From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 14 Mar 2014 13:22:18 +0000 (+0100)
Subject: Bugfix #562: Check keysizes with all algorithms
X-Git-Tag: release-1.7.0-rc1~161^2~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=08884ed5b8ec06e6f110e9a79f4bf059223c05e3;p=thirdparty%2Fldns.git

Bugfix #562: Check keysizes with all algorithms

Thanks Peter Koch.
---

diff --git a/Changelog b/Changelog
index 5acde181..2fc23ddf 100644
--- a/Changelog
+++ b/Changelog
@@ -9,7 +9,7 @@ TBD
 	* Filter out specified RR types with ldns-read-zone -e and -E options
 	* bugfix #563: Correct DNSKEY from DSA private key. Thanks Peter Koch.
 	* bugfix #562: ldns-keygen match DSA key maximum size with library.
-	  Thanks Peter Koch.
+	  And check keysizes with all algorithms. Thanks Peter Koch.
 
 1.6.17	2014-01-10
 	* Fix ldns_dnssec_zone_new_frm_fp_l to allow the last parsed line of a
diff --git a/examples/ldns-keygen.c b/examples/ldns-keygen.c
index 5cb5accb..1b8a00af 100644
--- a/examples/ldns-keygen.c
+++ b/examples/ldns-keygen.c
@@ -133,6 +133,9 @@ main(int argc, char *argv[])
 	switch (algorithm) {
 	case LDNS_SIGN_RSAMD5:
 	case LDNS_SIGN_RSASHA1:
+	case LDNS_SIGN_RSASHA1_NSEC3:
+	case LDNS_SIGN_RSASHA256:
+	case LDNS_SIGN_RSASHA512:
 		if (bits < 512 || bits > 4096) {
 			fprintf(stderr, "For RSA, the key size must be between ");
 			fprintf(stderr, " 512 and 4096 bytes. Aborting.\n");
@@ -140,6 +143,7 @@ main(int argc, char *argv[])
 		}
 		break;
 	case LDNS_SIGN_DSA:
+	case LDNS_SIGN_DSA_NSEC3:
 		if (bits < 512 || bits > 1024) {
 			fprintf(stderr, "For DSA, the key size must be between ");
 			fprintf(stderr, " 512 and 1024 bytes. Aborting.\n");