Commit 5d4343a9 authored by Evan Hunt's avatar Evan Hunt

[master] fix md5 key id computation

3630.	[bug]		Ensure correct ID computation for MD5 keys. [RT #33033]
parent 9054d0bb
3630. [bug] Ensure correct ID computation for MD5 keys. [RT #33033]
3629. [func] Allow the printing of cryptographic fields in DNSSEC
records by dig to be suppressed (dig +nocrypto).
[RT #34534]
......
......@@ -193,6 +193,15 @@ fromwire_dnskey(ARGS_FROMWIRE) {
dns_name_init(&name, NULL);
RETERR(dns_name_fromwire(&name, source, dctx, options, target));
}
/*
* RSAMD5 computes key ID differently from other
* algorithms: we need to ensure there's enough data
* present for the computation
*/
if (algorithm == DST_ALG_RSAMD5 && sr.length < 3)
return (ISC_R_UNEXPECTEDEND);
isc_buffer_activeregion(source, &sr);
isc_buffer_forward(source, sr.length);
return (mem_tobuffer(target, sr.base, sr.length));
......
......@@ -176,6 +176,15 @@ fromwire_key(ARGS_FROMWIRE) {
dns_name_init(&name, NULL);
RETERR(dns_name_fromwire(&name, source, dctx, options, target));
}
/*
* RSAMD5 computes key ID differently from other
* algorithms: we need to ensure there's enough data
* present for the computation
*/
if (algorithm == DST_ALG_RSAMD5 && sr.length < 3)
return (ISC_R_UNEXPECTEDEND);
isc_buffer_activeregion(source, &sr);
isc_buffer_forward(source, sr.length);
return (mem_tobuffer(target, sr.base, sr.length));
......
......@@ -185,6 +185,7 @@ totext_keydata(ARGS_TOTEXT) {
static inline isc_result_t
fromwire_keydata(ARGS_FROMWIRE) {
isc_region_t sr;
unsigned char algorithm;
REQUIRE(type == 65533);
......@@ -197,6 +198,15 @@ fromwire_keydata(ARGS_FROMWIRE) {
if (sr.length < 16)
return (ISC_R_UNEXPECTEDEND);
/*
* RSAMD5 computes key ID differently from other
* algorithms: we need to ensure there's enough data
* present for the computation
*/
algorithm = sr.base[15];
if (algorithm == DST_ALG_RSAMD5 && sr.length < 19)
return (ISC_R_UNEXPECTEDEND);
isc_buffer_forward(source, sr.length);
return (mem_tobuffer(target, sr.base, sr.length));
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment