From 551f84e38a3eac557ff2545ef811b5386db4740a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Vavru=C5=A1a?= <marek.vavrusa@nic.cz>
Date: Mon, 28 Sep 2015 17:10:32 +0200
Subject: [PATCH] lib/dnssec: cleanup

---
 daemon/bindings.c      |  2 +-
 lib/dnssec.c           |  9 ++++-----
 lib/dnssec/nsec.h      |  2 +-
 lib/dnssec/signature.c |  5 ++---
 lib/layer/validate.c   | 14 ++++----------
 5 files changed, 12 insertions(+), 20 deletions(-)

diff --git a/daemon/bindings.c b/daemon/bindings.c
index 87db5c586..d5c20d7f5 100644
--- a/daemon/bindings.c
+++ b/daemon/bindings.c
@@ -619,7 +619,7 @@ static int wrk_resolve(lua_State *L)
 	knot_pkt_put_question(pkt, dname, rrclass, rrtype);
 	knot_wire_set_rd(pkt->wire);
 	/* Add OPT RR */
-	pkt->opt_rr = pkt->opt_rr = knot_rrset_copy(worker->engine->resolver.opt_rr, &pkt->mm);
+	pkt->opt_rr = knot_rrset_copy(worker->engine->resolver.opt_rr, &pkt->mm);
 	if (!pkt->opt_rr) {
 		return kr_error(ENOMEM);
 	}	
diff --git a/lib/dnssec.c b/lib/dnssec.c
index 6efd0190d..4359826a7 100644
--- a/lib/dnssec.c
+++ b/lib/dnssec.c
@@ -74,9 +74,8 @@ static int validate_rrsig_rr(int *flags, const knot_rrset_t *covered,
 	if (!flags || !covered || !rrsigs || !keys || !key || !zone_name) {
 		return kr_error(EINVAL);
 	}
-#warning TODO: Make the comparison case-insensitive.
-	/* bullet 1 */
-	if ((covered->rclass != rrsigs->rclass) || (knot_dname_cmp(covered->owner, rrsigs->owner) != 0)) {
+	/* bullet 1 (presume same compression for the owner) */
+	if ((covered->rclass != rrsigs->rclass) || !knot_dname_is_equal(covered->owner, rrsigs->owner)) {
 		return kr_error(EINVAL);
 	}
 	/* bullet 2 */
@@ -155,7 +154,7 @@ int kr_rrset_validate(const knot_pkt_t *pkt, knot_section_t section_id,
 		return kr_error(EINVAL);
 	}
 
-	int ret = kr_error(KNOT_DNSSEC_ENOKEY);
+	int ret = kr_error(ENOENT);
 	for (unsigned i = 0; i < keys->rrs.rr_count; ++i) {
 		ret = kr_rrset_validate_with_key(pkt, section_id, covered, keys, i, NULL, zone_name, timestamp, has_nsec3);
 		if (ret == 0) {
@@ -186,7 +185,7 @@ int kr_rrset_validate_with_key(const knot_pkt_t *pkt, knot_section_t section_id,
 		key = created_key;
 	}
 
-	ret = kr_error(KNOT_DNSSEC_ENOKEY);
+	ret = kr_error(ENOENT);
 	const knot_pktsection_t *sec = knot_pkt_section(pkt, section_id);
 	for (unsigned i = 0; i < sec->count; ++i) {
 		/* Try every RRSIG. */
diff --git a/lib/dnssec/nsec.h b/lib/dnssec/nsec.h
index bb4cb210b..8a74b4ff3 100644
--- a/lib/dnssec/nsec.h
+++ b/lib/dnssec/nsec.h
@@ -23,7 +23,7 @@
 /**
  * Check whether bitmap contains given type.
  * @param bm      Bitmap.
- * @patam bm_size Bitmap size.
+ * @param bm_size Bitmap size.
  * @param type    RR type to search for.
  * @return        True if bitmap contains type.
  */
diff --git a/lib/dnssec/signature.c b/lib/dnssec/signature.c
index 7702899a1..a6cc321c7 100644
--- a/lib/dnssec/signature.c
+++ b/lib/dnssec/signature.c
@@ -62,7 +62,7 @@ int kr_authenticate_referral(const knot_rrset_t *ref, const dnssec_key_t *key)
 	 */
 	ret = (orig_ds_rdata.size == generated_ds_rdata.size) &&
 	    (memcmp(orig_ds_rdata.data, generated_ds_rdata.data, orig_ds_rdata.size) == 0);
-	ret = ret ? kr_ok() : kr_error(KNOT_DNSSEC_ENOKEY);
+	ret = ret ? kr_ok() : kr_error(ENOENT);
 
 fail:
 	dnssec_binary_free(&generated_ds_rdata);
@@ -266,8 +266,7 @@ int kr_check_signature(const knot_rrset_t *rrsigs, size_t pos,
 
 	ret = dnssec_sign_verify(sign_ctx, &signature);
 	if (ret != KNOT_EOK) {
-#warning TODO: proper DNSSEC error codes needed
-		ret = kr_error(ENOMEM);
+		ret = kr_error(EBADMSG);
 		goto fail;
 	}
 
diff --git a/lib/layer/validate.c b/lib/layer/validate.c
index 63d44701e..f282317e4 100644
--- a/lib/layer/validate.c
+++ b/lib/layer/validate.c
@@ -118,21 +118,17 @@ fail:
 
 static int validate_records(struct kr_query *qry, knot_pkt_t *answer, mm_ctx_t *pool, bool has_nsec3)
 {
-#warning TODO: validate RRSIGS (records with ZSK, keys with KSK), return FAIL if failed
 	if (!qry->zone_cut.key) {
 		DEBUG_MSG(qry, "<= no DNSKEY, can't validate\n");
-		return kr_error(KNOT_DNSSEC_ENOKEY);
+		return kr_error(EBADMSG);
 	}
 
-	int ret;
-
-	ret = validate_section(qry, answer, KNOT_ANSWER, pool, has_nsec3);
+	int ret = validate_section(qry, answer, KNOT_ANSWER, pool, has_nsec3);
 	if (ret != 0) {
 		return ret;
 	}
-	ret = validate_section(qry, answer, KNOT_AUTHORITY, pool, has_nsec3);
 
-	return ret;
+	return validate_section(qry, answer, KNOT_AUTHORITY, pool, has_nsec3);
 }
 
 static int validate_keyset(struct kr_query *qry, knot_pkt_t *answer, bool has_nsec3)
@@ -159,10 +155,8 @@ static int validate_keyset(struct kr_query *qry, knot_pkt_t *answer, bool has_ns
 			}
 		}
 	}
-
 	if (!qry->zone_cut.key) {
-		/* TODO -- Not sure about the error value. */
-		return kr_error(KNOT_DNSSEC_ENOKEY);
+		return kr_error(EBADMSG);
 	}
 
 	/* Check if there's a key for current TA. */
-- 
GitLab