#include "dnssecinfra.hh"
#include "namespaces.hh"
-#include "md5.hh"
+#include "digests.hh"
#include "dnsseckeeper.hh"
#include "dns_random.hh"
#include "lock.hh"
const static std::set<uint16_t> g_KSKSignedQTypes {QType::DNSKEY, QType::CDS, QType::CDNSKEY};
AtomicCounter* g_signatureCount;
+static std::string getLookupKey(const std::string& msg)
+{
+ try {
+ return pdns_md5sum(msg);
+ }
+ catch(const std::runtime_error& e) {
+ return pdns_sha1sum(msg);
+ }
+}
+
static void fillOutRRSIG(DNSSECPrivateKey& dpk, const DNSName& signQName, RRSIGRecordContent& rrc, vector<shared_ptr<DNSRecordContent> >& toSign)
{
if(!g_signatureCount)
rrc.d_algorithm = drc.d_algorithm;
string msg=getMessageForRRSET(signQName, rrc, toSign); // this is what we will hash & sign
- pair<string, string> lookup(rc->getPubKeyHash(), pdns_md5sum(msg)); // this hash is a memory saving exercise
+ pair<string, string> lookup(rc->getPubKeyHash(), getLookupKey(msg)); // this hash is a memory saving exercise
bool doCache=1;
if(doCache)
/* this is where the RRSIGs begin, keys are retrieved,
but the actual signing happens in fillOutRRSIG */
-static int getRRSIGsForRRSET(DNSSECKeeper& dk, const DNSName& signer, const DNSName signQName, uint16_t signQType, uint32_t signTTL,
+static int getRRSIGsForRRSET(DNSSECKeeper& dk, const DNSName& signer, const DNSName& signQName, uint16_t signQType, uint32_t signTTL,
vector<shared_ptr<DNSRecordContent> >& toSign, vector<RRSIGRecordContent>& rrcs)
{
if(toSign.empty())
}
// this is the entrypoint from DNSPacket
-static void addSignature(DNSSECKeeper& dk, UeberBackend& db, const DNSName& signer, const DNSName signQName, const DNSName& wildcardname, uint16_t signQType,
+static void addSignature(DNSSECKeeper& dk, UeberBackend& db, const DNSName& signer, const DNSName& signQName, const DNSName& wildcardname, uint16_t signQType,
uint32_t signTTL, DNSResourceRecord::Place signPlace,
vector<shared_ptr<DNSRecordContent> >& toSign, vector<DNSZoneRecord>& outsigned, uint32_t origTTL)
{