74 	struct val_qstate* vq, int id, int rcode, struct dns_msg* msg, 
245 val_new_getmsg(struct module_qstate* qstate, struct val_qstate* vq)
250 		vq->orig_msg = (struct dns_msg*)regional_alloc(qstate->region,
252 		if(!vq->orig_msg)
254 		vq->orig_msg->qinfo = qstate->qinfo;
255 		vq->orig_msg->rep = (struct reply_info*)regional_alloc(
257 		if(!vq->orig_msg->rep)
259 		memset(vq->orig_msg->rep, 0, sizeof(struct reply_info));
260 		vq->orig_msg->rep->flags = (uint16_t)(qstate->return_rcode&0xf)
262 		vq->orig_msg->rep->qdcount = 1;
263 		vq->orig_msg->rep->reason_bogus = LDNS_EDE_NONE;
265 		vq->orig_msg = qstate->return_msg;
267 	vq->qchase = qstate->qinfo;
269 	vq->chase_reply = regional_alloc_init(qstate->region, 
270 		vq->orig_msg->rep, 
272 	if(!vq->chase_reply)
274 	if(vq->orig_msg->rep->rrset_count > RR_COUNT_MAX)
276 	vq->chase_reply->rrsets = regional_alloc_init(qstate->region,
277 		vq->orig_msg->rep->rrsets, sizeof(struct ub_packed_rrset_key*)
278 			* vq->orig_msg->rep->rrset_count);
279 	if(!vq->chase_reply->rrsets)
281 	vq->rrset_skip = 0;
282 	return vq;
289 	struct val_qstate* vq = (struct val_qstate*)regional_alloc(
290 		qstate->region, sizeof(*vq));
292 	if(!vq)
294 	memset(vq, 0, sizeof(*vq));
295 	qstate->minfo[id] = vq;
296 	vq->state = VAL_INIT_STATE;
297 	return val_new_getmsg(qstate, vq);
302 val_restart(struct val_qstate* vq)
306 	if(!vq) return;
307 	temp_timer = vq->suspend_timer;
308 	restart_count = vq->restart_count+1;
309 	memset(vq, 0, sizeof(*vq));
310 	vq->suspend_timer = temp_timer;
311 	vq->restart_count = restart_count;
312 	vq->state = VAL_INIT_STATE;
430 	struct val_qstate* vq = (struct val_qstate*)qstate->minfo[id];
474 			vq->chain_blacklist);
571  * @param vq: validator query state.
577 prime_trust_anchor(struct module_qstate* qstate, struct val_qstate* vq,
596 	vq->wait_prime_ta = 1; /* to elicit PRIME_RESP_STATE processing 
599 	vq->trust_anchor_name = regional_alloc_init(qstate->region,
601 	vq->trust_anchor_len = toprime->namelen;
602 	vq->trust_anchor_labs = toprime->namelabs;
603 	if(!vq->trust_anchor_name) {
621  * @param vq: validator query state.
633 validate_msg_signatures(struct module_qstate* qstate, struct val_qstate* vq,
646 	if(vq->msg_signatures_state) {
648 		vq->msg_signatures_state = 0;
654 		if(have_state && i <= vq->msg_signatures_index)
707 			vq->msg_signatures_state = 1;
708 			vq->msg_signatures_index = i;
718 		if(have_state && i <= vq->msg_signatures_index)
743 			vq->msg_signatures_state = 1;
744 			vq->msg_signatures_index = i;
758 		if(have_state && i <= vq->msg_signatures_index)
777 			vq->msg_signatures_state = 1;
778 			vq->msg_signatures_index = i;
800 	struct val_qstate* vq, int id, enum val_state resume_state)
804 	if(vq->suspend_count >= MAX_VALIDATION_SUSPENDS) {
813 	vq->state = resume_state;
815 	if(!vq->suspend_timer) {
816 		vq->suspend_timer = comm_timer_create(
819 		if(!vq->suspend_timer) {
838 	if(vq->suspend_count > 3)
840 	else if(vq->suspend_count > 0)
841 		slack += vq->suspend_count;
850 	vq->suspend_count ++;
851 	comm_timer_set(vq->suspend_timer, &tv);
954  * @param vq: validator state for the nsec3 cache table.
