Make multi-message TSIGs compute correctly for algorithms other than MD5

author: Bob Halley <halley@dnspython.org> 2013-08-26 09:14:01 -0700
committer: Bob Halley <halley@dnspython.org> 2013-08-26 09:14:01 -0700
commit: 13c03888b965bd0458ef67a08b553a19b2d06fc1 (patch)
tree: 5474ea9bfc3403d8fe3be2ef0f0128e71f96ba9a
parent: ff029108693dc04ac93823c3e229127377aa99d1 (diff)
download: dnspython-13c03888b965bd0458ef67a08b553a19b2d06fc1.tar.gz
2 files changed, 8 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 6a076d1..4cfcf8f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2013-08-26  Bob Halley  <halley@dnspython.org>
+
+	* dns/tsig.py (sign): multi-message TSIGs were broken for
+	algorithms other than HMAC-MD5 because we weren't passing the
+	right digest module to the HMAC code.  Thanks to salzmdan for
+	reporting the bug.
+
 2013-07-01  Bob Halley  <halley@dnspython.org>
 
 	* (Version 1.11.0 released)
diff --git a/dns/tsig.py b/dns/tsig.py
index 63b925a..6e97dce 100644
--- a/dns/tsig.py
+++ b/dns/tsig.py
@@ -111,7 +111,7 @@ def sign(wire, keyname, secret, time, fudge, original_id, error,
     mpack = struct.pack('!H', len(mac))
     tsig_rdata = pre_mac + mpack + mac + id + post_mac
     if multi:
-        ctx = hmac.new(secret)
+        ctx = hmac.new(secret, digestmod=digestmod)
         ml = len(mac)
         ctx.update(struct.pack('!H', ml))
         ctx.update(mac)
author	Bob Halley <halley@dnspython.org>	2013-08-26 09:14:01 -0700
committer	Bob Halley <halley@dnspython.org>	2013-08-26 09:14:01 -0700
commit	13c03888b965bd0458ef67a08b553a19b2d06fc1 (patch)
tree	5474ea9bfc3403d8fe3be2ef0f0128e71f96ba9a
parent	ff029108693dc04ac93823c3e229127377aa99d1 (diff)
download	dnspython-13c03888b965bd0458ef67a08b553a19b2d06fc1.tar.gz