1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is nolonger recommended.

To generate a RSAMD5 key you must explictly request RSAMD5. [RT #13780]

1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is nolonger recommended.
To generate a RSAMD5 key you must explictly request RSAMD5. [RT #13780]
2a90390d · Mark Andrews · be2c2c29 · 2a90390d · 2a90390d · 2a90390d
Commit 2a90390d authored Jan 03, 2006 by Mark Andrews
--- a/CHANGES
+++ b/CHANGES
+1945.	[cleanup]	dnssec-keygen: RSA (RSAMD5) is nolonger recommended.
+			To generate a RSAMD5 key you must explictly request
+			RSAMD5. [RT #13780]
+			
 1944.	[cleanup]	isc_hash_create() does not need a read/write lock.
 			[RT #15522]


--- a/bin/dnssec/dnssec-keygen.c
+++ b/bin/dnssec/dnssec-keygen.c
@@ -16,7 +16,7 @@
 * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: dnssec-keygen.c,v 1.70 2005/09/18 07:16:19 marka Exp $ */
+/* $Id: dnssec-keygen.c,v 1.71 2006/01/03 06:06:04 marka Exp $ */

 /*! \file */

@@ -213,7 +213,12 @@ main(int argc, char **argv) {

 	if (algname == NULL)
 		fatal("no algorithm was specified");
-	if (strcasecmp(algname, "HMAC-MD5") == 0) {
+	if (strcasecmp(algname, "RSA") == 0) {
+		fprintf(stderr, "The use of RSA (RSAMD5) is not recommended.\n"
+				"If you still wish to use RSA (RSAMD5) please "
+				"specify \"-a RSAMD5\"\n");
+		return (1);
+	} else if (strcasecmp(algname, "HMAC-MD5") == 0) {
 		options |= DST_TYPE_KEY;
 		alg = DST_ALG_HMACMD5;
 	} else {

--- a/bin/tests/system/dnssec/ns1/sign.sh
+++ b/bin/tests/system/dnssec/ns1/sign.sh
@@ -15,7 +15,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.

-# $Id: sign.sh,v 1.19 2004/03/10 02:19:53 marka Exp $
+# $Id: sign.sh,v 1.20 2006/01/03 06:06:04 marka Exp $

 SYSTEMTESTTOP=../..
 . $SYSTEMTESTTOP/conf.sh
@@ -31,7 +31,7 @@ zonefile=root.db
 cp ../ns2/keyset-example. .
 cp ../ns2/keyset-dlv. .

-keyname=`$KEYGEN -r $RANDFILE -a RSA -b 768 -n zone $zone`
+keyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`

 cat $infile $keyname.key > $zonefile


--- a/bin/tests/system/dnssec/ns2/sign.sh
+++ b/bin/tests/system/dnssec/ns2/sign.sh
@@ -15,7 +15,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.

-# $Id: sign.sh,v 1.24 2004/03/10 02:19:53 marka Exp $
+# $Id: sign.sh,v 1.25 2006/01/03 06:06:04 marka Exp $

 SYSTEMTESTTOP=../..
 . $SYSTEMTESTTOP/conf.sh
@@ -48,7 +48,7 @@ privzone=private.secure.example.
 privinfile=private.secure.example.db.in
 privzonefile=private.secure.example.db

-privkeyname=`$KEYGEN -r $RANDFILE -a RSA -b 768 -n zone $privzone`
+privkeyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $privzone`

 cat $privinfile $privkeyname.key >$privzonefile

@@ -61,7 +61,7 @@ dlvzone=dlv.
 dlvinfile=dlv.db.in
 dlvzonefile=dlv.db

-dlvkeyname=`$KEYGEN -r $RANDFILE -a RSA -b 768 -n zone $dlvzone`
+dlvkeyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $dlvzone`

 cat $dlvinfile $dlvkeyname.key dlvset-$privzone > $dlvzonefile


--- a/bin/tests/system/dnssec/ns3/sign.sh
+++ b/bin/tests/system/dnssec/ns3/sign.sh
@@ -15,7 +15,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.

-# $Id: sign.sh,v 1.18 2004/03/05 05:00:21 marka Exp $
+# $Id: sign.sh,v 1.19 2006/01/03 06:06:04 marka Exp $

 RANDFILE=../random.data

@@ -33,7 +33,7 @@ zone=bogus.example.
 infile=bogus.example.db.in
 zonefile=bogus.example.db

-keyname=`$KEYGEN -r $RANDFILE -a RSA -b 768 -n zone $zone`
+keyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`

 cat $infile $keyname.key >$zonefile

@@ -43,7 +43,7 @@ zone=dynamic.example.
 infile=dynamic.example.db.in
 zonefile=dynamic.example.db

-keyname=`$KEYGEN -r $RANDFILE -a RSA -b 768 -n zone $zone`
+keyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`

 cat $infile $keyname.key >$zonefile

@@ -53,7 +53,7 @@ zone=keyless.example.
 infile=keyless.example.db.in
 zonefile=keyless.example.db

-keyname=`$KEYGEN -r $RANDFILE -a RSA -b 768 -n zone $zone`
+keyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`

 cat $infile $keyname.key >$zonefile


--- a/bin/tests/system/dnssec/prereq.sh
+++ b/bin/tests/system/dnssec/prereq.sh
@@ -15,11 +15,11 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.

-# $Id: prereq.sh,v 1.6 2004/12/08 06:10:49 marka Exp $
+# $Id: prereq.sh,v 1.7 2006/01/03 06:06:04 marka Exp $

 ../../genrandom 400 random.data

-if $KEYGEN -a RSA -b 512 -n zone -r random.data foo > /dev/null 2>&1
+if $KEYGEN -a RSAMD5 -b 512 -n zone -r random.data foo > /dev/null 2>&1
 then
    rm -f Kfoo*
 else

--- a/bin/tests/system/tkey/prereq.sh
+++ b/bin/tests/system/tkey/prereq.sh
@@ -15,11 +15,11 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.

-# $Id: prereq.sh,v 1.6 2004/12/08 06:10:48 marka Exp $
+# $Id: prereq.sh,v 1.7 2006/01/03 06:06:04 marka Exp $

 ../../genrandom 400 random.data

-if $KEYGEN -a RSA -b 512 -n zone -r random.data foo > /dev/null 2>&1
+if $KEYGEN -a RSAMD5 -b 512 -n zone -r random.data foo > /dev/null 2>&1
 then
    rm -f foo*
 else