result = dns_rdataset_next(&keys)) {
dns_rdata_reset(&rdata);
dns_rdataset_current(&keys, &rdata);
+
+ /* Skip unsupported algorithms */
+ REQUIRE(rdata.type == dns_rdatatype_key ||
+ rdata.type == dns_rdatatype_dnskey);
+ REQUIRE(rdata.length > 3);
+ if (!dst_algorithm_supported(rdata.data[3]))
+ goto skip;
+
RETERR(dns_dnssec_keyfromrdata(origin, &rdata, mctx, &pubkey));
dst_key_setttl(pubkey, keys.ttl);
/*%<
* Search 'directory' for K* key files matching the name in 'origin'.
* Append all such keys, along with use hints gleaned from their
- * metadata, onto 'keylist'.
+ * metadata, onto 'keylist'. Skip any unsupported algorithms.
*
* Requires:
*\li 'keylist' is not NULL
result == ISC_R_SUCCESS;
result = dns_rdataset_next(&rdataset)) {
dns_rdata_t rdata = DNS_RDATA_INIT;
-
dns_rdataset_current(&rdataset, &rdata);
+
+ /* Skip unsupported algorithms when
+ * calculating the maximum iterations.
+ */
+ REQUIRE(rdata.type == dns_rdatatype_key ||
+ rdata.type == dns_rdatatype_dnskey);
+ REQUIRE(rdata.length > 3);
+ if (!dst_algorithm_supported(rdata.data[3]))
+ continue;
+
isc_buffer_init(&buffer, rdata.data, rdata.length);
isc_buffer_add(&buffer, rdata.length);
CHECK(dst_key_fromdns(dns_db_origin(db), rdataset.rdclass,