ldns/ldns-1.2.x-key2ds-SHA256.patch

Index: dnssec.c
===================================================================
--- dnssec.c	(revision 2398)
+++ dnssec.c	(revision 2400)
@@ -718,8 +718,15 @@
 			}
 		break;
 		case LDNS_SHA256:
-			ldns_rr_free(ds);
-			return NULL; /* not implemented */
+			#ifdef SHA256_DIGEST_LENGTH
+			digest = LDNS_XMALLOC(uint8_t, SHA256_DIGEST_LENGTH);
+			if (!digest) {
+				ldns_rr_free(ds);
+				return NULL;
+			}
+			#else
+			return NULL;
+			#endif
 		break;
 	}
 
@@ -771,6 +778,14 @@
 
 		break;
 		case LDNS_SHA256:
+#ifdef SHA256_DIGEST_LENGTH
+		(void) SHA256((unsigned char *) ldns_buffer_begin(data_buf),
+			    ldns_buffer_position(data_buf),
+			    (unsigned char*) digest);
+		tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX, SHA256_DIGEST_LENGTH,
+				digest);
+		ldns_rr_push_rdf(ds, tmp);
+#endif
 		break;
 	}
 
Index: examples/ldns-key2ds.c
===================================================================
--- examples/ldns-key2ds.c	(revision 2398)
+++ examples/ldns-key2ds.c	(revision 2400)
@@ -9,6 +9,7 @@
 #include "config.h"
 
 #include <ldns/ldns.h>
+#include <openssl/ssl.h>
 
 #include <errno.h>
 
@@ -45,6 +46,9 @@
 			h = LDNS_SHA1;
 		} 
 		if (strcmp(argv[0], "-2") == 0) {
+		        #ifndef SHA256_DIGEST_LENGTH
+		          fprintf(stderr, "Error: Crypto library does not support SHA256 digests!");
+		        #endif
 			h = LDNS_SHA256;
 		} 
 		argv++, argc--;
@@ -73,7 +77,7 @@
 	owner = ldns_rdf2str(ldns_rr_owner(k));
 	alg = ldns_rdf2native_int8(ldns_rr_dnskey_algorithm(k));
 
-	ds = ldns_key_rr2ds(k, LDNS_SHA1);
+	ds = ldns_key_rr2ds(k, h);
 	if (!ds) {
 		fprintf(stderr, "Conversion to a DS RR failed\n");
 		ldns_rr_free(k);