HINFO does not need downcasing for DNSSEC

See the comment from Andrew: https://github.com/miekg/dns/pull/270#issuecomment-145696618
2015-10-06 07:59:47 +01:00 · 2015-10-06 07:59:47 +01:00 · 373b848617
parent dea25f3332
commit 373b848617
2 changed files with 16 additions and 13 deletions
--- a/README.md
+++ b/README.md
@ -124,6 +124,7 @@ Example programs can be found in the `github.com/miekg/exdns` repository.
 * 6605 - ECDSA
 * 6725 - IANA Registry Update
 * 6742 - ILNP DNS
 * 6840 - Clarifications and Implementation Notes for DNS Security
 * 6844 - CAA record
 * 6891 - EDNS0 update
 * 6895 - DNS IANA considerations
--- a/dnssec.go
+++ b/dnssec.go
@ -104,7 +104,7 @@ const (
 )
 // The RRSIG needs to be converted to wireformat with some of
-// the rdata (the signature) missing. Use this struct to easy
+// the rdata (the signature) missing. Use this struct to ease
 // the conversion (and re-use the pack/unpack functions).
 type rrsigWireFmt struct {
 	TypeCovered uint16
@ -248,13 +248,12 @@ func (d *DS) ToCDS() *CDS {
 	return c
 }
-// Sign signs an RRSet. The signature needs to be filled in with
+// Sign signs an RRSet. The signature needs to be filled in with the values:
-// the values: Inception, Expiration, KeyTag, SignerName and Algorithm.
+// Inception, Expiration, KeyTag, SignerName and Algorithm.  The rest is copied
-// The rest is copied from the RRset. Sign returns true when the signing went OK,
+// from the RRset. Sign returns a non-nill error when the signing went OK.
-// otherwise false.
+// There is no check if RRSet is a proper (RFC 2181) RRSet.  If OrigTTL is non
-// There is no check if RRSet is a proper (RFC 2181) RRSet.
+// zero, it is used as-is, otherwise the TTL of the RRset is used as the
-// If OrigTTL is non zero, it is used as-is, otherwise the TTL of the RRset
+// OrigTTL.
 // is used as the OrigTTL.
 func (rr *RRSIG) Sign(k crypto.Signer, rrset []RR) error {
 	if k == nil {
 		return ErrPrivKey
@ -421,8 +420,8 @@ func (rr *RRSIG) Verify(k *DNSKEY, rrset []RR) error {
 	sigbuf := rr.sigBuf()           // Get the binary signature data
 	if rr.Algorithm == PRIVATEDNS { // PRIVATEOID
-		// TODO(mg)
+		// TODO(miek)
-		// remove the domain name and assume its our
+		// remove the domain name and assume its ours?
 	}
 	hash, ok := AlgorithmToHash[rr.Algorithm]
@ -609,6 +608,12 @@ func rawSignatureData(rrset []RR, s *RRSIG) (buf []byte, err error) {
 		//   NS, MD, MF, CNAME, SOA, MB, MG, MR, PTR,
 		//   HINFO, MINFO, MX, RP, AFSDB, RT, SIG, PX, NXT, NAPTR, KX,
 		//   SRV, DNAME, A6
 		//
 		// RFC 6840 - Clarifications and Implementation Notes for DNS Security (DNSSEC):
 		//	Section 6.2 of [RFC4034] also erroneously lists HINFO as a record
 		//	that needs conversion to lowercase, and twice at that.  Since HINFO
 		//	records contain no domain names, they are not subject to case
 		//	conversion.
 		switch x := r1.(type) {
 		case *NS:
 			x.Ns = strings.ToLower(x.Ns)
@ -638,9 +643,6 @@ func rawSignatureData(rrset []RR, s *RRSIG) (buf []byte, err error) {
 			x.Target = strings.ToLower(x.Target)
 		case *DNAME:
 			x.Target = strings.ToLower(x.Target)
 		case *HINFO:
 			x.Os = strings.ToLower(x.Os)
 			x.Cpu = strings.ToLower(x.Cpu)
 		}
 		// 6.2. Canonical RR Form. (5) - origTTL
 		wire := make([]byte, r1.len()+1) // +1 to be safe(r)