the client cookie was being hashed twice when computing the server cookie for sha1...

(cherry picked from commit 4795f0ca89a3e907cbcc2d406da27b38f9aed8dd)

diff --git a/bin/named/client.c b/bin/named/client.c
index feb4eb3e7901edcec6e9c0d95808f158fdc1c914..23b83778e487fee524696b9d7081dbd3cb476425 100644 (file)
--- a/bin/named/client.c
+++ b/bin/named/client.c
@@ -1850,8 +1850,6 @@ compute_cookie(ns_client_t *client, isc_uint32_t when, isc_uint32_t nonce,
                        INSIST(0);
                }
                isc_hmacsha1_update(&hmacsha1, cp, length);
-               isc_hmacsha1_update(&hmacsha1, client->cookie,
-                                   sizeof(client->cookie));
                isc_hmacsha1_sign(&hmacsha1, digest, sizeof(digest));
                isc_buffer_putmem(buf, digest, 8);
                isc_hmacsha1_invalidate(&hmacsha1);
@@ -1887,8 +1885,6 @@ compute_cookie(ns_client_t *client, isc_uint32_t when, isc_uint32_t nonce,
                        INSIST(0);
                }
                isc_hmacsha256_update(&hmacsha256, cp, length);
-               isc_hmacsha256_update(&hmacsha256, client->cookie,
-                                     sizeof(client->cookie));
                isc_hmacsha256_sign(&hmacsha256, digest, sizeof(digest));
                isc_buffer_putmem(buf, digest, 8);
                isc_hmacsha256_invalidate(&hmacsha256);