Merge branch '356-client-cookie-is-being-hashed-twice-when-computing-the-dns-server-cookie' into 'master'

Resolve "Client cookie is being hashed twice when computing the DNS server cookie." Closes #356 See merge request isc-projects/bind9!399
2018-06-22 03:40:23 -04:00
parent dfdc6d61aa 8755a249bc
commit 5f2f68985b
2 changed files with 3 additions and 4 deletions
--- a/3
+++ b/3
@@ -1,3 +1,6 @@
+4975.	[bug]		The server cookie computation for sha1 and sha256 did
+			not match the method described in RFC 7873. [GL #356]
+
 4974.	[bug]		Restore default rrset-order to random. [GL #336]

 4973.	[func]		verifyzone() and the functions it uses were moved to
--- a/lib/ns/client.c
+++ b/lib/ns/client.c
@@ -1851,8 +1851,6 @@ compute_cookie(ns_client_t *client, isc_uint32_t when, isc_uint32_t nonce,
 			INSIST(0);
 		}
 		isc_hmacsha1_update(&hmacsha1, cp, length);
-		isc_hmacsha1_update(&hmacsha1, client->cookie,
-				    sizeof(client->cookie));
 		isc_hmacsha1_sign(&hmacsha1, digest, sizeof(digest));
 		isc_buffer_putmem(buf, digest, 8);
 		isc_hmacsha1_invalidate(&hmacsha1);
@@ -1888,8 +1886,6 @@ compute_cookie(ns_client_t *client, isc_uint32_t when, isc_uint32_t nonce,
 			INSIST(0);
 		}
 		isc_hmacsha256_update(&hmacsha256, cp, length);
-		isc_hmacsha256_update(&hmacsha256, client->cookie,
-				      sizeof(client->cookie));
 		isc_hmacsha256_sign(&hmacsha256, digest, sizeof(digest));
 		isc_buffer_putmem(buf, digest, 8);
 		isc_hmacsha256_invalidate(&hmacsha256);