dnssec: use hashlib in make_ds()

Use hashlib to avoid introducing pycryptodome dependency for
make_ds() function to be consistent with previous dnspython versions.

Fixes #343

diff --git a/dns/dnssec.py b/dns/dnssec.py
index d5bd3fe75e58de468f7680f2138dc96d112b5f89..79ce6c01d50641d6b24a21e047d706edececacaf 100644 (file)
--- a/dns/dnssec.py
+++ b/dns/dnssec.py
@@ -17,6 +17,7 @@
 
 """Common DNSSEC-related functions and constants."""
 
+import hashlib  # used in make_ds() to avoid pycrypto dependency
 from io import BytesIO
 import struct
 import time
@@ -29,6 +30,7 @@ import dns.rdata
 import dns.rdatatype
 import dns.rdataclass
 
+
 class UnsupportedAlgorithm(dns.exception.DNSException):
     """The DNSSEC algorithm is not supported."""
 
@@ -160,21 +162,20 @@ def make_ds(name, key, algorithm, origin=None):
 
     Returns a ``dns.rdtypes.ANY.DS``.
     """
-
     if algorithm.upper() == 'SHA1':
         dsalg = 1
-        hash = SHA1.new()
+        dshash = hashlib.sha1()
     elif algorithm.upper() == 'SHA256':
         dsalg = 2
-        hash = SHA256.new()
+        dshash = hashlib.sha256()
     else:
         raise UnsupportedAlgorithm('unsupported algorithm "%s"' % algorithm)
 
     if isinstance(name, str):
         name = dns.name.from_text(name, origin)
-    hash.update(name.canonicalize().to_wire())
-    hash.update(_to_rdata(key, origin))
-    digest = hash.digest()
+    dshash.update(name.canonicalize().to_wire())
+    dshash.update(_to_rdata(key, origin))
+    digest = dshash.digest()
 
     dsrdata = struct.pack("!HBB", key_id(key), key.algorithm, dsalg) + digest
     return dns.rdata.from_wire(dns.rdataclass.IN, dns.rdatatype.DS, dsrdata, 0,