Skip to content

Commit

Permalink
Remove RSAMD5 support from (*RRSIG).Verify (#1185)
Browse files Browse the repository at this point in the history 
AFAIK, the only way to get an RSAMD5 DNSKEY was to manually construct
one. This is ancient, just get rid of it.

The only remaining usage of md5 is in tsig.go. Hopefully that might be
removable as well.
  • Loading branch information
@tmthrgd
tmthrgd committed Oct 24, 2020
1 parent be51022 commit db53c84
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions dnssec.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ import (
"crypto"
"crypto/ecdsa"
"crypto/elliptic"
_ "crypto/md5"
"crypto/rand"
"crypto/rsa"
_ "crypto/sha1"
Expand Down Expand Up @@ -437,7 +436,7 @@ func (rr *RRSIG) Verify(k *DNSKEY, rrset []RR) error {
}

switch rr.Algorithm {
case RSASHA1, RSASHA1NSEC3SHA1, RSASHA256, RSASHA512, RSAMD5:
case RSASHA1, RSASHA1NSEC3SHA1, RSASHA256, RSASHA512:
// TODO(mg): this can be done quicker, ie. cache the pubkey data somewhere??
pubkey := k.publicKeyRSA() // Get the key
if pubkey == nil {
Expand Down

0 comments on commit db53c84

Please sign in to comment.