GOST support.

git-svn-id: file:///svn/unbound/trunk@2065 be551aaa-1e26-0410-a405-d3ace91eadb9
2025-12-20 23:00:56 -05:00 · 2010-04-06 12:15:19 +00:00 · 2010-04-06 12:15:19 +00:00 · 77f49a5510
commit 77f49a5510
parent 8413dd946e
17 changed files with 58 additions and 54 deletions
--- a/12
+++ b/12
@ -1585,7 +1585,7 @@ Optional Features:
  --disable-rpath         disable hardcoded rpath (default=enabled)
  --disable-largefile     omit support for large files
  --disable-sha2          Disable SHA256 and SHA512 RRSIG support
-  --enable-gost           Enable GOST support, experimental
+  --disable-gost          Disable GOST support
  --enable-static-exe     enable to compile executables statically against
                          event, ldns libs, for debug purposes
  --enable-lock-checks    enable to check lock and unlock calls, for debug
@ -19995,7 +19995,9 @@ if test "${enable_gost+set}" = set; then
 fi
 case "$enable_gost" in
-	yes)
+	no)
 	;;
 	yes|*)
 	{ $as_echo "$as_me:$LINENO: checking for EVP_PKEY_set_type_str" >&5
 $as_echo_n "checking for EVP_PKEY_set_type_str... " >&6; }
 if test "${ac_cv_func_EVP_PKEY_set_type_str+set}" = set; then
@ -20084,8 +20086,8 @@ $as_echo "$ac_cv_func_EVP_PKEY_set_type_str" >&6; }
 if test "x$ac_cv_func_EVP_PKEY_set_type_str" = x""yes; then
  :
 else
-  { { $as_echo "$as_me:$LINENO: error: OpenSSL >= 1.0.0 is needed for GOST support" >&5
+  { { $as_echo "$as_me:$LINENO: error: OpenSSL >= 1.0.0 is needed for GOST support, upgrade openssl or rerun with --disable-gost" >&5
-$as_echo "$as_me: error: OpenSSL >= 1.0.0 is needed for GOST support" >&2;}
+$as_echo "$as_me: error: OpenSSL >= 1.0.0 is needed for GOST support, upgrade openssl or rerun with --disable-gost" >&2;}
   { (exit 1); exit 1; }; }
 fi
@ -20095,8 +20097,6 @@ cat >>confdefs.h <<\_ACEOF
 _ACEOF
 	;;
 	no|*)
 	;;
 esac
 # check for libevent
--- a/configure.ac
+++ b/configure.ac
@ -418,13 +418,13 @@ case "$enable_sha2" in
 	;;
 esac
-AC_ARG_ENABLE(gost, AC_HELP_STRING([--enable-gost], [Enable GOST support, experimental]))
+AC_ARG_ENABLE(gost, AC_HELP_STRING([--disable-gost], [Disable GOST support]))
 case "$enable_gost" in
-	yes)
+	no)
 	AC_CHECK_FUNC(EVP_PKEY_set_type_str, [:],[AC_MSG_ERROR([OpenSSL >= 1.0.0 is needed for GOST support])])
 	AC_DEFINE([USE_GOST], [1], [Define this to enable GOST support.])
 	;;
-	no|*)
+	yes|*)
 	AC_CHECK_FUNC(EVP_PKEY_set_type_str, [:],[AC_MSG_ERROR([OpenSSL >= 1.0.0 is needed for GOST support, upgrade openssl or rerun with --disable-gost])])
 	AC_DEFINE([USE_GOST], [1], [Define this to enable GOST support.])
 	;;
 esac
--- a/daemon/worker.c
+++ b/daemon/worker.c
@ -1296,7 +1296,8 @@ int libworker_send_packet(ldns_buffer* ATTR_UNUSED(pkt),
 struct outbound_entry* libworker_send_query(uint8_t* ATTR_UNUSED(qname), 
 	size_t ATTR_UNUSED(qnamelen), uint16_t ATTR_UNUSED(qtype), 
 	uint16_t ATTR_UNUSED(qclass), uint16_t ATTR_UNUSED(flags), 
-	int ATTR_UNUSED(dnssec), struct sockaddr_storage* ATTR_UNUSED(addr), 
+	int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec),
 	struct sockaddr_storage* ATTR_UNUSED(addr), 
 	socklen_t ATTR_UNUSED(addrlen), struct module_qstate* ATTR_UNUSED(q))
 {
 	log_assert(0);
--- a/doc/Changelog
+++ b/doc/Changelog
@ -3,6 +3,7 @@
 	  cache timeout coincided with a server update, the current EDNS 
 	  backoff is less sensitive, and does not cache the backoff unless 
 	  the backoff actually works and the domain is not expecting DNSSEC.
