Commit 43d02901 authored by Mark Karpilovskij's avatar Mark Karpilovskij

libdnssec: hardcode key sizes for curve algorithms

closes #602
parent 7ba9fc1d
......@@ -348,7 +348,23 @@ unsigned dnssec_key_get_size(const dnssec_key_t *key)
}
unsigned bits = 0;
gnutls_pubkey_get_pk_algorithm(key->public_key, &bits);
uint8_t algorithm = dnssec_key_get_algorithm(key);
switch (algorithm) {
case 13:
bits = 256;
break;
case 14:
bits = 384;
break;
case 15:
bits = 256;
break;
case 16:
bits = 456;
break;
default:
gnutls_pubkey_get_pk_algorithm(key->public_key, &bits);
}
return bits;
}
......
......@@ -41,17 +41,6 @@ static void check_key_tag(dnssec_key_t *key, const key_parameters_t *params)
static void check_key_size(dnssec_key_t *key, const key_parameters_t *params)
{
switch (params->algorithm) {
case 13:
case 14:
case 15:
case 16:
if (!dnssec_key_can_sign(key)) {
skip("key size without private key known to be broken");
return;
}
}
ok(dnssec_key_get_size(key) == params->bit_size,
"key size %u bits", params->bit_size);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment