- RSASHA256_NSEC3 and RSASHA512_NSEC3 algos are supported.

author Wouter Wijngaards <wouter@nlnetlabs.nl>

Mon, 3 Nov 2008 15:42:07 +0000 (15:42 +0000)

committer Wouter Wijngaards <wouter@nlnetlabs.nl>

Mon, 3 Nov 2008 15:42:07 +0000 (15:42 +0000)
author Wouter Wijngaards <wouter@nlnetlabs.nl>
Mon, 3 Nov 2008 15:42:07 +0000 (15:42 +0000)
committer Wouter Wijngaards <wouter@nlnetlabs.nl>
Mon, 3 Nov 2008 15:42:07 +0000 (15:42 +0000)
diff --git a/doc/Changelog b/doc/Changelog

index 9471a489ab5a08baed878d97e9f23e03e2fcdcd0..4f343765bbdb159339ae098ec6da5e041703cbbc 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -3,6 +3,9 @@
         - generated configure with autoconf-2.61.
         - iana portlist updated.
         - detect if libssl needs libdl.  For static linking with libssl.
+       - changed to use new algorithm identifiers for sha256/sha512
+         from ldns 1.4.0 (need very latest version).
+       - updated the included ldns tarball.
  
  23 October 2008: Wouter
         - a little more debug info for failure on signer names. prints names.
diff --git a/ldns-src.tar.gz b/ldns-src.tar.gz

index 31737b5c25416e29eb049d90f716afad55e0bbb5..e1ae23bb4aa457d63884312e689bcf9037e511c8 100644 (file)

Binary files a/ldns-src.tar.gz and b/ldns-src.tar.gz differ
diff --git a/testdata/test_signatures.10 b/testdata/test_signatures.10

index 42d9ef1e041a18780f4d88333f964e5947468bda..a5404f865a246bc0b232f81bad3912f2a8ffff08 100644 (file)
--- a/testdata/test_signatures.10
+++ b/testdata/test_signatures.10
@@ -10,7 +10,7 @@ ENTRY_BEGIN
  SECTION QUESTION
  sub.example.com.       IN DNSKEY
  SECTION ANSWER
-example.com.   3600    IN      DNSKEY  256 3 9 AwEAAeHRRbGrk8zEVeSLNlELTGcvJLEiv+OJp1HWhq+kitN3p+IjLT2YmV2p43ReRiPSBDjzsf/8VPKCsGaDeli0/cq3u0s54ft8KB9lYbMDKg0LQkDdjVY2Ah5l7FRZGDn+AnmxWlZ3mp8ZREs2NCtQW5GOiKzZtJfftUZ9f8PXemIV ;{id = 54034 (zsk), size = 1024b}
+example.com.   3600    IN      DNSKEY  256 3 10 AwEAAb3HJP1WF0wWvk9VqqZ2+xTpURPSwyiZcNRlO/hAXJisMA4/ZN2Kf0aNGewVDa6IhT8ehww5FBvVJm3R1KW/hqO+H3WzvCBpVDv1JdDqZvHMGiqEd2lCfKz4+fxuJ+HeUJBZlTz6pm9Rlqevry5uB7sKpgddDe2fK9CFCr7M1BzX ;{id = 18320 (zsk), size = 1024b}
  ENTRY_END
  
  ; entry to test
@@ -19,6 +19,6 @@ SECTION QUESTION
  www.example.com.    IN      A 
  SECTION ANSWER
  www.example.com.       3600    IN      A       192.0.2.66
-www.example.com.       3600    IN      RRSIG   A 9 3 3600 20070926134150 20070829134150 54034 example.com. FASMRTKfNKrj4o5gEkwfIjlqw2o03ZaoT95TcEdhBW80iyhi3cN3FESX7cquyqQ3AoA3i7OU5bqFVeLoQq9zeE8G2qHklpSPjrEFPHB/HKPtweb5rk4+yZqo9b0G375We12sZWHY5/gpaL2zVgX5A3j2H78rlfM7EMVnOEOIc0Y= ;{id = 54034}
+www.example.com.       3600    IN      RRSIG   A 10 3 3600 20070926134150 20070829134150 18320 example.com. m0FS92Zg6oyJE7CEwa4o2hkV+U6M/Xvniem/vLo9pz4tsAv7xxlMgT0Q8Uxl+pugiHTMSJ78V6fG/Kv6FZgesxKu70mLHQo1SjAgozRHuNwUB6cD8yeOeX0WafbRW4IfvSs6uauc+/SRukBFhJMdiX/IXw3syUGfntm03jcpWoc= ;{id = 18320}
  ENTRY_END
  
diff --git a/validator/val_sigcrypt.c b/validator/val_sigcrypt.c

index e033fdc0d55cc0185818f5cafe3239a67e078e08..a6dd8f2d2ce2df26abea3c8d91916dd8d89d76fc 100644 (file)
--- a/validator/val_sigcrypt.c
+++ b/validator/val_sigcrypt.c
@@ -372,9 +372,11 @@ dnskey_algo_id_is_supported(int id)
         case LDNS_RSAMD5:
  #ifdef SHA256_DIGEST_LENGTH
         case LDNS_RSASHA256:
+       case LDNS_RSASHA256_NSEC3:
  #endif
  #ifdef SHA512_DIGEST_LENGTH
         case LDNS_RSASHA512:
+       case LDNS_RSASHA512_NSEC3:
  #endif
                 return 1;
         default:
@@ -1302,9 +1304,11 @@ setup_key_digest(int algo, EVP_PKEY* evp_key, const EVP_MD** digest_type,
                 case LDNS_RSASHA1_NSEC3:
  #ifdef SHA256_DIGEST_LENGTH
                 case LDNS_RSASHA256:
+               case LDNS_RSASHA256_NSEC3:
  #endif
  #ifdef SHA512_DIGEST_LENGTH
                 case LDNS_RSASHA512:
+               case LDNS_RSASHA512_NSEC3:
  #endif
                         rsa = ldns_key_buf2rsa_raw(key, keylen);
                         if(!rsa) {
@@ -1320,12 +1324,14 @@ setup_key_digest(int algo, EVP_PKEY* evp_key, const EVP_MD** digest_type,
  
                         /* select SHA version */
  #ifdef SHA256_DIGEST_LENGTH
-                       if(algo == LDNS_RSASHA256)
+                       if(algo == LDNS_RSASHA256 || 
+                               algo == LDNS_RSASHA256_NSEC3)
                                 *digest_type = EVP_sha256();
                         else
  #endif
  #ifdef SHA512_DIGEST_LENGTH
-                               if(algo == LDNS_RSASHA512)
+                               if(algo == LDNS_RSASHA512 || 
+                                       algo == LDNS_RSASHA512_NSEC3)
                                 *digest_type = EVP_sha512();
                         else
  #endif
author	Wouter Wijngaards <wouter@nlnetlabs.nl>
	Mon, 3 Nov 2008 15:42:07 +0000 (15:42 +0000)
committer	Wouter Wijngaards <wouter@nlnetlabs.nl>
	Mon, 3 Nov 2008 15:42:07 +0000 (15:42 +0000)
doc/Changelog		patch \| blob \| blame \| history
ldns-src.tar.gz		patch \| blob \| blame \| history
testdata/test_signatures.10		patch \| blob \| blame \| history
validator/val_sigcrypt.c		patch \| blob \| blame \| history