Commit Graph

18 Commits

Author SHA1 Message Date
Miek Gieben 69924a02cf
Make tsigGenerateProvider/TsigVerifyProvider public (#1382)
Make it public as TsigGenerateWithProvider and update the docs a little.
And TsigVerifyWithProvider also - tweak those docs also a little.

Signed-off-by: Miek Gieben <>
2022-06-21 10:37:36 +02:00
Chris O'Haver 3a58872b63
Do not sign BADKEY and BADSIG TSIG error responses (#1316)
* Per RFC 8945 5.3.2, responses with BADKEY and BADSIG errors must not be signed.

Signed-off-by: Chris O'Haver <>

* refactor to remove else block

Signed-off-by: Chris O'Haver <>

* skip signing only for BADKEY and BADSIG

Signed-off-by: Chris O'Haver <>
2021-12-20 10:31:57 +01:00
Miek Gieben ce48a4b9ef
small cleans from go report card (#1268)
I went through the list and cleaned things up here and there.

Signed-off-by: Miek Gieben <>
2021-06-17 11:05:49 +02:00
Miek Gieben 4fdbc51bbd
Run a go fmt -w -s (#1235)
Noticed a non-gofmted `;` earlier, run gofmt -w -s on all files.

(mechanical change)

Signed-off-by: Miek Gieben <>
2021-03-01 15:30:32 +01:00
Matt Dainty 59aea23afe
Add GSS-TSIG support (#1201)
Automatically submitted.
2021-01-07 14:28:20 +00:00
Tom Thorogood 93945c2844
Remove HMAC-MD5 support from TSIG (#1187) 2020-10-24 13:57:51 +02:00
JINMEI Tatuya de1def76d8
Add support for HMAC-SHA224 and HMAC-SHA384 TSIG algorithms (#1139) 2020-07-22 13:59:04 +09:30
JINMEI Tatuya f3da20bc00
fix TsigGenerate for non-0 TSIG error or non-empty other data (#1138)
Automatically submitted.
2020-07-21 15:55:03 +00:00
JINMEI Tatuya a7a0eafd7a
catch error from tsigBuffer, mainly to detect other data overflow (#1136)
* catch error from tsigBuffer, mainly to detect other data overflow

* hardcoded a constant string instead of a const var
2020-07-21 08:04:57 +02:00
JINMEI Tatuya 9093928550
make TsigVerify check time after signature per rfc2845bis (#1135)
Automatically submitted.
2020-07-18 06:06:18 +00:00
Tom Thorogood 29b9bf368b Remove pointless casts (#895)
* Remove pointless casts

These are all casts where the value was already of the same type.

* Use var style for zero-value not cast style
2019-01-04 10:30:55 +00:00
Matthijs Mekking 0598bd43cf Fix TSIG bug releated to ID substitution (#504)
* Fix TSIG bug releated to ID substitution

TSIG accounts for ID substitution. This means if the ID in the DNS
message is changed by for example a forwarder, TSIG calculation should
use the original message ID (from the TSIG RR).

I have a test for this as well, but it seems tsig_test.go has been
removed, so not sure where to put it now.

* Add tests for TSIG bugfix
2017-08-12 20:21:44 +01:00
Miek Gieben b6897b5a7c TSIG: lowercase algorithm before use
These strings are domain names, so we should lowercase them before
using them.

Also add some tests for Tsig generation and verification.

(/ht ldns release).
2016-03-07 22:17:28 +00:00
Miek Gieben a1e2d21553 Fold more tests into 1 file 2011-01-15 22:53:04 +01:00
Miek Gieben 42ce4d3085 Fix tsig -- needs testing 2011-01-09 15:54:23 +01:00
Miek Gieben 19edd05274 Fold dnssec back into dns
It is more natural. Otherwise tsig and tkey needed to be
put in their own packages
2011-01-09 10:31:23 +01:00
Miek Gieben ac687f284a Tsig
* add some testcases for tsig
* add unpack/pack stuff -- doesn't work correctly yet
2011-01-09 00:11:22 +01:00
Miek Gieben b2e9fc8d84 Added TSIG
By defining a new struct I can re-use all the nice
stuff in msg.go
2011-01-08 21:51:20 +01:00