From 0f219714e1f19c4cb9434e0c52e9de873a97942b Mon Sep 17 00:00:00 2001 From: Tony Finch Date: Fri, 8 Feb 2019 17:54:56 +0000 Subject: [PATCH] cleanup: use dns_secalg_t and dns_dsdigest_t where appropriate Use them in structs for various rdata types where they are missing. This doesn't change the structs since we are replacing explicit uint8_t field types with aliases for uint8_t. Use dns_dsdigest_t in library function arguments. Improve dnssec-cds with these more specific types. --- CHANGES | 4 ++++ bin/dnssec/dnssec-cds.c | 20 +++++++++--------- bin/dnssec/dnssec-dsfromkey.c | 4 ++-- lib/dns/ds.c | 29 +++++++++++++++------------ lib/dns/include/dns/ds.h | 2 +- lib/dns/rdata/generic/ds_43.h | 4 ++-- lib/dns/rdata/generic/key_25.h | 4 ++-- lib/dns/rdata/generic/keydata_65533.h | 4 ++-- lib/dns/validator.c | 2 +- 9 files changed, 40 insertions(+), 33 deletions(-) diff --git a/CHANGES b/CHANGES index f324517f47..fc83438de2 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +5179. [cleanup] Replace some vague type declarations with the more + specific dns_secalg_t and dns_dsdigest_t. + Thanks to Tony Finch. [GL !1498] + 5178. [bug] Handle EDQUOT (disk quota) and ENOSPC (disk full) errors when writing files. [GL #902] diff --git a/bin/dnssec/dnssec-cds.c b/bin/dnssec/dnssec-cds.c index 955315f64d..404fa7187d 100644 --- a/bin/dnssec/dnssec-cds.c +++ b/bin/dnssec/dnssec-cds.c @@ -86,7 +86,7 @@ static dns_rdataclass_t rdclass = dns_rdataclass_in; * List of digest types used by ds_from_cdnskey(), filled in by add_dtype() * from -a arguments. The size of the array is an arbitrary limit. */ -static uint8_t dtype[8]; +static dns_dsdigest_t dtype[8]; static const char *startstr = NULL; /* from which we derive notbefore */ static isc_stdtime_t notbefore = 0; /* restrict sig inception times */ @@ -129,7 +129,7 @@ static int nkey; /* number of child zone DNSKEY records */ typedef struct keyinfo { dns_rdata_t rdata; dst_key_t *dst; - uint8_t algo; + dns_secalg_t algo; dns_keytag_t tag; } keyinfo_t; @@ -614,12 +614,12 @@ free_keytable(keyinfo_t **keytable_p) { * otherwise the key algorithm. This is used by the signature coverage * check functions below. */ -static uint8_t * +static dns_secalg_t * matching_sigs(keyinfo_t *keytbl, dns_rdataset_t *rdataset, dns_rdataset_t *sigset) { isc_result_t result; - uint8_t *algo; + dns_secalg_t *algo; int i; algo = isc_mem_get(mctx, nkey); @@ -702,7 +702,7 @@ matching_sigs(keyinfo_t *keytbl, dns_rdataset_t *rdataset, * fetched from the child zone, any working signature is enough. */ static bool -signed_loose(uint8_t *algo) { +signed_loose(dns_secalg_t *algo) { bool ok = false; int i; for (i = 0; i < nkey; i++) { @@ -721,7 +721,7 @@ signed_loose(uint8_t *algo) { * RRset. */ static bool -signed_strict(dns_rdataset_t *dsset, uint8_t *algo) { +signed_strict(dns_rdataset_t *dsset, dns_secalg_t *algo) { isc_result_t result; bool all_ok = true; @@ -844,14 +844,14 @@ ds_from_cdnskey(dns_rdatalist_t *dslist, isc_buffer_t *buf, */ static int cmp_dtype(const void *ap, const void *bp) { - int a = *(const uint8_t *)ap; - int b = *(const uint8_t *)bp; + int a = *(const dns_dsdigest_t *)ap; + int b = *(const dns_dsdigest_t *)bp; return (a - b); } static void add_dtype(const char *dn) { - uint8_t dt; + dns_dsdigest_t dt; unsigned i, n; dt = strtodsdigest(dn); @@ -936,7 +936,7 @@ consistent_digests(dns_rdataset_t *dsset) { dns_rdata_t *arrdata; dns_rdata_ds_t *ds; dns_keytag_t key_tag; - uint8_t algorithm; + dns_secalg_t algorithm; bool match; int i, j, n, d; diff --git a/bin/dnssec/dnssec-dsfromkey.c b/bin/dnssec/dnssec-dsfromkey.c index ae11561d7d..9a47fb48b8 100644 --- a/bin/dnssec/dnssec-dsfromkey.c +++ b/bin/dnssec/dnssec-dsfromkey.c @@ -235,7 +235,7 @@ logkey(dns_rdata_t *rdata) } static void -emit(unsigned int dtype, bool showall, char *lookaside, +emit(dns_dsdigest_t dtype, bool showall, char *lookaside, bool cds, dns_rdata_t *rdata) { isc_result_t