44 #include <dns/tsig.h>
82 static unsigned char gsstsig_ndata[] = "\010gss-tsig";
240 			      level, "tsig key '%s' (%s): %s",
245 			      level, "tsig key '%s': %s", namestr, message);
499 				tsig_log(tkey, 2, "tsig expire: deleting");
683 	dns_rdata_any_tsig_t tsig, querytsig;
704 	 * If this is a response, there should be a query tsig.
714 	tsig.mctx = mctx;
715 	tsig.common.rdclass = dns_rdataclass_any;
716 	tsig.common.rdtype = dns_rdatatype_tsig;
717 	ISC_LINK_INIT(&tsig.common, link);
718 	dns_name_init(&tsig.algorithm, NULL);
719 	dns_name_clone(key->algorithm, &tsig.algorithm);
722 	tsig.timesigned = now + msg->timeadjust;
723 	tsig.fudge = DNS_TSIG_FUDGE;
725 	tsig.originalid = msg->id;
730 		tsig.error = msg->querytsigstatus;
732 		tsig.error = dns_rcode_noerror;
734 	if (tsig.error != dns_tsigerror_badtime) {
735 		tsig.otherlen = 0;
736 		tsig.other = NULL;
740 		tsig.otherlen = BADTIMELEN;
741 		tsig.other = badtimedata;
742 		isc_buffer_init(&otherbuf, tsig.other, tsig.otherlen);
743 		isc_buffer_putuint48(&otherbuf, tsig.timesigned);
746 	if (key->key != NULL && tsig.error != dns_tsigerror_badsig) {
827 			dns_name_toregion(&tsig.algorithm, &r);
835 		if (tsig.error == dns_tsigerror_badtime) {
837 			tsig.timesigned = querytsig.timesigned;
839 		isc_buffer_putuint48(&databuf, tsig.timesigned);
840 		isc_buffer_putuint16(&databuf, tsig.fudge);
851 			isc_buffer_putuint16(&databuf, tsig.error);
852 			isc_buffer_putuint16(&databuf, tsig.otherlen);
862 			if (tsig.otherlen > 0) {
863 				r.length = tsig.otherlen;
864 				r.base = tsig.other;
874 		tsig.signature = (unsigned char *) isc_mem_get(mctx, sigsize);
875 		if (tsig.signature == NULL) {
880 		isc_buffer_init(&sigbuf, tsig.signature, sigsize);
892 			tsig.siglen = bytes;
894 			tsig.siglen = isc_buffer_usedlength(&sigbuf);
896 		tsig.siglen = 0;
897 		tsig.signature = NULL;
907 				   dns_rdatatype_tsig, &tsig, dynbuf);
913 	if (tsig.signature != NULL) {
914 		isc_mem_put(mctx, tsig.signature, sigsize);
915 		tsig.signature = NULL;
944 	msg->tsig = dataset;
947 	/* Windows does not like the tsig name being compressed. */
962 	if (tsig.signature != NULL)
963 		isc_mem_put(mctx, tsig.signature, sigsize);
974 	dns_rdata_any_tsig_t tsig, querytsig;
1010 	if (msg->tsig == NULL)
1028 	ret = dns_rdataset_first(msg->tsig);
1031 	dns_rdataset_current(msg->tsig, &rdata);
1032 	ret = dns_rdata_tostruct(&rdata, &tsig, NULL);
1058 	     !dns_name_equal(&tsig.algorithm, &querytsig.algorithm))) {
1077 					       &tsig.algorithm, ring1);
1080 					       &tsig.algorithm, ring2);
1083 			ret = dns_tsigkey_create(keyname, &tsig.algorithm,
1100 	if (now + msg->timeadjust > tsig.timesigned + tsig.fudge) {
1104 	} else if (now + msg->timeadjust < tsig.timesigned - tsig.fudge) {
1121 		if (tsig.siglen > siglen) {
1125 		if (tsig.siglen > 0 &&
1126 		    (tsig.siglen < 10 || tsig.siglen < ((siglen + 1) / 2))) {
1131 		if (tsig.siglen > 0 && digestbits != 0 &&
1132 		    tsig.siglen < ((digestbits + 1) / 8)) {
1138 		if (tsig.siglen > 0 && digestbits == 0 &&
1139 		    tsig.siglen < siglen) {
1146 	if (tsig.siglen > 0) {
1147 		sig_r.base = tsig.signature;
1148 		sig_r.length = tsig.siglen;
1188 		id = htons(tsig.originalid);
1219 		isc_buffer_putuint16(&databuf, tsig.common.rdclass);
1220 		isc_buffer_putuint32(&databuf, msg->tsig->ttl);
1235 		isc_buffer_putuint48(&databuf, tsig.timesigned);
1236 		isc_buffer_putuint16(&databuf, tsig.fudge);
1237 		isc_buffer_putuint16(&databuf, tsig.error);
1238 		isc_buffer_putuint16(&databuf, tsig.otherlen);
1244 		if (tsig.otherlen > 0) {
1245 			r.base = tsig.other;
1246 			r.length = tsig.otherlen;
1263 	} else if (tsig.error != dns_tsigerror_badsig &&
1264 		   tsig.error != dns_tsigerror_badkey) {
1272 	if (tsig.error != dns_rcode_noerror) {
1273 		if (tsig.error == dns_tsigerror_badtime)
1292 	dns_rdata_any_tsig_t tsig, querytsig;
1335 	if (msg->tsig != NULL) {
1339 		ret = dns_rdataset_first(msg->tsig);
1342 		dns_rdataset_current(msg->tsig, &rdata);
1343 		ret = dns_rdata_tostruct(&rdata, &tsig, NULL);
1351 		    !dns_name_equal(&tsig.algorithm, &querytsig.algorithm)) {
1364 		if (now + msg->timeadjust > tsig.timesigned + tsig.fudge) {
1370 			   tsig.timesigned - tsig.fudge) {
1431 		id = htons(tsig.originalid);
1462 		isc_buffer_putuint48(&databuf, tsig.timesigned);
1463 		isc_buffer_putuint16(&databuf, tsig.fudge);
1469 		sig_r.base = tsig.signature;
1470 		sig_r.length = tsig.siglen;
1471 		if (tsig.siglen == 0) {
1472 			if (tsig.error != dns_rcode_noerror) {
1473 				if (tsig.error == dns_tsigerror_badtime)

Indexes created Tue Jul 24 14:28:13 CEST 2018