From: Evan Hunt <each@isc.org>
Date: Mon, 4 Mar 2013 20:14:39 +0000 (-0800)
Subject: [v9_9] fix keysizes in confgen
X-Git-Tag: v9.9.3b2~16
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=db3792f241a8c318f2ba23e4d5a54284fd660947;p=thirdparty%2Fbind9.git

[v9_9] fix keysizes in confgen

3514.	[bug]		The ranges for valid key sizes in ddns-confgen and
			rndc-confgen were too constrained. Keys up to 512
			bits are now allowed for most algorithms, and up
			to 1024 bits for hmac-sha384 and hmac-sha512.
			[RT #32753]
(cherry picked from commit 33b8db1bb3f0aa3a39db459e6a32a1082b8dce13)
---

diff --git a/CHANGES b/CHANGES
index 7e9bf9abe16..b3fd80c387b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,9 @@
+3514.	[bug]		The ranges for valid key sizes in ddns-confgen and
+			rndc-confgen were too constrained. Keys up to 512
+			bits are now allowed for most algorithms, and up
+			to 1024 bits for hmac-sha384 and hmac-sha512.
+			[RT #32753]
+
 3511.	[doc]		Improve documentation of redirect zones. [RT #32756]
 
 3509.	[cleanup]	Added a product line to version file to allow for
diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c
index 787a93f1a7d..59096b57609 100644
--- a/bin/confgen/keygen.c
+++ b/bin/confgen/keygen.c
@@ -126,29 +126,17 @@ generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
 
 	switch (alg) {
 	    case DST_ALG_HMACMD5:
-	    case DST_ALG_HMACSHA512:
-		if (keysize < 1 || keysize > 512)
-			fatal("keysize %d out of range (must be 1-512)\n",
-			      keysize);
-		break;
-	    case DST_ALG_HMACSHA256:
-		if (keysize < 1 || keysize > 256)
-			fatal("keysize %d out of range (must be 1-256)\n",
-			      keysize);
-		break;
 	    case DST_ALG_HMACSHA1:
-		if (keysize < 1 || keysize > 160)
-			fatal("keysize %d out of range (must be 1-160)\n",
-			      keysize);
-		break;
 	    case DST_ALG_HMACSHA224:
-		if (keysize < 1 || keysize > 224)
-			fatal("keysize %d out of range (must be 1-224)\n",
+	    case DST_ALG_HMACSHA256:
+		if (keysize < 1 || keysize > 512)
+			fatal("keysize %d out of range (must be 1-512)\n",
 			      keysize);
 		break;
 	    case DST_ALG_HMACSHA384:
-		if (keysize < 1 || keysize > 384)
-			fatal("keysize %d out of range (must be 1-384)\n",
+	    case DST_ALG_HMACSHA512:
+		if (keysize < 1 || keysize > 1024)
+			fatal("keysize %d out of range (must be 1-1024)\n",
 			      keysize);
 		break;
 	    default:
diff --git a/bin/confgen/rndc-confgen.c b/bin/confgen/rndc-confgen.c
index a9831b1867b..70639affb60 100644
--- a/bin/confgen/rndc-confgen.c
+++ b/bin/confgen/rndc-confgen.c
@@ -140,8 +140,6 @@ main(int argc, char **argv) {
 			keysize = strtol(isc_commandline_argument, &p, 10);
 			if (*p != '\0' || keysize < 0)
 				fatal("-b requires a non-negative number");
-			if (keysize < 1 || keysize > 512)
-				fatal("-b must be in the range 1 through 512");
 			break;
 		case 'c':
 			keyfile = isc_commandline_argument;