]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bc8799e) | patch
Fix OID check for PRIVATEOID keys and signatures
authorMark Andrews <marka@isc.org>
Thu, 3 Apr 2025 01:49:39 +0000 (12:49 +1100)
committerMark Andrews <marka@isc.org>
Thu, 3 Apr 2025 12:00:16 +0000 (23:00 +1100)
commitca7355b7d064154a348d81002504b1092bf55937
treea442c6f9dd31b566dceb327816568a8cfc54471dtree | snapshot
parentbc8799ee178b1b3550f7487c8dc920a9b6c8f814commit | diff
Fix OID check for PRIVATEOID keys and signatures

We were failing to account for the length byte before the OID.
See RFC 4034.

   Algorithm number 254 is reserved for private use and will never be
   assigned to a specific algorithm.  The public key area in the DNSKEY
   RR and the signature area in the RRSIG RR begin with an unsigned
   length byte followed by a BER encoded Object Identifier (ISO OID) of
   that length.  The OID indicates the private algorithm in use, and the
   remainder of the area is whatever is required by that algorithm.
   Entities should only use OIDs they control to designate their private
   algorithms.
lib/dns/rdata.c diff | blob | blame | history
lib/dns/rdata/generic/key_25.c diff | blob | blame | history
tests/dns/rdata_test.c diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git