result; @@ -350,7 +350,7 @@ main(int argc, char **argv) { char *lookaside = NULL; char *endp; int ch; - unsigned int dtype = DNS_DSDIGEST_SHA1; + dns_dsdigest_t dtype = DNS_DSDIGEST_SHA1; bool cds = false; bool both = true; bool usekeyset = false; diff --git a/lib/dns/ds.c b/lib/dns/ds.c index e4d8131084..0311809fd9 100644 --- a/lib/dns/ds.c +++ b/lib/dns/ds.c @@ -32,7 +32,7 @@ isc_result_t dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key, - unsigned int digest_type, unsigned char *buffer, + dns_dsdigest_t digest_type, unsigned char *buffer, dns_rdata_t *rdata) { dns_fixedname_t fname; @@ -54,17 +54,6 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key, return (ISC_R_NOTIMPLEMENTED); } - name = dns_fixedname_initname(&fname); - (void)dns_name_downcase(owner, name, NULL); - - memset(buffer, 0, DNS_DS_BUFFERSIZE); - isc_buffer_init(&b, buffer, DNS_DS_BUFFERSIZE); - - md = isc_md_new(); - if (md == NULL) { - return (ISC_R_NOMEMORY); - } - switch (digest_type) { case DNS_DSDIGEST_SHA1: md_type = ISC_MD_SHA1; @@ -75,9 +64,23 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key, break; case DNS_DSDIGEST_SHA256: - default: md_type = ISC_MD_SHA256; break; + + default: + INSIST(0); + ISC_UNREACHABLE(); + } + + name = dns_fixedname_initname(&fname); + (void)dns_name_downcase(owner, name, NULL); + + memset(buffer, 0, DNS_DS_BUFFERSIZE); + isc_buffer_init(&b, buffer, DNS_DS_BUFFERSIZE); + + md = isc_md_new(); + if (md == NULL) { + return (ISC_R_NOMEMORY); } ret = isc_md_init(md, md_type); diff --git a/lib/dns/include/dns/ds.h b/lib/dns/include/dns/ds.h index 122d6cd76d..a1df4a5d57 100644 --- a/lib/dns/include/dns/ds.h +++ b/lib/dns/include/dns/ds.h @@ -31,7 +31,7 @@ ISC_LANG_BEGINDECLS isc_result_t dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key, - unsigned int digest_type, unsigned char *buffer, + dns_dsdigest_t digest_type, unsigned char *buffer, dns_rdata_t *rdata); /*%< * Build the rdata of a DS record. diff --git a/lib/dns/rdata/generic/ds_43.h b/lib/dns/rdata/generic/ds_43.h index 0d373ecea8..9d477388be 100644 --- a/lib/dns/rdata/generic/ds_43.h +++ b/lib/dns/rdata/generic/ds_43.h @@ -19,8 +19,8 @@ typedef struct dns_rdata_ds { dns_rdatacommon_t common; isc_mem_t *mctx; uint16_t key_tag; - uint8_t algorithm; - uint8_t digest_type; + dns_secalg_t algorithm; + dns_dsdigest_t digest_type; uint16_t length; unsigned char *digest; } dns_rdata_ds_t; diff --git a/lib/dns/rdata/generic/key_25.h b/lib/dns/rdata/generic/key_25.h index 330363b465..4bcad50b11 100644 --- a/lib/dns/rdata/generic/key_25.h +++ b/lib/dns/rdata/generic/key_25.h @@ -20,8 +20,8 @@ typedef struct dns_rdata_key { dns_rdatacommon_t common; isc_mem_t * mctx; uint16_t flags; - uint8_t protocol; - uint8_t algorithm; + dns_secproto_t protocol; + dns_secalg_t algorithm; uint16_t datalen; unsigned char * data; } dns_rdata_key_t; diff --git a/lib/dns/rdata/generic/keydata_65533.h b/lib/dns/rdata/generic/keydata_65533.h index 40061e1fde..45a8fa9ee2 100644 --- a/lib/dns/rdata/generic/keydata_65533.h +++ b/lib/dns/rdata/generic/keydata_65533.h @@ -20,8 +20,8 @@ typedef struct dns_rdata_keydata { uint32_t addhd; /* Hold-down timer for adding */ uint32_t removehd; /* Hold-down timer for removing */ uint16_t flags; /* Copy of DNSKEY_48 */ - uint8_t protocol; - uint8_t algorithm; + dns_secproto_t protocol; + dns_secalg_t algorithm; uint16_t datalen; unsigned char * data; } dns_rdata_keydata_t; diff --git a/lib/dns/validator.c b/lib/dns/validator.c index 32f5fd6fc5..7c2d5feaeb 100644 --- a/lib/dns/validator.c +++ b/lib/dns/validator.c @@ -1758,7 +1758,7 @@ checkkey(dns_validator_t *val, dns_rdata_t *keyrdata, uint16_t keyid, */ static isc_result_t keyfromds(dns_validator_t *val, dns_rdataset_t *rdataset, dns_rdata_t *dsrdata, - uint8_t digest, uint16_t keyid, dns_secalg_t algorithm, + dns_dsdigest_t digest, uint16_t keyid, dns_secalg_t algorithm, dns_rdata_t *keyrdata) { dns_keytag_t keytag;