mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00
Code Issues Releases Wiki Activity

3174. [bug] Always compute to revoked key tag from scratch.

Browse Source 
[RT #24711]
This commit is contained in:
Mark Andrews
2011-10-20 21:20:02 +00:00
parent 3c95be120f
commit 1946c596b4
15 changed files with 109 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
lib/dns/dst_api.c
View File

@@ -31,7 +31,7 @@
/*
* Principal Author: Brian Wellington
* $Id: dst_api.c,v 1.64 2011/09/05 18:00:22 each Exp $
* $Id: dst_api.c,v 1.65 2011/10/20 21:20:02 marka Exp $
*/
/*! \file */
@@ -448,7 +448,6 @@ dst_key_fromfile(dns_name_t *name, dns_keytag_t id,
dst_key_free(&key);
return (DST_R_INVALIDPRIVATEKEY);
}
key->key_id = id;
*keyp = key;
return (ISC_R_SUCCESS);
@@ -599,7 +598,7 @@ dst_key_fromdns(dns_name_t *name, dns_rdataclass_t rdclass,
isc_uint8_t alg, proto;
isc_uint32_t flags, extflags;
dst_key_t *key = NULL;
dns_keytag_t id;
dns_keytag_t id, rid;
isc_region_t r;
isc_result_t result;
@@ -614,6 +613,7 @@ dst_key_fromdns(dns_name_t *name, dns_rdataclass_t rdclass,
alg = isc_buffer_getuint8(source);
id = dst_region_computeid(&r, alg);
rid = dst_region_computerid(&r, alg);
if (flags & DNS_KEYFLAG_EXTENDED) {
if (isc_buffer_remaininglength(source) < 2)
@@ -627,6 +627,7 @@ dst_key_fromdns(dns_name_t *name, dns_rdataclass_t rdclass,
if (result != ISC_R_SUCCESS)
return (result);
key->key_id = id;
key->key_rid = rid;
*keyp = key;
return (ISC_R_SUCCESS);
@@ -928,13 +929,6 @@ comparekeys(const dst_key_t *key1, const dst_key_t *key2,
if (key1->key_alg != key2->key_alg)
return (ISC_FALSE);
/*
* For all algorithms except RSAMD5, revoking the key
* changes the key ID, increasing it by 128. If we want to
* be able to find matching keys even if one of them is the
* revoked version of the other one, then we need to check
* for that possibility.
*/
if (key1->key_id != key2->key_id) {
if (!match_revoked_key)
return (ISC_FALSE);
@@ -943,11 +937,8 @@ comparekeys(const dst_key_t *key1, const dst_key_t *key2,
if ((key1->key_flags & DNS_KEYFLAG_REVOKE) ==
(key2->key_flags & DNS_KEYFLAG_REVOKE))
return (ISC_FALSE);
if ((key1->key_flags & DNS_KEYFLAG_REVOKE) != 0 &&
key1->key_id != ((key2->key_id + 128) & 0xffff))
return (ISC_FALSE);
if ((key2->key_flags & DNS_KEYFLAG_REVOKE) != 0 &&
key2->key_id != ((key1->key_id + 128) & 0xffff))
if (key1->key_id != key2->key_rid &&
key1->key_rid != key2->key_id)
return (ISC_FALSE);
}
@@ -1652,6 +1643,7 @@ computeid(dst_key_t *key) {
isc_buffer_usedregion(&dnsbuf, &r);
key->key_id = dst_region_computeid(&r, key->key_alg);
key->key_rid = dst_region_computerid(&r, key->key_alg);
return (ISC_R_SUCCESS);
}