}
int dnssec_verify_dnskey_by_ds(DnsResourceRecord *dnskey, DnsResourceRecord *ds, bool mask_revoke) {
- char owner_name[DNSSEC_CANONICAL_HOSTNAME_MAX];
+ uint8_t wire_format[DNS_WIRE_FOMAT_HOSTNAME_MAX];
_cleanup_(gcry_md_closep) gcry_md_hd_t md = NULL;
size_t hash_size;
int md_algorithm, r;
if (ds->ds.digest_size != hash_size)
return 0;
- r = dnssec_canonicalize(dns_resource_key_name(dnskey->key), owner_name, sizeof(owner_name));
+ r = dns_name_to_wire_format(dns_resource_key_name(dnskey->key), wire_format, sizeof(wire_format), true);
if (r < 0)
return r;
if (!md)
return -EIO;
- gcry_md_write(md, owner_name, r);
+ gcry_md_write(md, wire_format, r);
if (mask_revoke)
md_add_uint16(md, dnskey->dnskey.flags & ~DNSKEY_FLAG_REVOKE);
else
if (!result)
return -EIO;
- return memcmp(result, ds->ds.digest, ds->ds.digest_size) != 0;
+ return memcmp(result, ds->ds.digest, ds->ds.digest_size) == 0;
}
int dnssec_verify_dnskey_by_ds_search(DnsResourceRecord *dnskey, DnsAnswer *validated_ds) {