key_sigsize(key, &siglen);
if (result != ISC_R_SUCCESS) {
return (result);
}
if (dns__tsig_algvalid(alg)) {
if (tsig.siglen > siglen) {
@ -1009,25 +1009,25 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
sig_r.base = tsig.signature;
sig_r.length = tsig.siglen;
ret = dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC,
false, 0, &ctx);
if (ret != ISC_R_SUCCESS) {
return (ret);
result = dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC,
false, 0, &ctx);
if (result != ISC_R_SUCCESS) {
return (result);
}
if (response) {
isc_buffer_init(&databuf, data, sizeof(data));
isc_buffer_putuint16(&databuf, querytsig.siglen);
isc_buffer_usedregion(&databuf, &r);
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS) {
result = dst_context_adddata(ctx, &r);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
if (querytsig.siglen > 0) {
r.length = querytsig.siglen;
r.base = querytsig.signature;
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS) {
result = dst_context_adddata(ctx, &r);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
}
@ -1059,8 +1059,8 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
*/
header_r.base = (unsigned char *)header;
header_r.length = DNS_MESSAGE_HEADERLEN;
ret = dst_context_adddata(ctx, &header_r);
if (ret != ISC_R_SUCCESS) {
result = dst_context_adddata(ctx, &header_r);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
@ -1070,8 +1070,8 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
isc_buffer_usedregion(source, &source_r);
r.base = source_r.base + DNS_MESSAGE_HEADERLEN;
r.length = msg->sigstart - DNS_MESSAGE_HEADERLEN;
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS) {
result = dst_context_adddata(ctx, &r);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
@ -1079,8 +1079,8 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
* Digest the key name.
*/
dns_name_toregion(tsigkey->name, &r);
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS) {
result = dst_context_adddata(ctx, &r);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
@ -1088,8 +1088,8 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
isc_buffer_putuint16(&databuf, tsig.common.rdclass);
isc_buffer_putuint32(&databuf, msg->tsig->ttl);
isc_buffer_usedregion(&databuf, &r);
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS) {
result = dst_context_adddata(ctx, &r);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
@ -1097,8 +1097,8 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
* Digest the key algorithm.
*/
dns_name_toregion(tsigkey->algorithm, &r);
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS) {
result = dst_context_adddata(ctx, &r);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
@ -1108,27 +1108,27 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
isc_buffer_putuint16(&databuf, tsig.error);
isc_buffer_putuint16(&databuf, tsig.otherlen);
isc_buffer_usedregion(&databuf, &r);
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS) {
result = dst_context_adddata(ctx, &r);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
if (tsig.otherlen > 0) {
r.base = tsig.other;
r.length = tsig.otherlen;
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS) {
result = dst_context_adddata(ctx, &r);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
}
ret = dst_context_verify(ctx, &sig_r);
if (ret == DST_R_VERIFYFAILURE) {
ret = DNS_R_TSIGVERIFYFAILURE;
result = dst_context_verify(ctx, &sig_r);
if (result == DST_R_VERIFYFAILURE) {
result = DNS_R_TSIGVERIFYFAILURE;
tsig_log(msg->tsigkey, 2,
"signature failed to verify(1)");
goto cleanup_context;
} else if (ret != ISC_R_SUCCESS) {
} else if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
msg->verified_sig = 1;
@ -1152,12 +1152,12 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
if (now + msg->timeadjust > tsig.timesigned + tsig.fudge) {
msg->tsigstatus = dns_tsigerror_badtime;
tsig_log(msg->tsigkey, 2, "signature has expired");
ret = DNS_R_CLOCKSKEW;
result = DNS_R_CLOCKSKEW;
goto cleanup_context;
} else if (now + msg->timeadjust < tsig.timesigned - tsig.fudge) {
msg->tsigstatus = dns_tsigerror_badtime;
tsig_log(msg->tsigkey, 2, "signature is in the future");
ret = DNS_R_CLOCKSKEW;
result = DNS_R_CLOCKSKEW;
goto cleanup_context;
}
@ -1170,14 +1170,14 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
msg->tsigstatus = dns_tsigerror_badtrunc;
tsig_log(msg->tsigkey, 2,
"truncated signature length too small");
ret = DNS_R_TSIGVERIFYFAILURE;
result = DNS_R_TSIGVERIFYFAILURE;
goto cleanup_context;
}
if (tsig.siglen > 0 && digestbits == 0 && tsig.siglen < siglen)
{
msg->tsigstatus = dns_tsigerror_badtrunc;
tsig_log(msg->tsigkey, 2, "signature length too small");
ret = DNS_R_TSIGVERIFYFAILURE;
result = DNS_R_TSIGVERIFYFAILURE;
goto cleanup_context;
}
}
@ -1185,22 +1185,22 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
if (response && tsig.error != dns_rcode_noerror) {
msg->tsigstatus = tsig.error;
if (tsig.error == dns_tsigerror_badtime) {
ret = DNS_R_CLOCKSKEW;
result = DNS_R_CLOCKSKEW;
} else {
ret = DNS_R_TSIGERRORSET;
result = DNS_R_TSIGERRORSET;
}
goto cleanup_context;
}
msg->tsigstatus = dns_rcode_noerror;
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
cleanup_context:
if (ctx != NULL) {
dst_context_destroy(&ctx);
}
return (ret);
return (result);
}
static isc_result_t
@ -1212,7 +1212,7 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
dns_name_t *keyname = NULL;
dns_rdata_t rdata = DNS_RDATA_INIT;
isc_stdtime_t now;
isc_result_t ret;
isc_result_t result;
dns_tsigkey_t *tsigkey = NULL;
dst_key_t *key = NULL;
unsigned char header[DNS_MESSAGE_HEADERLEN];
@ -1243,14 +1243,14 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
/*
* Extract and parse the previous TSIG
*/
ret = dns_rdataset_first(msg->querytsig);
if (ret != ISC_R_SUCCESS) {
return (ret);
result = dns_rdataset_first(msg->querytsig);
if (result != ISC_R_SUCCESS) {
return (result);
}
dns_rdataset_current(msg->querytsig, &rdata);
ret = dns_rdata_tostruct(&rdata, &querytsig, NULL);
if (ret != ISC_R_SUCCESS) {
return (ret);
result = dns_rdata_tostruct(&rdata, &querytsig, NULL);
if (result != ISC_R_SUCCESS) {
return (result);
}
dns_rdata_reset(&rdata);
@ -1261,13 +1261,13 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
has_tsig = true;
keyname = msg->tsigname;
ret = dns_rdataset_first(msg->tsig);
if (ret != ISC_R_SUCCESS) {
result = dns_rdataset_first(msg->tsig);
if (result != ISC_R_SUCCESS) {
goto cleanup_querystruct;
}
dns_rdataset_current(msg->tsig, &rdata);
ret = dns_rdata_tostruct(&rdata, &tsig, NULL);
if (ret != ISC_R_SUCCESS) {
result = dns_rdata_tostruct(&rdata, &tsig, NULL);
if (result != ISC_R_SUCCESS) {
goto cleanup_querystruct;
}
@ -1278,7 +1278,7 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
!dns_name_equal(&tsig.algorithm, &querytsig.algorithm))
{
msg->tsigstatus = dns_tsigerror_badkey;
ret = DNS_R_TSIGVERIFYFAILURE;
result = DNS_R_TSIGVERIFYFAILURE;
tsig_log(msg->tsigkey, 2,
"key name and algorithm do not match");
goto cleanup_querystruct;
@ -1288,15 +1288,15 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
* Check digest length.
*/
alg = dst_key_alg(key);
ret = dst_key_sigsize(key, &siglen);
if (ret != ISC_R_SUCCESS) {
result = dst_key_sigsize(key, &siglen);
if (result != ISC_R_SUCCESS) {
goto cleanup_querystruct;
}
if (dns__tsig_algvalid(alg)) {
if (tsig.siglen > siglen) {
tsig_log(tsigkey, 2,
"signature length too big");
ret = DNS_R_FORMERR;
result = DNS_R_FORMERR;
goto cleanup_querystruct;
}
if (tsig.siglen > 0 &&
@ -1305,16 +1305,16 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
{
tsig_log(tsigkey, 2,
"signature length below minimum");
ret = DNS_R_FORMERR;
result = DNS_R_FORMERR;
goto cleanup_querystruct;
}
}
}
if (msg->tsigctx == NULL) {
ret = dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC,
false, 0, &msg->tsigctx);
if (ret != ISC_R_SUCCESS) {
result = dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC,
false, 0, &msg->tsigctx);
if (result != ISC_R_SUCCESS) {
goto cleanup_querystruct;
}
@ -1324,8 +1324,8 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
isc_buffer_init(&databuf, data, sizeof(data));
isc_buffer_putuint16(&databuf, querytsig.siglen);
isc_buffer_usedregion(&databuf, &r);
ret = dst_context_adddata(msg->tsigctx, &r);
if (ret != ISC_R_SUCCESS) {
result = dst_context_adddata(msg->tsigctx, &r);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
@ -1335,8 +1335,8 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
if (querytsig.siglen > 0) {
r.length = querytsig.siglen;
