From: Tomas Krizek <tomas.krizek@nic.cz>
Date: Wed, 2 Jan 2019 13:54:00 +0000 (+0100)
Subject: dnssec: use hashlib in make_ds()
X-Git-Tag: v2.0.0rc1~373^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f5f81e6cbb95a72c8934b59ae2f9fd38c8ecaf3b;p=thirdparty%2Fdnspython.git

dnssec: use hashlib in make_ds()

Use hashlib to avoid introducing pycryptodome dependency for
make_ds() function to be consistent with previous dnspython versions.

Fixes #343
---

diff --git a/dns/dnssec.py b/dns/dnssec.py
index d5bd3fe7..79ce6c01 100644
--- a/dns/dnssec.py
+++ b/dns/dnssec.py
@@ -17,6 +17,7 @@
 
 """Common DNSSEC-related functions and constants."""
 
+import hashlib  # used in make_ds() to avoid pycrypto dependency
 from io import BytesIO
 import struct
 import time
@@ -29,6 +30,7 @@ import dns.rdata
 import dns.rdatatype
 import dns.rdataclass
 
+
 class UnsupportedAlgorithm(dns.exception.DNSException):
     """The DNSSEC algorithm is not supported."""
 
@@ -160,21 +162,20 @@ def make_ds(name, key, algorithm, origin=None):
 
     Returns a ``dns.rdtypes.ANY.DS``.
     """
-
     if algorithm.upper() == 'SHA1':
         dsalg = 1
-        hash = SHA1.new()
+        dshash = hashlib.sha1()
     elif algorithm.upper() == 'SHA256':
         dsalg = 2
-        hash = SHA256.new()
+        dshash = hashlib.sha256()
     else:
         raise UnsupportedAlgorithm('unsupported algorithm "%s"' % algorithm)
 
     if isinstance(name, str):
         name = dns.name.from_text(name, origin)
-    hash.update(name.canonicalize().to_wire())
-    hash.update(_to_rdata(key, origin))
-    digest = hash.digest()
+    dshash.update(name.canonicalize().to_wire())
+    dshash.update(_to_rdata(key, origin))
+    digest = dshash.digest()
 
     dsrdata = struct.pack("!HBB", key_id(key), key.algorithm, dsalg) + digest
     return dns.rdata.from_wire(dns.rdataclass.IN, dns.rdatatype.DS, dsrdata, 0,