Commit d655a68f authored by Francis Dupont's avatar Francis Dupont

[master] better handling of TSIG keys with empty secrets (#3727)

parent e9f1dea2
// Copyright (C) 2010, 2014 Internet Systems Consortium, Inc. ("ISC")
// Copyright (C) 2010, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
......@@ -116,6 +116,11 @@ TEST_F(TSIGKeyTest, construct) {
isc::InvalidParameter);
EXPECT_THROW(TSIGKey(key_name, TSIGKey::HMACSHA256_NAME(), NULL, 16),
isc::InvalidParameter);
// Empty secret
TSIGKey keye = TSIGKey(key_name, TSIGKey::HMACSHA256_NAME(), NULL, 0);
EXPECT_EQ(keye.getSecretLength(), 0);
EXPECT_EQ(keye.getSecret(), (const void*)0);
}
void
......
// Copyright (C) 2010, 2014 Internet Systems Consortium, Inc. ("ISC")
// Copyright (C) 2010, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
......@@ -63,6 +63,21 @@ namespace {
struct
TSIGKey::TSIGKeyImpl {
TSIGKeyImpl(const Name& key_name, const Name& algorithm_name,
isc::cryptolink::HashAlgorithm algorithm,
size_t digestbits) :
key_name_(key_name), algorithm_name_(algorithm_name),
algorithm_(algorithm), digestbits_(digestbits),
secret_()
{
// Convert the key and algorithm names to the canonical form.
key_name_.downcase();
if (algorithm == isc::cryptolink::MD5) {
algorithm_name_ = TSIGKey::HMACMD5_NAME();
}
algorithm_name_.downcase();
}
TSIGKeyImpl(const Name& key_name, const Name& algorithm_name,
isc::cryptolink::HashAlgorithm algorithm,
size_t digestbits,
......@@ -103,8 +118,13 @@ TSIGKey::TSIGKey(const Name& key_name, const Name& algorithm_name,
"TSIGKey with unknown algorithm has non empty secret: " <<
key_name << ":" << algorithm_name);
}
impl_ = new TSIGKeyImpl(key_name, algorithm_name, algorithm,
digestbits, secret, secret_len);
if (secret == NULL) {
impl_ = new TSIGKeyImpl(key_name, algorithm_name, algorithm,
digestbits);
} else {
impl_ = new TSIGKeyImpl(key_name, algorithm_name, algorithm,
digestbits, secret, secret_len);
}
}
TSIGKey::TSIGKey(const std::string& str) : impl_(NULL) {
......@@ -161,10 +181,13 @@ TSIGKey::TSIGKey(const std::string& str) : impl_(NULL) {
<< str);
}
impl_ = new TSIGKeyImpl(Name(keyname_str), algo_name, algorithm,
digestbits,
secret.empty() ? NULL : &secret[0],
secret.size());
if (secret.empty()) {
impl_ = new TSIGKeyImpl(Name(keyname_str), algo_name, algorithm,
digestbits);
} else {
impl_ = new TSIGKeyImpl(Name(keyname_str), algo_name, algorithm,
digestbits, &secret[0], secret.size());
}
} catch (const isc::Exception& e) {
// 'reduce' the several types of exceptions name parsing and
// Base64 decoding can throw to just the InvalidParameter
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment