From 0071e6c10ab87e1ff2ba8f920cd6c923230abac2 Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Thu, 25 Apr 2024 15:48:49 +0200 Subject: [PATCH] Fix missing version in KSR The final line in a KSR ";; KeySigningRequest generated at ..." was missing the version number, that has now been fixed. Thanks Libor Peltan for reporting. --- bin/dnssec/dnssec-ksr.c | 16 +++++++++------- bin/tests/system/ksr/tests.sh | 10 +++++----- 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/bin/dnssec/dnssec-ksr.c b/bin/dnssec/dnssec-ksr.c index 158f9b4bac..b8bc348508 100644 --- a/bin/dnssec/dnssec-ksr.c +++ b/bin/dnssec/dnssec-ksr.c @@ -963,8 +963,8 @@ request(ksr_ctx_t *ksr) { } isc_stdtime_tostring(ksr->now, timestr, sizeof(timestr)); - fprintf(stdout, ";; KeySigningRequest generated at %s by %s\n", timestr, - PACKAGE_VERSION); + fprintf(stdout, ";; KeySigningRequest 1.0 generated at %s by %s\n", + timestr, PACKAGE_VERSION); /* Cleanup */ cleanup(&keys, kasp); @@ -1041,20 +1041,22 @@ sign(ksr_ctx_t *ksr) { ksr->file, isc_lex_getsourceline(lex)); } - if (strcmp(STR(token), "generated") == 0) { - /* Final bundle */ - goto readline; - } else if (strcmp(STR(token), "1.0") != 0) { + if (strcmp(STR(token), "1.0") != 0) { fatal("bad KSR file %s(%lu): expected version", ksr->file, isc_lex_getsourceline(lex)); } - /* Date and time of bundle */ + CHECK(isc_lex_gettoken(lex, opt, &token)); if (token.type != isc_tokentype_string) { fatal("bad KSR file %s(%lu): expected datetime", ksr->file, isc_lex_getsourceline(lex)); } + if (strcmp(STR(token), "generated") == 0) { + /* Final bundle */ + goto readline; + } + /* Date and time of bundle */ sscanf(STR(token), "%s", bundle); next_inception = strtotime(bundle, ksr->now, ksr->now, NULL); diff --git a/bin/tests/system/ksr/tests.sh b/bin/tests/system/ksr/tests.sh index bda86ba36e..ad14d992cf 100644 --- a/bin/tests/system/ksr/tests.sh +++ b/bin/tests/system/ksr/tests.sh @@ -206,7 +206,7 @@ cat common.test.ksk1 >>ksr.request.expect.$n cat common.test.$DEFAULT_ALGORITHM_NUMBER.zsk2 >>ksr.request.expect.$n # Footer cp ksr.request.expect.$n ksr.request.expect.base -grep ";; KeySigningRequest generated at" ksr.request.out.$n >footer.$n || ret=1 +grep ";; KeySigningRequest 1.0 generated at" ksr.request.out.$n >footer.$n || ret=1 cat footer.$n >>ksr.request.expect.$n # Check if request output is the same as expected. diff -w ksr.request.out.$n ksr.request.expect.$n >/dev/null || ret=1 @@ -485,7 +485,7 @@ ret=0 ksr common -i $now -e +1y request common.test >ksr.request.out.$n 2>&1 || ret=1 # Same as earlier. cp ksr.request.expect.base ksr.request.expect.$n -grep ";; KeySigningRequest generated at" ksr.request.out.$n >footer.$n || ret=1 +grep ";; KeySigningRequest 1.0 generated at" ksr.request.out.$n >footer.$n || ret=1 cat footer.$n >>ksr.request.expect.$n diff -w ksr.request.out.$n ksr.request.expect.$n >/dev/null || ret=1 test "$ret" -eq 0 || echo_i "failed" @@ -522,7 +522,7 @@ cat common.test.ksk1 >>ksr.request.expect.$n cat common.test.$DEFAULT_ALGORITHM_NUMBER.zsk4 >>ksr.request.expect.$n # Footer cp ksr.request.expect.$n ksr.request.expect.base -grep ";; KeySigningRequest generated at" ksr.request.out.$n >footer.$n || ret=1 +grep ";; KeySigningRequest 1.0 generated at" ksr.request.out.$n >footer.$n || ret=1 cat footer.$n >>ksr.request.expect.$n diff -w ksr.request.out.$n ksr.request.expect.$n >/dev/null || ret=1 # Save request for ksr sign operation. @@ -596,7 +596,7 @@ echo ";; KeySigningRequest 1.0 $inception" >ksr.request.expect.$n cat unlimited.test.ksk1 >>ksr.request.expect.$n cat unlimited.test.$DEFAULT_ALGORITHM_NUMBER.zsk1 >>ksr.request.expect.$n # Footer -grep ";; KeySigningRequest generated at" ksr.request.out.$n >footer.$n || ret=1 +grep ";; KeySigningRequest 1.0 generated at" ksr.request.out.$n >footer.$n || ret=1 cat footer.$n >>ksr.request.expect.$n diff -w ksr.request.out.$n ksr.request.expect.$n >/dev/null || ret=1 # Save request for ksr sign operation. @@ -732,7 +732,7 @@ cat two-tone.test.ksk2 >>ksr.request.expect.$n cat two-tone.test.$DEFAULT_ALGORITHM_NUMBER.zsk2 >>ksr.request.expect.$n cat two-tone.test.$ALTERNATIVE_ALGORITHM_NUMBER.zsk2 >>ksr.request.expect.$n # Footer -grep ";; KeySigningRequest generated at" ksr.request.out.$n >footer.$n || ret=1 +grep ";; KeySigningRequest 1.0 generated at" ksr.request.out.$n >footer.$n || ret=1 cat footer.$n >>ksr.request.expect.$n # Check the KSR request against the expected request. diff -w ksr.request.out.$n ksr.request.expect.$n >/dev/null || ret=1