Bugfix #562: Check keysizes with all algorithms

Thanks Peter Koch.

diff --git a/Changelog b/Changelog
index 5acde1811b1ae8b851c50b64046b0c6f70611371..2fc23ddf4d04fe38cedd0852f7acb2a3ce21c48c 100644 (file)
--- a/Changelog
+++ b/Changelog
@@ -9,7 +9,7 @@ TBD
        * Filter out specified RR types with ldns-read-zone -e and -E options
        * bugfix #563: Correct DNSKEY from DSA private key. Thanks Peter Koch.
        * bugfix #562: ldns-keygen match DSA key maximum size with library.
-         Thanks Peter Koch.
+         And check keysizes with all algorithms. Thanks Peter Koch.
 
 1.6.17 2014-01-10
        * Fix ldns_dnssec_zone_new_frm_fp_l to allow the last parsed line of a

diff --git a/examples/ldns-keygen.c b/examples/ldns-keygen.c
index 5cb5accb7bd1fa91fdaf9ca1537a49285e16c94f..1b8a00af18560ee5afe880b391a059580912ddb2 100644 (file)
--- a/examples/ldns-keygen.c
+++ b/examples/ldns-keygen.c
@@ -133,6 +133,9 @@ main(int argc, char *argv[])
        switch (algorithm) {
        case LDNS_SIGN_RSAMD5:
        case LDNS_SIGN_RSASHA1:
+       case LDNS_SIGN_RSASHA1_NSEC3:
+       case LDNS_SIGN_RSASHA256:
+       case LDNS_SIGN_RSASHA512:
                if (bits < 512 || bits > 4096) {
                        fprintf(stderr, "For RSA, the key size must be between ");
                        fprintf(stderr, " 512 and 4096 bytes. Aborting.\n");
@@ -140,6 +143,7 @@ main(int argc, char *argv[])
                }
                break;
        case LDNS_SIGN_DSA:
+       case LDNS_SIGN_DSA_NSEC3:
                if (bits < 512 || bits > 1024) {
                        fprintf(stderr, "For DSA, the key size must be between ");
                        fprintf(stderr, " 512 and 1024 bytes. Aborting.\n");