963 	struct val_qstate* vq, int* nsec3_calculations, int* suspend)
1025 		nsec3_cache_table_init(&vq->nsec3_cache_table, qstate->region)) {
1029 			&vq->nsec3_cache_table, nsec3_calculations);
1073  * @param vq: validator state for the nsec3 cache table.
1082 	struct val_qstate* vq, int* nsec3_calculations, int* suspend)
1139 		nsec3_cache_table_init(&vq->nsec3_cache_table, qstate->region)) {
1143 			&vq->nsec3_cache_table, nsec3_calculations);
1187  * @param vq: validator state for the nsec3 cache table.
1196 	struct module_qstate* qstate, struct val_qstate* vq,
1238 		nsec3_cache_table_init(&vq->nsec3_cache_table, qstate->region)) {
1244 			&vq->nsec3_cache_table, nsec3_calculations);
1261 			qstate, vq, nsec3_calculations, suspend);
1277 			qstate, vq, nsec3_calculations, suspend);
1348  * @param vq: validator state for the nsec3 cache table.
1357 	struct val_qstate* vq, int* nsec3_calculations, int* suspend)
1424 		nsec3_cache_table_init(&vq->nsec3_cache_table, qstate->region)) {
1429 			qchase, kkey, wc, &vq->nsec3_cache_table,
1475  * @param vq: validator state for the nsec3 cache table.
1484 	struct val_qstate* vq, int* nsec3_calculations, int* suspend)
1558 		nsec3_cache_table_init(&vq->nsec3_cache_table, qstate->region)) {
1562 			&vq->nsec3_cache_table, nsec3_calculations);
1605  * @param vq: validator state for the nsec3 cache table.
1614 	struct val_qstate* vq, int* nsec3_calculations, int* suspend)
1695 		nsec3_cache_table_init(&vq->nsec3_cache_table, qstate->region)) {
1700 			&vq->nsec3_cache_table, nsec3_calculations);
1746  * @param vq: validator query state.
1753 processInit(struct module_qstate* qstate, struct val_qstate* vq, 
1760 		qstate->query_flags, &qstate->qinfo, &vq->qchase, 
1761 		vq->orig_msg->rep, vq->rrset_skip);
1762 	if(vq->restart_count > ve->max_restart) {
1768 	update_reason_bogus(vq->chase_reply, LDNS_EDE_DNSSEC_BOGUS);
1773 		vq->rrset_skip < vq->orig_msg->rep->rrset_count) {
1776 		vq->qchase.qname = vq->orig_msg->rep->
1777 			rrsets[vq->rrset_skip]->rk.dname;
1778 		vq->qchase.qname_len = vq->orig_msg->rep->
1779 			rrsets[vq->rrset_skip]->rk.dname_len;
1780 		vq->qchase.qtype = ntohs(vq->orig_msg->rep->
1781 			rrsets[vq->rrset_skip]->rk.type);
1782 		vq->qchase.qclass = ntohs(vq->orig_msg->rep->
1783 			rrsets[vq->rrset_skip]->rk.rrset_class);
1785 	lookup_name = vq->qchase.qname;
1786 	lookup_len = vq->qchase.qname_len;
1789 	if(vq->qchase.qtype == LDNS_RR_TYPE_DS ||
1790 		(vq->qchase.qtype == LDNS_RR_TYPE_NSEC && 
1791 		 vq->orig_msg->rep->rrset_count > vq->rrset_skip &&
1792 		 ntohs(vq->orig_msg->rep->rrsets[vq->rrset_skip]->rk.type) ==
1794 		 !(vq->orig_msg->rep->rrsets[vq->rrset_skip]->
1799 	val_mark_indeterminate(vq->chase_reply, qstate->env->anchors, 
1801 	vq->key_entry = NULL;
1802 	vq->empty_DS_name = NULL;
1803 	vq->ds_rrset = 0;
1805 		lookup_name, lookup_len, vq->qchase.qclass);
1808 	val_find_signer(subtype, &vq->qchase, vq->orig_msg->rep, 
1809 		vq->rrset_skip, &vq->signer_name, &vq->signer_len);
1810 	if(vq->signer_name != NULL &&
1811 		!dname_subdomain_c(lookup_name, vq->signer_name)) {
1813 			"of lookupname, omitted", vq->signer_name, 0, 0);
1814 		vq->signer_name = NULL;
1816 	if(vq->signer_name == NULL) {
1820 		lookup_name = vq->signer_name;
1821 		lookup_len = vq->signer_len;
1826 	if(subtype == VAL_CLASS_NAMEERROR && vq->signer_name &&
1830 			lookup_name, lookup_len, vq->qchase.qclass);
1834 			vq->chase_reply->security = sec_status_indeterminate;
1835 			update_reason_bogus(vq->chase_reply, LDNS_EDE_DNSSEC_INDETERMINATE);
1836 			vq->state = VAL_FINISHED_STATE;
1848 	if(vq->rrset_skip > 0 || subtype == VAL_CLASS_CNAME ||
1852 		val_fill_reply(vq->chase_reply, vq->orig_msg->rep, 
1853 			vq->rrset_skip, lookup_name, lookup_len, 
1854 			vq->signer_name);
1856 			log_dns_msg("chased extract", &vq->qchase, 
1857 				vq->chase_reply);
1860 	vq->key_entry = key_cache_obtain(ve->kcache, lookup_name, lookup_len,
1861 		vq->qchase.qclass, qstate->region, *qstate->env->now);
1864 	if(vq->key_entry == NULL && anchor == NULL) {
1866 		vq->chase_reply->security = sec_status_indeterminate;
1867 		update_reason_bogus(vq->chase_reply, LDNS_EDE_DNSSEC_INDETERMINATE);
1869 		vq->state = VAL_FINISHED_STATE;
1874 	else if(vq->key_entry == NULL || (anchor &&
1875 		dname_strict_subdomain_c(anchor->name, vq->key_entry->name))) {
1878 			vq->chase_reply->security = sec_status_insecure;
1879 			val_mark_insecure(vq->chase_reply, anchor->name, 
1883 			vq->state = VAL_FINISHED_STATE;
1888 		if(!prime_trust_anchor(qstate, vq, id, anchor)) {
1895 		vq->state = VAL_FINDKEY_STATE;
1902 	if(key_entry_isnull(vq->key_entry)) {
1906 		vq->chase_reply->security = sec_status_insecure;
1907 		val_mark_insecure(vq->chase_reply, vq->key_entry->name, 
1910 		vq->state = VAL_FINISHED_STATE;
1912 	} else if(key_entry_isbad(vq->key_entry)) {
1914 		sldns_ede_code ede = key_entry_get_reason_bogus(vq->key_entry);
1916 		errinf_dname(qstate, "key for validation", vq->key_entry->name);
1919 		errinf(qstate, key_entry_get_reason(vq->key_entry));
1922 		vq->restart_count = ve->max_restart;
1923 		vq->chase_reply->security = sec_status_bogus;
1924 		update_reason_bogus(vq->chase_reply, ede);
1925 		vq->state = VAL_FINISHED_STATE;
1931 	vq->state = VAL_FINDKEY_STATE;
1942  * @param vq: validator query state.
1948 processFindKey(struct module_qstate* qstate, struct val_qstate* vq, int id)
1955 	log_query_info(VERB_ALGO, "validator: FindKey", &vq->qchase);
1961 	log_assert(vq->key_entry && !key_entry_isbad(vq->key_entry));
1962 	if(key_entry_isnull(vq->key_entry)) {
1963 		if(!generate_request(qstate, id, vq->ds_rrset->rk.dname, 
1964 			vq->ds_rrset->rk.dname_len, LDNS_RR_TYPE_DNSKEY, 
1965 			vq->qchase.qclass, BIT_CD, &newq, 0)) {
1972 	target_key_name = vq->signer_name;
1973 	target_key_len = vq->signer_len;
1975 		target_key_name = vq->qchase.qname;
1976 		target_key_len = vq->qchase.qname_len;
1979 	current_key_name = vq->key_entry->name;
1983 		vq->state = VAL_VALIDATE_STATE;
1987 	if(vq->empty_DS_name) {
1992 			vq->empty_DS_name) == 0) {
1997 			vq->chase_reply->security = sec_status_bogus;
1998 			update_reason_bogus(vq->chase_reply, LDNS_EDE_RRSIGS_MISSING);
1999 			vq->state = VAL_FINISHED_STATE;
2002 		current_key_name = vq->empty_DS_name;
