From: Tomas Krizek <tomas.krizek@nic.cz>
Date: Wed, 18 Jul 2018 11:14:17 +0000 (+0200)
Subject: dns/tsig: use hashlib to avoid cryptodome dependency for TSIG
X-Git-Tag: v1.16.0~17^2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dbad71484b8075b98fbd62614e7a43a1ea454155;p=thirdparty%2Fdnspython.git

dns/tsig: use hashlib to avoid cryptodome dependency for TSIG
---

diff --git a/dns/tsig.py b/dns/tsig.py
index fd9d56a3..eaf14d9e 100644
--- a/dns/tsig.py
+++ b/dns/tsig.py
@@ -15,13 +15,13 @@
 
 """DNS TSIG support."""
 
+import hashlib
 import hmac
 import struct
 
 import dns.exception
 import dns.rdataclass
 import dns.name
-import dns.dnssec
 from ._compat import long, string_types, text_type
 
 class BadTime(dns.exception.DNSException):
@@ -68,12 +68,12 @@ HMAC_SHA384 = dns.name.from_text("hmac-sha384")
 HMAC_SHA512 = dns.name.from_text("hmac-sha512")
 
 _hashes = {
-    HMAC_SHA224: 'SHA224',
-    HMAC_SHA256: 'SHA256',
-    HMAC_SHA384: 'SHA384',
-    HMAC_SHA512: 'SHA512',
-    HMAC_SHA1: 'SHA1',
-    HMAC_MD5: 'MD5',
+    HMAC_SHA224: hashlib.sha224,
+    HMAC_SHA256: hashlib.sha256,
+    HMAC_SHA384: hashlib.sha384,
+    HMAC_SHA512: hashlib.sha512,
+    HMAC_SHA1: hashlib.sha1,
+    HMAC_MD5: hashlib.md5,
 }
 
 default_algorithm = HMAC_MD5
@@ -211,7 +211,7 @@ def get_algorithm(algorithm):
         algorithm = dns.name.from_text(algorithm)
 
     try:
-        return (algorithm.to_digestable(), dns.dnssec._make_hash(algorithm))
+        return (algorithm.to_digestable(), _hashes[algorithm])
     except KeyError:
         raise NotImplementedError("TSIG algorithm " + str(algorithm) +
                                   " is not supported")