Uploaded image for project: 'OpenDNSSEC'
  1. OpenDNSSEC
  2. OPENDNSSEC-481

libhsm length one-off error

    XMLWordPrintable

    Details

    • Type: Story
    • Status: Closed
    • Priority: Trivial
    • Resolution: Fixed
    • Affects Version/s: 1.3.15
    • Fix Version/s: 1.3.17
    • Component/s: libhsm
    • Labels:
      None
    • Environment:

      source code error

    • Sprint:
      1.3.17

      Description

      in hsm_get_key_rdata, the public key exponent for a DNSKEY is written with a 1- or 3-byte length. The choice between the formats is wrong,

      public_exponent_len <= 256

      and should be

      public_exponent_len <= 255

      according to RFC 3110, section 2:

      For interoperability, the exponent and modulus are each limited to
      4096 bits in length. The public key exponent is a variable length
      unsigned integer. Its length in octets is represented as one octet
      if it is in the range of 1 to 255 and by a zero octet followed by a
      two octet unsigned length if it is longer than 255 bytes.

      A trivial libhsm.c patch follows.

      I doubt anyone runs into trouble with this one; public key exponents are generally chosen to be 65537, which fits in a length of only 3 bytes. Still, it's a coded fault.

        Attachments

          Issue Links

          is cloned by

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. OPENDNSSEC-522 CLONE - libhsm length one-off error

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Closed

            Activity

              People

              Assignee:
              rickard Rickard Bellgrim
              Reporter:
              vanrein Rick van Rein
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: