Check that the specified DS digest is supported

dnssec-dsfromkey and dnssec-cds failed to properly check if the
specified DS digest type is supported or not.

diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c
index cb42bb710a1e49fdc3867514d860dcec674314b3..91a6c47554b3d1955611890632a5e88a3ba73d34 100644 (file)
--- a/bin/dnssec/dnssectool.c
+++ b/bin/dnssec/dnssectool.c
@@ -361,7 +361,10 @@ strtodsdigest(const char *str) {
        r.length = strlen(str);
        result = dns_dsdigest_fromtext(&alg, &r);
        if (result != ISC_R_SUCCESS) {
-               fatal("unknown DS algorithm %s", str);
+               fatal("unknown DS digest %s", str);
+       }
+       if (!dst_ds_digest_supported(alg)) {
+               fatal("unsupported DS digest %s", str);
        }
        return alg;
 }