2 * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
3 * Copyright (c) 1995-2003 by Internet Software Consortium
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
15 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 * Internet Systems Consortium, Inc.
19 * Redwood City, CA 94063
24 #include <sys/types.h>
25 #include <sys/param.h>
27 #include <netinet/in.h>
28 #include <arpa/inet.h>
29 #include <sys/socket.h>
38 #include "minires/minires.h"
39 #include "arpa/nameser.h"
41 #include <isc-dhcp/dst.h>
45 res_nsendsigned(res_state statp,
46 double *msg, unsigned msglen, ns_tsig_key *key,
47 double *answer, unsigned anslen, unsigned *anssize)
54 unsigned bufsize, siglen;
63 nstatp = (res_state) malloc(sizeof(*statp));
65 return ISC_R_NOMEMORY;
66 memcpy(nstatp, statp, sizeof(*statp));
68 bufsize = msglen + 1024;
69 newmsg = (double *) malloc(bufsize);
71 return ISC_R_NOMEMORY;
72 memcpy(newmsg, msg, msglen);
75 if (ns_samename(key->alg, NS_TSIG_ALG_HMAC_MD5) != 1)
78 dstkey = dst_buffer_to_key(key->name, KEY_HMAC_MD5,
79 NS_KEY_TYPE_AUTH_ONLY,
90 rcode = ns_sign((u_char *)newmsg, &newmsglen, bufsize,
91 NOERROR, dstkey, NULL, 0,
93 if (rcode != ISC_R_SUCCESS) {
99 if (newmsglen > PACKETSZ || (nstatp->options & RES_IGNTC))
102 nstatp->options |= RES_IGNTC;
104 nstatp->options |= RES_USEVC;
108 rcode = res_nsend(nstatp, newmsg, newmsglen, answer, anslen, &ret);
109 if (rcode != ISC_R_SUCCESS) {
116 rcode = ns_verify((u_char *)answer, &anslen, dstkey, sig, siglen,
117 NULL, NULL, &tsig_time,
118 (nstatp->options & RES_KEEPTSIG) ? 1 : 0);
119 if (rcode != ISC_R_SUCCESS) {
120 Dprint(nstatp->pfcode & RES_PRF_REPLY,
121 (stdout, ";; TSIG invalid (%s)\n", p_rcode(ret)));
126 Dprint(nstatp->pfcode & RES_PRF_REPLY, (stdout, ";; TSIG ok\n"));
128 hp = (HEADER *) answer;
129 if (hp->tc && usingTCP == 0) {
130 nstatp->options &= ~RES_IGNTC;
138 return ISC_R_SUCCESS;