From 970ce22b68a4be3db6c63a00ff4f13c57469030d Mon Sep 17 00:00:00 2001
From: Giovanni Bajo <rasky@develer.com>
Date: Sun, 22 Apr 2012 15:22:07 +0200
Subject: [PATCH] Augment verify algorithm table.

---
 src/dnssec.c | 27 ++++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/src/dnssec.c b/src/dnssec.c
index 27cef65..0eae9ed 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -43,16 +43,25 @@ typedef struct
   int (*verify)(unsigned char *key, unsigned key_len);
 } VerifyAlg;
 
-/* RFC4034, Appendix A.1: only algorithm 3 (DSA/SHA1) and 5 (RSA/SHA1) are
-   currently valid for zone-signing. */
-static const VerifyAlg valgs[6] = 
+/* Updated registry that merges various RFCs:
+   https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xml */
+static const VerifyAlg valgs[] =
 {
-  {0,0,0,0,0},   /* 0: reserved */
-  {0,0,0,0,0},   /* 1: RSA/MD5 */
-  {0,0,0,0,0},   /* 2: DH */
-  {0,0,0,0,0},   /* 3: DSA/SHA1 */
-  {0,0,0,0,0},   /* 4: ECC */
-  {0,0,0,0,0},   /* 5: RSA/SHA1 */
+  {0,0,0,0,0},   /*  0: reserved */
+  {0,0,0,0,0},   /*  1: RSAMD5 */
+  {0,0,0,0,0},   /*  2: DH */
+  {0,0,0,0,0},   /*  3: DSA */
+  {0,0,0,0,0},   /*  4: ECC */
+  {0,0,0,0,0},   /*  5: RSASHA1 */
+  {0,0,0,0,0},   /*  6: DSA-NSEC3-SHA1 */
+  {0,0,0,0,0},   /*  7: RSASHA1-NSEC3-SHA1 */
+  {0,0,0,0,0},   /*  8: RSASHA256 */
+  {0,0,0,0,0},   /*  9: unassigned */
+  {0,0,0,0,0},   /* 10: RSASHA512 */
+  {0,0,0,0,0},   /* 11: unassigned */
+  {0,0,0,0,0},   /* 12: ECC-GOST */
+  {0,0,0,0,0},   /* 13: ECDSAP256SHA256 */
+  {0,0,0,0,0},   /* 14: ECDSAP384SHA384 */
 };
 
 /* Implement RFC1982 wrapped compare for 32-bit numbers */