+4797. [func] Removed "isc-hmac-fixup", as the versions of BIND that
+ had the bug it worked around are long past end of
+ life. [RT #46411]
+
4796. [bug] Increase the maximum configurable TCP keepalive
timeout to 65535. [RT #44710]
arpaname
dnstap-read
genrandom
-isc-hmac-fixup
mdig
named-journalprint
named-nzd2nzf
NZDTARGETS = named-nzd2nzf@EXEEXT@
TARGETS = arpaname@EXEEXT@ named-journalprint@EXEEXT@ \
named-rrchecker@EXEEXT@ nsec3hash@EXEEXT@ \
- genrandom@EXEEXT@ isc-hmac-fixup@EXEEXT@ mdig@EXEEXT@ \
+ genrandom@EXEEXT@ mdig@EXEEXT@ \
@DNSTAPTARGETS@ @NZDTARGETS@
DNSTAPSRCS = dnstap-read.c
NZDSRCS = named-nzd2nzf.c
SRCS = arpaname.c named-journalprint.c named-rrchecker.c \
- nsec3hash.c genrandom.c isc-hmac-fixup.c mdig.c \
+ nsec3hash.c genrandom.c mdig.c \
@DNSTAPSRCS@ @NZDSRCS@
MANPAGES = arpaname.1 dnstap-read.1 genrandom.8 \
- isc-hmac-fixup.8 mdig.1 named-journalprint.8 \
+ mdig.1 named-journalprint.8 \
named-nzd2nzf.8 named-rrchecker.1 nsec3hash.8
HTMLPAGES = arpaname.html dnstap-read.html genrandom.html \
- isc-hmac-fixup.html mdig.html named-journalprint.html \
+ mdig.html named-journalprint.html \
named-nzd2nzf.html named-rrchecker.html nsec3hash.html
MANOBJS = ${MANPAGES} ${HTMLPAGES}
export LIBS0="${DNSLIBS} ${ISCLIBS}"; \
${FINALBUILDCMD}
-isc-hmac-fixup@EXEEXT@: isc-hmac-fixup.@O@ ${ISCDEPLIBS}
- export BASEOBJS="isc-hmac-fixup.@O@"; \
- export LIBS0="${ISCLIBS}"; \
- ${FINALBUILDCMD}
-
genrandom@EXEEXT@: genrandom.@O@
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} \
-o $@ genrandom.@O@ @GENRANDOMLIB@ ${LIBS}
${DESTDIR}${sbindir}
${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} genrandom@EXEEXT@ \
${DESTDIR}${sbindir}
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} isc-hmac-fixup@EXEEXT@ \
- ${DESTDIR}${sbindir}
${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} mdig@EXEEXT@ \
${DESTDIR}${bindir}
${INSTALL_DATA} ${srcdir}/arpaname.1 ${DESTDIR}${mandir}/man1
- ${INSTALL_DATA} ${srcdir}/isc-hmac-fixup.8 ${DESTDIR}${mandir}/man8
${INSTALL_DATA} ${srcdir}/named-journalprint.8 ${DESTDIR}${mandir}/man8
${INSTALL_DATA} ${srcdir}/named-rrchecker.1 ${DESTDIR}${mandir}/man1
${INSTALL_DATA} ${srcdir}/nsec3hash.8 ${DESTDIR}${mandir}/man8
rm -f ${DESTDIR}${mandir}/man8/nsec3hash.8
rm -f ${DESTDIR}${mandir}/man1/named-rrchecker.1
rm -f ${DESTDIR}${mandir}/man8/named-journalprint.8
- rm -f ${DESTDIR}${mandir}/man8/isc-hmac-fixup.8
rm -f ${DESTDIR}${mandir}/man1/arpaname.1
${LIBTOOL_MODE_UNINSTALL} rm -f \
${DESTDIR}${bindir}/mdig@EXEEXT@
- ${LIBTOOL_MODE_UNINSTALL} rm -f \
- ${DESTDIR}${sbindir}/isc-hmac-fixup@EXEEXT@
${LIBTOOL_MODE_UNINSTALL} rm -f \
${DESTDIR}${sbindir}/genrandom@EXEEXT@
${LIBTOOL_MODE_UNINSTALL} rm -f \
+++ /dev/null
-.\" Copyright (C) 2010, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
-.\"
-.\" This Source Code Form is subject to the terms of the Mozilla Public
-.\" License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
-.\"
-.hy 0
-.ad l
-'\" t
-.\" Title: isc-hmac-fixup
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 2013-04-28
-.\" Manual: BIND9
-.\" Source: ISC
-.\" Language: English
-.\"
-.TH "ISC\-HMAC\-FIXUP" "8" "2013\-04\-28" "ISC" "BIND9"
-.\" -----------------------------------------------------------------
-.\" * Define some portability stuff
-.\" -----------------------------------------------------------------
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.\" http://bugs.debian.org/507673
-.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\" -----------------------------------------------------------------
-.\" * set default formatting
-.\" -----------------------------------------------------------------
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.\" -----------------------------------------------------------------
-.\" * MAIN CONTENT STARTS HERE *
-.\" -----------------------------------------------------------------
-.SH "NAME"
-isc-hmac-fixup \- fixes HMAC keys generated by older versions of BIND
-.SH "SYNOPSIS"
-.HP \w'\fBisc\-hmac\-fixup\fR\ 'u
-\fBisc\-hmac\-fixup\fR {\fIalgorithm\fR} {\fIsecret\fR}
-.SH "DESCRIPTION"
-.PP
-Versions of BIND 9 up to and including BIND 9\&.6 had a bug causing HMAC\-SHA* TSIG keys which were longer than the digest length of the hash algorithm (i\&.e\&., SHA1 keys longer than 160 bits, SHA256 keys longer than 256 bits, etc) to be used incorrectly, generating a message authentication code that was incompatible with other DNS implementations\&.
-.PP
-This bug has been fixed in BIND 9\&.7\&. However, the fix may cause incompatibility between older and newer versions of BIND, when using long keys\&.
-\fBisc\-hmac\-fixup\fR
-modifies those keys to restore compatibility\&.
-.PP
-To modify a key, run
-\fBisc\-hmac\-fixup\fR
-and specify the key\*(Aqs algorithm and secret on the command line\&. If the secret is longer than the digest length of the algorithm (64 bytes for SHA1 through SHA256, or 128 bytes for SHA384 and SHA512), then a new secret will be generated consisting of a hash digest of the old secret\&. (If the secret did not require conversion, then it will be printed without modification\&.)
-.SH "SECURITY CONSIDERATIONS"
-.PP
-Secrets that have been converted by
-\fBisc\-hmac\-fixup\fR
-are shortened, but as this is how the HMAC protocol works in operation anyway, it does not affect security\&. RFC 2104 notes, "Keys longer than [the digest length] are acceptable but the extra length would not significantly increase the function strength\&."
-.SH "SEE ALSO"
-.PP
-BIND 9 Administrator Reference Manual,
-RFC 2104\&.
-.SH "AUTHOR"
-.PP
-\fBInternet Systems Consortium, Inc\&.\fR
-.SH "COPYRIGHT"
-.br
-Copyright \(co 2010, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
-.br
+++ /dev/null
-/*
- * Copyright (C) 2010, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- */
-
-/* $Id: isc-hmac-fixup.c,v 1.4 2010/03/10 02:17:52 marka Exp $ */
-
-#include <config.h>
-
-#include <isc/base64.h>
-#include <isc/buffer.h>
-#include <isc/md5.h>
-#include <isc/print.h>
-#include <isc/region.h>
-#include <isc/result.h>
-#include <isc/sha1.h>
-#include <isc/sha2.h>
-#include <isc/stdio.h>
-#include <isc/string.h>
-
-#include <pk11/site.h>
-
-#define HMAC_LEN 64
-
-int
-main(int argc, char **argv) {
- isc_buffer_t buf;
- unsigned char key[1024];
- char secret[1024];
- char base64[(1024*4)/3];
- isc_region_t r;
- isc_result_t result;
-
- if (argc != 3) {
- fprintf(stderr, "Usage:\t%s algorithm secret\n", argv[0]);
-#ifndef PK11_MD5_DISABLE
- fprintf(stderr, "\talgorithm: (MD5 | SHA1 | SHA224 | "
- "SHA256 | SHA384 | SHA512)\n");
-#else
- fprintf(stderr, "\talgorithm: (SHA1 | SHA224 | "
- "SHA256 | SHA384 | SHA512)\n");
-#endif
- return (1);
- }
-
- isc_buffer_init(&buf, secret, sizeof(secret));
- result = isc_base64_decodestring(argv[2], &buf);
- if (result != ISC_R_SUCCESS) {
- fprintf(stderr, "error: %s\n", isc_result_totext(result));
- return (1);
- }
- isc_buffer_usedregion(&buf, &r);
-
-#ifndef PK11_MD5_DISABLE
- if (!strcasecmp(argv[1], "md5") ||
- !strcasecmp(argv[1], "hmac-md5")) {
- if (r.length > HMAC_LEN) {
- isc_md5_t md5ctx;
- isc_md5_init(&md5ctx);
- isc_md5_update(&md5ctx, r.base, r.length);
- isc_md5_final(&md5ctx, key);
-
- r.base = key;
- r.length = ISC_MD5_DIGESTLENGTH;
- }
- } else
-#endif
- if (!strcasecmp(argv[1], "sha1") ||
- !strcasecmp(argv[1], "hmac-sha1")) {
- if (r.length > ISC_SHA1_DIGESTLENGTH) {
- isc_sha1_t sha1ctx;
- isc_sha1_init(&sha1ctx);
- isc_sha1_update(&sha1ctx, r.base, r.length);
- isc_sha1_final(&sha1ctx, key);
-
- r.base = key;
- r.length = ISC_SHA1_DIGESTLENGTH;
- }
- } else if (!strcasecmp(argv[1], "sha224") ||
- !strcasecmp(argv[1], "hmac-sha224")) {
- if (r.length > ISC_SHA224_DIGESTLENGTH) {
- isc_sha224_t sha224ctx;
- isc_sha224_init(&sha224ctx);
- isc_sha224_update(&sha224ctx, r.base, r.length);
- isc_sha224_final(key, &sha224ctx);
-
- r.base = key;
- r.length = ISC_SHA224_DIGESTLENGTH;
- }
- } else if (!strcasecmp(argv[1], "sha256") ||
- !strcasecmp(argv[1], "hmac-sha256")) {
- if (r.length > ISC_SHA256_DIGESTLENGTH) {
- isc_sha256_t sha256ctx;
- isc_sha256_init(&sha256ctx);
- isc_sha256_update(&sha256ctx, r.base, r.length);
- isc_sha256_final(key, &sha256ctx);
-
- r.base = key;
- r.length = ISC_SHA256_DIGESTLENGTH;
- }
- } else if (!strcasecmp(argv[1], "sha384") ||
- !strcasecmp(argv[1], "hmac-sha384")) {
- if (r.length > ISC_SHA384_DIGESTLENGTH) {
- isc_sha384_t sha384ctx;
- isc_sha384_init(&sha384ctx);
- isc_sha384_update(&sha384ctx, r.base, r.length);
- isc_sha384_final(key, &sha384ctx);
-
- r.base = key;
- r.length = ISC_SHA384_DIGESTLENGTH;
- }
- } else if (!strcasecmp(argv[1], "sha512") ||
- !strcasecmp(argv[1], "hmac-sha512")) {
- if (r.length > ISC_SHA512_DIGESTLENGTH) {
- isc_sha512_t sha512ctx;
- isc_sha512_init(&sha512ctx);
- isc_sha512_update(&sha512ctx, r.base, r.length);
- isc_sha512_final(key, &sha512ctx);
-
- r.base = key;
- r.length = ISC_SHA512_DIGESTLENGTH;
- }
- } else {
- fprintf(stderr, "unknown hmac/digest algorithm: %s\n", argv[1]);
- return (1);
- }
-
- isc_buffer_init(&buf, base64, sizeof(base64));
- result = isc_base64_totext(&r, 0, "", &buf);
- if (result != ISC_R_SUCCESS) {
- fprintf(stderr, "error: %s\n", isc_result_totext(result));
- return (1);
- }
- fprintf(stdout, "%.*s\n", (int)isc_buffer_usedlength(&buf), base64);
- return (0);
-}
+++ /dev/null
-<!--
- - Copyright (C) 2010, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
- -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
--->
-
-<!-- Converted by db4-upgrade version 1.0 -->
-<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.isc-hmac-fixup">
- <info>
- <date>2013-04-28</date>
- </info>
- <refentryinfo>
- <corpname>ISC</corpname>
- <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
- </refentryinfo>
-
- <refmeta>
- <refentrytitle><application>isc-hmac-fixup</application></refentrytitle>
- <manvolnum>8</manvolnum>
- <refmiscinfo>BIND9</refmiscinfo>
- </refmeta>
-
- <refnamediv>
- <refname><application>isc-hmac-fixup</application></refname>
- <refpurpose>fixes HMAC keys generated by older versions of BIND</refpurpose>
- </refnamediv>
-
- <docinfo>
- <copyright>
- <year>2010</year>
- <year>2013</year>
- <year>2014</year>
- <year>2015</year>
- <year>2016</year>
- <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
- </copyright>
- </docinfo>
-
- <refsynopsisdiv>
- <cmdsynopsis sepchar=" ">
- <command>isc-hmac-fixup</command>
- <arg choice="req" rep="norepeat"><replaceable class="parameter">algorithm</replaceable></arg>
- <arg choice="req" rep="norepeat"><replaceable class="parameter">secret</replaceable></arg>
- </cmdsynopsis>
- </refsynopsisdiv>
-
- <refsection><info><title>DESCRIPTION</title></info>
-
- <para>
- Versions of BIND 9 up to and including BIND 9.6 had a bug causing
- HMAC-SHA* TSIG keys which were longer than the digest length of the
- hash algorithm (i.e., SHA1 keys longer than 160 bits, SHA256 keys
- longer than 256 bits, etc) to be used incorrectly, generating a
- message authentication code that was incompatible with other DNS
- implementations.
- </para>
- <para>
- This bug has been fixed in BIND 9.7. However, the fix may
- cause incompatibility between older and newer versions of
- BIND, when using long keys. <command>isc-hmac-fixup</command>
- modifies those keys to restore compatibility.
- </para>
- <para>
- To modify a key, run <command>isc-hmac-fixup</command> and
- specify the key's algorithm and secret on the command line. If the
- secret is longer than the digest length of the algorithm (64 bytes
- for SHA1 through SHA256, or 128 bytes for SHA384 and SHA512), then a
- new secret will be generated consisting of a hash digest of the old
- secret. (If the secret did not require conversion, then it will be
- printed without modification.)
- </para>
- </refsection>
-
- <refsection><info><title>SECURITY CONSIDERATIONS</title></info>
-
- <para>
- Secrets that have been converted by <command>isc-hmac-fixup</command>
- are shortened, but as this is how the HMAC protocol works in
- operation anyway, it does not affect security. RFC 2104 notes,
- "Keys longer than [the digest length] are acceptable but the
- extra length would not significantly increase the function
- strength."
- </para>
- </refsection>
-
- <refsection><info><title>SEE ALSO</title></info>
-
- <para>
- <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
- <citetitle>RFC 2104</citetitle>.
- </para>
- </refsection>
-
-</refentry>
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<!--
- - Copyright (C) 2010, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
- -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
--->
-<html lang="en">
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>isc-hmac-fixup</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
-</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
-<a name="man.isc-hmac-fixup"></a><div class="titlepage"></div>
-
-
-
-
-
- <div class="refnamediv">
-<h2>Name</h2>
-<p>
- <span class="application">isc-hmac-fixup</span>
- — fixes HMAC keys generated by older versions of BIND
- </p>
-</div>
-
-
-
- <div class="refsynopsisdiv">
-<h2>Synopsis</h2>
- <div class="cmdsynopsis"><p>
- <code class="command">isc-hmac-fixup</code>
- {<em class="replaceable"><code>algorithm</code></em>}
- {<em class="replaceable"><code>secret</code></em>}
- </p></div>
- </div>
-
- <div class="refsection">
-<a name="id-1.7"></a><h2>DESCRIPTION</h2>
-
- <p>
- Versions of BIND 9 up to and including BIND 9.6 had a bug causing
- HMAC-SHA* TSIG keys which were longer than the digest length of the
- hash algorithm (i.e., SHA1 keys longer than 160 bits, SHA256 keys
- longer than 256 bits, etc) to be used incorrectly, generating a
- message authentication code that was incompatible with other DNS
- implementations.
- </p>
- <p>
- This bug has been fixed in BIND 9.7. However, the fix may
- cause incompatibility between older and newer versions of
- BIND, when using long keys. <span class="command"><strong>isc-hmac-fixup</strong></span>
- modifies those keys to restore compatibility.
- </p>
- <p>
- To modify a key, run <span class="command"><strong>isc-hmac-fixup</strong></span> and
- specify the key's algorithm and secret on the command line. If the
- secret is longer than the digest length of the algorithm (64 bytes
- for SHA1 through SHA256, or 128 bytes for SHA384 and SHA512), then a
- new secret will be generated consisting of a hash digest of the old
- secret. (If the secret did not require conversion, then it will be
- printed without modification.)
- </p>
- </div>
-
- <div class="refsection">
-<a name="id-1.8"></a><h2>SECURITY CONSIDERATIONS</h2>
-
- <p>
- Secrets that have been converted by <span class="command"><strong>isc-hmac-fixup</strong></span>
- are shortened, but as this is how the HMAC protocol works in
- operation anyway, it does not affect security. RFC 2104 notes,
- "Keys longer than [the digest length] are acceptable but the
- extra length would not significantly increase the function
- strength."
- </p>
- </div>
-
- <div class="refsection">
-<a name="id-1.9"></a><h2>SEE ALSO</h2>
-
- <p>
- <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
- <em class="citetitle">RFC 2104</em>.
- </p>
- </div>
-
-</div></body>
-</html>
+++ /dev/null
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
- <ItemGroup>
- <Filter Include="Source Files">
- <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
- <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
- </Filter>
- <Filter Include="Resource Files">
- <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
- <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
- </Filter>
- </ItemGroup>
- <ItemGroup>
- <ClCompile Include="..\isc-hmac-fixup.c">
- <Filter>Source Files</Filter>
- </ClCompile>
- </ItemGroup>
-</Project>
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
- <ItemGroup Label="ProjectConfigurations">
- <ProjectConfiguration Include="Debug|@PLATFORM@">
- <Configuration>Debug</Configuration>
- <Platform>@PLATFORM@</Platform>
- </ProjectConfiguration>
- <ProjectConfiguration Include="Release|@PLATFORM@">
- <Configuration>Release</Configuration>
- <Platform>@PLATFORM@</Platform>
- </ProjectConfiguration>
- </ItemGroup>
- <PropertyGroup Label="Globals">
- <ProjectGuid>{70F2F0DF-665D-4444-A982-AEA31A861A22}</ProjectGuid>
- <Keyword>Win32Proj</Keyword>
- <RootNamespace>ischmacfixup</RootNamespace>
- </PropertyGroup>
- <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
- <ConfigurationType>Application</ConfigurationType>
- <UseDebugLibraries>true</UseDebugLibraries>
- <CharacterSet>MultiByte</CharacterSet>
- </PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
- <ConfigurationType>Application</ConfigurationType>
- <UseDebugLibraries>false</UseDebugLibraries>
- <WholeProgramOptimization>true</WholeProgramOptimization>
- <CharacterSet>MultiByte</CharacterSet>
- </PropertyGroup>
- <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
- <ImportGroup Label="ExtensionSettings">
- </ImportGroup>
- <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
- <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
- </ImportGroup>
- <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
- <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
- </ImportGroup>
- <PropertyGroup Label="UserMacros" />
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
- <LinkIncremental>true</LinkIncremental>
- <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
- <IntDir>.\$(Configuration)\</IntDir>
- <TargetName>isc-hmac-fixup</TargetName>
- </PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
- <LinkIncremental>false</LinkIncremental>
- <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
- <IntDir>.\$(Configuration)\</IntDir>
- <TargetName>isc-hmac-fixup</TargetName>
- </PropertyGroup>
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
- <ClCompile>
- <PrecompiledHeader>
- </PrecompiledHeader>
- <WarningLevel>Level3</WarningLevel>
- <Optimization>Disabled</Optimization>
- <PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <FunctionLevelLinking>true</FunctionLevelLinking>
- <PrecompiledHeaderOutputFile>.\$(Configuration)\$(ProjectName).pch</PrecompiledHeaderOutputFile>
- <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
- <ObjectFileName>.\$(Configuration)\</ObjectFileName>
- <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
- <BrowseInformation>true</BrowseInformation>
- <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
- <CompileAs>CompileAsC</CompileAs>
- </ClCompile>
- <Link>
- <SubSystem>Console</SubSystem>
- <GenerateDebugInformation>true</GenerateDebugInformation>
- <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
- <AdditionalLibraryDirectories>..\..\..\lib\isc\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
- <AdditionalDependencies>libisc.lib;%(AdditionalDependencies)</AdditionalDependencies>
- </Link>
- </ItemDefinitionGroup>
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
- <ClCompile>
- <WarningLevel>Level3</WarningLevel>
- <PrecompiledHeader>
- </PrecompiledHeader>
- <Optimization>MaxSpeed</Optimization>
- <FunctionLevelLinking>true</FunctionLevelLinking>
- <IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
- <PreprocessorDefinitions>WIN32;@CRYPTO@NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
- <WholeProgramOptimization>false</WholeProgramOptimization>
- <StringPooling>true</StringPooling>
- <PrecompiledHeaderOutputFile>.\$(Configuration)\$(ProjectName).pch</PrecompiledHeaderOutputFile>
- <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
- <ObjectFileName>.\$(Configuration)\</ObjectFileName>
- <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
- <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
- <CompileAs>CompileAsC</CompileAs>
- </ClCompile>
- <Link>
- <SubSystem>Console</SubSystem>
- <GenerateDebugInformation>false</GenerateDebugInformation>
- <EnableCOMDATFolding>true</EnableCOMDATFolding>
- <OptimizeReferences>true</OptimizeReferences>
- <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
- <LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
- <AdditionalLibraryDirectories>..\..\..\lib\isc\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
- <AdditionalDependencies>libisc.lib;%(AdditionalDependencies)</AdditionalDependencies>
- </Link>
- </ItemDefinitionGroup>
- <ItemGroup>
- <ClCompile Include="..\isc-hmac-fixup.c" />
- </ItemGroup>
- <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
- <ImportGroup Label="ExtensionTargets">
- </ImportGroup>
-</Project>
+++ /dev/null
-<?xml version="1.0" encoding="utf-8"?>\r
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">\r
-</Project>
\ No newline at end of file
{"named-compilezone.exe", FileData::BinDir, FileData::Normal, FALSE, FALSE},
{"named-journalprint.exe", FileData::BinDir, FileData::Normal, FALSE, FALSE},
{"named-rrchecker.exe", FileData::BinDir, FileData::Normal, FALSE, FALSE},
- {"isc-hmac-fixup.exe", FileData::BinDir, FileData::Normal, FALSE, FALSE},
#ifdef USE_PKCS11
{"pkcs11-destroy.exe", FileData::BinDir, FileData::Normal, FALSE, FALSE},
{"pkcs11-keygen.exe", FileData::BinDir, FileData::Normal, FALSE, FALSE},
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/tools/dnstap-read.docbook"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/tools/genrandom.docbook"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/dig/host.docbook"/>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/tools/isc-hmac-fixup.docbook"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/tools/mdig.docbook"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/check/named-checkconf.docbook"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/check/named-checkzone.docbook"/>
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<!--
- - Copyright (C) 2000-2017 Internet Systems Consortium, Inc. ("ISC")
- -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
--->
-<html lang="en">
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>isc-hmac-fixup</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
-<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
-<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
-<link rel="prev" href="man.host.html" title="host">
-<link rel="next" href="man.mdig.html" title="mdig">
-</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
-<div class="navheader">
-<table width="100%" summary="Navigation header">
-<tr><th colspan="3" align="center"><span class="application">isc-hmac-fixup</span></th></tr>
-<tr>
-<td width="20%" align="left">
-<a accesskey="p" href="man.host.html">Prev</a> </td>
-<th width="60%" align="center">Manual pages</th>
-<td width="20%" align="right"> <a accesskey="n" href="man.mdig.html">Next</a>
-</td>
-</tr>
-</table>
-<hr>
-</div>
-<div class="refentry">
-<a name="man.isc-hmac-fixup"></a><div class="titlepage"></div>
-
-
-
-
-
- <div class="refnamediv">
-<h2>Name</h2>
-<p>
- <span class="application">isc-hmac-fixup</span>
- — fixes HMAC keys generated by older versions of BIND
- </p>
-</div>
-
-
-
- <div class="refsynopsisdiv">
-<h2>Synopsis</h2>
- <div class="cmdsynopsis"><p>
- <code class="command">isc-hmac-fixup</code>
- {<em class="replaceable"><code>algorithm</code></em>}
- {<em class="replaceable"><code>secret</code></em>}
- </p></div>
- </div>
-
- <div class="refsection">
-<a name="id-1.14.21.7"></a><h2>DESCRIPTION</h2>
-
- <p>
- Versions of BIND 9 up to and including BIND 9.6 had a bug causing
- HMAC-SHA* TSIG keys which were longer than the digest length of the
- hash algorithm (i.e., SHA1 keys longer than 160 bits, SHA256 keys
- longer than 256 bits, etc) to be used incorrectly, generating a
- message authentication code that was incompatible with other DNS
- implementations.
- </p>
- <p>
- This bug has been fixed in BIND 9.7. However, the fix may
- cause incompatibility between older and newer versions of
- BIND, when using long keys. <span class="command"><strong>isc-hmac-fixup</strong></span>
- modifies those keys to restore compatibility.
- </p>
- <p>
- To modify a key, run <span class="command"><strong>isc-hmac-fixup</strong></span> and
- specify the key's algorithm and secret on the command line. If the
- secret is longer than the digest length of the algorithm (64 bytes
- for SHA1 through SHA256, or 128 bytes for SHA384 and SHA512), then a
- new secret will be generated consisting of a hash digest of the old
- secret. (If the secret did not require conversion, then it will be
- printed without modification.)
- </p>
- </div>
-
- <div class="refsection">
-<a name="id-1.14.21.8"></a><h2>SECURITY CONSIDERATIONS</h2>
-
- <p>
- Secrets that have been converted by <span class="command"><strong>isc-hmac-fixup</strong></span>
- are shortened, but as this is how the HMAC protocol works in
- operation anyway, it does not affect security. RFC 2104 notes,
- "Keys longer than [the digest length] are acceptable but the
- extra length would not significantly increase the function
- strength."
- </p>
- </div>
-
- <div class="refsection">
-<a name="id-1.14.21.9"></a><h2>SEE ALSO</h2>
-
- <p>
- <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
- <em class="citetitle">RFC 2104</em>.
- </p>
- </div>
-
-</div>
-<div class="navfooter">
-<hr>
-<table width="100%" summary="Navigation footer">
-<tr>
-<td width="40%" align="left">
-<a accesskey="p" href="man.host.html">Prev</a> </td>
-<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
-<td width="40%" align="right"> <a accesskey="n" href="man.mdig.html">Next</a>
-</td>
-</tr>
-<tr>
-<td width="40%" align="left" valign="top">host </td>
-<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
-<td width="40%" align="right" valign="top"> <span class="application">mdig</span>
-</td>
-</tr>
-</table>
-</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.0b1</p>
-</body>
-</html>
in a future release. [RT #42272]
</para>
</listitem>
+ <listitem>
+ <para>
+ The <command>isc-hmac-fixup</command> command, which was created
+ to address an interoperability problem in TSIG keys between
+ early versions of BIND and other DNS implmentations, is now
+ obsolete and has been removed. [RT #46411]
+ </para>
+ </listitem>
</itemizedlist>
</section>
@END PKCS11
copy ..\bin\tools\arpaname.html ..\Build\Release
copy ..\bin\tools\genrandom.html ..\Build\Release
-copy ..\bin\tools\isc-hmac-fixup.html ..\Build\Release
copy ..\bin\tools\named-journalprint.html ..\Build\Release
copy ..\bin\tools\named-rrchecker.html ..\Build\Release
copy ..\bin\tools\nsec3hash.html ..\Build\Release
./bin/tools/genrandom.c C 2000,2001,2002,2003,2004,2005,2007,2009,2010,2012,2014,2016
./bin/tools/genrandom.docbook SGML 2009,2010,2011,2014,2015,2016
./bin/tools/genrandom.html HTML DOCBOOK
-./bin/tools/isc-hmac-fixup.8 MAN DOCBOOK
-./bin/tools/isc-hmac-fixup.c C 2010,2014,2015,2016
-./bin/tools/isc-hmac-fixup.docbook SGML 2010,2013,2014,2015,2016
-./bin/tools/isc-hmac-fixup.html HTML DOCBOOK
./bin/tools/mdig.1 MAN DOCBOOK
./bin/tools/mdig.c C 2015,2016,2017
./bin/tools/mdig.docbook SGML 2015,2016,2017
./bin/tools/win32/genrandom.vcxproj.filters.in X 2013,2015
./bin/tools/win32/genrandom.vcxproj.in X 2013,2015,2016,2017
./bin/tools/win32/genrandom.vcxproj.user X 2013
-./bin/tools/win32/ischmacfixup.vcxproj.filters.in X 2013,2015
-./bin/tools/win32/ischmacfixup.vcxproj.in X 2013,2014,2015,2016,2017
-./bin/tools/win32/ischmacfixup.vcxproj.user X 2013
./bin/tools/win32/journalprint.vcxproj.filters.in X 2013,2015
./bin/tools/win32/journalprint.vcxproj.in X 2013,2015,2016,2017
./bin/tools/win32/journalprint.vcxproj.user X 2013
./doc/arm/man.dnstap-read.html X 2015,2016,2017
./doc/arm/man.genrandom.html X 2009,2010,2011,2012,2013,2014,2015,2016,2017
./doc/arm/man.host.html X 2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017
-./doc/arm/man.isc-hmac-fixup.html X 2010,2011,2012,2013,2014,2015,2016,2017
./doc/arm/man.mdig.html X 2016,2017
./doc/arm/man.named-checkconf.html X 2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017
./doc/arm/man.named-checkzone.html X 2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017
"..\\bin\\tools\\win32\\arpaname.vcxproj.filters",
"..\\bin\\tools\\win32\\genrandom.vcxproj",
"..\\bin\\tools\\win32\\genrandom.vcxproj.filters",
- "..\\bin\\tools\\win32\\ischmacfixup.vcxproj",
- "..\\bin\\tools\\win32\\ischmacfixup.vcxproj.filters",
"..\\bin\\tools\\win32\\journalprint.vcxproj",
"..\\bin\\tools\\win32\\journalprint.vcxproj.filters",
"..\\bin\\tools\\win32\\mdig.vcxproj",
{B19042CE-D3D9-469B-BCD2-C3140150939A} = {B19042CE-D3D9-469B-BCD2-C3140150939A}
{4EE91023-94C3-48C0-B71C-5333B726C2EE} = {4EE91023-94C3-48C0-B71C-5333B726C2EE}
{B4AC7F81-E3DC-43E9-B339-4FA5149FA8F7} = {B4AC7F81-E3DC-43E9-B339-4FA5149FA8F7}
- {70F2F0DF-665D-4444-A982-AEA31A861A22} = {70F2F0DF-665D-4444-A982-AEA31A861A22}
{98743A7C-6AF8-467F-9911-FA69C451AF2B} = {98743A7C-6AF8-467F-9911-FA69C451AF2B}
{3115091C-8135-481F-9757-F013A26255E0} = {3115091C-8135-481F-9757-F013A26255E0}
{C41266C7-E27E-4D60-9815-82D3B32BF82F} = {C41266C7-E27E-4D60-9815-82D3B32BF82F}
{3840E563-D180-4761-AA9C-E6155F02EAFF} = {3840E563-D180-4761-AA9C-E6155F02EAFF}
EndProjectSection
EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ischmacfixup", "..\bin\tools\win32\ischmacfixup.vcxproj", "{70F2F0DF-665D-4444-A982-AEA31A861A22}"
- ProjectSection(ProjectDependencies) = postProject
- {A3F71D12-F38A-4C77-8D87-8E8854CA74A1} = {A3F71D12-F38A-4C77-8D87-8E8854CA74A1}
- {3840E563-D180-4761-AA9C-E6155F02EAFF} = {3840E563-D180-4761-AA9C-E6155F02EAFF}
- EndProjectSection
-EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rrchecker", "..\bin\tools\win32\rrchecker.vcxproj", "{98743A7C-6AF8-467F-9911-FA69C451AF2B}"
ProjectSection(ProjectDependencies) = postProject
{A3F71D12-F38A-4C77-8D87-8E8854CA74A1} = {A3F71D12-F38A-4C77-8D87-8E8854CA74A1}
{B4AC7F81-E3DC-43E9-B339-4FA5149FA8F7}.Debug|@PLATFORM@.Build.0 = Debug|@PLATFORM@
{B4AC7F81-E3DC-43E9-B339-4FA5149FA8F7}.Release|@PLATFORM@.ActiveCfg = Release|@PLATFORM@
{B4AC7F81-E3DC-43E9-B339-4FA5149FA8F7}.Release|@PLATFORM@.Build.0 = Release|@PLATFORM@
- {70F2F0DF-665D-4444-A982-AEA31A861A22}.Debug|@PLATFORM@.ActiveCfg = Debug|@PLATFORM@
- {70F2F0DF-665D-4444-A982-AEA31A861A22}.Debug|@PLATFORM@.Build.0 = Debug|@PLATFORM@
- {70F2F0DF-665D-4444-A982-AEA31A861A22}.Release|@PLATFORM@.ActiveCfg = Release|@PLATFORM@
- {70F2F0DF-665D-4444-A982-AEA31A861A22}.Release|@PLATFORM@.Build.0 = Release|@PLATFORM@
{98743A7C-6AF8-467F-9911-FA69C451AF2B}.Debug|@PLATFORM@.ActiveCfg = Debug|@PLATFORM@
{98743A7C-6AF8-467F-9911-FA69C451AF2B}.Debug|@PLATFORM@.Build.0 = Debug|@PLATFORM@
{98743A7C-6AF8-467F-9911-FA69C451AF2B}.Release|@PLATFORM@.ActiveCfg = Release|@PLATFORM@
projects / thirdparty / bind9.git / commitdiff
