Fix algorithm rollover bug wrt keytag conflicts

If there is an algorithm rollover and two keys of different algorithm
share the same keytags, then there is a possibility that if we check
that a key matches a specific state, we are checking against the wrong
key.

Fix this by not only checking for matching key id but also key
algorithm.

(cherry picked from commit f37eb33f29ad50cead2673f4f7634839ef7e2a26)

diff --git a/lib/dns/keymgr.c b/lib/dns/keymgr.c
index 4fbebbcb6d73cfef28f76968e56c61b1f33c82b5..0f6f818e119a0284beb195df9878b9331823cb54 100644 (file)
--- a/lib/dns/keymgr.c
+++ b/lib/dns/keymgr.c
@@ -605,6 +605,7 @@ keymgr_key_match_state(dst_key_t *key, dst_key_t *subject, int type,
                        continue;
                }
                if (next_state != NA && i == type &&
+                   dst_key_alg(key) == dst_key_alg(subject) &&
                    dst_key_id(key) == dst_key_id(subject))
                {
                        /* Check next state rather than current state. */