A crafted DNSKEY rdata whose declared exponent length consumed the
whole buffer produced an RSA key with no modulus, which dnssec-importkey
accepted as valid and wrote to a .private file with no key material.
The wire-format parser now rejects RSA public keys with a modulus
smaller than 512 bits, the lowest legitimate size across the RSA
DNSSEC algorithms.
Closes #5920
Merge branch '5920-opensslrsa-fromdns-zero-modulus-accepted' into 'main'
See merge request isc-projects/bind9!11929
projects / thirdparty / bind9.git / commitdiff
