Remove support for obsoleted ECC-GOST (GOST R 34.11-94) algorithm

2018-05-25 16:17:13 +02:00
parent 57f0949e2b
commit 27593e65dc
60 changed files with 39 additions and 2875 deletions
--- a/bin/python/isc/dnskey.py.in
+++ b/bin/python/isc/dnskey.py.in
@@ -32,7 +32,7 @@ class dnskey:

    _ALGNAMES = (None, 'RSAMD5', 'DH', 'DSA', 'ECC', 'RSASHA1',
                 'NSEC3DSA', 'NSEC3RSASHA1', 'RSASHA256', None,
-                 'RSASHA512', None, 'ECCGOST', 'ECDSAP256SHA256',
+                 'RSASHA512', None, None, 'ECDSAP256SHA256',
                 'ECDSAP384SHA384', 'ED25519', 'ED448')

    def __init__(self, key, directory=None, keyttl=None):
--- a/bin/python/isc/policy.py.in
+++ b/bin/python/isc/policy.py.in
@@ -71,7 +71,7 @@ class PolicyLex:
        return t

    def t_ALGNAME(self, t):
-        r'(?i)\b(RSAMD5|DH|DSA|NSEC3DSA|ECC|RSASHA1|NSEC3RSASHA1|RSASHA256|RSASHA512|ECCGOST|ECDSAP256SHA256|ECDSAP384SHA384|ED25519|ED448)\b'
+        r'(?i)\b(RSAMD5|DH|DSA|NSEC3DSA|ECC|RSASHA1|NSEC3RSASHA1|RSASHA256|RSASHA512|ECDSAP256SHA256|ECDSAP384SHA384|ED25519|ED448)\b'
        t.value = t.value.upper()
        return t

@@ -139,7 +139,6 @@ class Policy:
                             'NSEC3RSASHA1': [512, 4096],
                             'RSASHA256': [1024, 4096],
                             'RSASHA512': [1024, 4096],
-                             'ECCGOST': None,
                             'ECDSAP256SHA256': None,
                             'ECDSAP384SHA384': None,
                             'ED25519': None,
@@ -278,8 +277,7 @@ class Policy:
                        ('ZSK key size %d not divisible by 64 ' +
                         'as required for DSA') % self.zsk_keysize

-            if self.algorithm in ['ECCGOST', \
-                                  'ECDSAP256SHA256', \
+            if self.algorithm in ['ECDSAP256SHA256', \
                                  'ECDSAP384SHA384', \
                                  'ED25519', \
                                  'ED448']:
@@ -369,10 +367,6 @@ class dnssec_policy:
        self.alg_policy['RSASHA512'].algorithm = "RSASHA512"
        self.alg_policy['RSASHA512'].name = "RSASHA512"

-        self.alg_policy['ECCGOST'] = copy(p)
-        self.alg_policy['ECCGOST'].algorithm = "ECCGOST"
-        self.alg_policy['ECCGOST'].name = "ECCGOST"
-
        self.alg_policy['ECDSAP256SHA256'] = copy(p)
        self.alg_policy['ECDSAP256SHA256'].algorithm = "ECDSAP256SHA256"
        self.alg_policy['ECDSAP256SHA256'].name = "ECDSAP256SHA256"