[master] better handling of TSIG keys with empty secrets (#3727)

d655a68f · Francis Dupont · e9f1dea2 · d655a68f · d655a68f
Commit d655a68f authored Feb 28, 2015 by Francis Dupont
Hide whitespace changes
Inline Side-by-side

Showing with 36 additions and 8 deletions

src/lib/dns/tests/tsigkey_unittest.cc src/lib/dns/tests/tsigkey_unittest.cc +6 -1

src/lib/dns/tsigkey.cc src/lib/dns/tsigkey.cc +30 -7

No files found.
--- a/src/lib/dns/tests/tsigkey_unittest.cc
+++ b/src/lib/dns/tests/tsigkey_unittest.cc
-// Copyright (C) 2010, 2014  Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2010, 2014, 2015  Internet Systems Consortium, Inc. ("ISC")
 //
 // Permission to use, copy, modify, and/or distribute this software for any
 // purpose with or without fee is hereby granted, provided that the above
@@ -116,6 +116,11 @@ TEST_F(TSIGKeyTest, construct) {
                 isc::InvalidParameter);
    EXPECT_THROW(TSIGKey(key_name, TSIGKey::HMACSHA256_NAME(), NULL, 16),
                 isc::InvalidParameter);
+
+    // Empty secret
+    TSIGKey keye = TSIGKey(key_name, TSIGKey::HMACSHA256_NAME(), NULL, 0);
+    EXPECT_EQ(keye.getSecretLength(), 0);
+    EXPECT_EQ(keye.getSecret(), (const void*)0);
 }

 void

--- a/src/lib/dns/tsigkey.cc
+++ b/src/lib/dns/tsigkey.cc
-// Copyright (C) 2010, 2014  Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2010, 2014, 2015  Internet Systems Consortium, Inc. ("ISC")
 //
 // Permission to use, copy, modify, and/or distribute this software for any
 // purpose with or without fee is hereby granted, provided that the above
@@ -63,6 +63,21 @@ namespace {

 struct
 TSIGKey::TSIGKeyImpl {
+    TSIGKeyImpl(const Name& key_name, const Name& algorithm_name,
+                isc::cryptolink::HashAlgorithm algorithm,
+                size_t digestbits) :
+
+        key_name_(key_name), algorithm_name_(algorithm_name),
+        algorithm_(algorithm), digestbits_(digestbits),
+        secret_()
+    {
+        // Convert the key and algorithm names to the canonical form.
+        key_name_.downcase();
+        if (algorithm == isc::cryptolink::MD5) {
+            algorithm_name_ = TSIGKey::HMACMD5_NAME();
+        }
+        algorithm_name_.downcase();
+    }
    TSIGKeyImpl(const Name& key_name, const Name& algorithm_name,
                isc::cryptolink::HashAlgorithm algorithm,
                size_t digestbits,
@@ -103,8 +118,13 @@ TSIGKey::TSIGKey(const Name& key_name, const Name& algorithm_name,
                  "TSIGKey with unknown algorithm has non empty secret: " <<
                  key_name << ":" << algorithm_name);
    }
-    impl_ = new TSIGKeyImpl(key_name, algorithm_name, algorithm,
-                            digestbits, secret, secret_len);
+    if (secret == NULL) {
+        impl_ = new TSIGKeyImpl(key_name, algorithm_name, algorithm,
+                                digestbits);
+    } else {
+        impl_ = new TSIGKeyImpl(key_name, algorithm_name, algorithm,
+                                digestbits, secret, secret_len);
+    }
 }

 TSIGKey::TSIGKey(const std::string& str) : impl_(NULL) {
@@ -161,10 +181,13 @@ TSIGKey::TSIGKey(const std::string& str) : impl_(NULL) {
                      << str);
        }

-        impl_ = new TSIGKeyImpl(Name(keyname_str), algo_name, algorithm,
-                                digestbits,
-                                secret.empty() ? NULL : &secret[0],
-                                secret.size());
+        if (secret.empty()) {
+            impl_ = new TSIGKeyImpl(Name(keyname_str), algo_name, algorithm,
+                                    digestbits);
+        } else {
+            impl_ = new TSIGKeyImpl(Name(keyname_str), algo_name, algorithm,
+                                    digestbits, &secret[0], secret.size());
+        }
    } catch (const isc::Exception& e) {
        // 'reduce' the several types of exceptions name parsing and
        // Base64 decoding can throw to just the InvalidParameter