 	- GOST support with correct algorithm numbers.
 1 April 2010: Wouter
 	- iana portlist updated.
--- a/ldns-src.tar.gz
+++ b/ldns-src.tar.gz
--- a/libunbound/libworker.c
+++ b/libunbound/libworker.c
@ -835,7 +835,8 @@ int worker_send_packet(ldns_buffer* ATTR_UNUSED(pkt),
 struct outbound_entry* worker_send_query(uint8_t* ATTR_UNUSED(qname), 
 	size_t ATTR_UNUSED(qnamelen), uint16_t ATTR_UNUSED(qtype), 
 	uint16_t ATTR_UNUSED(qclass), uint16_t ATTR_UNUSED(flags), 
-	int ATTR_UNUSED(dnssec), struct sockaddr_storage* ATTR_UNUSED(addr), 
+	int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec),
 	struct sockaddr_storage* ATTR_UNUSED(addr), 
 	socklen_t ATTR_UNUSED(addrlen), struct module_qstate* ATTR_UNUSED(q))
 {
 	log_assert(0);
--- a/smallapp/worker_cb.c
+++ b/smallapp/worker_cb.c
@ -152,7 +152,8 @@ int libworker_send_packet(ldns_buffer* ATTR_UNUSED(pkt),
 struct outbound_entry* libworker_send_query(uint8_t* ATTR_UNUSED(qname), 
 	size_t ATTR_UNUSED(qnamelen), uint16_t ATTR_UNUSED(qtype), 
 	uint16_t ATTR_UNUSED(qclass), uint16_t ATTR_UNUSED(flags), 
-	int ATTR_UNUSED(dnssec), struct sockaddr_storage* ATTR_UNUSED(addr), 
+	int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec),
 	struct sockaddr_storage* ATTR_UNUSED(addr), 
 	socklen_t ATTR_UNUSED(addrlen), struct module_qstate* ATTR_UNUSED(q))
 {
 	log_assert(0);
--- a/testdata/Kexample.com.+011+58910.ds
+++ b/testdata/Kexample.com.+011+58910.ds
@ -0,0 +1 @@
 example.com.	3600	IN	DS	58910 11 3 687978f784ddf4ffecd42788be42057d75bcf952134bf887d334e635b18dfdeb ; xipal-novuz-lecut-totyz-zurut-gonum-mazyg-dacal-tytur-suveh-dagig-revym-lugef-genef-hysam-tazav-ryxex
--- a/testdata/Kexample.com.+011+58910.key
+++ b/testdata/Kexample.com.+011+58910.key
@ -0,0 +1 @@
 example.com.	3600	IN	DNSKEY	256 3 11 UQgaBVNAin7hJySuuU1V9z6+iDMMYGNNtCgNJLMCzBNxFHRdhQff/y1vZExYNfSztK3RUOiy/uTqIa265Fr6PQ== ;{id = 58910 (zsk), size = 512b}
--- a/testdata/Kexample.com.+011+58910.private
+++ b/testdata/Kexample.com.+011+58910.private
@ -0,0 +1,3 @@
 Private-key-format: v1.2
 Algorithm: 11 (ECC-GOST)
 GostAsn1: MEYCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIwIhAOAlrm29bz9Kh0FaXhdP9IfjypQoKcm/xiMYR8GWkJm9
--- a/testdata/Kexample.com.+249+41929.ds
+++ b/testdata/Kexample.com.+249+41929.ds
@ -1 +0,0 @@
 example.com.	3600	IN	DS	41929 249 203 10e2bc48d0301d16858bd040ee7d5c1983122d6cec0e3324fcdb94ba5ac0f748 ; xegav-dozog-mugef-bolyc-kicem-rygug-borel-tulyc-nibuc-dyryk-serub-vasud-gazut-rihyr-pykis-bytyg-myxyx
--- a/testdata/Kexample.com.+249+41929.key
+++ b/testdata/Kexample.com.+249+41929.key
@ -1 +0,0 @@
 example.com.    3600    IN      DNSKEY  256 3 249 AAB7oZ5Ox8mcGrhB4vh41LdJQ5i+MVbn0KVe1a0CU2Akdwbp1qZ2khQTJZ0wOFkEsmgU2wfggXTpU8rp745IDVUb ;{id = 41929 (zsk), size = 512b}
--- a/testdata/Kexample.com.+249+41929.private
+++ b/testdata/Kexample.com.+249+41929.private
@ -1,3 +0,0 @@
 Private-key-format: v1.2
 Algorithm: 249 (GOST)
 GostAsn1: MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgIgZdfQ+s3ASjjFsne42OdGYxav0QKoL3p/wOX/3kySQ3Q=
--- a/testdata/test_sigs.gost
+++ b/testdata/test_sigs.gost
@ -3,13 +3,13 @@
 ; first entry is a DNSKEY answer, with the DNSKEY rrset used for verification. 
 ; later entries are verified with it.
-; Test GOST signatures using algo number 249.
+; Test GOST signatures using algo number 11.
 ENTRY_BEGIN
 SECTION QUESTION
 nlnetlabs.nl.	IN DNSKEY
 SECTION ANSWER
-nlnetlabs.nl.    3600    IN      DNSKEY  256 3 249 AAB7oZ5Ox8mcGrhB4vh41LdJQ5i+MVbn0KVe1a0CU2Akdwbp1qZ2khQTJZ0wOFkEsmgU2wfggXTpU8rp745IDVUb ;{id = 41929 (zsk), size = 512b}
+nlnetlabs.nl.	3600	IN	DNSKEY	256 3 11 UQgaBVNAin7hJySuuU1V9z6+iDMMYGNNtCgNJLMCzBNxFHRdhQff/y1vZExYNfSztK3RUOiy/uTqIa265Fr6PQ== ;{id = 58910 (zsk), size = 512b}
 ENTRY_END
 ; entry to test
@ -18,7 +18,7 @@ SECTION QUESTION
 open.nlnetlabs.nl. IN A
 SECTION ANSWER
 open.nlnetlabs.nl.      600     IN      A       213.154.224.1
-open.nlnetlabs.nl.	600	IN	RRSIG	A 249 3 600 20090903100515 20090806100515 41929 nlnetlabs.nl. jHGE+RPMlJtQBrmSEbw6ERLkuYR5hjiVMuj7HbxpfGi63A/Tm5zRZaEgx9AK+gvEXMo2d9TN44OaBxPNyxgQNA== ;{id = 41929}
+open.nlnetlabs.nl.	600	IN	RRSIG	A 11 3 600 20090903100515 20090806100515 58910 nlnetlabs.nl. w/FZQYEhu3Quf0kiru1S+CVBXE7VAJuBOWJ4z/ukIZC10tIRVJ4qkxJdfh60BDnBZnU8askArXsKmgZGLEftxQ== ;{id = 58910}
 ENTRY_END
 ENTRY_BEGIN
@ -27,7 +27,7 @@ open.nlnetlabs.nl. IN AAAA
 SECTION ANSWER
 open.nlnetlabs.nl.      600     IN      AAAA    2001:7b8:206:1::1
 open.nlnetlabs.nl.      600     IN      AAAA    2001:7b8:206:1::53
-open.nlnetlabs.nl.	600	IN	RRSIG	AAAA 249 3 600 20090903100515 20090806100515 41929 nlnetlabs.nl. Pod5ouQTmulD8rmOOERVhhD3wsu7tD2VRej+Puph61T/vEry0CTnosHkd4fg2xohnx9i6m09LhPeOdaCJJIRAQ== ;{id = 41929}
+open.nlnetlabs.nl.	600	IN	RRSIG	AAAA 11 3 600 20090903100515 20090806100515 58910 nlnetlabs.nl. c4rWveXX+ZX1LcGBEd3AUCMA9TgAh/eGFFDFIDeeBOZxeC83nx0jZWrQC1PMoVMjCt7VKH2ChIQq2fwbPeeXrQ== ;{id = 58910}
 ENTRY_END
 ENTRY_BEGIN
@ -35,6 +35,6 @@ SECTION QUESTION
 open.nlnetlabs.nl. IN NSEC
 SECTION ANSWER
 open.nlnetlabs.nl.      3600    IN      NSEC    nlnetlabs.nl. A AAAA RRSIG NSEC 
-open.nlnetlabs.nl.	3600	IN	RRSIG	NSEC 249 3 3600 20090903100515 20090806100515 41929 nlnetlabs.nl. qWNarmPDHjv+ctxYCbxWrJc+LPjKW+RkP17bK6idfzcqGxK95fnsduphbmEZlQQiruO1OeZ1VlF9Btg+qS2T3A== ;{id = 41929}
+open.nlnetlabs.nl.	3600	IN	RRSIG	NSEC 11 3 3600 20090903100515 20090806100515 58910 nlnetlabs.nl. g83jorGebhLfnujx7nh2Vhs2rNSqLSVQURohpNLhaIehqwfaKomYkZGUDXy/KwcGEAkNVQHogL7KudkB8lcFrg== ;{id = 58910}
 ENTRY_END
--- a/testdata/val_ds_gost.rpl
+++ b/testdata/val_ds_gost.rpl
@ -115,11 +115,11 @@ SECTION AUTHORITY
 sub.example.com. IN	NS ns.sub.example.com.
