From: Aki Tuomi <cmouse@desteem.org>
Date: Fri, 6 Sep 2013 20:48:13 +0000 (+0300)
Subject: Changed forced MD5 into proper selection for TSIG
X-Git-Tag: rec-3.6.0-rc1~454^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e820c3053c031b00cfff153c2e4d4cee8ec2f7f2;p=pdns

Changed forced MD5 into proper selection for TSIG
---

diff --git a/pdns/resolver.cc b/pdns/resolver.cc
index 9b8eebf82..62c66fb79 100644
--- a/pdns/resolver.cc
+++ b/pdns/resolver.cc
@@ -439,7 +439,27 @@ int AXFRRetriever::getChunk(Resolver::res_t &res) // Implementation is making su
       } else {
         message = makeTSIGMessageFromTSIGPacket(d_signData, d_tsigPos, d_tsigkeyname, d_trc, d_trc.d_mac, false);
       }
-      string ourMac=calculateMD5HMAC(d_tsigsecret, message);
+      TSIGHashEnum algo;
+
+      if (*(d_trc.d_algoName.rbegin()) != '.') d_trc.d_algoName.append(".");
+
+      if (d_trc.d_algoName == "hmac-md5.sig-alg.reg.int.")
+      algo = TSIG_MD5;
+      else if (d_trc.d_algoName == "hmac-sha1.")
+      algo = TSIG_SHA1;
+      else if (d_trc.d_algoName == "hmac-sha224.")
+      algo = TSIG_SHA224;
+      else if (d_trc.d_algoName == "hmac-sha256.")
+      algo = TSIG_SHA256;
+      else if (d_trc.d_algoName == "hmac-sha384.")
+      algo = TSIG_SHA384;
+      else if (d_trc.d_algoName == "hmac-sha512.")
+      algo = TSIG_SHA512;
+      else {
+        throw ResolverException("Unsupported TSIG HMAC algorithm " + d_trc.d_algoName);
+      }
+
+      string ourMac=calculateHMAC(d_tsigsecret, message, algo);
 
       // ourMac[0]++; // sabotage == for testing :-)
       if(ourMac != theirMac) {