From 8b36efd701e9c88a9401607a09260b56e3cb896e Mon Sep 17 00:00:00 2001
From: Michael Weiser <michael.weiser@gmx.de>
Date: Wed, 14 Dec 2016 14:36:05 +0100
Subject: [PATCH] Add sha384 and sha512 tsig algorithm

---
 configure.ac |  2 +-
 tsig.c       | 14 +++++++++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index 8fe72397..90146c31 100644
--- a/configure.ac
+++ b/configure.ac
@@ -331,7 +331,7 @@ if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/
 else
 	AC_MSG_RESULT([no])
 fi
-AC_CHECK_FUNCS([EVP_sha256 ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id])
+AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id])
 
 # for macosx, see if glibtool exists and use that
 # BSD's need to know the version...
diff --git a/tsig.c b/tsig.c
index 012911c1..08d50f71 100644
--- a/tsig.c
+++ b/tsig.c
@@ -134,7 +134,19 @@ ldns_digest_function(char *name)
 {
 	/* these are the mandatory algorithms from RFC4635 */
 	/* The optional algorithms are not yet implemented */
-	if (strcasecmp(name, "hmac-sha256.") == 0) {
+	if (strcasecmp(name, "hmac-sha512.") == 0) {
+#ifdef HAVE_EVP_SHA512
+		return EVP_sha512();
+#else
+		return NULL;
+#endif
+	} else if (strcasecmp(name, "hmac-shac384.") == 0) {
+#ifdef HAVE_EVP_SHA384
+		return EVP_sha384();
+#else
+		return NULL;
+#endif
+	} else if (strcasecmp(name, "hmac-sha256.") == 0) {
 #ifdef HAVE_EVP_SHA256
 		return EVP_sha256();
 #else
-- 
2.47.3