 ; GOST DS for sub.example.com.
-sub.example.com.	3600	IN	DS	41930 249 203 1940ede41068d30064a092a4fbf50b95071497a6c96616d647023c2e31951c59 ; xekeg-beryv-gygek-mugab-benup-bugop-gyvoz-hidin-hicec-gohap-keduk-kyhet-kucob-duzed-vason-halih-noxox
+sub.example.com.	3600	IN	DS	58910 11 3 e88148d88f5f08cca67e695543aaefd4c5c3469262e95dc3870821beaf7d0a65 ; xupam-cedyt-mifuh-zudes-sanyl-vepah-hybip-piryt-gycys-fecun-demuv-nilis-fecyb-mamar-voril-tydak-huxux
-sub.example.com.	3600	IN	RRSIG	DS 3 3 3600 20070926135752 20070829135752 2854 example.com. AE9dudjtl6lDkd56NGXQrsT9OsYXKJBipHfdnX+UyR10CydCRFju8Mk= ;{id = 2854}
+sub.example.com.	3600	IN	RRSIG	DS 3 3 3600 20070926135752 20070829135752 2854 example.com. AHsiikBOFKEuYMRTCcrn0rW0gA7JhcSDfeYo004bzjCFBlNnt0n+Z74= ;{id = 2854}
 ; SHA DS for sub.example.com.
-;sub.example.com.	3600	IN	DS	41930 249 1 ea843e16f46363ad869661a7e88fe5d4bfd63796 ; xupim-gyzoc-kutek-femup-tucen-kemyp-lopym-zanit-gizet-kotyn-kuxyx
+; sub.example.com.	3600	IN	DS	58910 11 1 5c5afc6c1b9c39568111145bc2e85f5913d6c919 ; xilah-puzok-sykan-suvyh-koboc-cehih-rybov-myluh-nagyt-kidic-nyxex
 SECTION ADDITIONAL
 ns.sub.example.com. IN A 1.2.3.6
@ -138,10 +138,10 @@ SECTION QUESTION
 sub.example.com. IN NS
 SECTION ANSWER
 sub.example.com. IN	NS ns.sub.example.com.
-sub.example.com.	3600	IN	RRSIG	NS 249 3 3600 20070926134150 20070829134150 41930 sub.example.com. +RqxwrGqIOwgZit1MNe3oEPEvoTRppVylmLFXAT7tg2MxWBdqXwH1Pby3sbAy6T3Syk07LMEjZJ/qd5HYJO0+w== ;{id = 41930}
+sub.example.com.	3600	IN	RRSIG	NS 11 3 3600 20070926134150 20070829134150 58910 sub.example.com. 3+H3UPhpHtSDlTCf7pRAYEX1Zodi0BcvkNL6mahA364ReIxLjSGcJEaNZ4moTRk/V9OTK3K39P78Q9TUeYtrSA== ;{id = 58910}
 SECTION ADDITIONAL
 ns.sub.example.com. IN A 1.2.3.6
-ns.sub.example.com.	3600	IN	RRSIG	A 249 4 3600 20070926134150 20070829134150 41930 sub.example.com. T7CSlknnb6GnM8hS9riryi9G06nr/2nJUfep97igb+aPgrLziF0UUVj3DjcISgmrCw0Pdegm2jJkVliFYm4PLQ== ;{id = 41930}
+ns.sub.example.com.	3600	IN	RRSIG	A 11 4 3600 20070926134150 20070829134150 58910 sub.example.com. 0+byC/6fXGq5j06m2zJfUHiyhSpZTM8AQlE6ygr1jAiuPkl9GURvLH7XkWjS1n+K0+KuS2xTnwWlqBWuhlpRQQ== ;{id = 58910}
 ENTRY_END
 ; response to DNSKEY priming query
@ -152,15 +152,15 @@ REPLY QR NOERROR
 SECTION QUESTION
 sub.example.com. IN DNSKEY
 SECTION ANSWER
-sub.example.com.    3600    IN      DNSKEY  257 3 249 AAB7oZ5Ox8mcGrhB4vh41LdJQ5i+MVbn0KVe1a0CU2Akdwbp1qZ2khQTJZ0wOFkEsmgU2wfggXTpU8rp745IDVUb ;{id = 41930 (zsk), size = 512b}
+sub.example.com.	3600	IN	DNSKEY	256 3 11 UQgaBVNAin7hJySuuU1V9z6+iDMMYGNNtCgNJLMCzBNxFHRdhQff/y1vZExYNfSztK3RUOiy/uTqIa265Fr6PQ== ;{id = 58910 (zsk), size = 512b}
-sub.example.com.	3600	IN	RRSIG	DNSKEY 249 3 3600 20070926134150 20070829134150 41930 sub.example.com. AEZeCPrvG8ueQYicdYhBUMORPH8VHlbcO0GvsRl5xLFqc8femC2qPRk7SpIOSRxZXdu4liL9O5FFYaymThfFCA== ;{id = 41930}
+sub.example.com.	3600	IN	RRSIG	DNSKEY 11 3 3600 20070926134150 20070829134150 58910 sub.example.com. bHt9jld0nHQqV0sVqaYMos+FjgIhOyqlMFHPgu1G47qJan20wKCrMEFn4ZJLZP1VTllopqvszZe4E5MXeEhlGw== ;{id = 58910}
 SECTION AUTHORITY
 sub.example.com. IN	NS ns.sub.example.com.
