the client cookie was being hashed twice when computing the server cookie for sha1...

(cherry picked from commit 4795f0ca89a3e907cbcc2d406da27b38f9aed8dd)

diff --git a/bin/named/client.c b/bin/named/client.c
index 1d72a735a796ea093d3c3b08b37af6909b89bd50..16d78cacb73c0df6aa00060077a1695f03bb2f9c 100644 (file)
--- a/bin/named/client.c
+++ b/bin/named/client.c
@@ -1650,7 +1650,6 @@ compute_cookie(ns_client_t *client, isc_uint32_t when, isc_uint32_t nonce,
                                    (unsigned char *)&netaddr.type.in6, 16);
                break;
        }
-       isc_hmacsha1_update(&hmacsha1, client->cookie, sizeof(client->cookie));
        isc_hmacsha1_sign(&hmacsha1, digest, sizeof(digest));
        isc_buffer_putmem(buf, digest, 8);
        isc_hmacsha1_invalidate(&hmacsha1);
@@ -1681,8 +1680,6 @@ compute_cookie(ns_client_t *client, isc_uint32_t when, isc_uint32_t nonce,
                                      (unsigned char *)&netaddr.type.in6, 16);
                break;
        }
-       isc_hmacsha256_update(&hmacsha256, client->cookie,
-                             sizeof(client->cookie));
        isc_hmacsha256_sign(&hmacsha256, digest, sizeof(digest));
        isc_buffer_putmem(buf, digest, 8);
        isc_hmacsha256_invalidate(&hmacsha256);