Add sha384 and sha512 tsig algorithm

diff --git a/configure.ac b/configure.ac
index 8fe7239771bac03be8dfe0e44accaf61e912e475..90146c31cda7258075f788c629ae0ac6bd2690bc 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -331,7 +331,7 @@ if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/
 else
        AC_MSG_RESULT([no])
 fi
-AC_CHECK_FUNCS([EVP_sha256 ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id])
+AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id])
 
 # for macosx, see if glibtool exists and use that
 # BSD's need to know the version...

diff --git a/tsig.c b/tsig.c
index 012911c1f73f5df1c93deabc1f59c869c562c4ea..08d50f71c8dc09a1fb3c35baeda7c8b799296146 100644 (file)
--- a/tsig.c
+++ b/tsig.c
@@ -134,7 +134,19 @@ ldns_digest_function(char *name)
 {
        /* these are the mandatory algorithms from RFC4635 */
        /* The optional algorithms are not yet implemented */
-       if (strcasecmp(name, "hmac-sha256.") == 0) {
+       if (strcasecmp(name, "hmac-sha512.") == 0) {
+#ifdef HAVE_EVP_SHA512
+               return EVP_sha512();
+#else
+               return NULL;
+#endif
+       } else if (strcasecmp(name, "hmac-shac384.") == 0) {
+#ifdef HAVE_EVP_SHA384
+               return EVP_sha384();
+#else
+               return NULL;
+#endif
+       } else if (strcasecmp(name, "hmac-sha256.") == 0) {
 #ifdef HAVE_EVP_SHA256
                return EVP_sha256();
 #else