From: Aki Tuomi Date: Mon, 17 Jun 2013 19:05:41 +0000 (+0300) Subject: Fixed bug where HMAC-MD5 is always assumed and fixed for. X-Git-Tag: rec-3.6.0-rc1~649^2~2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9f782f999437341a638a372140cd6040ca65312e;p=thirdparty%2Fpdns.git Fixed bug where HMAC-MD5 is always assumed and fixed for. --- diff --git a/pdns/dnspacket.cc b/pdns/dnspacket.cc index 82fb7075f6..30729cd2f5 100644 --- a/pdns/dnspacket.cc +++ b/pdns/dnspacket.cc @@ -599,7 +599,15 @@ bool checkForCorrectTSIG(const DNSPacket* q, DNSBackend* B, string* keyname, str L<qdomain<<"' denied: can't find TSIG key with name '"<<*keyname<<"' and algorithm '"<d_algoName<<"'"<d_algoName += ".sig-alg.reg.int."; + + if (trc->d_algoName == "hmac-md5") + rc->d_algoName += ".sig-alg.reg.int."; + + if (trc->d_algoName != "hmac-md5.sig-alg.reg.int.") { + L<d_algoName << endl; + return false; + } + B64Decode(secret64, *secret); bool result=calculateMD5HMAC(*secret, message) == trc->d_mac; if(!result) { diff --git a/pdns/dnssecinfra.cc b/pdns/dnssecinfra.cc index 86b52bdbc2..e7024e7af6 100644 --- a/pdns/dnssecinfra.cc +++ b/pdns/dnssecinfra.cc @@ -495,6 +495,11 @@ string makeTSIGMessageFromTSIGPacket(const string& opacket, unsigned int tsigOff void addTSIG(DNSPacketWriter& pw, TSIGRecordContent* trc, const string& tsigkeyname, const string& tsigsecret, const string& tsigprevious, bool timersonly) { + if (trc->d_algoName != "hmac-md5.sig-alg.reg.int.") { + L<d_algoName << endl; + return; + } + string toSign; if(!tsigprevious.empty()) { uint16_t len = htons(tsigprevious.length()); diff --git a/pdns/resolver.cc b/pdns/resolver.cc index 8dae6bb749..13043c1ff8 100644 --- a/pdns/resolver.cc +++ b/pdns/resolver.cc @@ -122,7 +122,8 @@ uint16_t Resolver::sendResolve(const ComboAddress& remote, const char *domain, i if(!tsigkeyname.empty()) { // cerr<<"Adding TSIG to notification, key name: '"<