Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 18:28:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove RSA/MD5 DNSSEC algorithm.

Browse Source 
This is set to status DoNotImplement in RFC 6944.
This commit is contained in:
Simon Kelley
2017-10-27 23:26:51 +01:00
parent b77efc1948
commit 0954a977c9
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/crypto.c
View File

@@ -411,7 +411,7 @@ int verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig,
/* Note the ds_digest_name(), algo_digest_name() and nsec3_digest_name() /* Note the ds_digest_name(), algo_digest_name() and nsec3_digest_name()
define which algo numbers we support. If algo_digest_name() returns define which algo numbers we support. If algo_digest_name() returns
non-NULL for an algorithm number, we assume that algrorithm is non-NULL for an algorithm number, we assume that algorithm is
supported by verify(). */ supported by verify(). */
/* http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml */ /* http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml */
@@ -432,7 +432,7 @@ char *algo_digest_name(int algo)
{ {
switch (algo) switch (algo)
{ {
case 1: return "md5"; /* RSA/MD5 */ case 1: return NULL; /* RSA/MD5 - Must Not Implement. RFC 6944 para 2.3. */
case 2: return NULL; /* Diffie-Hellman */ case 2: return NULL; /* Diffie-Hellman */
case 3: return "sha1"; /* DSA/SHA1 */ case 3: return "sha1"; /* DSA/SHA1 */
case 5: return "sha1"; /* RSA/SHA1 */ case 5: return "sha1"; /* RSA/SHA1 */