From: Tony Finch <fanf@isc.org>
Date: Fri, 9 Dec 2022 12:52:05 +0000 (+0000)
Subject: Fix a typo RSASHA236 -> RSASHA256
X-Git-Tag: v9.19.9~86^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c18a9a208d47d0ea27a396165fd895b7c1af2c25;p=thirdparty%2Fbind9.git

Fix a typo RSASHA236 -> RSASHA256

Use dns_secalg_format() to avoid error-prone repetition.
---

diff --git a/CHANGES b/CHANGES
index 224e8f8604b..11e35c00af4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+6044.	[bug]		There was an "RSASHA236" typo in a log message.
+			[GL !7206]
+
 6043.	[bug]		The key file IO locks objects would never get
 			deleted from the hashtable due to off-by-one error.
 			[GL #3727]
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index d60f0612419..7ec308c8ef7 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -3601,42 +3601,24 @@ zone_check_dnskeys(dns_zone_t *zone, dns_db_t *db) {
 		 * fermat number).
 		 */
 		if (dnskey.datalen > 1 && dnskey.data[0] == 1 &&
-		    dnskey.data[1] == 3)
+		    dnskey.data[1] == 3 &&
+		    (dnskey.algorithm == DNS_KEYALG_RSAMD5 ||
+		     dnskey.algorithm == DNS_KEYALG_RSASHA1 ||
+		     dnskey.algorithm == DNS_KEYALG_NSEC3RSASHA1 ||
+		     dnskey.algorithm == DNS_KEYALG_RSASHA256 ||
+		     dnskey.algorithm == DNS_KEYALG_RSASHA512))
 		{
-			const char *algorithm = "";
+			char algorithm[DNS_SECALG_FORMATSIZE];
 			isc_region_t r;
-			bool logit = true;
 
 			dns_rdata_toregion(&rdata, &r);
+			dns_secalg_format(dnskey.algorithm, algorithm,
+					  sizeof(algorithm));
 
-			switch (dnskey.algorithm) {
-			case DNS_KEYALG_RSAMD5:
-				algorithm = "RSAMD5";
-				break;
-			case DNS_KEYALG_RSASHA1:
-				algorithm = "RSASHA1";
-				break;
-			case DNS_KEYALG_NSEC3RSASHA1:
-				algorithm = "NSEC3RSASHA1";
-				break;
-			case DNS_KEYALG_RSASHA256:
-				algorithm = "RSASHA236";
-				break;
-			case DNS_KEYALG_RSASHA512:
-				algorithm = "RSASHA512";
-				break;
-			default:
-				logit = false;
-				break;
-			}
-
-			if (logit) {
-				dnssec_log(zone, ISC_LOG_WARNING,
-					   "weak %s (%u) key found "
-					   "(exponent=3, id=%u)",
-					   algorithm, dnskey.algorithm,
-					   dst_region_computeid(&r));
-			}
+			dnssec_log(zone, ISC_LOG_WARNING,
+				   "weak %s (%u) key found (exponent=3, id=%u)",
+				   algorithm, dnskey.algorithm,
+				   dst_region_computeid(&r));
 		}
 		dns_rdata_reset(&rdata);
 	}