From: Mark Andrews <marka@isc.org>
Date: Wed, 9 Apr 2025 20:05:54 +0000 (+0000)
Subject: fix: usr: `check_private` failed to account for the length byte before the OID
X-Git-Tag: v9.21.8~33
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ecbae71fe9a3969e19e84edb071cfd89be9ac1f4;p=thirdparty%2Fbind9.git

fix: usr: `check_private` failed to account for the length byte before the OID

In PRIVATEOID keys, the key data begins with a length byte followed
by an ASN.1 object identifier that indicates the cryptographic algorithm
to use. Previously, the length byte was not accounted for when
checking the contents of keys and signatures, which could have led
to interoperability problems with any zones signed using PRIVATEOID.
This has been fixed.

Closes #5270

Merge branch '5270-fix-check-private' into 'main'

See merge request isc-projects/bind9!10372
---

ecbae71fe9a3969e19e84edb071cfd89be9ac1f4