From fa4b01ee7d479f7186d3a1a9c9eaf5211a3521ac Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 13 Apr 2024 10:47:11 +0200 Subject: Merging upstream version 5.7.2. Signed-off-by: Daniel Baumann --- lib/cache/api.c | 2 +- lib/dnssec.c | 13 ++++++++----- 2 files changed, 9 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/cache/api.c b/lib/cache/api.c index bb627ea..f71a8d0 100644 --- a/lib/cache/api.c +++ b/lib/cache/api.c @@ -40,7 +40,7 @@ /** Cache version */ -static const uint16_t CACHE_VERSION = 6; +static const uint16_t CACHE_VERSION = 7; /** Key size */ #define KEY_HSIZE (sizeof(uint8_t) + sizeof(uint16_t)) #define KEY_SIZE (KEY_HSIZE + KNOT_DNAME_MAXLEN) diff --git a/lib/dnssec.c b/lib/dnssec.c index 262570c..12b8f20 100644 --- a/lib/dnssec.c +++ b/lib/dnssec.c @@ -240,8 +240,11 @@ fail: return NULL; } -/// Return if we want to afford yet another crypto-validation (and account it). -static bool check_crypto_limit(const kr_rrset_validation_ctx_t *vctx) +/** Checks whether we want to allow yet another crypto-validation and if yes, + * decrements the remaining number of allowed validations. + * + * Returns `true` if the crypto-validation is allowed; otherwise false */ +static bool account_crypto_limit(kr_rrset_validation_ctx_t *vctx) { if (vctx->limit_crypto_remains == NULL) return true; // no limiting @@ -281,7 +284,7 @@ static int kr_svldr_rrset_with_key(knot_rrset_t *rrs, const knot_rdataset_t *rrs } else if (retv != 0) { continue; } - if (!check_crypto_limit(vctx)) + if (!account_crypto_limit(vctx)) return vctx->result = kr_error(E2BIG); // We only expect non-expanded wildcard records in input; // that also means we don't need to perform non-existence proofs. @@ -392,7 +395,7 @@ static int kr_rrset_validate_with_key(kr_rrset_validation_ctx_t *vctx, break; } } - if (!check_crypto_limit(vctx)) { + if (!account_crypto_limit(vctx)) { vctx->result = kr_error(E2BIG); goto finish; } @@ -477,7 +480,7 @@ int kr_dnskeys_trusted(kr_rrset_validation_ctx_t *vctx, const knot_rdataset_t *s ret = kr_svldr_rrset_with_key(keys, sigs, vctx, &key); svldr_key_del(&key); if (ret == 0 || ret == kr_error(E2BIG)) { - kr_assert(vctx->result == 0); + kr_assert(vctx->result == ret); return vctx->result; } } -- cgit v1.2.3