From: Arаm Sаrgsyаn Date: Thu, 20 Feb 2025 14:24:17 +0000 (+0000) Subject: fix: usr: Implement sig0key-checks-limit and sig0message-checks-limit X-Git-Tag: ondrej/lock-free-qpzone-reads-v1~43 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d78ebff86107539700e16ef3bc19d184200181ec;p=thirdparty%2Fbind9.git fix: usr: Implement sig0key-checks-limit and sig0message-checks-limit Previously a hard-coded limitation of maximum two key or message verification checks were introduced when checking the message's SIG(0) signature. It was done in order to protect against possible DoS attacks. The logic behind choosing the number 2 was that more than a single key should only be required during key rotations, and in that case two keys are enough. But later it became apparent that there are other use cases too where even more keys are required, see issue number #5050 in GitLab. This change introduces two new configuration options for the views, `sig0key-checks-limit` and `sig0message-checks-limit`, which define how many keys are allowed to be checked to find a matching key, and how many message verifications are allowed to take place once a matching key has been found. The latter protects against expensive cryptographic operations when there are keys with colliding tags and algorithm numbers, with default being 2, and the former protects against a bit less expensive key parsing operations and defaults to 16. Closes #5050 Merge branch '5050-sig0-let-considering-more-than-two-keys' into 'main' See merge request isc-projects/bind9!9967 --- d78ebff86107539700e16ef3bc19d184200181ec