From 96e8b0e78234ddfcf6843da7c98dfd623de3236b Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Thu, 13 Apr 2023 09:25:13 -0700 Subject: [PATCH] rename 'ret' to 'result' purely to assuage my desire for consistency across modules, result variables have been renamed to 'result' as they are throughout most of BIND. there are no other changes. --- lib/dns/tsig.c | 296 ++++++++++++++++++++++++------------------------- 1 file changed, 148 insertions(+), 148 deletions(-) diff --git a/lib/dns/tsig.c b/lib/dns/tsig.c index 01e22a45c4..78e7328335 100644 --- a/lib/dns/tsig.c +++ b/lib/dns/tsig.c @@ -222,7 +222,7 @@ dns_tsigkey_createfromkey(const dns_name_t *name, dst_algorithm_t algorithm, isc_stdtime_t expire, isc_mem_t *mctx, dns_tsigkey_t **keyp) { dns_tsigkey_t *tkey = NULL; - isc_result_t ret; + isc_result_t result; REQUIRE(keyp != NULL && *keyp == NULL); REQUIRE(name != NULL); @@ -243,11 +243,11 @@ dns_tsigkey_createfromkey(const dns_name_t *name, dst_algorithm_t algorithm, if (algorithm != DST_ALG_UNKNOWN) { if (dstkey != NULL && dst_key_alg(dstkey) != algorithm) { - ret = DNS_R_BADALG; + result = DNS_R_BADALG; goto cleanup_name; } } else if (dstkey != NULL) { - ret = DNS_R_BADALG; + result = DNS_R_BADALG; goto cleanup_name; } @@ -298,7 +298,7 @@ dns_tsigkey_createfromkey(const dns_name_t *name, dst_algorithm_t algorithm, cleanup_name: isc_mem_put(mctx, tkey, sizeof(dns_tsigkey_t)); - return (ret); + return (result); } static void @@ -575,7 +575,7 @@ dns_tsig_sign(dns_message_t *msg) { isc_stdtime_t now; isc_mem_t *mctx = NULL; dst_context_t *ctx = NULL; - isc_result_t ret; + isc_result_t result; unsigned char badtimedata[BADTIMELEN]; unsigned int sigsize = 0; bool response; @@ -636,10 +636,10 @@ dns_tsig_sign(dns_message_t *msg) { * has validated at this point. This is why we include a * MAC length > 0 in the reply. */ - ret = dst_context_create(key->key, mctx, DNS_LOGCATEGORY_DNSSEC, - true, 0, &ctx); - if (ret != ISC_R_SUCCESS) { - return (ret); + result = dst_context_create( + key->key, mctx, DNS_LOGCATEGORY_DNSSEC, true, 0, &ctx); + if (result != ISC_R_SUCCESS) { + return (result); } /* @@ -656,28 +656,28 @@ dns_tsig_sign(dns_message_t *msg) { INSIST(msg->verified_sig); - ret = dns_rdataset_first(msg->querytsig); - if (ret != ISC_R_SUCCESS) { + result = dns_rdataset_first(msg->querytsig); + if (result != ISC_R_SUCCESS) { goto cleanup_context; } dns_rdataset_current(msg->querytsig, &querytsigrdata); - ret = dns_rdata_tostruct(&querytsigrdata, &querytsig, - NULL); - if (ret != ISC_R_SUCCESS) { + result = dns_rdata_tostruct(&querytsigrdata, &querytsig, + NULL); + if (result != ISC_R_SUCCESS) { goto cleanup_context; } isc_buffer_putuint16(&databuf, querytsig.siglen); if (isc_buffer_availablelength(&databuf) < querytsig.siglen) { - ret = ISC_R_NOSPACE; + result = ISC_R_NOSPACE; goto cleanup_context; } isc_buffer_putmem(&databuf, querytsig.signature, querytsig.siglen); isc_buffer_usedregion(&databuf, &r); - ret = dst_context_adddata(ctx, &r); - if (ret != ISC_R_SUCCESS) { + result = dst_context_adddata(ctx, &r); + if (result != ISC_R_SUCCESS) { goto cleanup_context; } querytsig_ok = true; @@ -689,8 +689,8 @@ dns_tsig_sign(dns_message_t *msg) { isc_buffer_init(&headerbuf, header, sizeof(header)); dns_message_renderheader(msg, &headerbuf); isc_buffer_usedregion(&headerbuf, &r); - ret = dst_context_adddata(ctx, &r); - if (ret != ISC_R_SUCCESS) { + result = dst_context_adddata(ctx, &r); + if (result != ISC_R_SUCCESS) { goto cleanup_context; } @@ -699,8 +699,8 @@ dns_tsig_sign(dns_message_t *msg) { */ isc_buffer_usedregion(msg->buffer, &r); isc_region_consume(&r, DNS_MESSAGE_HEADERLEN); - ret = dst_context_adddata(ctx, &r); - if (ret != ISC_R_SUCCESS) { + result = dst_context_adddata(ctx, &r); + if (result != ISC_R_SUCCESS) { goto cleanup_context; } @@ -709,8 +709,8 @@ dns_tsig_sign(dns_message_t *msg) { * Digest the name, class, ttl, alg. */ dns_name_toregion(key->name, &r); - ret = dst_context_adddata(ctx, &r); - if (ret != ISC_R_SUCCESS) { + result = dst_context_adddata(ctx, &r); + if (result != ISC_R_SUCCESS) { goto cleanup_context; } @@ -718,14 +718,14 @@ dns_tsig_sign(dns_message_t *msg) { isc_buffer_putuint16(&databuf, dns_rdataclass_any); isc_buffer_putuint32(&databuf, 0); /* ttl */ isc_buffer_usedregion(&databuf, &r); - ret = dst_context_adddata(ctx, &r); - if (ret != ISC_R_SUCCESS) { + result = dst_context_adddata(ctx, &r); + if (result != ISC_R_SUCCESS) { goto cleanup_context; } dns_name_toregion(&tsig.algorithm, &r); - ret = dst_context_adddata(ctx, &r); - if (ret != ISC_R_SUCCESS) { + result = dst_context_adddata(ctx, &r); + if (result != ISC_R_SUCCESS) { goto cleanup_context; } } @@ -737,8 +737,8 @@ dns_tsig_sign(dns_message_t *msg) { isc_buffer_putuint48(&databuf, tsig.timesigned); isc_buffer_putuint16(&databuf, tsig.fudge); isc_buffer_usedregion(&databuf, &r); - ret = dst_context_adddata(ctx, &r); - if (ret != ISC_R_SUCCESS) { + result = dst_context_adddata(ctx, &r); + if (result != ISC_R_SUCCESS) { goto cleanup_context; } @@ -751,8 +751,8 @@ dns_tsig_sign(dns_message_t *msg) { isc_buffer_putuint16(&databuf, tsig.otherlen); isc_buffer_usedregion(&databuf, &r); - ret = dst_context_adddata(ctx, &r); - if (ret != ISC_R_SUCCESS) { + result = dst_context_adddata(ctx, &r); + if (result != ISC_R_SUCCESS) { goto cleanup_context; } @@ -762,22 +762,22 @@ dns_tsig_sign(dns_message_t *msg) { if (tsig.otherlen > 0) { r.length = tsig.otherlen; r.base = tsig.other; - ret = dst_context_adddata(ctx, &r); - if (ret != ISC_R_SUCCESS) { + result = dst_context_adddata(ctx, &r); + if (result != ISC_R_SUCCESS) { goto cleanup_context; } } } - ret = dst_key_sigsize(key->key, &sigsize); - if (ret != ISC_R_SUCCESS) { + result = dst_key_sigsize(key->key, &sigsize); + if (result != ISC_R_SUCCESS) { goto cleanup_context; } tsig.signature = isc_mem_get(mctx, sigsize); isc_buffer_init(&sigbuf, tsig.signature, sigsize); - ret = dst_context_sign(ctx, &sigbuf); - if (ret != ISC_R_SUCCESS) { + result = dst_context_sign(ctx, &sigbuf); + if (result != ISC_R_SUCCESS) { goto cleanup_signature; } dst_context_destroy(&ctx); @@ -801,9 +801,9 @@ dns_tsig_sign(dns_message_t *msg) { dns_message_gettemprdata(msg, &rdata); isc_buffer_allocate(msg->mctx, &dynbuf, 512); - ret = dns_rdata_fromstruct(rdata, dns_rdataclass_any, - dns_rdatatype_tsig, &tsig, dynbuf); - if (ret != ISC_R_SUCCESS) { + result = dns_rdata_fromstruct(rdata, dns_rdataclass_any, + dns_rdatatype_tsig, &tsig, dynbuf); + if (result != ISC_R_SUCCESS) { goto cleanup_dynbuf; } @@ -843,7 +843,7 @@ cleanup_context: if (ctx != NULL) { dst_context_destroy(&ctx); } - return (ret); + return (result); } isc_result_t @@ -856,7 +856,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, dns_name_t *keyname = NULL; dns_rdata_t rdata = DNS_RDATA_INIT; isc_stdtime_t now; - isc_result_t ret; + isc_result_t result; dns_tsigkey_t *tsigkey = NULL; dst_key_t *key = NULL; unsigned char header[DNS_MESSAGE_HEADERLEN]; @@ -908,25 +908,25 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, */ keyname = msg->tsigname; - ret = dns_rdataset_first(msg->tsig); - if (ret != ISC_R_SUCCESS) { - return (ret); + result = dns_rdataset_first(msg->tsig); + if (result != ISC_R_SUCCESS) { + return (result); } dns_rdataset_current(msg->tsig, &rdata); - ret = dns_rdata_tostruct(&rdata, &tsig, NULL); - if (ret != ISC_R_SUCCESS) { - return (ret); + result = dns_rdata_tostruct(&rdata, &tsig, NULL); + if (result != ISC_R_SUCCESS) { + return (result); } dns_rdata_reset(&rdata); if (response) { - ret = dns_rdataset_first(msg->querytsig); - if (ret != ISC_R_SUCCESS) { - return (ret); + result = dns_rdataset_first(msg->querytsig); + if (result != ISC_R_SUCCESS) { + return (result); } dns_rdataset_current(msg->querytsig, &rdata); - ret = dns_rdata_tostruct(&rdata, &querytsig, NULL); - if (ret != ISC_R_SUCCESS) { - return (ret); + result = dns_rdata_tostruct(&rdata, &querytsig, NULL); + if (result != ISC_R_SUCCESS) { + return (result); } } @@ -956,22 +956,22 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, * Find dns_tsigkey_t based on keyname. */ if (tsigkey == NULL) { - ret = ISC_R_NOTFOUND; + result = ISC_R_NOTFOUND; if (ring1 != NULL) { - ret = dns_tsigkey_find(&tsigkey, keyname, - &tsig.algorithm, ring1); + result = dns_tsigkey_find(&tsigkey, keyname, + &tsig.algorithm, ring1); } - if (ret == ISC_R_NOTFOUND && ring2 != NULL) { - ret = dns_tsigkey_find(&tsigkey, keyname, - &tsig.algorithm, ring2); + if (result == ISC_R_NOTFOUND && ring2 != NULL) { + result = dns_tsigkey_find(&tsigkey, keyname, + &tsig.algorithm, ring2); } - if (ret != ISC_R_SUCCESS) { + if (result != ISC_R_SUCCESS) { msg->tsigstatus = dns_tsigerror_badkey; - ret = dns_tsigkey_create( + result = dns_tsigkey_create( keyname, dns__tsig_algfromname(&tsig.algorithm), NULL, 0, mctx, &msg->tsigkey); - if (ret != ISC_R_SUCCESS) { - return (ret); + if (result != ISC_R_SUCCESS) { + return (result); } tsig_log(msg->tsigkey, 2, "unknown key"); return (DNS_R_TSIGVERIFYFAILURE); @@ -985,9 +985,9 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, * Check digest length. */ alg = dst_key_alg(key); - ret = dst_key_sigsize(key, &siglen); - if (ret != ISC_R_SUCCESS) { - return (ret); + result = dst_key_sigsize(key, &siglen); + if (result != ISC_R_SUCCESS) { + return (result); } if (dns__tsig_algvalid(alg)) { if (tsig.siglen > siglen) { @@ -1009,25 +1009,25 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, sig_r.base = tsig.signature; sig_r.length = tsig.siglen; - ret = dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, - false, 0, &ctx); - if (ret != ISC_R_SUCCESS) { - return (ret); + result = dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, + false, 0, &ctx); + if (result != ISC_R_SUCCESS) { + return (result); } if (response) { isc_buffer_init(&databuf, data, sizeof(data)); isc_buffer_putuint16(&databuf, querytsig.siglen); isc_buffer_usedregion(&databuf, &r); - ret = dst_context_adddata(ctx, &r); - if (ret != ISC_R_SUCCESS) { + result = dst_context_adddata(ctx, &r); + if (result != ISC_R_SUCCESS) { goto cleanup_context; } if (querytsig.siglen > 0) { r.length = querytsig.siglen; r.base = querytsig.signature; - ret = dst_context_adddata(ctx, &r); - if (ret != ISC_R_SUCCESS) { + result = dst_context_adddata(ctx, &r); + if (result != ISC_R_SUCCESS) { goto cleanup_context; } } @@ -1059,8 +1059,8 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, */ header_r.base = (unsigned char *)header; header_r.length = DNS_MESSAGE_HEADERLEN; - ret = dst_context_adddata(ctx, &header_r); - if (ret != ISC_R_SUCCESS) { + result = dst_context_adddata(ctx, &header_r); + if (result != ISC_R_SUCCESS) { goto cleanup_context; } @@ -1070,8 +1070,8 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, isc_buffer_usedregion(source, &source_r); r.base = source_r.base + DNS_MESSAGE_HEADERLEN; r.length = msg->sigstart - DNS_MESSAGE_HEADERLEN; - ret = dst_context_adddata(ctx, &r); - if (ret != ISC_R_SUCCESS) { + result = dst_context_adddata(ctx, &r); + if (result != ISC_R_SUCCESS) { goto cleanup_context; } @@ -1079,8 +1079,8 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, * Digest the key name. */ dns_name_toregion(tsigkey->name, &r); - ret = dst_context_adddata(ctx, &r); - if (ret != ISC_R_SUCCESS) { + result = dst_context_adddata(ctx, &r); + if (result != ISC_R_SUCCESS) { goto cleanup_context; } @@ -1088,8 +1088,8 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, isc_buffer_putuint16(&databuf, tsig.common.rdclass); isc_buffer_putuint32(&databuf, msg->tsig->ttl); isc_buffer_usedregion(&databuf, &r); - ret = dst_context_adddata(ctx, &r); - if (ret != ISC_R_SUCCESS) { + result = dst_context_adddata(ctx, &r); + if (result != ISC_R_SUCCESS) { goto cleanup_context; } @@ -1097,8 +1097,8 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, * Digest the key algorithm. */ dns_name_toregion(tsigkey->algorithm, &r); - ret = dst_context_adddata(ctx, &r); - if (ret != ISC_R_SUCCESS) { + result = dst_context_adddata(ctx, &r); + if (result != ISC_R_SUCCESS) { goto cleanup_context; } @@ -1108,27 +1108,27 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, isc_buffer_putuint16(&databuf, tsig.error); isc_buffer_putuint16(&databuf, tsig.otherlen); isc_buffer_usedregion(&databuf, &r); - ret = dst_context_adddata(ctx, &r); - if (ret != ISC_R_SUCCESS) { + result = dst_context_adddata(ctx, &r); + if (result != ISC_R_SUCCESS) { goto cleanup_context; } if (tsig.otherlen > 0) { r.base = tsig.other; r.length = tsig.otherlen; - ret = dst_context_adddata(ctx, &r); - if (ret != ISC_R_SUCCESS) { + result = dst_context_adddata(ctx, &r); + if (result != ISC_R_SUCCESS) { goto cleanup_context; } } - ret = dst_context_verify(ctx, &sig_r); - if (ret == DST_R_VERIFYFAILURE) { - ret = DNS_R_TSIGVERIFYFAILURE; + result = dst_context_verify(ctx, &sig_r); + if (result == DST_R_VERIFYFAILURE) { + result = DNS_R_TSIGVERIFYFAILURE; tsig_log(msg->tsigkey, 2, "signature failed to verify(1)"); goto cleanup_context; - } else if (ret != ISC_R_SUCCESS) { + } else if (result != ISC_R_SUCCESS) { goto cleanup_context; } msg->verified_sig = 1; @@ -1152,12 +1152,12 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, if (now + msg->timeadjust > tsig.timesigned + tsig.fudge) { msg->tsigstatus = dns_tsigerror_badtime; tsig_log(msg->tsigkey, 2, "signature has expired"); - ret = DNS_R_CLOCKSKEW; + result = DNS_R_CLOCKSKEW; goto cleanup_context; } else if (now + msg->timeadjust < tsig.timesigned - tsig.fudge) { msg->tsigstatus = dns_tsigerror_badtime; tsig_log(msg->tsigkey, 2, "signature is in the future"); - ret = DNS_R_CLOCKSKEW; + result = DNS_R_CLOCKSKEW; goto cleanup_context; } @@ -1170,14 +1170,14 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, msg->tsigstatus = dns_tsigerror_badtrunc; tsig_log(msg->tsigkey, 2, "truncated signature length too small"); - ret = DNS_R_TSIGVERIFYFAILURE; + result = DNS_R_TSIGVERIFYFAILURE; goto cleanup_context; } if (tsig.siglen > 0 && digestbits == 0 && tsig.siglen < siglen) { msg->tsigstatus = dns_tsigerror_badtrunc; tsig_log(msg->tsigkey, 2, "signature length too small"); - ret = DNS_R_TSIGVERIFYFAILURE; + result = DNS_R_TSIGVERIFYFAILURE; goto cleanup_context; } } @@ -1185,22 +1185,22 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, if (response && tsig.error != dns_rcode_noerror) { msg->tsigstatus = tsig.error; if (tsig.error == dns_tsigerror_badtime) { - ret = DNS_R_CLOCKSKEW; + result = DNS_R_CLOCKSKEW; } else { - ret = DNS_R_TSIGERRORSET; + result = DNS_R_TSIGERRORSET; } goto cleanup_context; } msg->tsigstatus = dns_rcode_noerror; - ret = ISC_R_SUCCESS; + result = ISC_R_SUCCESS; cleanup_context: if (ctx != NULL) { dst_context_destroy(&ctx); } - return (ret); + return (result); } static isc_result_t @@ -1212,7 +1212,7 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) { dns_name_t *keyname = NULL; dns_rdata_t rdata = DNS_RDATA_INIT; isc_stdtime_t now; - isc_result_t ret; + isc_result_t result; dns_tsigkey_t *tsigkey = NULL; dst_key_t *key = NULL; unsigned char header[DNS_MESSAGE_HEADERLEN]; @@ -1243,14 +1243,14 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) { /* * Extract and parse the previous TSIG */ - ret = dns_rdataset_first(msg->querytsig); - if (ret != ISC_R_SUCCESS) { - return (ret); + result = dns_rdataset_first(msg->querytsig); + if (result != ISC_R_SUCCESS) { + return (result); } dns_rdataset_current(msg->querytsig, &rdata); - ret = dns_rdata_tostruct(&rdata, &querytsig, NULL); - if (ret != ISC_R_SUCCESS) { - return (ret); + result = dns_rdata_tostruct(&rdata, &querytsig, NULL); + if (result != ISC_R_SUCCESS) { + return (result); } dns_rdata_reset(&rdata); @@ -1261,13 +1261,13 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) { has_tsig = true; keyname = msg->tsigname; - ret = dns_rdataset_first(msg->tsig); - if (ret != ISC_R_SUCCESS) { + result = dns_rdataset_first(msg->tsig); + if (result != ISC_R_SUCCESS) { goto cleanup_querystruct; } dns_rdataset_current(msg->tsig, &rdata); - ret = dns_rdata_tostruct(&rdata, &tsig, NULL); - if (ret != ISC_R_SUCCESS) { + result = dns_rdata_tostruct(&rdata, &tsig, NULL); + if (result != ISC_R_SUCCESS) { goto cleanup_querystruct; } @@ -1278,7 +1278,7 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) { !dns_name_equal(&tsig.algorithm, &querytsig.algorithm)) { msg->tsigstatus = dns_tsigerror_badkey; - ret = DNS_R_TSIGVERIFYFAILURE; + result = DNS_R_TSIGVERIFYFAILURE; tsig_log(msg->tsigkey, 2, "key name and algorithm do not match"); goto cleanup_querystruct; @@ -1288,15 +1288,15 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) { * Check digest length. */ alg = dst_key_alg(key); - ret = dst_key_sigsize(key, &siglen); - if (ret != ISC_R_SUCCESS) { + result = dst_key_sigsize(key, &siglen); + if (result != ISC_R_SUCCESS) { goto cleanup_querystruct; } if (dns__tsig_algvalid(alg)) { if (tsig.siglen > siglen) { tsig_log(tsigkey, 2, "signature length too big"); - ret = DNS_R_FORMERR; + result = DNS_R_FORMERR; goto cleanup_querystruct; } if (tsig.siglen > 0 && @@ -1305,16 +1305,16 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) { { tsig_log(tsigkey, 2, "signature length below minimum"); - ret = DNS_R_FORMERR; + result = DNS_R_FORMERR; goto cleanup_querystruct; } } } if (msg->tsigctx == NULL) { - ret = dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, - false, 0, &msg->tsigctx); - if (ret != ISC_R_SUCCESS) { + result = dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, + false, 0, &msg->tsigctx); + if (result != ISC_R_SUCCESS) { goto cleanup_querystruct; } @@ -1324,8 +1324,8 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) { isc_buffer_init(&databuf, data, sizeof(data)); isc_buffer_putuint16(&databuf, querytsig.siglen); isc_buffer_usedregion(&databuf, &r); - ret = dst_context_adddata(msg->tsigctx, &r); - if (ret != ISC_R_SUCCESS) { + result = dst_context_adddata(msg->tsigctx, &r); + if (result != ISC_R_SUCCESS) { goto cleanup_context; } @@ -1335,8 +1335,8 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) { if (querytsig.siglen > 0) { r.length = querytsig.siglen; r.base = querytsig.signature; - ret = dst_context_adddata(msg->tsigctx, &r); - if (ret != ISC_R_SUCCESS) { + result = dst_context_adddata(msg->tsigctx, &r); + if (result != ISC_R_SUCCESS) { goto cleanup_context; } } @@ -1375,8 +1375,8 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) { */ header_r.base = (unsigned char *)header; header_r.length = DNS_MESSAGE_HEADERLEN; - ret = dst_context_adddata(msg->tsigctx, &header_r); - if (ret != ISC_R_SUCCESS) { + result = dst_context_adddata(msg->tsigctx, &header_r); + if (result != ISC_R_SUCCESS) { goto cleanup_context; } @@ -1390,8 +1390,8 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) { } else { r.length = source_r.length - DNS_MESSAGE_HEADERLEN; } - ret = dst_context_adddata(msg->tsigctx, &r); - if (ret != ISC_R_SUCCESS) { + result = dst_context_adddata(msg->tsigctx, &r); + if (result != ISC_R_SUCCESS) { goto cleanup_context; } @@ -1403,8 +1403,8 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) { isc_buffer_putuint48(&databuf, tsig.timesigned); isc_buffer_putuint16(&databuf, tsig.fudge); isc_buffer_usedregion(&databuf, &r); - ret = dst_context_adddata(msg->tsigctx, &r); - if (ret != ISC_R_SUCCESS) { + result = dst_context_adddata(msg->tsigctx, &r); + if (result != ISC_R_SUCCESS) { goto cleanup_context; } @@ -1414,24 +1414,24 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) { if (tsig.error != dns_rcode_noerror) { msg->tsigstatus = tsig.error; if (tsig.error == dns_tsigerror_badtime) { - ret = DNS_R_CLOCKSKEW; + result = DNS_R_CLOCKSKEW; } else { - ret = DNS_R_TSIGERRORSET; + result = DNS_R_TSIGERRORSET; } } else { tsig_log(msg->tsigkey, 2, "signature is empty"); - ret = DNS_R_TSIGVERIFYFAILURE; + result = DNS_R_TSIGVERIFYFAILURE; } goto cleanup_context; } - ret = dst_context_verify(msg->tsigctx, &sig_r); - if (ret == DST_R_VERIFYFAILURE) { + result = dst_context_verify(msg->tsigctx, &sig_r); + if (result == DST_R_VERIFYFAILURE) { tsig_log(msg->tsigkey, 2, "signature failed to verify(2)"); - ret = DNS_R_TSIGVERIFYFAILURE; + result = DNS_R_TSIGVERIFYFAILURE; goto cleanup_context; - } else if (ret != ISC_R_SUCCESS) { + } else if (result != ISC_R_SUCCESS) { goto cleanup_context; } msg->verified_sig = 1; @@ -1455,19 +1455,19 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) { if (now + msg->timeadjust > tsig.timesigned + tsig.fudge) { msg->tsigstatus = dns_tsigerror_badtime; tsig_log(msg->tsigkey, 2, "signature has expired"); - ret = DNS_R_CLOCKSKEW; + result = DNS_R_CLOCKSKEW; goto cleanup_context; } else if (now + msg->timeadjust < tsig.timesigned - tsig.fudge) { msg->tsigstatus = dns_tsigerror_badtime; tsig_log(msg->tsigkey, 2, "signature is in the future"); - ret = DNS_R_CLOCKSKEW; + result = DNS_R_CLOCKSKEW; goto cleanup_context; } alg = dst_key_alg(key); - ret = dst_key_sigsize(key, &siglen); - if (ret != ISC_R_SUCCESS) { + result = dst_key_sigsize(key, &siglen); + if (result != ISC_R_SUCCESS) { goto cleanup_context; } if (dns__tsig_algvalid(alg)) { @@ -1480,7 +1480,7 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) { tsig_log(msg->tsigkey, 2, "truncated signature length " "too small"); - ret = DNS_R_TSIGVERIFYFAILURE; + result = DNS_R_TSIGVERIFYFAILURE; goto cleanup_context; } if (tsig.siglen > 0 && digestbits == 0 && @@ -1489,7 +1489,7 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) { msg->tsigstatus = dns_tsigerror_badtrunc; tsig_log(msg->tsigkey, 2, "signature length too small"); - ret = DNS_R_TSIGVERIFYFAILURE; + result = DNS_R_TSIGVERIFYFAILURE; goto cleanup_context; } } @@ -1497,16 +1497,16 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) { if (tsig.error != dns_rcode_noerror) { msg->tsigstatus = tsig.error; if (tsig.error == dns_tsigerror_badtime) { - ret = DNS_R_CLOCKSKEW; + result = DNS_R_CLOCKSKEW; } else { - ret = DNS_R_TSIGERRORSET; + result = DNS_R_TSIGERRORSET; } goto cleanup_context; } } msg->tsigstatus = dns_rcode_noerror; - ret = ISC_R_SUCCESS; + result = ISC_R_SUCCESS; cleanup_context: /* @@ -1514,14 +1514,14 @@ cleanup_context: * for unsigned messages; it is a running sum till the next * TSIG signed message. */ - if ((ret != ISC_R_SUCCESS || has_tsig) && msg->tsigctx != NULL) { + if ((result != ISC_R_SUCCESS || has_tsig) && msg->tsigctx != NULL) { dst_context_destroy(&msg->tsigctx); } cleanup_querystruct: dns_rdata_freestruct(&querytsig); - return (ret); + return (result); } isc_result_t