- RSASHA256_NSEC3 and RSASHA512_NSEC3 algos are supported.

- updated ldns tarball (with those algos). git-svn-id: file:///svn/unbound/trunk@1327 be551aaa-1e26-0410-a405-d3ace91eadb9
2025-12-20 23:00:56 -05:00 · 2008-11-03 15:42:07 +00:00 · 2008-11-03 15:42:07 +00:00 · 8a32f9003b
commit 8a32f9003b
parent 7bf176eeba
4 changed files with 13 additions and 4 deletions
--- a/doc/Changelog
+++ b/doc/Changelog
@ -3,6 +3,9 @@
 	- generated configure with autoconf-2.61.
 	- iana portlist updated.
 	- detect if libssl needs libdl.  For static linking with libssl.
+	- changed to use new algorithm identifiers for sha256/sha512
+	  from ldns 1.4.0 (need very latest version).
+	- updated the included ldns tarball.

 23 October 2008: Wouter
 	- a little more debug info for failure on signer names. prints names.
--- a/ldns-src.tar.gz
+++ b/ldns-src.tar.gz
--- a/testdata/test_signatures.10
+++ b/testdata/test_signatures.10
@ -10,7 +10,7 @@ ENTRY_BEGIN
 SECTION QUESTION
 sub.example.com.	IN DNSKEY
 SECTION ANSWER
-example.com.	3600	IN	DNSKEY	256 3 9 AwEAAeHRRbGrk8zEVeSLNlELTGcvJLEiv+OJp1HWhq+kitN3p+IjLT2YmV2p43ReRiPSBDjzsf/8VPKCsGaDeli0/cq3u0s54ft8KB9lYbMDKg0LQkDdjVY2Ah5l7FRZGDn+AnmxWlZ3mp8ZREs2NCtQW5GOiKzZtJfftUZ9f8PXemIV ;{id = 54034 (zsk), size = 1024b}
+example.com.	3600	IN	DNSKEY	256 3 10 AwEAAb3HJP1WF0wWvk9VqqZ2+xTpURPSwyiZcNRlO/hAXJisMA4/ZN2Kf0aNGewVDa6IhT8ehww5FBvVJm3R1KW/hqO+H3WzvCBpVDv1JdDqZvHMGiqEd2lCfKz4+fxuJ+HeUJBZlTz6pm9Rlqevry5uB7sKpgddDe2fK9CFCr7M1BzX ;{id = 18320 (zsk), size = 1024b}
 ENTRY_END

 ; entry to test
@ -19,6 +19,6 @@ SECTION QUESTION
 www.example.com.    IN      A 
 SECTION ANSWER
 www.example.com.	3600	IN	A	192.0.2.66
-www.example.com.	3600	IN	RRSIG	A 9 3 3600 20070926134150 20070829134150 54034 example.com. FASMRTKfNKrj4o5gEkwfIjlqw2o03ZaoT95TcEdhBW80iyhi3cN3FESX7cquyqQ3AoA3i7OU5bqFVeLoQq9zeE8G2qHklpSPjrEFPHB/HKPtweb5rk4+yZqo9b0G375We12sZWHY5/gpaL2zVgX5A3j2H78rlfM7EMVnOEOIc0Y= ;{id = 54034}
+www.example.com.	3600	IN	RRSIG	A 10 3 3600 20070926134150 20070829134150 18320 example.com. m0FS92Zg6oyJE7CEwa4o2hkV+U6M/Xvniem/vLo9pz4tsAv7xxlMgT0Q8Uxl+pugiHTMSJ78V6fG/Kv6FZgesxKu70mLHQo1SjAgozRHuNwUB6cD8yeOeX0WafbRW4IfvSs6uauc+/SRukBFhJMdiX/IXw3syUGfntm03jcpWoc= ;{id = 18320}
 ENTRY_END

--- a/validator/val_sigcrypt.c
+++ b/validator/val_sigcrypt.c
@ -372,9 +372,11 @@ dnskey_algo_id_is_supported(int id)
 	case LDNS_RSAMD5:
 #ifdef SHA256_DIGEST_LENGTH
 	case LDNS_RSASHA256:
+	case LDNS_RSASHA256_NSEC3:
 #endif
 #ifdef SHA512_DIGEST_LENGTH
 	case LDNS_RSASHA512:
+	case LDNS_RSASHA512_NSEC3:
 #endif
 		return 1;
 	default:
@ -1302,9 +1304,11 @@ setup_key_digest(int algo, EVP_PKEY* evp_key, const EVP_MD** digest_type,
 		case LDNS_RSASHA1_NSEC3:
 #ifdef SHA256_DIGEST_LENGTH
 		case LDNS_RSASHA256:
+		case LDNS_RSASHA256_NSEC3:
 #endif
 #ifdef SHA512_DIGEST_LENGTH
 		case LDNS_RSASHA512:
+		case LDNS_RSASHA512_NSEC3:
 #endif
 			rsa = ldns_key_buf2rsa_raw(key, keylen);
 			if(!rsa) {
@ -1320,12 +1324,14 @@ setup_key_digest(int algo, EVP_PKEY* evp_key, const EVP_MD** digest_type,

 			/* select SHA version */
 #ifdef SHA256_DIGEST_LENGTH
-			if(algo == LDNS_RSASHA256)
+			if(algo == LDNS_RSASHA256 || 
+				algo == LDNS_RSASHA256_NSEC3)
 				*digest_type = EVP_sha256();
 			else
 #endif
 #ifdef SHA512_DIGEST_LENGTH
-				if(algo == LDNS_RSASHA512)
+				if(algo == LDNS_RSASHA512 || 
+					algo == LDNS_RSASHA512_NSEC3)
 				*digest_type = EVP_sha512();
 			else
 #endif