Skip to content
Snippets Groups Projects
Commit bb2ba911 authored by Daniel Salzman's avatar Daniel Salzman
Browse files

Merge branch 'tsig_default_sha256' into 'master'

utils: tsig argument: if alg unspecified, using sha256

Closes #514

See merge request !698
parents a6351bf8 eedfad54
1 merge request!698utils: tsig argument: if alg unspecified, using sha256
Pipeline #3010 passed with stages
in 31 minutes and 18 seconds
......@@ -112,7 +112,7 @@ and type is set automatically.
.TP
\fB\-y\fP [\fIalg\fP:]\fIname\fP:\fIkey\fP
Use the TSIG key named \fIname\fP to authenticate the request. The \fIalg\fP
part specifies the algorithm (the default is hmac\-md5) and \fIkey\fP specifies
part specifies the algorithm (the default is hmac\-sha256) and \fIkey\fP specifies
the shared secret encoded in Base64.
.TP
\fB\-E\fP \fItapfile\fP
......@@ -227,10 +227,10 @@ Set EDNS buffer size in bytes (default is 512 bytes).
.TP
\fB+\fP[\fBno\fP]\fBpadding\fP[=\fIB\fP]
Use EDNS(0) padding option to pad queries, optionally to a specific
size. The default is to pad queries with a sensible amount when using
size. The default is to pad queries with a sensible amount when using
+tls, and not to pad at all when queries are sent without TLS. With
no argument (i.e., just +padding) pad every query with a sensible
amount regardless of the use of TLS. With +nopadding, never pad.
amount regardless of the use of TLS. With +nopadding, never pad.
.TP
\fB+\fP[\fBno\fP]\fBalignment\fP[=\fIB\fP]
Align the query to B\-byte\-block message using the EDNS(0) padding option
......
......@@ -75,7 +75,7 @@ Print the program version.
.TP
\fB\-y\fP [\fIalg\fP:]\fIname\fP:\fIkey\fP
Use the TSIG key with a name \fIname\fP to authenticate the request. The \fIalg\fP
part specifies the algorithm (the default is hmac\-md5) and \fIkey\fP specifies
part specifies the algorithm (the default is hmac\-sha256) and \fIkey\fP specifies
the shared secret encoded in Base64.
.UNINDENT
.SS Commands
......
......@@ -89,7 +89,7 @@ Options
**-y** [*alg*:]\ *name*:*key*
Use the TSIG key named *name* to authenticate the request. The *alg*
part specifies the algorithm (the default is hmac-md5) and *key* specifies
part specifies the algorithm (the default is hmac-sha256) and *key* specifies
the shared secret encoded in Base64.
**-E** *tapfile*
......
......@@ -52,7 +52,7 @@ Options
**-y** [*alg*:]\ *name*:*key*
Use the TSIG key with a name *name* to authenticate the request. The *alg*
part specifies the algorithm (the default is hmac-md5) and *key* specifies
part specifies the algorithm (the default is hmac-sha256) and *key* specifies
the shared secret encoded in Base64.
Commands
......
......@@ -47,7 +47,7 @@ int knot_tsig_key_init(knot_tsig_key_t *key, const char *algorithm_name,
return KNOT_EINVAL;
}
dnssec_tsig_algorithm_t algorithm = DNSSEC_TSIG_HMAC_MD5;
dnssec_tsig_algorithm_t algorithm = DNSSEC_TSIG_HMAC_SHA256;
if (algorithm_name != NULL) {
algorithm = dnssec_tsig_algorithm_from_name(algorithm_name);
if (algorithm == DNSSEC_TSIG_UNKNOWN) {
......
......@@ -94,7 +94,7 @@ int main(int argc, char *argv[])
test_init("invalid HMAC", NULL, "hmac-sha11", "name", "Wg==");
{
static const knot_tsig_key_t key = {
.algorithm = DNSSEC_TSIG_HMAC_MD5,
.algorithm = DNSSEC_TSIG_HMAC_SHA256,
.name = (uint8_t *)"\x3""key""\x4""name",
.secret.size = 1,
.secret.data = (uint8_t *)"\x5a"
......@@ -118,7 +118,7 @@ int main(int argc, char *argv[])
test_init_str("invalid HMAC", NULL, "hmac-sha51299:key:Wg==");
{
static const knot_tsig_key_t key = {
.algorithm = DNSSEC_TSIG_HMAC_MD5,
.algorithm = DNSSEC_TSIG_HMAC_SHA256,
.name = (uint8_t *)"\x4""tsig""\x3""key",
.secret.size = 9,
.secret.data = (uint8_t *)"bananakey"
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment