resolved: rename dnssec_verify_dnskey() → dnssec_verify_dnskey_by_ds()

This should clarify that this is not regular signature-based validation, but validation through DS RR fingerprints.
author: Lennart Poettering <lennart@poettering.net> 2016-01-14 20:11:11 +0100
committer: Lennart Poettering <lennart@poettering.net> 2016-01-17 20:47:45 +0100
commit: 96bb76734d8e1c8520a2456901079610813eac6d (patch)
tree: 23346e1fae203850b22cc1ffdde88db38b1530ac /src
parent: 93a3b9294f7fa98ee10c66163f86cd0232728453 (diff)
5 files changed, 9 insertions, 9 deletions
diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c
index 2202daafc0..1ee4aa5b36 100644
--- a/src/resolve/resolved-dns-dnssec.c
+++ b/src/resolve/resolved-dns-dnssec.c
@@ -1070,7 +1070,7 @@ static int digest_to_gcrypt_md(uint8_t algorithm) {
         }
 }
 
-int dnssec_verify_dnskey(DnsResourceRecord *dnskey, DnsResourceRecord *ds, bool mask_revoke) {
+int dnssec_verify_dnskey_by_ds(DnsResourceRecord *dnskey, DnsResourceRecord *ds, bool mask_revoke) {
         char owner_name[DNSSEC_CANONICAL_HOSTNAME_MAX];
         gcry_md_hd_t md = NULL;
         size_t hash_size;
@@ -1140,7 +1140,7 @@ finish:
         return r;
 }
 
-int dnssec_verify_dnskey_search(DnsResourceRecord *dnskey, DnsAnswer *validated_ds) {
+int dnssec_verify_dnskey_by_ds_search(DnsResourceRecord *dnskey, DnsAnswer *validated_ds) {
         DnsResourceRecord *ds;
         DnsAnswerFlags flags;
         int r;
@@ -1166,7 +1166,7 @@ int dnssec_verify_dnskey_search(DnsResourceRecord *dnskey, DnsAnswer *validated_
                 if (r == 0)
                         continue;
 
-                r = dnssec_verify_dnskey(dnskey, ds, false);
+                r = dnssec_verify_dnskey_by_ds(dnskey, ds, false);
                 if (IN_SET(r, -EKEYREJECTED, -EOPNOTSUPP))
                         return 0; /* The DNSKEY is revoked or otherwise invalid, or we don't support the digest algorithm */
                 if (r < 0)
diff --git a/src/resolve/resolved-dns-dnssec.h b/src/resolve/resolved-dns-dnssec.h
index b9d32db120..955017e8cb 100644
--- a/src/resolve/resolved-dns-dnssec.h
+++ b/src/resolve/resolved-dns-dnssec.h
@@ -61,8 +61,8 @@ int dnssec_key_match_rrsig(const DnsResourceKey *key, DnsResourceRecord *rrsig);
 int dnssec_verify_rrset(DnsAnswer *answer, const DnsResourceKey *key, DnsResourceRecord *rrsig, DnsResourceRecord *dnskey, usec_t realtime, DnssecResult *result);
 int dnssec_verify_rrset_search(DnsAnswer *answer, const DnsResourceKey *key, DnsAnswer *validated_dnskeys, usec_t realtime, DnssecResult *result, DnsResourceRecord **rrsig);
 
-int dnssec_verify_dnskey(DnsResourceRecord *dnskey, DnsResourceRecord *ds, bool mask_revoke);
-int dnssec_verify_dnskey_search(DnsResourceRecord *dnskey, DnsAnswer *validated_ds);
+int dnssec_verify_dnskey_by_ds(DnsResourceRecord *dnskey, DnsResourceRecord *ds, bool mask_revoke);
+int dnssec_verify_dnskey_by_ds_search(DnsResourceRecord *dnskey, DnsAnswer *validated_ds);
 
 int dnssec_has_rrsig(DnsAnswer *a, const DnsResourceKey *key);
 
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index 8fe581b33c..ef38812c85 100644
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -1950,7 +1950,7 @@ static int dns_transaction_validate_dnskey_by_ds(DnsTransaction *t) {
 
         DNS_ANSWER_FOREACH_IFINDEX(rr, ifindex, t->answer) {
 
-                r = dnssec_verify_dnskey_search(rr, t->validated_keys);
+                r = dnssec_verify_dnskey_by_ds_search(rr, t->validated_keys);
                 if (r < 0)
                         return r;
                 if (r == 0)
diff --git a/src/resolve/resolved-dns-trust-anchor.c b/src/resolve/resolved-dns-trust-anchor.c
index 9bee44b5c7..02d7ac91e1 100644
--- a/src/resolve/resolved-dns-trust-anchor.c
+++ b/src/resolve/resolved-dns-trust-anchor.c
@@ -665,7 +665,7 @@ static int dns_trust_anchor_check_revoked_one(DnsTrustAnchor *d, DnsResourceReco
                          * DS fingerprint will be the one of the
                          * unrevoked DNSKEY, but the one we got passed
                          * here has the bit set. */
-                        r = dnssec_verify_dnskey(revoked_dnskey, anchor, true);
+                        r = dnssec_verify_dnskey_by_ds(revoked_dnskey, anchor, true);
                         if (r < 0)
                                 return r;
                         if (r == 0)
diff --git a/src/resolve/test-dnssec.c b/src/resolve/test-dnssec.c
index 0c9efde1fe..45fe1997e2 100644
--- a/src/resolve/test-dnssec.c
+++ b/src/resolve/test-dnssec.c
@@ -270,8 +270,8 @@ static void test_dnssec_verify_dns_key(void) {
         log_info("DNSKEY: %s", strna(dns_resource_record_to_string(dnskey)));
         log_info("DNSKEY keytag: %u", dnssec_keytag(dnskey, false));
 
-        assert_se(dnssec_verify_dnskey(dnskey, ds1, false) > 0);
-        assert_se(dnssec_verify_dnskey(dnskey, ds2, false) > 0);
+        assert_se(dnssec_verify_dnskey_by_ds(dnskey, ds1, false) > 0);
+        assert_se(dnssec_verify_dnskey_by_ds(dnskey, ds2, false) > 0);
 }
 
 static void test_dnssec_canonicalize_one(const char *original, const char *canonical, int r) {
author	Lennart Poettering <lennart@poettering.net>	2016-01-14 20:11:11 +0100
committer	Lennart Poettering <lennart@poettering.net>	2016-01-17 20:47:45 +0100
commit	96bb76734d8e1c8520a2456901079610813eac6d (patch)
tree	23346e1fae203850b22cc1ffdde88db38b1530ac /src
parent	93a3b9294f7fa98ee10c66163f86cd0232728453 (diff)