-sub.example.com.	3600	IN	RRSIG	NS 249 3 3600 20070926134150 20070829134150 41930 sub.example.com. +RqxwrGqIOwgZit1MNe3oEPEvoTRppVylmLFXAT7tg2MxWBdqXwH1Pby3sbAy6T3Syk07LMEjZJ/qd5HYJO0+w== ;{id = 41930}
+sub.example.com.	3600	IN	RRSIG	NS 11 3 3600 20070926134150 20070829134150 58910 sub.example.com. 3+H3UPhpHtSDlTCf7pRAYEX1Zodi0BcvkNL6mahA364ReIxLjSGcJEaNZ4moTRk/V9OTK3K39P78Q9TUeYtrSA== ;{id = 58910}
 SECTION ADDITIONAL
 ns.sub.example.com. IN A 1.2.3.6
-ns.sub.example.com.	3600	IN	RRSIG	A 249 4 3600 20070926134150 20070829134150 41930 sub.example.com. T7CSlknnb6GnM8hS9riryi9G06nr/2nJUfep97igb+aPgrLziF0UUVj3DjcISgmrCw0Pdegm2jJkVliFYm4PLQ== ;{id = 41930}
+ns.sub.example.com.	3600	IN	RRSIG	A 11 4 3600 20070926134150 20070829134150 58910 sub.example.com. 0+byC/6fXGq5j06m2zJfUHiyhSpZTM8AQlE6ygr1jAiuPkl9GURvLH7XkWjS1n+K0+KuS2xTnwWlqBWuhlpRQQ== ;{id = 58910}
 ENTRY_END
 ; response to query of interest
@ -172,7 +172,7 @@ SECTION QUESTION
 www.sub.example.com. IN A
 SECTION ANSWER
 www.sub.example.com. IN A	11.11.11.11
-www.sub.example.com.	3600	IN	RRSIG	A 249 4 3600 20070926134150 20070829134150 41930 sub.example.com. UUeLd4U/s4Bp2772GGbjFGc+JiiqL9VCSCRkSIPPIzCm7ECWNhpi+a3eG4oC4Z99ufpcP+v67FuAWlAGXyeW0A== ;{id = 41930}
+www.sub.example.com.	3600	IN	RRSIG	A 11 4 3600 20070926134150 20070829134150 58910 sub.example.com. O+jJMnuACx9Ugw1xemUJ0wyFovR3pax+YLTtF6TVGaGOcne70aMyk+PkHntxSAHIgmEhOJtWpdBpVghKrMUgxw== ;{id = 58910}
 SECTION AUTHORITY
 SECTION ADDITIONAL
@ -195,7 +195,7 @@ SECTION QUESTION
 www.sub.example.com. IN A
 SECTION ANSWER
 www.sub.example.com. 	3600	IN	A	11.11.11.11
-www.sub.example.com.	3600	IN	RRSIG	A 249 4 3600 20070926134150 20070829134150 41930 sub.example.com. UUeLd4U/s4Bp2772GGbjFGc+JiiqL9VCSCRkSIPPIzCm7ECWNhpi+a3eG4oC4Z99ufpcP+v67FuAWlAGXyeW0A== ;{id = 41930}
+www.sub.example.com.	3600	IN	RRSIG	A 11 4 3600 20070926134150 20070829134150 58910 sub.example.com. O+jJMnuACx9Ugw1xemUJ0wyFovR3pax+YLTtF6TVGaGOcne70aMyk+PkHntxSAHIgmEhOJtWpdBpVghKrMUgxw== ;{id = 58910}
 SECTION AUTHORITY
 SECTION ADDITIONAL
 ENTRY_END
--- a/testdata/val_ds_gost_downgrade.rpl
+++ b/testdata/val_ds_gost_downgrade.rpl
@ -124,19 +124,18 @@ sub.example.com. IN	NS ns.sub.example.com.
