Remove isValidRRSet check from RRSIG Sign method
Change suggested by miekg, since the caller may already know it's passing a proper RRset. Update unit test to call isValidRRSet directly instead of expecting Sign to return an error for sets the fail the check.
This commit is contained in:
parent
dc56846101
commit
f605c832f0
|
@ -236,8 +236,7 @@ func isValidRRSet(rrset []RR) bool {
|
|||
// the values: Inception, Expiration, KeyTag, SignerName and Algorithm.
|
||||
// The rest is copied from the RRset. Sign returns true when the signing went OK,
|
||||
// otherwise false.
|
||||
// This function checks if RRSet is a proper (RFC 2181) RRSet, and returns
|
||||
// ErrRRSet if it is not.
|
||||
// There is no check if RRSet is a proper (RFC 2181) RRSet.
|
||||
// If OrigTTL is non zero, it is used as-is, otherwise the TTL of the RRset
|
||||
// is used as the OrigTTL.
|
||||
func (rr *RRSIG) Sign(k PrivateKey, rrset []RR) error {
|
||||
|
@ -249,10 +248,6 @@ func (rr *RRSIG) Sign(k PrivateKey, rrset []RR) error {
|
|||
return ErrKey
|
||||
}
|
||||
|
||||
if !isValidRRSet(rrset) {
|
||||
return ErrRRset
|
||||
}
|
||||
|
||||
rr.Hdr.Rrtype = TypeRRSIG
|
||||
rr.Hdr.Name = rrset[0].Header().Name
|
||||
rr.Hdr.Class = rrset[0].Header().Class
|
||||
|
|
|
@ -690,22 +690,22 @@ func TestInvalidRRSet(t *testing.T) {
|
|||
badRecords[0] = &TXT{Hdr: RR_Header{Name: "name.cloudflare.com.", Rrtype: TypeTXT, Class: ClassINET, Ttl: 0}, Txt: []string{"Hello world"}}
|
||||
badRecords[1] = &TXT{Hdr: RR_Header{Name: "nama.cloudflare.com.", Rrtype: TypeTXT, Class: ClassINET, Ttl: 0}, Txt: []string{"_o/"}}
|
||||
|
||||
if err := signature.Sign(privatekey, badRecords); err != ErrRRset {
|
||||
t.Fatal("Sign returned no error for record set with inconsistent names")
|
||||
if isValidRRSet(badRecords) {
|
||||
t.Fatal("Record set with inconsistent names considered valid")
|
||||
}
|
||||
|
||||
badRecords[0] = &TXT{Hdr: RR_Header{Name: "name.cloudflare.com.", Rrtype: TypeTXT, Class: ClassINET, Ttl: 0}, Txt: []string{"Hello world"}}
|
||||
badRecords[1] = &A{Hdr: RR_Header{Name: "name.cloudflare.com.", Rrtype: TypeA, Class: ClassINET, Ttl: 0}}
|
||||
|
||||
if err := signature.Sign(privatekey, badRecords); err != ErrRRset {
|
||||
t.Fatal("Sign returned no error for record set with inconsistent record types")
|
||||
if isValidRRSet(badRecords) {
|
||||
t.Fatal("Record set with inconsistent record types considered valid")
|
||||
}
|
||||
|
||||
badRecords[0] = &TXT{Hdr: RR_Header{Name: "name.cloudflare.com.", Rrtype: TypeTXT, Class: ClassINET, Ttl: 0}, Txt: []string{"Hello world"}}
|
||||
badRecords[1] = &TXT{Hdr: RR_Header{Name: "name.cloudflare.com.", Rrtype: TypeTXT, Class: ClassCHAOS, Ttl: 0}, Txt: []string{"_o/"}}
|
||||
|
||||
if err := signature.Sign(privatekey, badRecords); err != ErrRRset {
|
||||
t.Fatal("Sign returned no error for record set with inconsistent record class")
|
||||
if isValidRRSet(badRecords) {
|
||||
t.Fatal("Record set with inconsistent record class considered valid")
|
||||
}
|
||||
|
||||
// Sign the good record set and then make sure verification fails on the bad record set
|
||||
|
|
Loading…
Reference in New Issue