mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 13:38:26 +00:00
Code Issues Releases Wiki Activity

Restore the ability to read legacy K*+157+* files

Browse Source 
The ability to read legacy HMAC-MD5 K* keyfile pairs using algorithm
number 157 was accidentally lost when the algorithm numbers were
consolidated into a single block, in commit
09f7e0607a34d90eae53f862954e98c31b5ae532.

The assumption was that these algorithm numbers were only known
internally, but they were also used in key files. But since HMAC-MD5
got renumbered from 157 to 160, legacy HMAC-MD5 key files no longer
work.

Move HMAC-MD5 back to 157 and GSSAPI back to 160.  Add exception for
GSSAPI to list_hmac_algorithms.
This commit is contained in:
Mark Andrews 2023-06-19 14:17:14 +10:00
parent 4320c1f345
commit 3f93d3f757
4 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@ -1,3 +1,6 @@
6205. [bug] Restore support to read legacy HMAC-MD5 K file pairs.
[GL #4154]
6204. [bug] Use NS records for relaxed QNAME-minimization mode. 6204. [bug] Use NS records for relaxed QNAME-minimization mode.
This reduces the number of queries named makes when This reduces the number of queries named makes when
resolving, as it allows the non-existence of NS RRsets resolving, as it allows the non-existence of NS RRsets

3
bin/named/main.c
View File

@ -484,6 +484,9 @@ list_hmac_algorithms(isc_buffer_t *b) {
for (dst_algorithm_t i = DST_ALG_HMAC_FIRST; i <= DST_ALG_HMAC_LAST; for (dst_algorithm_t i = DST_ALG_HMAC_FIRST; i <= DST_ALG_HMAC_LAST;
i++) i++)
{ {
if (i == DST_ALG_GSSAPI) {
continue;
}
if (dst_algorithm_supported(i)) { if (dst_algorithm_supported(i)) {
isc_buffer_putstr(b, " "); isc_buffer_putstr(b, " ");
isc_buffer_putstr(b, dst_hmac_algorithm_totext(i)); isc_buffer_putstr(b, dst_hmac_algorithm_totext(i));

2
bin/tests/system/dnssec/tests.sh
View File

@ -3539,7 +3539,7 @@ do
2) # Diffie Helman 2) # Diffie Helman
alg=$((alg+1)) alg=$((alg+1))
continue;; continue;;
159|160|161|162|163|164|165) # private - non standard 157|160|161|162|163|164|165) # private - non standard
alg=$((alg+1)) alg=$((alg+1))
continue;; continue;;
1|5|7|8|10) # RSA algorithms 1|5|7|8|10) # RSA algorithms

11
lib/dns/include/dst/dst.h
View File

@ -95,15 +95,22 @@ typedef enum dst_algorithm {
DST_ALG_ECDSA384 = 14, DST_ALG_ECDSA384 = 14,
DST_ALG_ED25519 = 15, DST_ALG_ED25519 = 15,
DST_ALG_ED448 = 16, DST_ALG_ED448 = 16,
DST_ALG_GSSAPI = 159,
DST_ALG_HMACMD5 = 160, /*
* Do not renumber HMAC algorithms as they are used externally to named
* in legacy K* key pair files.
* Do not add non HMAC between DST_ALG_HMACMD5 and DST_ALG_HMACSHA512.
*/
DST_ALG_HMACMD5 = 157,
DST_ALG_HMAC_FIRST = DST_ALG_HMACMD5, DST_ALG_HMAC_FIRST = DST_ALG_HMACMD5,
DST_ALG_GSSAPI = 160, /* Internal use only. Exception. */
DST_ALG_HMACSHA1 = 161, /* XXXMPA */ DST_ALG_HMACSHA1 = 161, /* XXXMPA */
DST_ALG_HMACSHA224 = 162, /* XXXMPA */ DST_ALG_HMACSHA224 = 162, /* XXXMPA */
DST_ALG_HMACSHA256 = 163, /* XXXMPA */ DST_ALG_HMACSHA256 = 163, /* XXXMPA */
DST_ALG_HMACSHA384 = 164, /* XXXMPA */ DST_ALG_HMACSHA384 = 164, /* XXXMPA */
DST_ALG_HMACSHA512 = 165, /* XXXMPA */ DST_ALG_HMACSHA512 = 165, /* XXXMPA */
DST_ALG_HMAC_LAST = DST_ALG_HMACSHA512, DST_ALG_HMAC_LAST = DST_ALG_HMACSHA512,
DST_ALG_INDIRECT = 252, DST_ALG_INDIRECT = 252,
DST_ALG_PRIVATE = 254, DST_ALG_PRIVATE = 254,
DST_MAX_ALGS = 256, DST_MAX_ALGS = 256,