2012 		vq->chase_reply->security = sec_status_bogus;
2013 		vq->state = VAL_FINISHED_STATE;
2030 	if(vq->ds_rrset)
2031 		log_nametypeclass(VERB_ALGO, "DS RRset", vq->ds_rrset->rk.dname, LDNS_RR_TYPE_DS, LDNS_RR_CLASS_IN);
2034 	if(vq->ds_rrset && query_dname_compare(vq->ds_rrset->rk.dname,
2035 		vq->key_entry->name) != 0) {
2036 		if(!generate_request(qstate, id, vq->ds_rrset->rk.dname, 
2037 			vq->ds_rrset->rk.dname_len, LDNS_RR_TYPE_DNSKEY, 
2038 			vq->qchase.qclass, BIT_CD, &newq, 0)) {
2045 	if(!vq->ds_rrset || query_dname_compare(vq->ds_rrset->rk.dname,
2057 		if(vq->sub_ds_msg) {
2061 			msg = vq->sub_ds_msg;
2062 			process_ds_response(qstate, vq, id, LDNS_RCODE_NOERROR,
2066 				if(!validate_suspend_setup_timer(qstate, vq,
2071 			vq->sub_ds_msg = NULL;
2073 		} else if(!qstate->blacklist && !vq->chain_blacklist &&
2075 			target_key_len, vq->qchase.qclass, qstate->region,
2076 			vq->key_entry->name)) ) {
2078 			process_ds_response(qstate, vq, id, LDNS_RCODE_NOERROR,
2082 				if(!validate_suspend_setup_timer(qstate, vq,
2090 			target_key_len, LDNS_RR_TYPE_DS, vq->qchase.qclass,
2099 	if(!generate_request(qstate, id, vq->ds_rrset->rk.dname, 
2100 		vq->ds_rrset->rk.dname_len, LDNS_RR_TYPE_DNSKEY, 
2101 		vq->qchase.qclass, BIT_CD, &newq, 0)) {
2118  * @param vq: validator query state.
2125 processValidate(struct module_qstate* qstate, struct val_qstate* vq, 
2131 	if(!vq->key_entry) {
2137 	vq->state = VAL_FINISHED_STATE;
2140 	if(key_entry_isnull(vq->key_entry)) {
2142 			vq->signer_name?"":"unsigned ");
2143 		vq->chase_reply->security = sec_status_insecure;
2144 		val_mark_insecure(vq->chase_reply, vq->key_entry->name, 
2146 		key_cache_insert(ve->kcache, vq->key_entry,
2151 	if(key_entry_isbad(vq->key_entry)) {
2153 			"of trust to keys for", vq->key_entry->name,
2154 			LDNS_RR_TYPE_DNSKEY, vq->key_entry->key_class);
2155 		vq->chase_reply->security = sec_status_bogus;
2156 		update_reason_bogus(vq->chase_reply,
2157 			key_entry_get_reason_bogus(vq->key_entry));
2159 			key_entry_get_reason_bogus(vq->key_entry));
2160 		if(vq->restart_count >= ve->max_restart)
2161 			key_cache_insert(ve->kcache, vq->key_entry,
2168 	if(vq->signer_name == NULL) {
2170 			"signer name", &vq->qchase);
2175 		vq->chase_reply->security = sec_status_bogus;
2176 		update_reason_bogus(vq->chase_reply, LDNS_EDE_RRSIGS_MISSING);
2180 		&vq->qchase, vq->orig_msg->rep, vq->rrset_skip);
2182 		remove_spurious_authority(vq->chase_reply, vq->orig_msg->rep);
2186 	if(!validate_msg_signatures(qstate, vq, qstate->env, ve,
2187 		vq->chase_reply, vq->key_entry, &suspend)) {
2189 			if(!validate_suspend_setup_timer(qstate, vq,
2199 			detect_wrongly_truncated(vq->orig_msg->rep)) {
2201 			vq->orig_msg->rep->ns_numrrsets = 0;
2202 			vq->orig_msg->rep->ar_numrrsets = 0;
2203 			vq->orig_msg->rep->rrset_count = 
2204 				vq->orig_msg->rep->an_numrrsets;
2205 			vq->chase_reply->ns_numrrsets = 0;
2206 			vq->chase_reply->ar_numrrsets = 0;
2207 			vq->chase_reply->rrset_count = 
2208 				vq->chase_reply->an_numrrsets;
2222 				&vq->qchase, vq->chase_reply, vq->key_entry,
2223 				qstate, vq, &nsec3_calculations, &suspend);
2226 					vq, id, VAL_VALIDATE_STATE))
2232 				vq->chase_reply->security));
2238 				&vq->qchase, vq->chase_reply, vq->key_entry,
2239 				qstate, vq, &nsec3_calculations, &suspend);
2242 					vq, id, VAL_VALIDATE_STATE))
2248 				vq->chase_reply->security));
2252 			rcode = (int)FLAGS_GET_RCODE(vq->orig_msg->rep->flags);
2255 				&vq->qchase, vq->chase_reply, vq->key_entry, &rcode,
2256 				qstate, vq, &nsec3_calculations, &suspend);
2259 					vq, id, VAL_VALIDATE_STATE))
2265 				vq->chase_reply->security));
2266 			FLAGS_SET_RCODE(vq->orig_msg->rep->flags, rcode);
2267 			FLAGS_SET_RCODE(vq->chase_reply->flags, rcode);
2273 				&vq->qchase, vq->chase_reply, vq->key_entry,
2274 				qstate, vq, &nsec3_calculations, &suspend);
2277 					vq, id, VAL_VALIDATE_STATE))
2283 				vq->chase_reply->security));
2290 				&vq->qchase, vq->chase_reply, vq->key_entry,
2291 				qstate, vq, &nsec3_calculations, &suspend);
2294 					vq, id, VAL_VALIDATE_STATE))
2300 				vq->chase_reply->security));
2305 			validate_referral_response(vq->chase_reply);
2308 				vq->chase_reply->security));
2314 			validate_any_response(qstate->env, ve, &vq->qchase,
2315 				vq->chase_reply, vq->key_entry, qstate, vq,
2319 					vq, id, VAL_VALIDATE_STATE))
2325 				vq->chase_reply->security));
2332 	if(vq->chase_reply->security == sec_status_bogus) {
2347  * @param vq: validator query state.
2354 processFinished(struct module_qstate* qstate, struct val_qstate* vq, 
2358 		qstate->query_flags, &qstate->qinfo, &vq->qchase, 
2359 		vq->orig_msg->rep, vq->rrset_skip);
2362 	if(vq->rrset_skip == 0) {
2363 		vq->orig_msg->rep->security = vq->chase_reply->security;
2364 		update_reason_bogus(vq->orig_msg->rep, vq->chase_reply->reason_bogus);
2366 		vq->rrset_skip < vq->orig_msg->rep->an_numrrsets + 
2367 		vq->orig_msg->rep->ns_numrrsets) {
2371 		if(vq->chase_reply->security < vq->orig_msg->rep->security) {
2372 			vq->orig_msg->rep->security = 
2373 				vq->chase_reply->security;
2374 			update_reason_bogus(vq->orig_msg->rep, vq->chase_reply->reason_bogus);
2380 		vq->rrset_skip = val_next_unchecked(vq->orig_msg->rep, 
2381 			vq->rrset_skip);
2382 		if(vq->rrset_skip < vq->orig_msg->rep->rrset_count) {
2385 			vq->chase_reply->security = sec_status_unchecked;
2386 			vq->state = VAL_INIT_STATE;
2391 	if(vq->chase_reply->security != sec_status_bogus &&
2394 		if(!val_chase_cname(&vq->qchase, vq->orig_msg->rep, 
2395 			&vq->rrset_skip)) {
2397 			vq->orig_msg->rep->security = sec_status_bogus;
2398 			update_reason_bogus(vq->orig_msg->rep, LDNS_EDE_DNSSEC_BOGUS);
2402 				&vq->qchase);
2403 			vq->chase_reply->security = sec_status_unchecked;
2404 			vq->state = VAL_INIT_STATE;
2409 	if(vq->orig_msg->rep->security == sec_status_secure) {
2415 		val_check_nonsecure(qstate->env, vq->orig_msg->rep);
2416 		if(vq->orig_msg->rep->security == sec_status_secure) {
2421 					vq->orig_msg->rep);
2428 	if(vq->orig_msg->rep->security == sec_status_bogus) {
2430 		if(vq->restart_count < ve->max_restart) {
2437 			val_restart(vq);
2443 		vq->orig_msg->rep->ttl = ve->bogus_ttl;
2444 		vq->orig_msg->rep->prefetch_ttl = 
2445 			PREFETCH_TTL_CALC(vq->orig_msg->rep->ttl);
2446 		vq->orig_msg->rep->serve_expired_ttl = 
2447 			vq->orig_msg->rep->ttl + qstate->env->cfg->serve_expired_ttl;
2460 					vq->orig_msg->rep->reason_bogus_str = err_str;
2472 			vq->orig_msg->rep->security = sec_status_indeterminate;
2475 	if(vq->orig_msg->rep->security == sec_status_secure &&
2487 				(uint8_t*)"", 1, 0, vq->qchase.qclass, keytag)) {
2488 				vq->orig_msg->rep->security =
2497 				(uint8_t*)"", 1, 0, vq->qchase.qclass, keytag)) {
2498 				vq->orig_msg->rep->security =
2505 	update_reason_bogus(vq->orig_msg->rep, errinf_to_reason_bogus(qstate));
2511 			if(!dns_cache_store(qstate->env, &vq->orig_msg->qinfo,
2512 				vq->orig_msg->rep, 0, qstate->prefetch_leeway, 0, NULL,
2520 		if(!dns_cache_store(qstate->env, &vq->orig_msg->qinfo,
2521 			vq->orig_msg->rep, 1, 0, 0, NULL,
2527 	qstate->return_msg = vq->orig_msg;
2537  * @param vq: validator query state.
2542 val_handle(struct module_qstate* qstate, struct val_qstate* vq, 
2548 			val_state_to_string(vq->state));
2549 		switch(vq->state) {
2551 				cont = processInit(qstate, vq, ve, id);
2554 				cont = processFindKey(qstate, vq, id);
2557 				cont = processValidate(qstate, vq, ve, id);
2560 				cont = processFinished(qstate, vq, ve, id);
2564 					vq->state);
2576 	struct val_qstate* vq = (struct val_qstate*)qstate->minfo[id];
2582 	if(vq && qstate->qinfo.qname != vq->qchase.qname) 
2584 		&vq->qchase);
2587 		(event == module_event_pass && vq == NULL)) {
2625 		if(!vq) {
2626 			vq = val_new(qstate, id);
2627 			if(!vq) {
2632 		} else if(!vq->orig_msg) {
2633 			if(!val_new_getmsg(qstate, vq)) {
2639 		val_handle(qstate, vq, ve, id);
2645 		val_handle(qstate, vq, ve, id);
2747  * @param vq: validator query state
2763 ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq,
2802 			vq->key_entry, &reason, &reason_bogus, LDNS_SECTION_ANSWER, qstate, &verified);
2851 			qstate->env, ve, qinfo, msg->rep, vq->key_entry, 
2879 		if(!nsec3_cache_table_init(&vq->nsec3_cache_table, qstate->region)) {
2888 			msg->rep->ns_numrrsets, qinfo, vq->key_entry, &reason,
2889 			&reason_bogus, qstate, &vq->nsec3_cache_table);
2955 			vq->key_entry, &reason, &reason_bogus,
2997  * @param vq: validator query state
3007 process_ds_response(struct module_qstate* qstate, struct val_qstate* vq,
3013 	uint8_t* olds = vq->empty_DS_name;
3016 	vq->empty_DS_name = NULL;
3017 	ret = ds_response_to_ke(qstate, vq, id, rcode, msg, qinfo, &dske);
3022 			vq->key_entry = NULL; /* make it error */
3023 			vq->state = VAL_VALIDATE_STATE;
3030 			vq->key_entry = NULL; /* make it error */
3031 			vq->state = VAL_VALIDATE_STATE;
3036 		vq->empty_DS_name = regional_alloc_init(qstate->region,
3038 		if(!vq->empty_DS_name) {
3040 			vq->key_entry = NULL; /* make it error */
3041 			vq->state = VAL_VALIDATE_STATE;
3044 		vq->empty_DS_len = qinfo->qname_len;
3045 		vq->chain_blacklist = NULL;
3049 		vq->ds_rrset = key_entry_get_rrset(dske, qstate->region);
3050 		if(!vq->ds_rrset) {
3052 			vq->key_entry = NULL; /* make it error */
3053 			vq->state = VAL_VALIDATE_STATE;
3056 		vq->chain_blacklist = NULL; /* fresh blacklist for next part*/
3059 		&& vq->restart_count < ve->max_restart) {
