[v9_8] fix keysizes in confgen

author Evan Hunt <each@isc.org>

Mon, 4 Mar 2013 20:15:22 +0000 (12:15 -0800)

committer Evan Hunt <each@isc.org>

Mon, 4 Mar 2013 20:15:22 +0000 (12:15 -0800)
author Evan Hunt <each@isc.org>
Mon, 4 Mar 2013 20:15:22 +0000 (12:15 -0800)
committer Evan Hunt <each@isc.org>
Mon, 4 Mar 2013 20:15:22 +0000 (12:15 -0800)
diff --git a/CHANGES b/CHANGES

index 86fb8834150ecc5f326158c5f845f1c9b8725f93..d74124138a7211ca7fb3eca0a6ad57aec5d26faf 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,9 @@
+3514.  [bug]           The ranges for valid key sizes in ddns-confgen and
+                       rndc-confgen were too constrained. Keys up to 512
+                       bits are now allowed for most algorithms, and up
+                       to 1024 bits for hmac-sha384 and hmac-sha512.
+                       [RT #32753]
+
  3509.  [cleanup]       Added a product line to version file to allow for
                         easy naming of different products (BIND
                         vs BIND ESV, for example). [RT #32755]
diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c

index 787a93f1a7d818fda7f70f5d34ac692309fa0cdf..59096b57609fd494db51af452bec4781727b9a4e 100644 (file)
--- a/bin/confgen/keygen.c
+++ b/bin/confgen/keygen.c
@@ -126,29 +126,17 @@ generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
  
         switch (alg) {
             case DST_ALG_HMACMD5:
-           case DST_ALG_HMACSHA512:
-               if (keysize < 1 || keysize > 512)
-                       fatal("keysize %d out of range (must be 1-512)\n",
-                             keysize);
-               break;
-           case DST_ALG_HMACSHA256:
-               if (keysize < 1 || keysize > 256)
-                       fatal("keysize %d out of range (must be 1-256)\n",
-                             keysize);
-               break;
             case DST_ALG_HMACSHA1:
-               if (keysize < 1 || keysize > 160)
-                       fatal("keysize %d out of range (must be 1-160)\n",
-                             keysize);
-               break;
             case DST_ALG_HMACSHA224:
-               if (keysize < 1 || keysize > 224)
-                       fatal("keysize %d out of range (must be 1-224)\n",
+           case DST_ALG_HMACSHA256:
+               if (keysize < 1 || keysize > 512)
+                       fatal("keysize %d out of range (must be 1-512)\n",
                               keysize);
                 break;
             case DST_ALG_HMACSHA384:
-               if (keysize < 1 || keysize > 384)
-                       fatal("keysize %d out of range (must be 1-384)\n",
+           case DST_ALG_HMACSHA512:
+               if (keysize < 1 || keysize > 1024)
+                       fatal("keysize %d out of range (must be 1-1024)\n",
                               keysize);
                 break;
             default:
diff --git a/bin/confgen/rndc-confgen.c b/bin/confgen/rndc-confgen.c

index 1ad14a99aa158b27d9cfdf27e57a791f8dddfc99..967bb55a0e28cfca913d7cfaa549b184b64c6834 100644 (file)
--- a/bin/confgen/rndc-confgen.c
+++ b/bin/confgen/rndc-confgen.c
@@ -140,8 +140,6 @@ main(int argc, char **argv) {
                         keysize = strtol(isc_commandline_argument, &p, 10);
                         if (*p != '\0' || keysize < 0)
                                 fatal("-b requires a non-negative number");
-                       if (keysize < 1 || keysize > 512)
-                               fatal("-b must be in the range 1 through 512");
                         break;
                 case 'c':
                         keyfile = isc_commandline_argument;
author	Evan Hunt <each@isc.org>
	Mon, 4 Mar 2013 20:15:22 +0000 (12:15 -0800)
committer	Evan Hunt <each@isc.org>
	Mon, 4 Mar 2013 20:15:22 +0000 (12:15 -0800)
CHANGES		patch \| blob \| blame \| history
bin/confgen/keygen.c		patch \| blob \| blame \| history
bin/confgen/rndc-confgen.c		patch \| blob \| blame \| history