Re: lib/49138: "libdns" cannot use "hmac-sha512" keys

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,tron%zhadum.org.uk@localhost
Subject: Re: lib/49138: "libdns" cannot use "hmac-sha512" keys
From: Matthias Scheler <tron%zhadum.org.uk@localhost>
Date: Mon, 8 Sep 2014 17:40:00 +0000 (UTC)

The following reply was made to PR bin/49138; it has been noted by GNATS.

From: Matthias Scheler <tron%zhadum.org.uk@localhost>
To: "Jeremy C. Reed" <reed%reedmedia.net@localhost>
Cc: gnats-bugs%NetBSD.org@localhost
Subject: Re: lib/49138: "libdns" cannot use "hmac-sha512" keys
Date: Mon, 8 Sep 2014 18:35:23 +0100

 On Mon, Sep 08, 2014 at 05:15:01PM +0000, Jeremy C. Reed wrote:
 >  From ISC:
 >  x
 >  diff --git a/RELNOTES b/RELNOTES
 >  index 3593975..991c2c1 100644
 >  --- a/RELNOTES
 >  +++ b/RELNOTES
 >  @@ -54,6 +54,11 @@ by Eric Young (eay%cryptsoft.com@localhost).
 >   
 >                      Changes since 4.3.1
 >   
 >  +- TSIG-authenticated dynamic DNS updates now support the use of these
 >  +  additional algorithms: hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384,
 >  +  and hmac-sha512
 >  +  [ISC-Bugs #36947]
 >  +
 >   - Corrected rate limiting checks for bad packet logging. 
 >     [ISC-Bugs #36897]
 >   
 
 This is excellent news.
 
 >  index 831047a..caa388a 100644
 >  --- a/includes/omapip/isclib.h
 >  +++ b/includes/omapip/isclib.h
 >  @@ -3,7 +3,7 @@
 >      connections to the isc and dns libraries */
 >   
 >   /*
 >  - * Copyright (c) 2009,2013 by Internet Systems Consortium, Inc. ("ISC")
 >  + * Copyright (c) 2009,2013,2014 by Internet Systems Consortium, Inc. 
 > ("ISC")
 >    *
 >    * Permission to use, copy, modify, and distribute this software for any
 >    * purpose with or without fee is hereby granted, provided that the above
 >  @@ -106,6 +106,11 @@ extern dhcp_context_t dhcp_gbl_ctx;
 >   #define DHCP_MAXDNS_WIRE 256
 >   #define DHCP_MAXNS         3
 >   #define DHCP_HMAC_MD5_NAME "HMAC-MD5.SIG-ALG.REG.INT."
 >  +#define DHCP_HMAC_SHA1_NAME "HMAC-SHA1.SIG-ALG.REG.INT."
 >  +#define DHCP_HMAC_SHA224_NAME "HMAC-SHA224.SIG-ALG.REG.INT."
 >  +#define DHCP_HMAC_SHA256_NAME "HMAC-SHA256.SIG-ALG.REG.INT."
 >  +#define DHCP_HMAC_SHA384_NAME "HMAC-SHA384.SIG-ALG.REG.INT."
 >  +#define DHCP_HMAC_SHA512_NAME "HMAC-SHA512.SIG-ALG.REG.INT."
 
 However this looks problematic. BIND calls e.g. "HMAC-SHA512.SIG-ALG.REG.INT"
 simply "hmac-sha512". It will therefore not be possible share key files
 between BIND and DHCPD if such keys are used.
 
        Kind regards
 
 -- 
 Matthias Scheler                                 https://zhadum.org.uk/

Prev by Date: Re: lib/49138: "libdns" cannot use "hmac-sha512" keys
Next by Date: kern/49186: Network hangs when using write cache in amr(4) RAID controller
Previous by Thread: Re: lib/49138: "libdns" cannot use "hmac-sha512" keys
Next by Thread: Re: lib/49138: "libdns" cannot use "hmac-sha512" keys
Indexes:

Home | Main Index | Thread Index | Old Index