 ; downgrade: false GOST, correct SHA
-sub.example.com.        3600    IN      DS      41930 249 203 1940ede41068d30064a092a4fbf50b95071497a6c96616d647023c2e31951c58 ; xekeg-beryv-gygek-mugab-benup-bugop-gyvoz-hidin-hicec-gohap-keduk-kyhet-kucob-duzed-vason-halih-noxox
+sub.example.com.        3600    IN      DS      58910 11 3 e77148d88f5f08cca67e695543aaefd4c5c3469262e95dc3870821beaf7d0a65
 ; correct GOST DS for sub.example.com.
-; sub.example.com.        3600    IN      DS      41930 249 203 1940ede41068d30064a092a4fbf50b95071497a6c96616d647023c2e31951c59 ; xekeg-beryv-gygek-mugab-benup-bugop-gyvoz-hidin-hicec-gohap-keduk-kyhet-kucob-duzed-vason-halih-noxox
+; sub.example.com.        3600    IN      DS      58910 11 3 e88148d88f5f08cca67e695543aaefd4c5c3469262e95dc3870821beaf7d0a65 ; xupam-cedyt-mifuh-zudes-sanyl-vepah-hybip-piryt-gycys-fecun-demuv-nilis-fecyb-mamar-voril-tydak-huxux
 ; SHA1 DS for sub.example.com.
-sub.example.com.	3600	IN	DS	41930 249 1 ea843e16f46363ad869661a7e88fe5d4bfd63796 ; xupim-gyzoc-kutek-femup-tucen-kemyp-lopym-zanit-gizet-kotyn-kuxyx
+sub.example.com.      3600    IN      DS      58910 11 1 5c5afc6c1b9c39568111145bc2e85f5913d6c919 ; xilah-puzok-sykan-suvyh-koboc-cehih-rybov-myluh-nagyt-kidic-nyxex
 ; SHA256 DS for sub.example.com.
-sub.example.com.	3600	IN	DS	41930 249 2 0ae431b6bbb6ded8547428517c0912aab06150e3fe3e0bb64755e6baa4e33bb5 ; xediv-gosor-kiver-kalat-muhyl-gypah-cozub-nygep-pysak-cegiv-fuzyf-voder-kycih-hyner-piniv-fevir-hyxux
+sub.example.com.	3600	IN	DS	58910 11 2 abe9f057a63c8e1779099af54c3392ca5e643ce383dfd79a8391df5ff11324e8 ; xopov-nusyh-lunuf-sufec-livyb-nykoz-hefaf-fogos-palek-gozyv-fubat-zehyn-pebun-culoh-zisec-fonav-mexyx
 ; signs SHA1, SHA2 and GOST DSes
-sub.example.com.	3600	IN	RRSIG	DS 3 3 3600 20070926135752 20070829135752 2854 example.com. AEEGV20ThZAE523wZe4idjxcv/wHBgA/UUWk+H5V5c1bRGa2VzLLuDM= ;{id = 2854}
+sub.example.com.	3600	IN	RRSIG	DS 3 3 3600 20070926135752 20070829135752 2854 example.com. AIbA2kEfT78Xfag9ndYBLFJw43zcKbuumiekUfb+pTWl7x1IArCFhNA= ;{id = 2854}
 SECTION ADDITIONAL
 ns.sub.example.com. IN A 1.2.3.6
@ -155,10 +154,11 @@ SECTION QUESTION
 sub.example.com. IN NS
 SECTION ANSWER
 sub.example.com. IN	NS ns.sub.example.com.
