ldns_sha512_CTX sha512_CTX;
unsigned simple_sha384 : 1;
unsigned simple_sha512 : 1;
+ unsigned double_sha384 : 1;
+ unsigned double_sha512 : 1;
};
typedef struct struct_zone_digester zone_digester;
case ZONEMD_SCHEME_SIMPLE:
switch (hash) {
case ZONEMD_HASH_SHA384:
+ if (zd->double_sha384)
+ return LDNS_STATUS_ZONEMD_DOUBLE_OCCURRENCE;
+
+ else if (zd->simple_sha384) {
+ zd->simple_sha384 = 0;
+ zd->double_sha384 = 1;
+ return LDNS_STATUS_ZONEMD_DOUBLE_OCCURRENCE;
+ }
ldns_sha384_init(&zd->sha384_CTX);
zd->simple_sha384 = 1;
break;
case ZONEMD_HASH_SHA512:
+ if (zd->double_sha512)
+ return LDNS_STATUS_ZONEMD_DOUBLE_OCCURRENCE;
+
+ else if (zd->simple_sha512) {
+ zd->simple_sha512 = 0;
+ zd->double_sha512 = 1;
+ return LDNS_STATUS_ZONEMD_DOUBLE_OCCURRENCE;
+ }
ldns_sha512_init(&zd->sha512_CTX);
zd->simple_sha512 = 1;
break;
"X509_STORE_CTX_set0_dane() functions within OpenSSL >= 1.1.0 "
"to be able to verify the DANE-TA usage type." },
#endif
+ { LDNS_STATUS_ZONEMD_DOUBLE_OCCURRENCE, "A ZONEMD with the same "
+ "<scheme> and hash algorithm occurred more than once." },
{ LDNS_STATUS_ZONEMD_UNKNOWN_SCHEME, "Unknown ZONEMD <scheme>" },
{ LDNS_STATUS_ZONEMD_UNKNOWN_HASH, "Unknown ZONEMD hash algorithm" },
{ LDNS_STATUS_ZONEMD_INVALID_SOA,
LDNS_STATUS_SYNTAX_SUPERFLUOUS_TEXT_ERR,
LDNS_STATUS_NSEC3_DOMAINNAME_OVERFLOW,
LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA,
+ LDNS_STATUS_ZONEMD_DOUBLE_OCCURRENCE,
LDNS_STATUS_ZONEMD_UNKNOWN_SCHEME,
LDNS_STATUS_ZONEMD_UNKNOWN_HASH,
LDNS_STATUS_ZONEMD_INVALID_SOA,
projects / thirdparty / ldns.git / commitdiff
