310         rvfrom = ae->rrset;
311         rvto = &ac->rrset;
349     RRVerifier *rrset;
358         rrset = ac->rrset;
359         while (rrset)
361             next = rrset->next;
362             mDNSPlatformMemFree(rrset);
363             rrset = next;
365         ac->rrset = mDNSNULL;
367         rrset = ac->rrsig;
368         while (rrset)
370             next = rrset->next;
371             mDNSPlatformMemFree(rrset);
372             rrset = next;
376         rrset = ac->key;
377         while (rrset)
379             next = rrset->next;
380             mDNSPlatformMemFree(rrset);
381             rrset = next;
415     RRVerifier *rrset;
419     rrset = dv->rrset;
420     while (rrset)
422         next = rrset->next;
423         mDNSPlatformMemFree(rrset);
424         rrset = next;
426     dv->rrset = mDNSNULL;
428     rrset = dv->rrsig;
429     while (rrset)
431         next = rrset->next;
432         mDNSPlatformMemFree(rrset);
433         rrset = next;
437     rrset = dv->key;
438     while (rrset)
440         next = rrset->next;
441         mDNSPlatformMemFree(rrset);
442         rrset = next;
446     rrset = dv->rrsigKey;
447     while (rrset)
449         next = rrset->next;
450         mDNSPlatformMemFree(rrset);
451         rrset = next;
455     rrset = dv->ds;
456     while (rrset)
458         next = rrset->next;
459         mDNSPlatformMemFree(rrset);
460         rrset = next;
463     rrset = dv->pendingNSEC;
464     while (rrset)
466         next = rrset->next;
467         mDNSPlatformMemFree(rrset);
468         rrset = next;
561         v = &dv->rrset;
586 // the rrset (type is RRVS_rrsig) and RRSIG for the key (type is RRVS_rrsig_key).
595         rv = dv->rrset;
713     if (!dv->rrset)
715         LogMsg("CheckRRSIGForRRSet: ERROR!! rrset NULL for origName %##s (%s)", dv->origName.c,
720     rv = dv->rrset;
737             if (cr->resrec.rrtype == dv->rrset->rrtype)
1078     if (!dv->rrset)
1080         LogMsg("GetAllRRSetsForVerification: ERROR!! rrset NULL");
1091         // If we can't find the RRSIG for the rrset, re-issue the query.
1104         // a CNAME and dv->rrset->rrtype would be set to CNAME and not the original question type that
1106         InitializeQuestion(m, &dv->q, dv->InterfaceID, &dv->rrset->name, dv->currQtype, VerifySigCallback, dv);
1117             // We already found the rrset to verify. Ideally we should just issue the query for the RRSIG. Unfortunately,
1119             // rrset->rrtype (recursive server returns what is in its cache). Hence, we send the original query with the
1882 mDNSlocal mDNSBool ValidateSignatureWithKey(DNSSECVerifier *dv, RRVerifier *rrset, RRVerifier *keyv, RRVerifier *sig)
1911     if (DNSNameToLowerCase((domainname *)&rrset->name, &name) != mStatus_NoError)
1913         LogMsg("ValidateSignatureWithKey: ERROR!! cannot convert rrset name to lower case");
1961     temp = swap16(rrset->rrtype);
1962     mDNSPlatformMemCopy(fixedPart + fixedPartLen, (mDNSu8 *)&temp, sizeof(rrset->rrtype));
1963     fixedPartLen += sizeof(rrset->rrtype);
1964     temp = swap16(rrset->rrclass);
1965     mDNSPlatformMemCopy(fixedPart + fixedPartLen, (mDNSu8 *)&temp, sizeof(rrset->rrclass));
1966     fixedPartLen += sizeof(rrset->rrclass);
1971     for (tmp = rrset, nrrsets = 0; tmp; tmp = tmp->next)
1974     tmp = rrset;
2059 // Walk all the keys and for each key walk all the RRSIGS that signs the original rrset
2062     RRVerifier *rrset;
2070     rrset = dv->rrset;
2106             if (ValidateSignatureWithKey(dv, rrset, keyv, rrsigv))
2120 mDNSlocal mDNSBool ValidateSignatureWithKeyForAllRRSigs(DNSSECVerifier *dv, RRVerifier *rrset, RRVerifier *keyv, RRVerifier *sig)
2131             if (ValidateSignatureWithKey(dv, rrset, keyv, sig))
2223         v = &dv->rrset;
2276     if (!dv->rrset || !resultKey || !resultRRSig)
2302     ae->rrset = dv->rrset;
2303     dv->rrset = mDNSNULL;
2310     LogDNSSEC("AuthChainAdd: inserting AuthChain element with rrset %##s (%s), DNSKEY tag %d", ae->rrset->name.c, DNSTypeName(ae->rrset->rrtype), tag);
2361     // 1. Locate the rrset name and get its TTL (take the first one as a representative
2362     // of the rrset). Ideally, we should set the TTL on the first validation. Instead,
2388     // Should we check to see if it matches the record in dv->ac->rrset ?
