From: Michael Weiser <michael.weiser@gmx.de>
Date: Wed, 14 Dec 2016 13:36:05 +0000 (+0100)
Subject: Add sha384 and sha512 tsig algorithm
X-Git-Tag: release-1.7.0~2^2~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8b36efd701e9c88a9401607a09260b56e3cb896e;p=thirdparty%2Fldns.git

Add sha384 and sha512 tsig algorithm
---

diff --git a/configure.ac b/configure.ac
index 8fe72397..90146c31 100644
--- a/configure.ac
+++ b/configure.ac
@@ -331,7 +331,7 @@ if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/
 else
 	AC_MSG_RESULT([no])
 fi
-AC_CHECK_FUNCS([EVP_sha256 ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id])
+AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id])
 
 # for macosx, see if glibtool exists and use that
 # BSD's need to know the version...
diff --git a/tsig.c b/tsig.c
index 012911c1..08d50f71 100644
--- a/tsig.c
+++ b/tsig.c
@@ -134,7 +134,19 @@ ldns_digest_function(char *name)
 {
 	/* these are the mandatory algorithms from RFC4635 */
 	/* The optional algorithms are not yet implemented */
-	if (strcasecmp(name, "hmac-sha256.") == 0) {
+	if (strcasecmp(name, "hmac-sha512.") == 0) {
+#ifdef HAVE_EVP_SHA512
+		return EVP_sha512();
+#else
+		return NULL;
+#endif
+	} else if (strcasecmp(name, "hmac-shac384.") == 0) {
+#ifdef HAVE_EVP_SHA384
+		return EVP_sha384();
+#else
+		return NULL;
+#endif
+	} else if (strcasecmp(name, "hmac-sha256.") == 0) {
 #ifdef HAVE_EVP_SHA256
 		return EVP_sha256();
 #else