More hmac-sha types for TSIG

NSD
1

ola,

i recently suffered some pain trying to get nsd to interoperate
with a 7 year old version of bind using very long keys with tsig
for zone transfers, but noted that nsd only supported the mandantory
ciphers.

it seems easy to add more of them though, so this diff adds
hmac-sha224, hmac-sha384, and hmac-sha512.

it may not even work, but throwing it out here for feedback.

note that this is a diff against the openbsd source tree. i can
rejig it against svn if you want.

Index: config.h.in

2

Hi David,

ola,

i recently suffered some pain trying to get nsd to interoperate
with a 7 year old version of bind using very long keys with tsig
for zone transfers, but noted that nsd only supported the
mandantory ciphers.

it seems easy to add more of them though, so this diff adds
hmac-sha224, hmac-sha384, and hmac-sha512.

Thank you, I have committed this for future releases.

Best regards,
   Wouter

it may not even work, but throwing it out here for feedback.

note that this is a diff against the openbsd source tree. i can
rejig it against svn if you want.

Index: config.h.in

RCS file: /cvs/src/usr.sbin/nsd/config.h.in,v

retrieving revision 1.17 diff -u -p -r1.17 config.h.in ---
config.h.in 3 Feb 2015 10:40:01 -0000 1.17 +++ config.h.in 6 May
2015 12:30:03 -0000 @@ -85,12 +85,6 @@ /* Define to 1 if you have
the <event.h> header file. */ #undef HAVE_EVENT_H

-/* Define to 1 if you have the `EVP_sha1' function. */ -#undef
HAVE_EVP_SHA1 - -/* Define to 1 if you have the `EVP_sha256'
function. */ -#undef HAVE_EVP_SHA256 - /* Define to 1 if you have
the `ev_default_loop' function. */ #undef HAVE_EV_DEFAULT_LOOP

Index: configure

RCS file: /cvs/src/usr.sbin/nsd/configure,v

retrieving revision 1.21 diff -u -p -r1.21 configure --- configure
3 Feb 2015 10:40:02 -0000 1.21 +++ configure 6 May 2015 12:30:03
-0000 @@ -8553,18 +8553,6 @@ else

fi

- for ac_func in EVP_sha1 EVP_sha256 -do : - as_ac_var=`$as_echo
"ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO"
"$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes";
then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo
"HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - fi

fi Index: configure.ac

RCS file: /cvs/src/usr.sbin/nsd/configure.ac,v

retrieving revision 1.20 diff -u -p -r1.20 configure.ac ---
configure.ac 3 Feb 2015 10:40:02 -0000 1.20 +++ configure.ac 6 May
2015 12:30:03 -0000 @@ -320,7 +320,6 @@ AC_DEFUN([CHECK_SSL], [
AC_CHECK_LIB(crypto, HMAC_CTX_init, [ AC_MSG_ERROR([OpenSSL found
in $ssldir, but version 0.9.7 or higher is required]) ]) -
AC_CHECK_FUNCS([EVP_sha1 EVP_sha256]) fi AC_SUBST(HAVE_SSL) fi
Index: tsig-openssl.c

RCS file: /cvs/src/usr.sbin/nsd/tsig-openssl.c,v