Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
b05b3fab
Commit
b05b3fab
authored
Jun 29, 2017
by
Evan Hunt
Browse files
[master] fix RSA parsing when md5 disabled
4645. [bug] Fix PKCS#11 RSA parsing when MD5 is disabled. [RT #45300]
parent
91623448
Changes
4
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
b05b3fab
4645. [bug] Fix PKCS#11 RSA parsing when MD5 is disabled.
[RT #45300]
4644. [placeholder]
4643. [security] An error in TSIG handling could permit unauthorized
...
...
bin/tests/system/pkcs11/clean.sh
View file @
b05b3fab
...
...
@@ -7,7 +7,7 @@
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
rm
-f
K
*
ns1/K
*
keyset-
*
dsset-
*
ns1/
*
.db ns1/
*
.signed ns1/
*
.jnl
rm
-f
dig.out pin
rm
-f
dig.out
*
pin
upd.log
*
rm
-f
ns1/
*
.key ns1/named.memstats
rm
-f
supported
rm
-f
ns
*
/named.lock
bin/tests/system/pkcs11/tests.sh
View file @
b05b3fab
...
...
@@ -37,7 +37,12 @@ for alg in $algs; do
echo
"I:testing inline signing with PKCS#11 keys (
$alg
)"
$NSUPDATE
>
/dev/null
<<
END
|| status=1
$DIG
$DIGOPTS
ns.
$alg
.example. @10.53.0.1 a
>
dig.out.
$alg
.0
||
ret
=
1
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
count0
=
`
grep
RRSIG dig.out.
$alg
.0 |
wc
-l
`
$NSUPDATE
-v
>
upd.log.
$alg
<<
END
|| status=1
server 10.53.0.1 5300
ttl 300
zone
$alg
.example.
...
...
@@ -48,11 +53,11 @@ END
echo
"I:waiting 20 seconds for key changes to take effect"
sleep
20
$DIG
$DIGOPTS
ns.
$alg
.example. @10.53.0.1 a
>
dig.out
||
ret
=
1
$DIG
$DIGOPTS
ns.
$alg
.example. @10.53.0.1 a
>
dig.out
.
$alg
||
ret
=
1
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
count
=
`
grep
RRSIG dig.out |
wc
-l
`
if
[
$count
!=
4
]
;
then
echo
"I:failed"
;
status
=
1
;
fi
count
=
`
grep
RRSIG dig.out
.
$alg
|
wc
-l
`
if
[
$count
-le
$count0
]
;
then
echo
"I:failed"
;
status
=
1
;
fi
echo
"I:testing PKCS#11 key destroy (
$alg
)"
ret
=
0
...
...
lib/dns/dst_parse.c
View file @
b05b3fab
...
...
@@ -605,7 +605,12 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
goto
fail
;
}
#ifdef PK11_MD5_DISABLE
check
=
check_data
(
priv
,
alg
==
DST_ALG_RSA
?
DST_ALG_RSASHA1
:
alg
,
ISC_TRUE
,
external
);
#else
check
=
check_data
(
priv
,
alg
,
ISC_TRUE
,
external
);
#endif
if
(
check
<
0
)
{
ret
=
DST_R_INVALIDPRIVATEKEY
;
goto
fail
;
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment