* SOFTWARE.
*/
-/* $Id: tsig.h,v 1.24.2.3 2000/07/28 00:00:23 gson Exp $ */
+/* $Id: tsig.h,v 1.24.2.4 2000/07/28 23:39:23 gson Exp $ */
#ifndef DNS_TSIG_H
#define DNS_TSIG_H 1
* not NULL, *key will contain a copy of the key. The keys validity
* period is specified by (inception, expire), and will not expire if
* inception == expire. If the key was generated, the creating identity,
- * if there is one, should be in the creator parameter.
+ * if there is one, should be in the creator parameter. Specifying an
+ * unimplemented algorithm will cause failure only if length > 0; this
+ * allows a transient key with an invalid algorithm to exist long enough
+ * to generate a BADKEY response.
*
* Requires:
* 'name' is a valid dns_name_t
* 'algorithm' is a valid dns_name_t
* 'secret' is a valid pointer
- * 'length' is an integer greater than 0
+ * 'length' is an integer >= 0
* 'creator' points to a valid dns_name_t or is NULL
* 'mctx' is a valid memory context
* 'ring' is a valid TSIG keyring or NULL
*/
/*
- * $Id: tsig.c,v 1.72.2.6 2000/07/28 19:41:14 gson Exp $
+ * $Id: tsig.c,v 1.72.2.7 2000/07/28 23:39:21 gson Exp $
* Principal Author: Brian Wellington
*/
REQUIRE(mctx != NULL);
RUNTIME_CHECK(isc_once_do(&once, dns_tsig_inithmac) == ISC_R_SUCCESS);
- if (!dns_name_equal(algorithm, DNS_TSIG_HMACMD5_NAME))
- return (ISC_R_NOTFOUND);
+ if (!dns_name_equal(algorithm, DNS_TSIG_HMACMD5_NAME)) {
+ if (length != 0)
+ return (ISC_R_NOTIMPLEMENTED);
+ else
+ alg = 0;
+ }
else
alg = DST_ALG_HMACMD5;
projects / thirdparty / bind9.git / commitdiff
