From: Jelte Jansen <jelte@NLnetLabs.nl>
Date: Mon, 10 Aug 2009 13:28:19 +0000 (+0000)
Subject: we want hmac-sha256 support in tsig (if supported by openssl) even if we do not confi... 
X-Git-Tag: release-1.6.1~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7fffe447e180c14e0b5d9efb32fddccf6af35b2e;p=thirdparty%2Fldns.git

we want hmac-sha256 support in tsig (if supported by openssl) even if we do not configure RSA/SHA2
---

diff --git a/Changelog b/Changelog
index 47a0d518..8774392f 100644
--- a/Changelog
+++ b/Changelog
@@ -6,8 +6,7 @@
 	* Bitmask fix in EDNS handling
 	* Fixed non-fqdn domain name completion for rdata field domain
 	  names of length 1
-	* Fixed chasing with SHA256 DS records
-	
+	* Fixed chain validation with SHA256 DS records
 
 1.6.0
 	Additions:
diff --git a/configure.ac b/configure.ac
index 7ed15925..1621d438 100644
--- a/configure.ac
+++ b/configure.ac
@@ -77,6 +77,8 @@ AC_CHECK_PROG(doxygen, doxygen, doxygen)
 
 ACX_WITH_SSL_OPTIONAL
 
+AC_CHECK_FUNC([EVP_sha256], AC_DEFINE_UNQUOTED([HAVE_EVP_SHA256], [1], [Define this when there is EVP_SHA256 support]))
+
 # Use libtool 
 ACX_LIBTOOL_C_ONLY
 
diff --git a/tsig.c b/tsig.c
index 49aab0b2..cd6b7697 100644
--- a/tsig.c
+++ b/tsig.c
@@ -129,10 +129,10 @@ ldns_digest_function(char *name)
 	/* these are the mandatory algorithms from RFC4635 */
 	/* The optional algorithms are not yet implemented */	
 	if (strlen(name) == 12 && strncasecmp(name, "hmac-sha256.", 11) == 0) {
-#ifdef USE_SHA2
+#ifdef HAVE_EVP_SHA256
 		return EVP_sha256();
 #else
-		return NULL;	
+		return NULL;
 #endif		
 	} else if (strlen(name) == 10 && strncasecmp(name, "hmac-sha1.", 9) == 0)
 		return EVP_sha1();