From 70d950d16e9623fec1bc89b158047de507071ce3 Mon Sep 17 00:00:00 2001 From: Brian Wellington Date: Thu, 7 Sep 2000 20:34:04 +0000 Subject: [PATCH] Log a warning if TSIG keys are too short (where too short is less than 8 bytes). --- lib/dns/tsig.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/dns/tsig.c b/lib/dns/tsig.c index e50c9b40e6..b00efe8679 100644 --- a/lib/dns/tsig.c +++ b/lib/dns/tsig.c @@ -16,7 +16,7 @@ */ /* - * $Id: tsig.c,v 1.86 2000/08/17 02:08:25 bwelling Exp $ + * $Id: tsig.c,v 1.87 2000/09/07 20:34:04 bwelling Exp $ * Principal Author: Brian Wellington */ @@ -183,6 +183,14 @@ dns_tsigkey_createfromkey(dns_name_t *name, dns_name_t *algorithm, tkey->magic = TSIG_MAGIC; + if (dst_key_size(dstkey) < 64) { + char namestr[DNS_NAME_FORMATSIZE]; + dns_name_format(name, namestr, sizeof(namestr)); + isc_log_write(dns_lctx, DNS_LOGCATEGORY_DNSSEC, + DNS_LOGMODULE_TSIG, ISC_LOG_INFO, + "the TSIG key for '%s' is too short to " + "be secure", namestr); + } if (key != NULL) *key = tkey;