From 5c328419345fb88e065ac55655f2d961bd1f60bf Mon Sep 17 00:00:00 2001
From: Giovanni Bajo <rasky@develer.com>
Date: Wed, 2 May 2012 20:10:55 +0200
Subject: [PATCH] Implement RSA-SHA512.

---
 src/dnssec-crypto.h  |  3 ++-
 src/dnssec-openssl.c | 16 ++++++++++++----
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/src/dnssec-crypto.h b/src/dnssec-crypto.h
index b1c7ef8..d2f1308 100644
--- a/src/dnssec-crypto.h
+++ b/src/dnssec-crypto.h
@@ -41,7 +41,7 @@ struct VerifyAlgCtx
    const VerifyAlg *vtbl;
    unsigned char *sig;
    size_t siglen;
-   unsigned char digest[32];
+   unsigned char digest[64];  /* TODO: if memory problems, use VLA */
 };
 
 int verifyalg_supported(int algo);
@@ -55,6 +55,7 @@ int verifyalg_algonum(VerifyAlgCtx *a);
 #define DIGESTALG_SHA1     1
 #define DIGESTALG_SHA256   2
 #define DIGESTALG_MD5      256
+#define DIGESTALG_SHA512   257
 
 int digestalg_supported(int algo);
 int digestalg_begin(int algo);
diff --git a/src/dnssec-openssl.c b/src/dnssec-openssl.c
index 06ac557..1159e2a 100644
--- a/src/dnssec-openssl.c
+++ b/src/dnssec-openssl.c
@@ -107,6 +107,11 @@ static int rsasha256_verify(VerifyAlgCtx *ctx, struct keydata *key_data, unsigne
   return rsa_verify(ctx, key_data, key_len, NID_sha256, 32);
 }
 
+static int rsasha512_verify(VerifyAlgCtx *ctx, struct keydata *key_data, unsigned key_len)
+{
+  return rsa_verify(ctx, key_data, key_len, NID_sha512, 64);
+}
+
 static int dsasha1_verify(VerifyAlgCtx *ctx, struct keydata *key_data, unsigned key_len)
 {
   static unsigned char asn1_signature[] =
@@ -159,11 +164,11 @@ static const VerifyAlg valgs[] =
   VALG_VTABLE(dsasha1, DIGESTALG_SHA1),      /*  3: DSA */
   VALG_UNSUPPORTED(),                        /*  4: ECC */
   VALG_VTABLE(rsasha1, DIGESTALG_SHA1),      /*  5: RSASHA1 */
-  VALG_UNSUPPORTED(),                        /*  6: DSA-NSEC3-SHA1 */
+  VALG_VTABLE(dsasha1, DIGESTALG_SHA1),      /*  6: DSA-NSEC3-SHA1 */
   VALG_VTABLE(rsasha1, DIGESTALG_SHA1),      /*  7: RSASHA1-NSEC3-SHA1 */
   VALG_VTABLE(rsasha256, DIGESTALG_SHA256),  /*  8: RSASHA256 */
   VALG_UNSUPPORTED(),                        /*  9: unassigned */
-  VALG_UNSUPPORTED(),                        /* 10: RSASHA512 */
+  VALG_VTABLE(rsasha512, DIGESTALG_SHA512),  /* 10: RSASHA512 */
   VALG_UNSUPPORTED(),                        /* 11: unassigned */
   VALG_UNSUPPORTED(),                        /* 12: ECC-GOST */
   VALG_UNSUPPORTED(),                        /* 13: ECDSAP256SHA256 */
@@ -184,7 +189,7 @@ static const int valgctx_size[] =
   sizeof(VerifyAlgCtx),     /*  7: RSASHA1-NSEC3-SHA1 */
   sizeof(VerifyAlgCtx),     /*  8: RSASHA256 */
   0,                        /*  9: unassigned */
-  0,                        /* 10: RSASHA512 */
+  sizeof(VerifyAlgCtx),     /* 10: RSASHA512 */
   0,                        /* 11: unassigned */
   0,                        /* 12: ECC-GOST */
   0,                        /* 13: ECDSAP256SHA256 */
@@ -246,7 +251,8 @@ int digestalg_supported(int algo)
 {
   return (algo == DIGESTALG_SHA1 ||
           algo == DIGESTALG_SHA256 ||
-          algo == DIGESTALG_MD5);
+          algo == DIGESTALG_MD5 ||
+          algo == DIGESTALG_SHA512);
 }
 
 int digestalg_begin(int algo)
@@ -256,6 +262,8 @@ int digestalg_begin(int algo)
     EVP_DigestInit_ex(&digctx, EVP_sha1(), NULL);
   else if (algo == DIGESTALG_SHA256)
     EVP_DigestInit_ex(&digctx, EVP_sha256(), NULL);
+  else if (algo == DIGESTALG_SHA512)
+    EVP_DigestInit_ex(&digctx, EVP_sha512(), NULL);
   else if (algo == DIGESTALG_MD5)
     EVP_DigestInit_ex(&digctx, EVP_md5(), NULL);
   else