From: Miek Gieben Date: Thu, 24 Mar 2005 12:32:23 +0000 (+0000) Subject: not setting the orit_ttl field in the key may lead to weird results X-Git-Tag: release-0.50~192 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=168f645c6fb8bf092f9eb5bb94a3f360f2de0a61;p=thirdparty%2Fldns.git not setting the orit_ttl field in the key may lead to weird results --- diff --git a/Makefile.in b/Makefile.in index 57a3a668..b4fa2471 100644 --- a/Makefile.in +++ b/Makefile.in @@ -91,7 +91,7 @@ run-test7: run-test7.o $(LIBDNS_OBJECTS) $(LIBOBJS) run-test11: run-test11.o $(LIBDNS_OBJECTS) $(LIBOBJS) $(LINK) ${LIBS} -o $@ $+ run-test18: run-test18.o $(LIBDNS_OBJECTS) $(LIBOBJS) - $(LINK) ${LIBS} -o $@ $+ + $(LINK) ${LIBS} -lssl -o $@ $+ doc: doxygen libdns.doxygen diff --git a/dnssec.c b/dnssec.c index b85c6fed..22fc600a 100644 --- a/dnssec.c +++ b/dnssec.c @@ -720,7 +720,7 @@ ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys) current_sig = ldns_rr_new_frm_type(LDNS_RR_TYPE_RRSIG); /* set the type on the new signature */ - orig_ttl = ldns_key_ttl(current_key); + orig_ttl = ldns_key_origttl(current_key); /* set the ttl from the priv key on the rrset */ for (i = 0; i < ldns_rr_list_rr_count(rrset); i++) { @@ -733,6 +733,7 @@ ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys) /* fill in what we now of the signature */ /* set the orig_ttl */ + printf("orig ttl %d\n", orig_ttl); (void)ldns_rr_rrsig_set_origttl(current_sig, ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, orig_ttl)); /* the signers name */ (void)ldns_rr_rrsig_set_signame(current_sig, @@ -757,6 +758,9 @@ ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys) (void)ldns_rr_rrsig_set_typecovered(current_sig, ldns_native2rdf_int16(LDNS_RDF_TYPE_TYPE, ldns_rr_get_type(ldns_rr_list_rr(rrset_clone, 0)))); + printf("Sig before signing\n\n["); + ldns_rr_print(stdout, current_sig); + printf("]\n"); /* right now, we have: a key, a semi-sig and an rrset. For * which we can create the sig and base64 encode that and @@ -830,7 +834,6 @@ ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key) sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, siglen, ldns_buffer_begin(b64sig)); - /* FREE(sha1_hash); - don't free -> invalid pointer */ ldns_buffer_free(b64sig); return sigdata_rdf; } @@ -860,7 +863,7 @@ ldns_sign_public_rsasha1(ldns_buffer *to_sign, RSA *key) &siglen, key); sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, siglen, ldns_buffer_begin(b64sig)); - /* ldns_buffer_free(b64sig); can't free this buffer ?? */ + ldns_buffer_free(b64sig); /* can't free this buffer ?? */ return sigdata_rdf; } diff --git a/keys.c b/keys.c index da6a35df..28c9f516 100644 --- a/keys.c +++ b/keys.c @@ -44,7 +44,9 @@ ldns_key_new() if (!newkey) { return NULL; } else { + /* some defaults - not sure wether to do this */ ldns_key_set_flags(newkey, 256); + ldns_key_set_origttl(newkey, 0); ldns_key_set_keytag(newkey, 0); ldns_key_set_inception(newkey, 0); ldns_key_set_expiration(newkey, 0); @@ -87,11 +89,6 @@ ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size) break; } ldns_key_set_algorithm(k, alg); - /* some defaults - not sure wether to this there or not */ - ldns_key_set_flags(k, 256); - ldns_key_set_inception(k, 0); - ldns_key_set_expiration(k, 0); - ldns_key_set_keytag(k,0); return k; } @@ -126,7 +123,7 @@ ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac) } void -ldns_key_set_ttl(ldns_key *k, uint32_t t) +ldns_key_set_origttl(ldns_key *k, uint32_t t) { k->_extra.dnssec.orig_ttl = t; } @@ -199,7 +196,7 @@ ldns_key_hmac_key(ldns_key *k) } uint32_t -ldns_key_ttl(ldns_key *k) +ldns_key_origttl(ldns_key *k) { return k->_extra.dnssec.orig_ttl; } diff --git a/ldns/keys.h b/ldns/keys.h index 81f46a8d..1c2d68b5 100644 --- a/ldns/keys.h +++ b/ldns/keys.h @@ -74,7 +74,7 @@ void ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l); void ldns_key_set_rsa_key(ldns_key *k, RSA *r); void ldns_key_set_dsa_key(ldns_key *k, DSA *d); void ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac); -void ldns_key_set_ttl(ldns_key *k, uint32_t t); +void ldns_key_set_origttl(ldns_key *k, uint32_t t); void ldns_key_set_inception(ldns_key *k, uint32_t i); void ldns_key_set_expiration(ldns_key *k, uint32_t e); void ldns_key_set_pubkey_owner(ldns_key *k, ldns_rdf *r); @@ -87,7 +87,7 @@ ldns_signing_algorithm ldns_key_algorithm(ldns_key *k); RSA * ldns_key_rsa_key(ldns_key *k); DSA * ldns_key_dsa_key(ldns_key *k); unsigned char * ldns_key_hmac_key(ldns_key *k); -uint32_t ldns_key_ttl(ldns_key *k); +uint32_t ldns_key_origttl(ldns_key *k); uint32_t ldns_key_inception(ldns_key *k); uint32_t ldns_key_expiration(ldns_key *k); uint16_t ldns_key_keytag(ldns_key *k); diff --git a/run-test18.c b/run-test18.c index c5ae2713..0c289119 100644 --- a/run-test18.c +++ b/run-test18.c @@ -42,6 +42,8 @@ main(int argc, char *argv[]) owner = ldns_dname_new_frm_str("miek.nl"); ldns_key_set_pubkey_owner(privkey, owner); + ldns_key_set_origttl(privkey, 1800); + SSL_load_error_strings(); ldns_key_list_push_key(keys, privkey); ldns_rr_list_push_rr(rrs, rr);