1 files changed, 35 insertions, 14 deletions

diff --git a/contrib/bind9/lib/dns/ds.c b/contrib/bind9/lib/dns/ds.c
index b0ca523..7cd1609 100644
--- a/contrib/bind9/lib/dns/ds.c
+++ b/contrib/bind9/lib/dns/ds.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2002, 2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,9 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: ds.c,v 1.4.2.1 2004/03/08 02:07:53 marka Exp $ */
+/* $Id: ds.c,v 1.4.20.5 2006/02/22 23:50:09 marka Exp $ */
+
+/*! \file */
 
 #include <config.h>
 
@@ -24,6 +26,7 @@
 #include <isc/buffer.h>
 #include <isc/region.h>
 #include <isc/sha1.h>
+#include <isc/sha2.h>
 #include <isc/util.h>
 
 #include <dns/ds.h>
@@ -40,10 +43,9 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key,
 		  unsigned int digest_type, unsigned char *buffer,
 		  dns_rdata_t *rdata)
 {
-	isc_sha1_t sha1;
 	dns_fixedname_t fname;
 	dns_name_t *name;
-	unsigned char digest[ISC_SHA1_DIGESTLENGTH];
+	unsigned char digest[ISC_SHA256_DIGESTLENGTH];
 	isc_region_t r;
 	isc_buffer_t b;
 	dns_rdata_ds_t ds;
@@ -51,7 +53,7 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key,
 	REQUIRE(key != NULL);
 	REQUIRE(key->type == dns_rdatatype_dnskey);
 
-	if (digest_type != DNS_DSDIGEST_SHA1)
+	if (!dns_ds_digest_supported(digest_type))
 		return (ISC_R_NOTIMPLEMENTED);
 
 	dns_fixedname_init(&fname);
@@ -61,23 +63,42 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key,
 	memset(buffer, 0, DNS_DS_BUFFERSIZE);
 	isc_buffer_init(&b, buffer, DNS_DS_BUFFERSIZE);
 
-	isc_sha1_init(&sha1);
-	dns_name_toregion(name, &r);
-	isc_sha1_update(&sha1, r.base, r.length);
-	dns_rdata_toregion(key, &r);
-	INSIST(r.length >= 4);
-	isc_sha1_update(&sha1, r.base, r.length);
-	isc_sha1_final(&sha1, digest);
+	if (digest_type == DNS_DSDIGEST_SHA1) {
+		isc_sha1_t sha1;
+		isc_sha1_init(&sha1);
+		dns_name_toregion(name, &r);
+		isc_sha1_update(&sha1, r.base, r.length);
+		dns_rdata_toregion(key, &r);
+		INSIST(r.length >= 4);
+		isc_sha1_update(&sha1, r.base, r.length);
+		isc_sha1_final(&sha1, digest);
+	} else {
+		isc_sha256_t sha256;
+		isc_sha256_init(&sha256);
+		dns_name_toregion(name, &r);
+		isc_sha256_update(&sha256, r.base, r.length);
+		dns_rdata_toregion(key, &r);
+		INSIST(r.length >= 4);
+		isc_sha256_update(&sha256, r.base, r.length);
+		isc_sha256_final(digest, &sha256);
+	}
 
 	ds.mctx = NULL;
 	ds.common.rdclass = key->rdclass;
 	ds.common.rdtype = dns_rdatatype_ds;
 	ds.algorithm = r.base[3];
 	ds.key_tag = dst_region_computeid(&r, ds.algorithm);
-	ds.digest_type = DNS_DSDIGEST_SHA1;
-	ds.length = ISC_SHA1_DIGESTLENGTH;
+	ds.digest_type = digest_type;
+	ds.length = (digest_type == DNS_DSDIGEST_SHA1) ?
+		    ISC_SHA1_DIGESTLENGTH : ISC_SHA256_DIGESTLENGTH;
 	ds.digest = digest;
 
 	return (dns_rdata_fromstruct(rdata, key->rdclass, dns_rdatatype_ds,
 				     &ds, &b));
 }
+
+isc_boolean_t
+dns_ds_digest_supported(unsigned int digest_type) {
+	return  (ISC_TF(digest_type == DNS_DSDIGEST_SHA1 ||
+			digest_type == DNS_DSDIGEST_SHA256));
+}