upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-08 07:49:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

fixup SHA256 algorithm set routine

Browse source 
git-svn-id: file:///svn/unbound/trunk@1279 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2008-10-02 09:05:20 +00:00
parent 74909b66b4
commit cb659ab13b
2 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
doc/Changelog
View file

@ -1,5 +1,6 @@
2 October 2008: Wouter
- fixup unlink of pidfile.
- fixup SHA256 algorithm collation code.
30 September 2008: Wouter
- fixup SHA256 DS downgrade, no longer possible to downgrade to SHA1.

9
validator/val_sigcrypt.c
View file

@ -409,16 +409,15 @@ int dnskey_algo_is_supported(struct ub_packed_rrset_key* dnskey_rrset,
/**
* Fillup needed algorithm array for DNSKEY set
* @param dnskey: the key
* @param num: number of DNSKEY RRs.
* @param needs: array per algorithm.
* @return the number of algorithms that need valid signatures
*/
static size_t
dnskeyset_needs(struct ub_packed_rrset_key* dnskey, size_t num,
uint8_t needs[])
dnskeyset_needs(struct ub_packed_rrset_key* dnskey, uint8_t needs[])
{
uint8_t algo;
size_t i, total = 0;
size_t num = rrset_get_count(dnskey);
memset(needs, 0, sizeof(uint8_t)*256);
for(i=0; i<num; i++) {
@ -448,13 +447,13 @@ dnskeyset_verify_rrset(struct module_env* env, struct val_env* ve,
return sec_status_bogus;
}
numneeds = dnskeyset_needs(dnskey, num, needs);
numneeds = dnskeyset_needs(dnskey, needs);
for(i=0; i<num; i++) {
sec = dnskeyset_verify_rrset_sig(env, ve, *env->now, rrset,
dnskey, i, &sortree);
/* see which algorithm has been fixed up */
if(sec == sec_status_secure) {
uint8_t a = (uint8_t)dnskey_get_algo(dnskey, i);
uint8_t a = (uint8_t)rrset_get_sig_algo(rrset, i);
if(needs[a] == 1) {
needs[a] = 0;
numneeds --;