r.base = querytsig.signature;
ret = dst_context_adddata(msg->tsigctx, &r);
if (ret != ISC_R_SUCCESS) {
result = dst_context_adddata(msg->tsigctx, &r);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
}
@ -1375,8 +1375,8 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
*/
header_r.base = (unsigned char *)header;
header_r.length = DNS_MESSAGE_HEADERLEN;
ret = dst_context_adddata(msg->tsigctx, &header_r);
if (ret != ISC_R_SUCCESS) {
result = dst_context_adddata(msg->tsigctx, &header_r);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
@ -1390,8 +1390,8 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
} else {
r.length = source_r.length - DNS_MESSAGE_HEADERLEN;
}
ret = dst_context_adddata(msg->tsigctx, &r);
if (ret != ISC_R_SUCCESS) {
result = dst_context_adddata(msg->tsigctx, &r);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
@ -1403,8 +1403,8 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
isc_buffer_putuint48(&databuf, tsig.timesigned);
isc_buffer_putuint16(&databuf, tsig.fudge);
isc_buffer_usedregion(&databuf, &r);
ret = dst_context_adddata(msg->tsigctx, &r);
if (ret != ISC_R_SUCCESS) {
result = dst_context_adddata(msg->tsigctx, &r);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
@ -1414,24 +1414,24 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
if (tsig.error != dns_rcode_noerror) {
msg->tsigstatus = tsig.error;
if (tsig.error == dns_tsigerror_badtime) {
ret = DNS_R_CLOCKSKEW;
result = DNS_R_CLOCKSKEW;
} else {
ret = DNS_R_TSIGERRORSET;
result = DNS_R_TSIGERRORSET;
}
} else {
tsig_log(msg->tsigkey, 2, "signature is empty");
ret = DNS_R_TSIGVERIFYFAILURE;
result = DNS_R_TSIGVERIFYFAILURE;
}
goto cleanup_context;
}
ret = dst_context_verify(msg->tsigctx, &sig_r);
if (ret == DST_R_VERIFYFAILURE) {
result = dst_context_verify(msg->tsigctx, &sig_r);
if (result == DST_R_VERIFYFAILURE) {
tsig_log(msg->tsigkey, 2,
"signature failed to verify(2)");
ret = DNS_R_TSIGVERIFYFAILURE;
result = DNS_R_TSIGVERIFYFAILURE;
goto cleanup_context;
} else if (ret != ISC_R_SUCCESS) {
} else if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
msg->verified_sig = 1;
@ -1455,19 +1455,19 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
if (now + msg->timeadjust > tsig.timesigned + tsig.fudge) {
msg->tsigstatus = dns_tsigerror_badtime;
tsig_log(msg->tsigkey, 2, "signature has expired");
ret = DNS_R_CLOCKSKEW;
result = DNS_R_CLOCKSKEW;
goto cleanup_context;
} else if (now + msg->timeadjust < tsig.timesigned - tsig.fudge)
{
msg->tsigstatus = dns_tsigerror_badtime;
tsig_log(msg->tsigkey, 2, "signature is in the future");
ret = DNS_R_CLOCKSKEW;
result = DNS_R_CLOCKSKEW;
goto cleanup_context;
}
alg = dst_key_alg(key);
ret = dst_key_sigsize(key, &siglen);
if (ret != ISC_R_SUCCESS) {
result = dst_key_sigsize(key, &siglen);
if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
if (dns__tsig_algvalid(alg)) {
@ -1480,7 +1480,7 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
tsig_log(msg->tsigkey, 2,
"truncated signature length "
"too small");
ret = DNS_R_TSIGVERIFYFAILURE;
result = DNS_R_TSIGVERIFYFAILURE;
goto cleanup_context;
}
if (tsig.siglen > 0 && digestbits == 0 &&
@ -1489,7 +1489,7 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
msg->tsigstatus = dns_tsigerror_badtrunc;
tsig_log(msg->tsigkey, 2,
"signature length too small");
ret = DNS_R_TSIGVERIFYFAILURE;
result = DNS_R_TSIGVERIFYFAILURE;
goto cleanup_context;
}
}
@ -1497,16 +1497,16 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
if (tsig.error != dns_rcode_noerror) {
msg->tsigstatus = tsig.error;
if (tsig.error == dns_tsigerror_badtime) {
ret = DNS_R_CLOCKSKEW;
result = DNS_R_CLOCKSKEW;
} else {
ret = DNS_R_TSIGERRORSET;
result = DNS_R_TSIGERRORSET;
}
goto cleanup_context;
}
}
msg->tsigstatus = dns_rcode_noerror;
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
cleanup_context:
/*
@ -1514,14 +1514,14 @@ cleanup_context:
* for unsigned messages; it is a running sum till the next
* TSIG signed message.
*/
if ((ret != ISC_R_SUCCESS || has_tsig) && msg->tsigctx != NULL) {
if ((result != ISC_R_SUCCESS || has_tsig) && msg->tsigctx != NULL) {
dst_context_destroy(&msg->tsigctx);
}
cleanup_querystruct:
dns_rdata_freestruct(&querytsig);
return (ret);
return (result);
}
isc_result_t