diff options
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | dns/tsig.py | 2 |
2 files changed, 8 insertions, 1 deletions
@@ -1,3 +1,10 @@ +2013-08-26 Bob Halley <halley@dnspython.org> + + * dns/tsig.py (sign): multi-message TSIGs were broken for + algorithms other than HMAC-MD5 because we weren't passing the + right digest module to the HMAC code. Thanks to salzmdan for + reporting the bug. + 2013-07-01 Bob Halley <halley@dnspython.org> * (Version 1.11.0 released) diff --git a/dns/tsig.py b/dns/tsig.py index 603f039..6d801d4 100644 --- a/dns/tsig.py +++ b/dns/tsig.py @@ -111,7 +111,7 @@ def sign(wire, keyname, secret, time, fudge, original_id, error, mpack = struct.pack('!H', len(mac)) tsig_rdata = pre_mac + mpack + mac + id + post_mac if multi: - ctx = hmac.new(secret) + ctx = hmac.new(secret, digestmod=digestmod) ml = len(mac) ctx.update(struct.pack('!H', ml)) ctx.update(mac) |