community
/
dns
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove isValidRRSet check from RRSIG Sign method 

Change suggested by miekg, since the caller may already know it's
passing a proper RRset.

Update unit test to call isValidRRSet directly instead of expecting Sign
to return an error for sets the fail the check.
This commit is contained in:
Aaron Lehmann 2015-06-28 16:57:40 -07:00
parent dc56846101
commit f605c832f0
2 changed files with 7 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
dnssec.go
View File

@ -236,8 +236,7 @@ func isValidRRSet(rrset []RR) bool {
// the values: Inception, Expiration, KeyTag, SignerName and Algorithm.
// The rest is copied from the RRset. Sign returns true when the signing went OK,
// otherwise false.
// This function checks if RRSet is a proper (RFC 2181) RRSet, and returns
// ErrRRSet if it is not.
// There is no check if RRSet is a proper (RFC 2181) RRSet.
// If OrigTTL is non zero, it is used as-is, otherwise the TTL of the RRset
// is used as the OrigTTL.
func (rr *RRSIG) Sign(k PrivateKey, rrset []RR) error {
@ -249,10 +248,6 @@ func (rr *RRSIG) Sign(k PrivateKey, rrset []RR) error {
return ErrKey
}
if !isValidRRSet(rrset) {
return ErrRRset
}
rr.Hdr.Rrtype = TypeRRSIG
rr.Hdr.Name = rrset[0].Header().Name
rr.Hdr.Class = rrset[0].Header().Class

12
dnssec_test.go
View File

@ -690,22 +690,22 @@ func TestInvalidRRSet(t *testing.T) {
badRecords[0] = &TXT{Hdr: RR_Header{Name: "name.cloudflare.com.", Rrtype: TypeTXT, Class: ClassINET, Ttl: 0}, Txt: []string{"Hello world"}}
badRecords[1] = &TXT{Hdr: RR_Header{Name: "nama.cloudflare.com.", Rrtype: TypeTXT, Class: ClassINET, Ttl: 0}, Txt: []string{"_o/"}}
if err := signature.Sign(privatekey, badRecords); err != ErrRRset {
t.Fatal("Sign returned no error for record set with inconsistent names")
if isValidRRSet(badRecords) {
t.Fatal("Record set with inconsistent names considered valid")
}
badRecords[0] = &TXT{Hdr: RR_Header{Name: "name.cloudflare.com.", Rrtype: TypeTXT, Class: ClassINET, Ttl: 0}, Txt: []string{"Hello world"}}
badRecords[1] = &A{Hdr: RR_Header{Name: "name.cloudflare.com.", Rrtype: TypeA, Class: ClassINET, Ttl: 0}}
if err := signature.Sign(privatekey, badRecords); err != ErrRRset {
t.Fatal("Sign returned no error for record set with inconsistent record types")
if isValidRRSet(badRecords) {
t.Fatal("Record set with inconsistent record types considered valid")
}
badRecords[0] = &TXT{Hdr: RR_Header{Name: "name.cloudflare.com.", Rrtype: TypeTXT, Class: ClassINET, Ttl: 0}, Txt: []string{"Hello world"}}
badRecords[1] = &TXT{Hdr: RR_Header{Name: "name.cloudflare.com.", Rrtype: TypeTXT, Class: ClassCHAOS, Ttl: 0}, Txt: []string{"_o/"}}
if err := signature.Sign(privatekey, badRecords); err != ErrRRset {
t.Fatal("Sign returned no error for record set with inconsistent record class")
if isValidRRSet(badRecords) {
t.Fatal("Record set with inconsistent record class considered valid")
}
// Sign the good record set and then make sure verification fails on the bad record set