From: Jelte Jansen Date: Thu, 27 Jul 2006 10:39:37 +0000 (+0000) Subject: read key files with rsa exponent 65537 correctly X-Git-Tag: release-1.2.0~214 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e2be7b9f93b57ae9d64c3510c8dcc9dec5e12a1c;p=thirdparty%2Fldns.git read key files with rsa exponent 65537 correctly added -c (canonicalize) option to ldns-read-zone --- diff --git a/dnssec.c b/dnssec.c index 649f4869..51343c08 100644 --- a/dnssec.c +++ b/dnssec.c @@ -817,8 +817,8 @@ ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys) current_key = ldns_key_list_key(keys, key_count); if ( - ldns_key_flags(current_key) & LDNS_KEY_ZONE_KEY && - (!(ldns_key_flags(current_key) & LDNS_KEY_SEP_KEY) || + ldns_key_flags(current_key) & LDNS_KEY_ZONE_KEY || + ((ldns_key_flags(current_key) & LDNS_KEY_SEP_KEY) && ldns_rr_get_type(ldns_rr_list_rr(rrset, 0)) == LDNS_RR_TYPE_DNSKEY) ) { current_sig = ldns_rr_new_frm_type(LDNS_RR_TYPE_RRSIG); @@ -1279,7 +1279,7 @@ ldns_zone_sign(ldns_zone *zone, ldns_key_list *key_list) ldns_rr_type cur_rrset_type; signed_zone = ldns_zone_new(); - + /* there should only be 1 SOA, so the soa record is 1 rrset */ cur_rrsigs = NULL; ldns_zone_set_soa(signed_zone, ldns_rr_clone(ldns_zone_soa(zone))); @@ -1301,6 +1301,7 @@ ldns_zone_sign(ldns_zone *zone, ldns_key_list *key_list) ckey = ldns_key2rr(ldns_key_list_key(key_list, i)); ldns_rr_list_push_rr(pubkeys, ckey); } + signed_zone_rrs = ldns_rr_list_new(); ldns_rr_list_sort(orig_zone_rrs); diff --git a/examples/ldns-read-zone.c b/examples/ldns-read-zone.c index 83eab1da..5ffe5981 100644 --- a/examples/ldns-read-zone.c +++ b/examples/ldns-read-zone.c @@ -20,26 +20,34 @@ main(int argc, char **argv) ldns_zone *z; int line_nr = 0; int c; + bool canonicalize = false; bool sort = false; ldns_status s; + size_t i; - while ((c = getopt(argc, argv, "hzv")) != -1) { + while ((c = getopt(argc, argv, "chvz")) != -1) { switch(c) { - case 'z': - sort = true; - break; - case 'v': - printf("read zone version %s (ldns version %s)\n", LDNS_VERSION, ldns_version()); - exit(EXIT_SUCCESS); - break; + case 'c': + canonicalize = true; + break; case 'h': - printf("Usage: %s [-z] [-v] \n", argv[0]); + printf("Usage: %s [-c] [-v] [-z] \n", argv[0]); printf("\tReads the zonefile and prints it.\n"); printf("\tThe RR count of the zone is printed to stderr.\n"); - printf("\tIf -z is given the zone is sorted.\n"); + printf("\tIf -c is given all rrs in zone are canonicalized.\n"); + printf("\tIf -z is given the zone is sorted (implies -c).\n"); printf("\t-v shows the version and exits\n"); - printf("\nif now file is given standard input is read\n"); + printf("\nif no file is given standard input is read\n"); + exit(EXIT_SUCCESS); + break; + case 'v': + printf("read zone version %s (ldns version %s)\n", LDNS_VERSION, ldns_version()); exit(EXIT_SUCCESS); + break; + case 'z': + canonicalize = true; + sort = true; + break; } } @@ -60,6 +68,12 @@ main(int argc, char **argv) s = ldns_zone_new_frm_fp_l(&z, fp, NULL, 0, LDNS_RR_CLASS_IN, &line_nr); if (s == LDNS_STATUS_OK) { + if (canonicalize) { + ldns_rr2canonical(ldns_zone_soa(z)); + for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(z)); i++) { + ldns_rr2canonical(ldns_rr_list_rr(ldns_zone_rrs(z), i)); + } + } if (sort) { ldns_zone_sort(z); } diff --git a/keys.c b/keys.c index dac37a21..617baf8b 100644 --- a/keys.c +++ b/keys.c @@ -630,8 +630,7 @@ ldns_key_rsa2bin(unsigned char *data, RSA *k, uint16_t *size) return false; } - /* should this be 256? or so */ - if (BN_num_bytes(k->e) <= 2) { + if (BN_num_bytes(k->e) <= 256) { /* normally only this path is executed (small factors are * more common */ @@ -639,8 +638,7 @@ ldns_key_rsa2bin(unsigned char *data, RSA *k, uint16_t *size) i = BN_bn2bin(k->e, data + 1); j = BN_bn2bin(k->n, data + i + 1); *size = (uint16_t) i + j; - /* and this 65536?? */ - } else if (BN_num_bytes(k->e) <= 16) { + } else if (BN_num_bytes(k->e) <= 65536) { data[0] = 0; /* BN_bn2bin does bigendian, _uint16 also */ ldns_write_uint16(data + 1, (uint16_t) BN_num_bytes(k->e));