Make multi-message TSIGs compute correctly for algorithms other than MD5

author Bob Halley <halley@dnspython.org>

Mon, 26 Aug 2013 16:14:51 +0000 (09:14 -0700)

committer Bob Halley <halley@dnspython.org>

Mon, 26 Aug 2013 16:14:51 +0000 (09:14 -0700)
author Bob Halley <halley@dnspython.org>
Mon, 26 Aug 2013 16:14:51 +0000 (09:14 -0700)
committer Bob Halley <halley@dnspython.org>
Mon, 26 Aug 2013 16:14:51 +0000 (09:14 -0700)
diff --git a/ChangeLog b/ChangeLog

index 2e4422096f080b008d924ecdea5219a83445d400..3154486952114a7d5f78b93a2c2fb36af353833d 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2013-08-26  Bob Halley  <halley@dnspython.org>
+
+       * dns/tsig.py (sign): multi-message TSIGs were broken for
+       algorithms other than HMAC-MD5 because we weren't passing the
+       right digest module to the HMAC code.  Thanks to salzmdan for
+       reporting the bug.
+
  2013-07-01  Bob Halley  <halley@dnspython.org>
  
         * (Version 1.11.0 released)
diff --git a/dns/tsig.py b/dns/tsig.py

index 603f039c3cc039dc214f6b0652d786e6bc16c3ab..6d801d4980efb995f6af9ba6aff7634e07670e74 100644 (file)
--- a/dns/tsig.py
+++ b/dns/tsig.py
@@ -111,7 +111,7 @@ def sign(wire, keyname, secret, time, fudge, original_id, error,
      mpack = struct.pack('!H', len(mac))
      tsig_rdata = pre_mac + mpack + mac + id + post_mac
      if multi:
-        ctx = hmac.new(secret)
+        ctx = hmac.new(secret, digestmod=digestmod)
          ml = len(mac)
          ctx.update(struct.pack('!H', ml))
          ctx.update(mac)
author	Bob Halley <halley@dnspython.org>
	Mon, 26 Aug 2013 16:14:51 +0000 (09:14 -0700)
committer	Bob Halley <halley@dnspython.org>
	Mon, 26 Aug 2013 16:14:51 +0000 (09:14 -0700)
ChangeLog		patch \| blob \| blame \| history
dns/tsig.py		patch \| blob \| blame \| history