3060 		vq->empty_DS_name = olds;
3061 		val_blacklist(&vq->chain_blacklist, qstate->region, origin, 1);
3063 		vq->restart_count++;
3072 		vq->key_entry = dske;
3074 		vq->state = VAL_VALIDATE_STATE;
3087  * @param vq: validator query state
3095 process_dnskey_response(struct module_qstate* qstate, struct val_qstate* vq,
3100 	struct key_entry_key* old = vq->key_entry;
3114 		if(vq->restart_count < ve->max_restart) {
3115 			val_blacklist(&vq->chain_blacklist, qstate->region,
3118 			vq->restart_count++;
3123 		vq->key_entry = key_entry_create_bad(qstate->region,
3127 		if(!vq->key_entry) {
3134 		vq->state = VAL_VALIDATE_STATE;
3137 	if(!vq->ds_rrset) {
3139 		vq->key_entry = NULL;
3140 		vq->state = VAL_VALIDATE_STATE;
3144 	vq->key_entry = val_verify_new_DNSKEYs(qstate->region, qstate->env,
3145 		ve, dnskey, vq->ds_rrset, downprot, &reason, &reason_bogus, qstate);
3147 	if(!vq->key_entry) {
3149 		vq->state = VAL_VALIDATE_STATE;
3154 	if(!key_entry_isgood(vq->key_entry)) {
3155 		if(key_entry_isbad(vq->key_entry)) {
3156 			if(vq->restart_count < ve->max_restart) {
3157 				val_blacklist(&vq->chain_blacklist, 
3160 				vq->restart_count++;
3161 				vq->key_entry = old;
3170 		vq->chain_blacklist = NULL;
3171 		vq->state = VAL_VALIDATE_STATE;
3174 	vq->chain_blacklist = NULL;
3178 	key_cache_insert(ve->kcache, vq->key_entry,
3190  * @param vq: validator query state
3197 process_prime_response(struct module_qstate* qstate, struct val_qstate* vq,
3203 		vq->trust_anchor_name, vq->trust_anchor_labs,
3204 		vq->trust_anchor_len, vq->qchase.qclass);
3207 		vq->state = VAL_INIT_STATE;
3208 		if(!vq->trust_anchor_name)
3209 			vq->state = VAL_VALIDATE_STATE; /* break a loop */
3210 		vq->trust_anchor_name = NULL;
3225 			vq->state = VAL_INIT_STATE;
3226 			vq->trust_anchor_name = NULL;
3230 	vq->key_entry = primeResponseToKE(dnskey_rrset, ta, qstate, id);
3232 	if(vq->key_entry) {
3233 		if(key_entry_isbad(vq->key_entry) 
3234 			&& vq->restart_count < ve->max_restart) {
3235 			val_blacklist(&vq->chain_blacklist, qstate->region, 
3238 			vq->restart_count++;
3239 			vq->key_entry = NULL;
3240 			vq->state = VAL_INIT_STATE;
3243 		vq->chain_blacklist = NULL;
3247 		key_cache_insert(ve->kcache, vq->key_entry,
3252 	if(!vq->key_entry || key_entry_isnull(vq->key_entry) ||
3253 		key_entry_isbad(vq->key_entry)) {
3254 		vq->state = VAL_VALIDATE_STATE;
3270 	struct val_qstate* vq = (struct val_qstate*)super->minfo[id];
3274 	if(!vq) {
3278 	if(vq->wait_prime_ta) {
3279 		vq->wait_prime_ta = 0;
3280 		process_prime_response(super, vq, id, qstate->return_rcode,
3286 		process_ds_response(super, vq, id, qstate->return_rcode,
3294 		if(vq->nsec3_cache_table.ct) {
3295 			vq->nsec3_cache_table.ct = NULL;
3298 			/* deep copy the return_msg to vq->sub_ds_msg; it will
3302 			vq->sub_ds_msg = dns_msg_deepcopy_region(
3307 		process_dnskey_response(super, vq, id, qstate->return_rcode,
3318 	struct val_qstate* vq;
3321 	vq = (struct val_qstate*)qstate->minfo[id];
3322 	if(vq) {
3323 		if(vq->suspend_timer) {
3324 			comm_timer_delete(vq->suspend_timer);

Indexes created Thu Jun 20 12:38:36 MDT 2024