2391         LogMsg("SetTTLRRSet: ERROR!! cannot locate main rrset for %##s (%s)", qname->c, DNSTypeName(qtype));
2542         LogDNSSEC("FinishDNSSECVerification: RRSIG validated by DNSKEY tag %d, %##s (%s)", tag, dv->rrset->name.c,
2543                   DNSTypeName(dv->rrset->rrtype));
2587             LogDNSSEC("FinishDNSSECVerification: ValidateDS failed %##s (%s)", dv->rrset->name.c, DNSTypeName(dv->rrset->rrtype));
2594         LogDNSSEC("FinishDNSSECVerification: Could not validate the rrset %##s (%s)", dv->origName.c, DNSTypeName(dv->origType));
2795     RRVerifier *rrset;
2804     // 1. Check to see if the rrset that was validated is the same as in cache. If they are not same,
2805     //    this validation result is not valid. When the rrset changed while the validation was in
2806     //    progress, the act of delivering the changed rrset again should have kicked off another
2825         if (!dv->ac->rrset)
2831         rrset = dv->ac->rrset;
2832         rrtype = rrset->rrtype;
2833         rrclass = rrset->rrclass;
2837         for (rv = dv->ac->rrset; rv; rv = rv->next)
2840         // Check to see if we can find all the elements in the rrset
2845                 for (rv = dv->ac->rrset; rv; rv = rv->next)
2873                     // The validated rrset does not have the element in the cache, re-validate
2880         for (rv = dv->ac->rrset; rv; rv = rv->next)
2942         if (!dv->ac->rrset)
2949         rrclass = dv->ac->rrset->rrclass;
2953             for (rv = ac->rrset; rv; rv = rv->next)
2963         // Check to see if we can find all the elements in the rrset
2977                         for (rv = ac->rrset; rv; rv = rv->next)
2998                     // The validated rrset does not have the element in the cache, re-validate
3007             for (rv = ac->rrset; rv; rv = rv->next)
3129             // building rrset for matching q->qname. Checking for RRSIG type is important as otherwise
3169     if (!dv->rrset)
3171         LogMsg("VerifySignature: rrset mDNSNULL for %##s (%s)", dv->origName.c, DNSTypeName(dv->origType));
3415     if (!dv->rrset)
3417         LogMsg("VerifySigCallback: ERROR!! rrset NULL");
3427     // We need to look at the whole rrset for verifying the signatures. This callback gets
3428     // called back for each record in the rrset sequentially and we won't know when to start the
3429     // verification. Hence, we look for all the records in the rrset ourselves using the
3430     // CheckXXX function below. The caller has to ensure that all the records in the rrset are
3435     // We also need the RRSIGs for the rrset to do the validation. It is possible that the
3456         // not begin until we have the main rrset.
3457         LogDNSSEC("VerifySigCallback: ERROR!! rrset %##s dv->next is RRVS_rr", dv->rrset->name.c);
3461         // triggered by other questions. This could potentially mean that the rrset that is being
3473             LogDNSSEC("VerifySigCallback: Unable to find RRSIG for %##s (%s), question %##s", dv->rrset->name.c,
3474                       DNSTypeName(dv->rrset->rrtype), question->qname.c);
3486             LogDNSSEC("VerifySigCallback: RRVS_key rrset type %s, %##s received before DNSKEY", DNSTypeName(rrtype), question->qname.c);
3491             LogDNSSEC("VerifySigCallback: ERROR!! RRVS_key rrset type %s, %##s not matching qtype %d", DNSTypeName(rrtype), question->qname.c,
3498             LogDNSSEC("VerifySigCallback: Unable to find DNSKEY for %##s (%s), question %##s", dv->rrset->name.c,
3499                       DNSTypeName(dv->rrset->rrtype), question->qname.c);
3512             LogDNSSEC("VerifySigCallback: RRVS_rrsig_key rrset type %s, %##s", DNSTypeName(rrtype), question->qname.c);
3518             LogDNSSEC("VerifySigCallback: RRVS_rrsig_key rrset type %s, %##s not matching qtype %d", DNSTypeName(rrtype), question->qname.c,
3525             LogDNSSEC("VerifySigCallback: Unable to find RRSIG for %##s (%s), question %##s", dv->rrset->name.c,
3526                       DNSTypeName(dv->rrset->rrtype), question->qname.c);
3534             LogDNSSEC("VerifySigCallback: RRVS_ds rrset type %s, %##s", DNSTypeName(rrtype), question->qname.c);
3538             LogDNSSEC("VerifySigCallback: RRVS_ds rrset type %s, %##s received before DS", DNSTypeName(rrtype), question->qname.c);
3546             LogDNSSEC("VerifySigCallback: Unable find DS for %##s (%s), question %##s", dv->rrset->name.c,
3547                       DNSTypeName(dv->rrset->rrtype), question->qname.c);
3566         LogDNSSEC("VerifySigCallback: ERROR!! default case rrset %##s question %##s", dv->rrset->name.c, question->qname.c);
3768     if (!ac->rrset)
3770         LogDNSSEC("ProveInsecureCallback: ac->rrset NULL for question %##s, %s", question->qname.c, DNSTypeName(question->qtype));
3773     if (ac->rrset->rrtype != kDNSType_DS && ac->rrset->rrtype != kDNSType_NSEC && ac->rrset->rrtype != kDNSType_NSEC3)
3775         LogDNSSEC("ProveInsecureCallback: ac->rrset->rrtype %##s (%s) not handled", ac->rrset->name.c,
3776             DNSTypeName(ac->rrset->rrtype));
3781     if (ac->rrset->rrtype == kDNSType_DS)
3783         rdataDS *ds = (rdataDS *)ac->rrset->rdata;
3809     else if (ac->rrset->rrtype == kDNSType_NSEC || ac->rrset->rrtype == kDNSType_NSEC3)
3813         if (ac->rrset->rrtype == kDNSType_NSEC)

Indexes created Sun Jun 30 11:05:36 MDT 2024