mirror of
https://github.com/isc-projects/bind9.git
synced 2026-06-10 14:49:59 -04:00
8b2c490811
A resolver that validated DNSSEC accepted RSA DNSKEYs of any modulus size up to OpenSSL's compile-time ceiling, and accepted any public exponent the wire format could carry. RSA verification cost grows sharply with the modulus length, so an authoritative server could publish an oversized DNSKEY to make each signature check on the resolver many times more expensive than for a normally sized key. The intended verify-time cap had no effect because the helper it called returned the public-exponent bit length rather than the modulus bit length, so the test was always satisfied. Replace it with an honest modulus-range check and a stricter exponent check that accepts only odd exponents in the closed range [3, 2^32 + 1] (covering every Fermat prime up to F5 and the odd intermediate values seen in deployed keys), reject anything outside those bounds at every RSA key load path so an invalid key never reaches the verifier, and keep the same checks at the verifier as a backstop against future load paths. |
||
|---|---|---|
| .. | ||
| dns | ||
| isc | ||
| isccc | ||
| isccfg | ||
| ns | ||
| .gitignore | ||
| meson.build | ||