diff options
| author | Tyler Davis <tydavis@gmail.com> | 2021-02-15 20:47:30 +0000 |
|---|---|---|
| committer | Tyler Davis <tydavis@gmail.com> | 2021-02-15 20:47:30 +0000 |
| commit | a687ebabb6589ebb36a9c385f583a19ac462b831 (patch) | |
| tree | 4112f2272dfe6df7f106819c1381ab59d7ea5d2f /vendor/github.com/miekg/dns/sig0.go | |
| parent | f22b6da3c7964a23d93269b6c5de9f322c3837a8 (diff) | |
| download | dnstracker-a687ebabb6589ebb36a9c385f583a19ac462b831.tar.gz dnstracker-a687ebabb6589ebb36a9c385f583a19ac462b831.zip | |
Update go modules for 1.15
Diffstat (limited to 'vendor/github.com/miekg/dns/sig0.go')
| -rw-r--r-- | vendor/github.com/miekg/dns/sig0.go | 41 |
1 files changed, 10 insertions, 31 deletions
diff --git a/vendor/github.com/miekg/dns/sig0.go b/vendor/github.com/miekg/dns/sig0.go index f31e9e6..9ef13cc 100644 --- a/vendor/github.com/miekg/dns/sig0.go +++ b/vendor/github.com/miekg/dns/sig0.go @@ -2,7 +2,6 @@ package dns import ( "crypto" - "crypto/dsa" "crypto/ecdsa" "crypto/rsa" "encoding/binary" @@ -21,15 +20,11 @@ func (rr *SIG) Sign(k crypto.Signer, m *Msg) ([]byte, error) { if rr.KeyTag == 0 || len(rr.SignerName) == 0 || rr.Algorithm == 0 { return nil, ErrKey } - rr.Header().Rrtype = TypeSIG - rr.Header().Class = ClassANY - rr.Header().Ttl = 0 - rr.Header().Name = "." - rr.OrigTtl = 0 - rr.TypeCovered = 0 - rr.Labels = 0 - buf := make([]byte, m.Len()+rr.len()) + rr.Hdr = RR_Header{Name: ".", Rrtype: TypeSIG, Class: ClassANY, Ttl: 0} + rr.OrigTtl, rr.TypeCovered, rr.Labels = 0, 0, 0 + + buf := make([]byte, m.Len()+Len(rr)) mbuf, err := m.PackBuffer(buf) if err != nil { return nil, err @@ -89,7 +84,7 @@ func (rr *SIG) Verify(k *KEY, buf []byte) error { var hash crypto.Hash switch rr.Algorithm { - case DSA, RSASHA1: + case RSASHA1: hash = crypto.SHA1 case RSASHA256, ECDSAP256SHA256: hash = crypto.SHA256 @@ -107,7 +102,7 @@ func (rr *SIG) Verify(k *KEY, buf []byte) error { anc := binary.BigEndian.Uint16(buf[6:]) auc := binary.BigEndian.Uint16(buf[8:]) adc := binary.BigEndian.Uint16(buf[10:]) - offset := 12 + offset := headerSize var err error for i := uint16(0); i < qdc && offset < buflen; i++ { _, offset, err = UnpackDomainName(buf, offset) @@ -127,8 +122,7 @@ func (rr *SIG) Verify(k *KEY, buf []byte) error { if offset+1 >= buflen { continue } - var rdlen uint16 - rdlen = binary.BigEndian.Uint16(buf[offset:]) + rdlen := binary.BigEndian.Uint16(buf[offset:]) offset += 2 offset += int(rdlen) } @@ -168,7 +162,7 @@ func (rr *SIG) Verify(k *KEY, buf []byte) error { } // If key has come from the DNS name compression might // have mangled the case of the name - if strings.ToLower(signername) != strings.ToLower(k.Header().Name) { + if !strings.EqualFold(signername, k.Header().Name) { return &Error{err: "signer name doesn't match key name"} } sigend := offset @@ -183,19 +177,6 @@ func (rr *SIG) Verify(k *KEY, buf []byte) error { hashed := hasher.Sum(nil) sig := buf[sigend:] switch k.Algorithm { - case DSA: - pk := k.publicKeyDSA() - sig = sig[1:] - r := big.NewInt(0) - r.SetBytes(sig[:len(sig)/2]) - s := big.NewInt(0) - s.SetBytes(sig[len(sig)/2:]) - if pk != nil { - if dsa.Verify(pk, hashed, r, s) { - return nil - } - return ErrSig - } case RSASHA1, RSASHA256, RSASHA512: pk := k.publicKeyRSA() if pk != nil { @@ -203,10 +184,8 @@ func (rr *SIG) Verify(k *KEY, buf []byte) error { } case ECDSAP256SHA256, ECDSAP384SHA384: pk := k.publicKeyECDSA() - r := big.NewInt(0) - r.SetBytes(sig[:len(sig)/2]) - s := big.NewInt(0) - s.SetBytes(sig[len(sig)/2:]) + r := new(big.Int).SetBytes(sig[:len(sig)/2]) + s := new(big.Int).SetBytes(sig[len(sig)/2:]) if pk != nil { if ecdsa.Verify(pk, hashed, r, s) { return nil |