]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6bf4390) | patch
Fix OID check for PRIVATEOID keys and signatures
authorMark Andrews <marka@isc.org>
Thu, 3 Apr 2025 01:49:39 +0000 (12:49 +1100)
committerMark Andrews <marka@isc.org>
Wed, 9 Apr 2025 20:07:31 +0000 (20:07 +0000)
commite09eb2ff218dae1b7ac19610ceae680f7735ead0
tree1ddf8aa101834175aa01250c515e6b8a398c6c30tree | snapshot
parent6bf4390f25aea6e099b902b732e9ddc6e6f948efcommit | diff
Fix OID check for PRIVATEOID keys and signatures

We were failing to account for the length byte before the OID.
See RFC 4034.

   Algorithm number 254 is reserved for private use and will never be
   assigned to a specific algorithm.  The public key area in the DNSKEY
   RR and the signature area in the RRSIG RR begin with an unsigned
   length byte followed by a BER encoded Object Identifier (ISO OID) of
   that length.  The OID indicates the private algorithm in use, and the
   remainder of the area is whatever is required by that algorithm.
   Entities should only use OIDs they control to designate their private
   algorithms.

(cherry picked from commit ca7355b7d064154a348d81002504b1092bf55937)
lib/dns/rdata.c diff | blob | blame | history
lib/dns/rdata/generic/key_25.c diff | blob | blame | history
tests/dns/rdata_test.c diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git