read key files with rsa exponent 65537 correctly

added -c (canonicalize) option to ldns-read-zone

diff --git a/dnssec.c b/dnssec.c
index 649f4869facb42522520afdacc649e8c89b9013f..51343c08b79f3a4cc62c904a4869ecaf3ff88848 100644 (file)
--- a/dnssec.c
+++ b/dnssec.c
@@ -817,8 +817,8 @@ ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys)
 
                current_key = ldns_key_list_key(keys, key_count);
                if (
-                       ldns_key_flags(current_key) & LDNS_KEY_ZONE_KEY &&
-                       (!(ldns_key_flags(current_key) & LDNS_KEY_SEP_KEY) ||
+                       ldns_key_flags(current_key) & LDNS_KEY_ZONE_KEY ||
+                       ((ldns_key_flags(current_key) & LDNS_KEY_SEP_KEY) &&
                        ldns_rr_get_type(ldns_rr_list_rr(rrset, 0)) == LDNS_RR_TYPE_DNSKEY)
                   ) {
                        current_sig = ldns_rr_new_frm_type(LDNS_RR_TYPE_RRSIG);
@@ -1279,7 +1279,7 @@ ldns_zone_sign(ldns_zone *zone, ldns_key_list *key_list)
        ldns_rr_type cur_rrset_type;
        
        signed_zone = ldns_zone_new();
-       
+
        /* there should only be 1 SOA, so the soa record is 1 rrset */
        cur_rrsigs = NULL;
        ldns_zone_set_soa(signed_zone, ldns_rr_clone(ldns_zone_soa(zone)));
@@ -1301,6 +1301,7 @@ ldns_zone_sign(ldns_zone *zone, ldns_key_list *key_list)
                ckey = ldns_key2rr(ldns_key_list_key(key_list, i));
                ldns_rr_list_push_rr(pubkeys, ckey);
        }
+
        signed_zone_rrs = ldns_rr_list_new();
        
        ldns_rr_list_sort(orig_zone_rrs);

diff --git a/examples/ldns-read-zone.c b/examples/ldns-read-zone.c
index 83eab1da70e596c54879d26db94ccb9c6d96704a..5ffe59815c15e7aba5953503de6511115e135871 100644 (file)
--- a/examples/ldns-read-zone.c
+++ b/examples/ldns-read-zone.c
@@ -20,26 +20,34 @@ main(int argc, char **argv)
        ldns_zone *z;
        int line_nr = 0;
        int c;
+       bool canonicalize = false;
        bool sort = false;
        ldns_status s;
+       size_t i;
 
-        while ((c = getopt(argc, argv, "hzv")) != -1) {
+        while ((c = getopt(argc, argv, "chvz")) != -1) {
                 switch(c) {
-                        case 'z':
-                                sort = true;
-                                break;
-                       case 'v':
-                               printf("read zone version %s (ldns version %s)\n", LDNS_VERSION, ldns_version());
-                               exit(EXIT_SUCCESS);
-                               break;
+                       case 'c':
+                               canonicalize = true;
+                               break;
                        case 'h':
-                               printf("Usage: %s [-z] [-v] <zonefile>\n", argv[0]);
+                               printf("Usage: %s [-c] [-v] [-z] <zonefile>\n", argv[0]);
                                printf("\tReads the zonefile and prints it.\n");
                                printf("\tThe RR count of the zone is printed to stderr.\n");
-                               printf("\tIf -z is given the zone is sorted.\n");
+                               printf("\tIf -c is given all rrs in zone are canonicalized.\n");
+                               printf("\tIf -z is given the zone is sorted (implies -c).\n");
                                printf("\t-v shows the version and exits\n");
-                               printf("\nif now file is given standard input is read\n");
+                               printf("\nif no file is given standard input is read\n");
+                               exit(EXIT_SUCCESS);
+                               break;
+                       case 'v':
+                               printf("read zone version %s (ldns version %s)\n", LDNS_VERSION, ldns_version());
                                exit(EXIT_SUCCESS);
+                               break;
+                        case 'z':
+                               canonicalize = true;
+                                sort = true;
+                                break;
                }
        }
 
@@ -60,6 +68,12 @@ main(int argc, char **argv)
        
        s = ldns_zone_new_frm_fp_l(&z, fp, NULL, 0, LDNS_RR_CLASS_IN, &line_nr);
        if (s == LDNS_STATUS_OK) {
+               if (canonicalize) {
+                       ldns_rr2canonical(ldns_zone_soa(z));
+                       for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(z)); i++) {
+                               ldns_rr2canonical(ldns_rr_list_rr(ldns_zone_rrs(z), i));
+                       }
+               }
                if (sort) {
                        ldns_zone_sort(z);
                }

diff --git a/keys.c b/keys.c
index dac37a21f9ddb58dc7eaaf37a4545cd87d65a639..617baf8b05999372228ec96d34598f15224d9b18 100644 (file)
--- a/keys.c
+++ b/keys.c
@@ -630,8 +630,7 @@ ldns_key_rsa2bin(unsigned char *data, RSA *k, uint16_t *size)
                return false;
        }
        
-       /* should this be 256? or so */
-       if (BN_num_bytes(k->e) <= 2) {
+       if (BN_num_bytes(k->e) <= 256) {
                /* normally only this path is executed (small factors are
                 * more common 
                 */
@@ -639,8 +638,7 @@ ldns_key_rsa2bin(unsigned char *data, RSA *k, uint16_t *size)
                i = BN_bn2bin(k->e, data + 1);  
                j = BN_bn2bin(k->n, data + i + 1);
                *size = (uint16_t) i + j;
-               /* and this 65536?? */
-       } else if (BN_num_bytes(k->e) <= 16) {
+       } else if (BN_num_bytes(k->e) <= 65536) {
                data[0] = 0;
                /* BN_bn2bin does bigendian, _uint16 also */
                ldns_write_uint16(data + 1, (uint16_t) BN_num_bytes(k->e));