HINFO does not need downcasing for DNSSEC
See the comment from Andrew: https://github.com/miekg/dns/pull/270#issuecomment-145696618
This commit is contained in:
parent
dea25f3332
commit
373b848617
|
@ -124,6 +124,7 @@ Example programs can be found in the `github.com/miekg/exdns` repository.
|
||||||
* 6605 - ECDSA
|
* 6605 - ECDSA
|
||||||
* 6725 - IANA Registry Update
|
* 6725 - IANA Registry Update
|
||||||
* 6742 - ILNP DNS
|
* 6742 - ILNP DNS
|
||||||
|
* 6840 - Clarifications and Implementation Notes for DNS Security
|
||||||
* 6844 - CAA record
|
* 6844 - CAA record
|
||||||
* 6891 - EDNS0 update
|
* 6891 - EDNS0 update
|
||||||
* 6895 - DNS IANA considerations
|
* 6895 - DNS IANA considerations
|
||||||
|
|
28
dnssec.go
28
dnssec.go
|
@ -104,7 +104,7 @@ const (
|
||||||
)
|
)
|
||||||
|
|
||||||
// The RRSIG needs to be converted to wireformat with some of
|
// The RRSIG needs to be converted to wireformat with some of
|
||||||
// the rdata (the signature) missing. Use this struct to easy
|
// the rdata (the signature) missing. Use this struct to ease
|
||||||
// the conversion (and re-use the pack/unpack functions).
|
// the conversion (and re-use the pack/unpack functions).
|
||||||
type rrsigWireFmt struct {
|
type rrsigWireFmt struct {
|
||||||
TypeCovered uint16
|
TypeCovered uint16
|
||||||
|
@ -248,13 +248,12 @@ func (d *DS) ToCDS() *CDS {
|
||||||
return c
|
return c
|
||||||
}
|
}
|
||||||
|
|
||||||
// Sign signs an RRSet. The signature needs to be filled in with
|
// Sign signs an RRSet. The signature needs to be filled in with the values:
|
||||||
// the values: Inception, Expiration, KeyTag, SignerName and Algorithm.
|
// Inception, Expiration, KeyTag, SignerName and Algorithm. The rest is copied
|
||||||
// The rest is copied from the RRset. Sign returns true when the signing went OK,
|
// from the RRset. Sign returns a non-nill error when the signing went OK.
|
||||||
// otherwise false.
|
// There is no check if RRSet is a proper (RFC 2181) RRSet. If OrigTTL is non
|
||||||
// There is no check if RRSet is a proper (RFC 2181) RRSet.
|
// zero, it is used as-is, otherwise the TTL of the RRset is used as the
|
||||||
// If OrigTTL is non zero, it is used as-is, otherwise the TTL of the RRset
|
// OrigTTL.
|
||||||
// is used as the OrigTTL.
|
|
||||||
func (rr *RRSIG) Sign(k crypto.Signer, rrset []RR) error {
|
func (rr *RRSIG) Sign(k crypto.Signer, rrset []RR) error {
|
||||||
if k == nil {
|
if k == nil {
|
||||||
return ErrPrivKey
|
return ErrPrivKey
|
||||||
|
@ -421,8 +420,8 @@ func (rr *RRSIG) Verify(k *DNSKEY, rrset []RR) error {
|
||||||
|
|
||||||
sigbuf := rr.sigBuf() // Get the binary signature data
|
sigbuf := rr.sigBuf() // Get the binary signature data
|
||||||
if rr.Algorithm == PRIVATEDNS { // PRIVATEOID
|
if rr.Algorithm == PRIVATEDNS { // PRIVATEOID
|
||||||
// TODO(mg)
|
// TODO(miek)
|
||||||
// remove the domain name and assume its our
|
// remove the domain name and assume its ours?
|
||||||
}
|
}
|
||||||
|
|
||||||
hash, ok := AlgorithmToHash[rr.Algorithm]
|
hash, ok := AlgorithmToHash[rr.Algorithm]
|
||||||
|
@ -609,6 +608,12 @@ func rawSignatureData(rrset []RR, s *RRSIG) (buf []byte, err error) {
|
||||||
// NS, MD, MF, CNAME, SOA, MB, MG, MR, PTR,
|
// NS, MD, MF, CNAME, SOA, MB, MG, MR, PTR,
|
||||||
// HINFO, MINFO, MX, RP, AFSDB, RT, SIG, PX, NXT, NAPTR, KX,
|
// HINFO, MINFO, MX, RP, AFSDB, RT, SIG, PX, NXT, NAPTR, KX,
|
||||||
// SRV, DNAME, A6
|
// SRV, DNAME, A6
|
||||||
|
//
|
||||||
|
// RFC 6840 - Clarifications and Implementation Notes for DNS Security (DNSSEC):
|
||||||
|
// Section 6.2 of [RFC4034] also erroneously lists HINFO as a record
|
||||||
|
// that needs conversion to lowercase, and twice at that. Since HINFO
|
||||||
|
// records contain no domain names, they are not subject to case
|
||||||
|
// conversion.
|
||||||
switch x := r1.(type) {
|
switch x := r1.(type) {
|
||||||
case *NS:
|
case *NS:
|
||||||
x.Ns = strings.ToLower(x.Ns)
|
x.Ns = strings.ToLower(x.Ns)
|
||||||
|
@ -638,9 +643,6 @@ func rawSignatureData(rrset []RR, s *RRSIG) (buf []byte, err error) {
|
||||||
x.Target = strings.ToLower(x.Target)
|
x.Target = strings.ToLower(x.Target)
|
||||||
case *DNAME:
|
case *DNAME:
|
||||||
x.Target = strings.ToLower(x.Target)
|
x.Target = strings.ToLower(x.Target)
|
||||||
case *HINFO:
|
|
||||||
x.Os = strings.ToLower(x.Os)
|
|
||||||
x.Cpu = strings.ToLower(x.Cpu)
|
|
||||||
}
|
}
|
||||||
// 6.2. Canonical RR Form. (5) - origTTL
|
// 6.2. Canonical RR Form. (5) - origTTL
|
||||||
wire := make([]byte, r1.len()+1) // +1 to be safe(r)
|
wire := make([]byte, r1.len()+1) // +1 to be safe(r)
|
||||||
|
|
Loading…
Reference in New Issue