-sub.example.com.        3600    IN      RRSIG   NS 249 3 3600 20070926134150 20070829134150 41930 sub.example.com. +RqxwrGqIOwgZit1MNe3oEPEvoTRppVylmLFXAT7tg2MxWBdqXwH1Pby3sbAy6T3Syk07LMEjZJ/qd5HYJO0+w== ;{id = 41930}
+sub.example.com.	3600	IN	RRSIG	NS 11 3 3600 20070926134150 20070829134150 58910 sub.example.com. S3ByzAnmpzVhSm+Qay+F7BRKPcoWfc/K0AV5Eg5vwwNqlpYwWNVvTRiE6YDiyJ7yOMsiff1E6FCuEDedLoa0/g== ;{id = 58910}
 SECTION ADDITIONAL
 ns.sub.example.com. IN A 1.2.3.6
-ns.sub.example.com.     3600    IN      RRSIG   A 249 4 3600 20070926134150 20070829134150 41930 sub.example.com. T7CSlknnb6GnM8hS9riryi9G06nr/2nJUfep97igb+aPgrLziF0UUVj3DjcISgmrCw0Pdegm2jJkVliFYm4PLQ== ;{id = 41930}
+ns.sub.example.com.	3600	IN	RRSIG	A 11 4 3600 20070926134150 20070829134150 58910 sub.example.com. H8+jqzbxcRWw1DBDB0azOaO6TRx9lE2JqiF4syuKvhApkSNmkNxB6hSLSp3qjL3zFbNSrlwo3nUBgeDh9mZTDA== ;{id = 58910}
 ENTRY_END
 ; response to DNSKEY priming query
@ -169,14 +169,14 @@ REPLY QR NOERROR
 SECTION QUESTION
 sub.example.com. IN DNSKEY
 SECTION ANSWER
-sub.example.com.    3600    IN      DNSKEY  257 3 249 AAB7oZ5Ox8mcGrhB4vh41LdJQ5i+MVbn0KVe1a0CU2Akdwbp1qZ2khQTJZ0wOFkEsmgU2wfggXTpU8rp745IDVUb ;{id = 41930 (zsk), size = 512b}
+sub.example.com.	3600	IN	DNSKEY	256 3 11 UQgaBVNAin7hJySuuU1V9z6+iDMMYGNNtCgNJLMCzBNxFHRdhQff/y1vZExYNfSztK3RUOiy/uTqIa265Fr6PQ== ;{id = 58910 (zsk), size = 512b}
-sub.example.com.        3600    IN      RRSIG   DNSKEY 249 3 3600 20070926134150 20070829134150 41930 sub.example.com. AEZeCPrvG8ueQYicdYhBUMORPH8VHlbcO0GvsRl5xLFqc8femC2qPRk7SpIOSRxZXdu4liL9O5FFYaymThfFCA== ;{id = 41930}
+sub.example.com.	3600	IN	RRSIG	DNSKEY 11 3 3600 20070926134150 20070829134150 58910 sub.example.com. sksp5fNuXuYwSDarL18vtJfKu5zB7tSpGCZ0nkCqe6d8B0hd7ITZOi5hwm3u3raDBzpUmOZoS/HEVwx0MIGgdg== ;{id = 58910}
 SECTION AUTHORITY
 sub.example.com. IN	NS ns.sub.example.com.
-sub.example.com.        3600    IN      RRSIG   NS 249 3 3600 20070926134150 20070829134150 41930 sub.example.com. +RqxwrGqIOwgZit1MNe3oEPEvoTRppVylmLFXAT7tg2MxWBdqXwH1Pby3sbAy6T3Syk07LMEjZJ/qd5HYJO0+w== ;{id = 41930}
+sub.example.com.	3600	IN	RRSIG	NS 11 3 3600 20070926134150 20070829134150 58910 sub.example.com. S3ByzAnmpzVhSm+Qay+F7BRKPcoWfc/K0AV5Eg5vwwNqlpYwWNVvTRiE6YDiyJ7yOMsiff1E6FCuEDedLoa0/g== ;{id = 58910}
 SECTION ADDITIONAL
 ns.sub.example.com. IN A 1.2.3.6
-ns.sub.example.com.     3600    IN      RRSIG   A 249 4 3600 20070926134150 20070829134150 41930 sub.example.com. T7CSlknnb6GnM8hS9riryi9G06nr/2nJUfep97igb+aPgrLziF0UUVj3DjcISgmrCw0Pdegm2jJkVliFYm4PLQ== ;{id = 41930}
+ns.sub.example.com.	3600	IN	RRSIG	A 11 4 3600 20070926134150 20070829134150 58910 sub.example.com. H8+jqzbxcRWw1DBDB0azOaO6TRx9lE2JqiF4syuKvhApkSNmkNxB6hSLSp3qjL3zFbNSrlwo3nUBgeDh9mZTDA== ;{id = 58910}
 ENTRY_END
 ; response to query of interest
@ -188,7 +188,7 @@ SECTION QUESTION
 www.sub.example.com. IN A
 SECTION ANSWER
 www.sub.example.com. IN A	11.11.11.11
-www.sub.example.com.    3600    IN      RRSIG   A 249 4 3600 20070926134150 20070829134150 41930 sub.example.com. UUeLd4U/s4Bp2772GGbjFGc+JiiqL9VCSCRkSIPPIzCm7ECWNhpi+a3eG4oC4Z99ufpcP+v67FuAWlAGXyeW0A== ;{id = 41930}
+www.sub.example.com.	3600	IN	RRSIG	A 11 4 3600 20070926134150 20070829134150 58910 sub.example.com. Aov4/MYSAUGtAA+28i00gLPL+6F18v/rgH+tYRO5XIkMAgyS5sGhUGZ9k2EOCXSNxm6QQCm6+h70zt70gLrbNw== ;{id = 58910}
 SECTION AUTHORITY
 SECTION ADDITIONAL
@ -221,7 +221,7 @@ SECTION QUESTION
 www.sub.example.com. IN A
 SECTION ANSWER
 ;www.sub.example.com. 	3600	IN	A	11.11.11.11
-;www.sub.example.com.    3600    IN      RRSIG   A 249 4 3600 20070926134150 20070829134150 41930 sub.example.com. UUeLd4U/s4Bp2772GGbjFGc+JiiqL9VCSCRkSIPPIzCm7ECWNhpi+a3eG4oC4Z99ufpcP+v67FuAWlAGXyeW0A== ;{id = 41930}
+;www.sub.example.com.	3600	IN	RRSIG	A 11 4 3600 20070926134150 20070829134150 58910 sub.example.com. Aov4/MYSAUGtAA+28i00gLPL+6F18v/rgH+tYRO5XIkMAgyS5sGhUGZ9k2EOCXSNxm6QQCm6+h70zt70gLrbNw== ;{id = 58910}
 SECTION AUTHORITY
 SECTION ADDITIONAL
 ENTRY_END
--- a/validator/val_sigcrypt.c
+++ b/validator/val_sigcrypt.c
@ -274,7 +274,7 @@ ds_digest_size_algo(struct ub_packed_rrset_key* k, size_t idx)
 			return SHA256_DIGEST_LENGTH;
 #endif
 #ifdef USE_GOST
-		case LDNS_HASH_GOST94:
+		case LDNS_HASH_GOST:
 			if(EVP_get_digestbyname("md_gost94"))
 				return 32;
 			else	return 0;
@ -285,7 +285,7 @@ ds_digest_size_algo(struct ub_packed_rrset_key* k, size_t idx)
 }
 #ifdef USE_GOST
-/** Perform GOST94 hash */
+/** Perform GOST hash */
 static int
 do_gost94(unsigned char* data, size_t len, unsigned char* dest)
 {
@ -342,7 +342,7 @@ ds_create_dnskey_digest(struct module_env* env,
 			return 1;
 #endif
 #ifdef USE_GOST
-		case LDNS_HASH_GOST94:
+		case LDNS_HASH_GOST:
 			if(do_gost94((unsigned char*)ldns_buffer_begin(b), 
 				ldns_buffer_limit(b), (unsigned char*)digest))
 				return 1;
@ -419,7 +419,7 @@ dnskey_algo_id_is_supported(int id)
 #endif
 		return 1;
 #ifdef USE_GOST
-	case LDNS_GOST:
+	case LDNS_ECC_GOST:
 		/* we support GOST if it can be loaded */
 		return ldns_key_EVP_load_gost_id();
 #endif
@ -1383,7 +1383,7 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
 			break;
 #ifdef USE_GOST
-		case LDNS_GOST:
+		case LDNS_ECC_GOST:
 			*evp_key = ldns_gost2pkey_raw(key, keylen);
 			if(!*evp_key) {
 				verbose(VERB_QUERY, "verify: "
		`@ -0,0 +1 @@`
							`example.com. 3600 IN DS 58910 11 3 687978f784ddf4ffecd42788be42057d75bcf952134bf887d334e635b18dfdeb ; xipal-novuz-lecut-totyz-zurut-gonum-mazyg-dacal-tytur-suveh-dagig-revym-lugef-genef-hysam-tazav-ryxex`
		`@ -0,0 +1 @@`
							`example.com. 3600 IN DNSKEY 256 3 11 UQgaBVNAin7hJySuuU1V9z6+iDMMYGNNtCgNJLMCzBNxFHRdhQff/y1vZExYNfSztK3RUOiy/uTqIa265Fr6PQ== ;{id = 58910 (zsk), size = 512b}`
		`@ -1 +0,0 @@`
			`example.com. 3600 IN DS 41929 249 203 10e2bc48d0301d16858bd040ee7d5c1983122d6cec0e3324fcdb94ba5ac0f748 ; xegav-dozog-mugef-bolyc-kicem-rygug-borel-tulyc-nibuc-dyryk-serub-vasud-gazut-rihyr-pykis-bytyg-myxyx`
		`@ -1 +0,0 @@`
			`example.com. 3600 IN DNSKEY 256 3 249 AAB7oZ5Ox8mcGrhB4vh41LdJQ5i+MVbn0KVe1a0CU2Akdwbp1qZ2khQTJZ0wOFkEsmgU2wfggXTpU8rp745IDVUb ;{id = 41929 (zsk), size = 512b}`