Commit 33b8db1b authored by Evan Hunt's avatar Evan Hunt
Browse files

[master] fix keysizes in confgen

3514.	[bug]		The ranges for valid key sizes in ddns-confgen and
			rndc-confgen were too constrained. Keys up to 512
			bits are now allowed for most algorithms, and up
			to 1024 bits for hmac-sha384 and hmac-sha512.
			[RT #32753]
parent 19b037bc
3514. [bug] The ranges for valid key sizes in ddns-confgen and
rndc-confgen were too constrained. Keys up to 512
bits are now allowed for most algorithms, and up
to 1024 bits for hmac-sha384 and hmac-sha512.
[RT #32753]
3513. [func] "dig -u" prints times in microseconds rather than 3513. [func] "dig -u" prints times in microseconds rather than
milliseconds. [RT #32704] milliseconds. [RT #32704]
......
...@@ -126,29 +126,17 @@ generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg, ...@@ -126,29 +126,17 @@ generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
switch (alg) { switch (alg) {
case DST_ALG_HMACMD5: case DST_ALG_HMACMD5:
case DST_ALG_HMACSHA512:
if (keysize < 1 || keysize > 512)
fatal("keysize %d out of range (must be 1-512)\n",
keysize);
break;
case DST_ALG_HMACSHA256:
if (keysize < 1 || keysize > 256)
fatal("keysize %d out of range (must be 1-256)\n",
keysize);
break;
case DST_ALG_HMACSHA1: case DST_ALG_HMACSHA1:
if (keysize < 1 || keysize > 160)
fatal("keysize %d out of range (must be 1-160)\n",
keysize);
break;
case DST_ALG_HMACSHA224: case DST_ALG_HMACSHA224:
if (keysize < 1 || keysize > 224) case DST_ALG_HMACSHA256:
fatal("keysize %d out of range (must be 1-224)\n", if (keysize < 1 || keysize > 512)
fatal("keysize %d out of range (must be 1-512)\n",
keysize); keysize);
break; break;
case DST_ALG_HMACSHA384: case DST_ALG_HMACSHA384:
if (keysize < 1 || keysize > 384) case DST_ALG_HMACSHA512:
fatal("keysize %d out of range (must be 1-384)\n", if (keysize < 1 || keysize > 1024)
fatal("keysize %d out of range (must be 1-1024)\n",
keysize); keysize);
break; break;
default: default:
......
...@@ -140,8 +140,6 @@ main(int argc, char **argv) { ...@@ -140,8 +140,6 @@ main(int argc, char **argv) {
keysize = strtol(isc_commandline_argument, &p, 10); keysize = strtol(isc_commandline_argument, &p, 10);
if (*p != '\0' || keysize < 0) if (*p != '\0' || keysize < 0)
fatal("-b requires a non-negative number"); fatal("-b requires a non-negative number");
if (keysize < 1 || keysize > 512)
fatal("-b must be in the range 1 through 512");
break; break;
case 'c': case 'c':
keyfile = isc_commandline_argument; keyfile = isc_commandline_argument;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment