diff options
author | Bob Halley <halley@dnspython.org> | 2013-08-26 09:14:01 -0700 |
---|---|---|
committer | Bob Halley <halley@dnspython.org> | 2013-08-26 09:14:01 -0700 |
commit | 13c03888b965bd0458ef67a08b553a19b2d06fc1 (patch) | |
tree | 5474ea9bfc3403d8fe3be2ef0f0128e71f96ba9a | |
parent | ff029108693dc04ac93823c3e229127377aa99d1 (diff) | |
download | dnspython-13c03888b965bd0458ef67a08b553a19b2d06fc1.tar.gz |
Make multi-message TSIGs compute correctly for algorithms other than MD5
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | dns/tsig.py | 2 |
2 files changed, 8 insertions, 1 deletions
@@ -1,3 +1,10 @@ +2013-08-26 Bob Halley <halley@dnspython.org> + + * dns/tsig.py (sign): multi-message TSIGs were broken for + algorithms other than HMAC-MD5 because we weren't passing the + right digest module to the HMAC code. Thanks to salzmdan for + reporting the bug. + 2013-07-01 Bob Halley <halley@dnspython.org> * (Version 1.11.0 released) diff --git a/dns/tsig.py b/dns/tsig.py index 63b925a..6e97dce 100644 --- a/dns/tsig.py +++ b/dns/tsig.py @@ -111,7 +111,7 @@ def sign(wire, keyname, secret, time, fudge, original_id, error, mpack = struct.pack('!H', len(mac)) tsig_rdata = pre_mac + mpack + mac + id + post_mac if multi: - ctx = hmac.new(secret) + ctx = hmac.new(secret, digestmod=digestmod) ml = len(mac) ctx.update(struct.pack('!H', ml)) ctx.update(mac) |