Make multi-message TSIGs compute correctly for algorithms other than MD5

author: Bob Halley <halley@dnspython.org> 2013-08-26 09:14:51 -0700
committer: Bob Halley <halley@dnspython.org> 2013-08-26 09:14:51 -0700
commit: e25ee875d9d5b6f1cd4cd06e4127c1fbfa557bef (patch)
tree: 2631f7b187e010bb5a23b5bb86382f1501c5941f
parent: 7e1e49cb7dd044bbe0cf3722e358d856643b7c65 (diff)
download: dnspython-e25ee875d9d5b6f1cd4cd06e4127c1fbfa557bef.tar.gz
2 files changed, 8 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 2e44220..3154486 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2013-08-26  Bob Halley  <halley@dnspython.org>
+
+	* dns/tsig.py (sign): multi-message TSIGs were broken for
+	algorithms other than HMAC-MD5 because we weren't passing the
+	right digest module to the HMAC code.  Thanks to salzmdan for
+	reporting the bug.
+
 2013-07-01  Bob Halley  <halley@dnspython.org>
 
 	* (Version 1.11.0 released)
diff --git a/dns/tsig.py b/dns/tsig.py
index 603f039..6d801d4 100644
--- a/dns/tsig.py
+++ b/dns/tsig.py
@@ -111,7 +111,7 @@ def sign(wire, keyname, secret, time, fudge, original_id, error,
     mpack = struct.pack('!H', len(mac))
     tsig_rdata = pre_mac + mpack + mac + id + post_mac
     if multi:
-        ctx = hmac.new(secret)
+        ctx = hmac.new(secret, digestmod=digestmod)
         ml = len(mac)
         ctx.update(struct.pack('!H', ml))
         ctx.update(mac)
author	Bob Halley <halley@dnspython.org>	2013-08-26 09:14:51 -0700
committer	Bob Halley <halley@dnspython.org>	2013-08-26 09:14:51 -0700
commit	e25ee875d9d5b6f1cd4cd06e4127c1fbfa557bef (patch)
tree	2631f7b187e010bb5a23b5bb86382f1501c5941f
parent	7e1e49cb7dd044bbe0cf3722e358d856643b7c65 (diff)
download	dnspython-e25ee875d9d5b6f1cd4cd06e4127c1fbfa557bef.tar.gz