Commit 2a90390d authored by Mark Andrews's avatar Mark Andrews

1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is nolonger recommended.

                        To generate a RSAMD5 key you must explictly request
                        RSAMD5. [RT #13780]
parent be2c2c29
1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is nolonger recommended.
To generate a RSAMD5 key you must explictly request
RSAMD5. [RT #13780]
1944. [cleanup] isc_hash_create() does not need a read/write lock.
[RT #15522]
......
......@@ -16,7 +16,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-keygen.c,v 1.70 2005/09/18 07:16:19 marka Exp $ */
/* $Id: dnssec-keygen.c,v 1.71 2006/01/03 06:06:04 marka Exp $ */
/*! \file */
......@@ -213,7 +213,12 @@ main(int argc, char **argv) {
if (algname == NULL)
fatal("no algorithm was specified");
if (strcasecmp(algname, "HMAC-MD5") == 0) {
if (strcasecmp(algname, "RSA") == 0) {
fprintf(stderr, "The use of RSA (RSAMD5) is not recommended.\n"
"If you still wish to use RSA (RSAMD5) please "
"specify \"-a RSAMD5\"\n");
return (1);
} else if (strcasecmp(algname, "HMAC-MD5") == 0) {
options |= DST_TYPE_KEY;
alg = DST_ALG_HMACMD5;
} else {
......
......@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: sign.sh,v 1.19 2004/03/10 02:19:53 marka Exp $
# $Id: sign.sh,v 1.20 2006/01/03 06:06:04 marka Exp $
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
......@@ -31,7 +31,7 @@ zonefile=root.db
cp ../ns2/keyset-example. .
cp ../ns2/keyset-dlv. .
keyname=`$KEYGEN -r $RANDFILE -a RSA -b 768 -n zone $zone`
keyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
cat $infile $keyname.key > $zonefile
......
......@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: sign.sh,v 1.24 2004/03/10 02:19:53 marka Exp $
# $Id: sign.sh,v 1.25 2006/01/03 06:06:04 marka Exp $
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
......@@ -48,7 +48,7 @@ privzone=private.secure.example.
privinfile=private.secure.example.db.in
privzonefile=private.secure.example.db
privkeyname=`$KEYGEN -r $RANDFILE -a RSA -b 768 -n zone $privzone`
privkeyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $privzone`
cat $privinfile $privkeyname.key >$privzonefile
......@@ -61,7 +61,7 @@ dlvzone=dlv.
dlvinfile=dlv.db.in
dlvzonefile=dlv.db
dlvkeyname=`$KEYGEN -r $RANDFILE -a RSA -b 768 -n zone $dlvzone`
dlvkeyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $dlvzone`
cat $dlvinfile $dlvkeyname.key dlvset-$privzone > $dlvzonefile
......
......@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: sign.sh,v 1.18 2004/03/05 05:00:21 marka Exp $
# $Id: sign.sh,v 1.19 2006/01/03 06:06:04 marka Exp $
RANDFILE=../random.data
......@@ -33,7 +33,7 @@ zone=bogus.example.
infile=bogus.example.db.in
zonefile=bogus.example.db
keyname=`$KEYGEN -r $RANDFILE -a RSA -b 768 -n zone $zone`
keyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -43,7 +43,7 @@ zone=dynamic.example.
infile=dynamic.example.db.in
zonefile=dynamic.example.db
keyname=`$KEYGEN -r $RANDFILE -a RSA -b 768 -n zone $zone`
keyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -53,7 +53,7 @@ zone=keyless.example.
infile=keyless.example.db.in
zonefile=keyless.example.db
keyname=`$KEYGEN -r $RANDFILE -a RSA -b 768 -n zone $zone`
keyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
cat $infile $keyname.key >$zonefile
......
......@@ -15,11 +15,11 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: prereq.sh,v 1.6 2004/12/08 06:10:49 marka Exp $
# $Id: prereq.sh,v 1.7 2006/01/03 06:06:04 marka Exp $
../../genrandom 400 random.data
if $KEYGEN -a RSA -b 512 -n zone -r random.data foo > /dev/null 2>&1
if $KEYGEN -a RSAMD5 -b 512 -n zone -r random.data foo > /dev/null 2>&1
then
rm -f Kfoo*
else
......
......@@ -15,11 +15,11 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: prereq.sh,v 1.6 2004/12/08 06:10:48 marka Exp $
# $Id: prereq.sh,v 1.7 2006/01/03 06:06:04 marka Exp $
../../genrandom 400 random.data
if $KEYGEN -a RSA -b 512 -n zone -r random.data foo > /dev/null 2>&1
if $KEYGEN -a RSAMD5 -b 512 -n zone -r random.data foo > /dev/null 2>&1
then
rm -f foo*
else
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment