DST_SIG_MODE -> DST_SIGMODE

bin/tests/dst/dst_test.c

@@ -51,13 +51,13 @@ use(dst_key_t *key) {
 	isc_buffer_add(&databuf, strlen(data));
 	isc_buffer_used(&databuf, &datareg);
 
-	ret = dst_sign(DST_SIG_MODE_ALL, key, NULL, &datareg, &sigbuf);
+	ret = dst_sign(DST_SIGMODE_ALL, key, NULL, &datareg, &sigbuf);
 	printf("sign(%d) returned: %s\n", dst_key_alg(key),
 	       dst_result_totext(ret));
 
 	isc_buffer_forward(&sigbuf, 1);
 	isc_buffer_remaining(&sigbuf, &sigreg);
-	ret = dst_verify(DST_SIG_MODE_ALL, key, NULL, &datareg, &sigreg);
+	ret = dst_verify(DST_SIGMODE_ALL, key, NULL, &datareg, &sigreg);
 	printf("verify(%d) returned: %s\n", dst_key_alg(key),
 	       dst_result_totext(ret));
 }

bin/tests/dst/t_dst.c

@@ -92,7 +92,7 @@ use(dst_key_t *key, dst_result_t exp_result, int *nfails) {
 	isc_buffer_add(&databuf, strlen(data));
 	isc_buffer_used(&databuf, &datareg);
 
-	ret = dst_sign(DST_SIG_MODE_ALL, key, NULL, &datareg, &sigbuf);
+	ret = dst_sign(DST_SIGMODE_ALL, key, NULL, &datareg, &sigbuf);
 	if (ret != exp_result) {
 		t_info("dst_sign(%d) returned (%s) expected (%s)\n",
 				dst_key_alg(key), dst_result_totext(ret),
@@ -103,7 +103,7 @@ use(dst_key_t *key, dst_result_t exp_result, int *nfails) {
 
 
 	isc_buffer_remaining(&sigbuf, &sigreg);
-	ret = dst_verify(DST_SIG_MODE_ALL, key, NULL, &datareg, &sigreg);
+	ret = dst_verify(DST_SIGMODE_ALL, key, NULL, &datareg, &sigreg);
 	if (ret != exp_result) {
 		t_info("dst_verify(%d) returned (%s) expected (%s)\n",
 				dst_key_alg(key), dst_result_totext(ret),

lib/dns/sec/dst/bsafe_link.c

@@ -19,7 +19,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: bsafe_link.c,v 1.1 1999/07/12 20:08:28 bwelling Exp $
+ * $Id: bsafe_link.c,v 1.2 1999/08/26 20:41:54 bwelling Exp $
  */
 
 #include <config.h>
@@ -136,7 +136,7 @@ dst_s_bsafe_init()
  *	UPDATE (hash (more) data), FINAL (generate a signature).  This
  *	routine performs one or more of these steps.
  * Parameters
- *	mode		DST_SIG_MODE_{INIT_UPDATE_FINAL|ALL}
+ *	mode		DST_SIGMODE_{INIT_UPDATE_FINAL|ALL}
  *	key		key to use for signing
  *	context		the context to use for this computation
  *	data		data to be signed
@@ -157,7 +157,7 @@ dst_bsafe_sign(const int mode, dst_key_t *key, void **context,
 	isc_region_t sig_region, digest_region;
 	dst_result_t ret;
 	
-	if (mode & DST_SIG_MODE_INIT) { 
+	if (mode & DST_SIGMODE_INIT) { 
 		md5_ctx = (B_ALGORITHM_OBJ *) isc_mem_get(mctx,
 							  sizeof(*md5_ctx));
 		if (md5_ctx == NULL)
@@ -174,7 +174,7 @@ dst_bsafe_sign(const int mode, dst_key_t *key, void **context,
 	isc_buffer_init(&digest, digest_array, sizeof(digest_array),
 			ISC_BUFFERTYPE_BINARY);
 	ret = dst_bsafe_md5digest(mode, md5_ctx, data, &digest);
-	if (ret != DST_R_SUCCESS || (mode & DST_SIG_MODE_FINAL)) {
+	if (ret != DST_R_SUCCESS || (mode & DST_SIGMODE_FINAL)) {
 		B_DestroyAlgorithmObject(md5_ctx);
 		memset(md5_ctx, 0, sizeof(*md5_ctx));
 		isc_mem_put(mctx, md5_ctx, sizeof(*md5_ctx));
@@ -182,7 +182,7 @@ dst_bsafe_sign(const int mode, dst_key_t *key, void **context,
 			return (ret);
 	}
 
-	if (mode & DST_SIG_MODE_FINAL) {
+	if (mode & DST_SIGMODE_FINAL) {
 		RSA_Key *rkey;
 		B_ALGORITHM_OBJ rsaEncryptor = (B_ALGORITHM_OBJ) NULL_PTR;
 		unsigned int written = 0;
@@ -261,7 +261,7 @@ dst_bsafe_sign(const int mode, dst_key_t *key, void **context,
  *	FINAL (generate a signature).  This routine performs one or more of 
  *	these steps.
  * Parameters
- *	mode		DST_SIG_MODE_{INIT_UPDATE_FINAL|ALL}
+ *	mode		DST_SIGMODE_{INIT_UPDATE_FINAL|ALL}
  *	key		key to use for verifying
  *	context		the context to use for this computation
  *	data		signed data
@@ -283,7 +283,7 @@ dst_bsafe_verify(const int mode, dst_key_t *key, void **context,
 	dst_result_t ret;
 	int status = 0;
 
-	if (mode & DST_SIG_MODE_INIT) { 
+	if (mode & DST_SIGMODE_INIT) { 
 		md5_ctx = (B_ALGORITHM_OBJ *) isc_mem_get(mctx,
 							  sizeof(*md5_ctx));
 		if (md5_ctx == NULL)
@@ -300,7 +300,7 @@ dst_bsafe_verify(const int mode, dst_key_t *key, void **context,
 	isc_buffer_init(&digest, digest_array, sizeof(digest_array),
 			ISC_BUFFERTYPE_BINARY);
 	ret = dst_bsafe_md5digest(mode, md5_ctx, data, &digest);
-	if (ret != DST_R_SUCCESS || (mode & DST_SIG_MODE_FINAL)) {
+	if (ret != DST_R_SUCCESS || (mode & DST_SIGMODE_FINAL)) {
 		B_DestroyAlgorithmObject(md5_ctx);
 		memset(md5_ctx, 0, sizeof(*md5_ctx));
 		isc_mem_put(mctx, md5_ctx, sizeof(*md5_ctx));
@@ -308,7 +308,7 @@ dst_bsafe_verify(const int mode, dst_key_t *key, void **context,
 			return (ret);
 	}
 
-	if (mode & DST_SIG_MODE_FINAL) {
+	if (mode & DST_SIGMODE_FINAL) {
 		RSA_Key *rkey;
 		B_ALGORITHM_OBJ rsaEncryptor = (B_ALGORITHM_OBJ) NULL_PTR;
 		unsigned int written = 0;
@@ -1004,18 +1004,18 @@ dst_bsafe_md5digest(const int mode, B_ALGORITHM_OBJ *digest_obj,
 	REQUIRE(digest != NULL);
 	REQUIRE(digest_obj != NULL);
 
-	if ((mode & DST_SIG_MODE_INIT) &&
+	if ((mode & DST_SIGMODE_INIT) &&
 	    (status = B_DigestInit(*digest_obj, (B_KEY_OBJ) NULL,
 				   CHOOSER, NULL_SURRENDER)) != 0)
 		return (DST_R_SIGN_INIT_FAILURE);
 
-	if ((mode & DST_SIG_MODE_UPDATE) &&
+	if ((mode & DST_SIGMODE_UPDATE) &&
 	    (status = B_DigestUpdate(*digest_obj, data->base, data->length,
 				     NULL_SURRENDER)) != 0)
 		return (DST_R_SIGN_UPDATE_FAILURE);
 
 	isc_buffer_available(digest, &r);
-	if (mode & DST_SIG_MODE_FINAL) {
+	if (mode & DST_SIGMODE_FINAL) {
 		if (digest == NULL ||
 		    (status = B_DigestFinal(*digest_obj, r.base, &written,
 					    r.length, NULL_SURRENDER)) != 0)

lib/dns/sec/dst/dst_api.c

@@ -17,7 +17,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: dst_api.c,v 1.4 1999/08/20 17:03:30 bwelling Exp $
+ * $Id: dst_api.c,v 1.5 1999/08/26 20:41:54 bwelling Exp $
  */
 
 #include <config.h>
@@ -85,17 +85,17 @@ dst_supported_algorithm(const int alg) {
 /*
  * dst_sign
  *	An incremental signing function.  Data is signed in steps.
- *	First the context must be initialized (DST_SIG_MODE_INIT).
+ *	First the context must be initialized (DST_SIGMODE_INIT).
- *	Then data is hashed (DST_SIG_MODE_UPDATE).  Finally the signature
+ *	Then data is hashed (DST_SIGMODE_UPDATE).  Finally the signature
- *	itself is created (DST_SIG_MODE_FINAL).  This function can be called
+ *	itself is created (DST_SIGMODE_FINAL).  This function can be called
- *	once with DST_SIG_MODE_ALL set, or it can be called separately 
+ *	once with DST_SIGMODE_ALL set, or it can be called separately 
  *	for each step.  The UPDATE step may be repeated.
  * Parameters
  *	mode		A bit mask specifying operation(s) to be performed.
- *			  DST_SIG_MODE_INIT	Initialize digest
+ *			  DST_SIGMODE_INIT	Initialize digest
- *			  DST_SIG_MODE_UPDATE	Add data to digest
+ *			  DST_SIGMODE_UPDATE	Add data to digest
- *			  DST_SIG_MODE_FINAL	Generate signature
+ *			  DST_SIGMODE_FINAL	Generate signature
- *			  DST_SIG_MODE_ALL	Perform all operations
+ *			  DST_SIGMODE_ALL	Perform all operations
  *	key		The private key used to sign the data
  *	context		The state of the operation
  *	data		The data to be signed.
@@ -110,12 +110,12 @@ dst_sign(const int mode, dst_key_t *key, dst_context_t *context,
 {
 	RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
 	REQUIRE(VALID_KEY(key));
-	REQUIRE((mode & DST_SIG_MODE_ALL) != 0);
+	REQUIRE((mode & DST_SIGMODE_ALL) != 0);
 
-	if ((mode & DST_SIG_MODE_UPDATE) != 0)
+	if ((mode & DST_SIGMODE_UPDATE) != 0)
 		REQUIRE(data != NULL && data->base != NULL);
 
-	if ((mode & DST_SIG_MODE_FINAL) != 0)
+	if ((mode & DST_SIGMODE_FINAL) != 0)
 		REQUIRE(sig != NULL);
 
 	if (dst_supported_algorithm(key->key_alg) == ISC_FALSE)
@@ -131,17 +131,17 @@ dst_sign(const int mode, dst_key_t *key, dst_context_t *context,
 /*
  *  dst_verify
  *	An incremental verify function.  Data is verified in steps.
- *	First the context must be initialized (DST_SIG_MODE_INIT).
+ *	First the context must be initialized (DST_SIGMODE_INIT).
- *	Then data is hashed (DST_SIG_MODE_UPDATE).  Finally the signature
+ *	Then data is hashed (DST_SIGMODE_UPDATE).  Finally the signature
- *	is verified (DST_SIG_MODE_FINAL).  This function can be called
+ *	is verified (DST_SIGMODE_FINAL).  This function can be called
- *	once with DST_SIG_MODE_ALL set, or it can be called separately
+ *	once with DST_SIGMODE_ALL set, or it can be called separately
  *	for each step.  The UPDATE step may be repeated.
  *  Parameters
  *	mode		A bit mask specifying operation(s) to be performed.
- *			  DST_SIG_MODE_INIT	Initialize digest
+ *			  DST_SIGMODE_INIT	Initialize digest
- *			  DST_SIG_MODE_UPDATE	Add data to digest
+ *			  DST_SIGMODE_UPDATE	Add data to digest
- *			  DST_SIG_MODE_FINAL	Verify signature
+ *			  DST_SIGMODE_FINAL	Verify signature
- *			  DST_SIG_MODE_ALL	Perform all operations
+ *			  DST_SIGMODE_ALL	Perform all operations
  *	key		The public key used to verify the signature.
  *	context		The state of the operation
  *	data		The data to be digested.
@@ -157,12 +157,12 @@ dst_verify(const int mode, dst_key_t *key, dst_context_t *context,
 {
 	RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
 	REQUIRE(VALID_KEY(key));
-	REQUIRE((mode & DST_SIG_MODE_ALL) != 0);
+	REQUIRE((mode & DST_SIGMODE_ALL) != 0);
 
-	if ((mode & DST_SIG_MODE_UPDATE) != 0)
+	if ((mode & DST_SIGMODE_UPDATE) != 0)
 		REQUIRE(data != NULL && data->base != NULL);
 
-	if ((mode & DST_SIG_MODE_FINAL) != 0)
+	if ((mode & DST_SIGMODE_FINAL) != 0)
 		REQUIRE(sig != NULL && sig->base != NULL);
 
 	if (dst_supported_algorithm(key->key_alg) == ISC_FALSE)

lib/dns/sec/dst/hmac_link.c

@@ -17,7 +17,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: hmac_link.c,v 1.2 1999/07/29 17:21:23 bwelling Exp $
+ * $Id: hmac_link.c,v 1.3 1999/08/26 20:41:54 bwelling Exp $
  */
 
 #include <config.h>
@@ -100,7 +100,7 @@ dst_s_hmacmd5_init()
  *	UPDATE (hash (more) data), FINAL (generate a signature).  This
  *	routine performs one or more of these steps.
  * Parameters
- *	mode		DST_SIG_MODE_{INIT_UPDATE_FINAL|ALL}
+ *	mode		DST_SIGMODE_{INIT_UPDATE_FINAL|ALL}
  *	key		key to use for signing
  *	context		the context to use for this computation
  *	data		data to be signed
@@ -117,7 +117,7 @@ dst_hmacmd5_sign(const int mode, dst_key_t *key, void **context,
 	isc_region_t r;
 	MD5_CTX *ctx = NULL;
 	
-	if (mode & DST_SIG_MODE_INIT) { 
+	if (mode & DST_SIGMODE_INIT) { 
 		ctx = (MD5_CTX *) isc_mem_get(mctx, sizeof(MD5_CTX));
 		if (ctx == NULL)
 			return (DST_R_NOMEMORY);
@@ -126,17 +126,17 @@ dst_hmacmd5_sign(const int mode, dst_key_t *key, void **context,
 		ctx = (MD5_CTX *) *context;
 	REQUIRE (ctx != NULL);
 
-	if (mode & DST_SIG_MODE_INIT) {
+	if (mode & DST_SIGMODE_INIT) {
 		HMAC_Key *hkey = key->opaque;
 
 		MD5Init(ctx);
 		MD5Update(ctx, hkey->ipad, HMAC_LEN);
 	}
 
-	if ((mode & DST_SIG_MODE_UPDATE))
+	if ((mode & DST_SIGMODE_UPDATE))
 		MD5Update(ctx, data->base, data->length);
 
-	if (mode & DST_SIG_MODE_FINAL) {
+	if (mode & DST_SIGMODE_FINAL) {
 		HMAC_Key *hkey = key->opaque;
 
 		isc_buffer_available(sig, &r);
@@ -168,7 +168,7 @@ dst_hmacmd5_sign(const int mode, dst_key_t *key, void **context,
  *	FINAL (generate a signature).  This routine performs one or more of 
  *	these steps.
  * Parameters
- *	mode		DST_SIG_MODE_{INIT_UPDATE_FINAL|ALL}
+ *	mode		DST_SIGMODE_{INIT_UPDATE_FINAL|ALL}
  *	key		key to use for verifying
  *	context		the context to use for this computation
  *	data		signed data
@@ -184,7 +184,7 @@ dst_hmacmd5_verify(const int mode, dst_key_t *key, void **context,
 {
 	MD5_CTX *ctx = NULL;
 	
-	if (mode & DST_SIG_MODE_INIT) { 
+	if (mode & DST_SIGMODE_INIT) { 
 		ctx = (MD5_CTX *) isc_mem_get(mctx, sizeof(MD5_CTX));
 		if (ctx == NULL)
 			return (DST_R_NOMEMORY);
@@ -193,17 +193,17 @@ dst_hmacmd5_verify(const int mode, dst_key_t *key, void **context,
 		ctx = (MD5_CTX *) *context;
 	REQUIRE (ctx != NULL);
 
-	if (mode & DST_SIG_MODE_INIT) {
+	if (mode & DST_SIGMODE_INIT) {
 		HMAC_Key *hkey = key->opaque;
 
 		MD5Init(ctx);
 		MD5Update(ctx, hkey->ipad, HMAC_LEN);
 	}
 
-	if ((mode & DST_SIG_MODE_UPDATE))
+	if ((mode & DST_SIGMODE_UPDATE))
 		MD5Update(ctx, data->base, data->length);
 
-	if (mode & DST_SIG_MODE_FINAL) {
+	if (mode & DST_SIGMODE_FINAL) {
 		u_char digest[MD5_LEN];
 		HMAC_Key *hkey = key->opaque;
 

lib/dns/sec/dst/include/dst/dst.h

@@ -37,12 +37,12 @@ typedef void *		dst_context_t;
 #define DST_MAX_ALGS		DST_ALG_HMAC_SHA1
 
 /* 'Mode' passed into dst_sign() and dst_verify() */
-#define DST_SIG_MODE_INIT	1	/* initialize digest */
+#define DST_SIGMODE_INIT	1	/* initialize digest */
-#define DST_SIG_MODE_UPDATE	2	/* add data to digest */
+#define DST_SIGMODE_UPDATE	2	/* add data to digest */
-#define DST_SIG_MODE_FINAL	4 	/* generate/verify signature */
+#define DST_SIGMODE_FINAL	4 	/* generate/verify signature */
-#define DST_SIG_MODE_ALL	(DST_SIG_MODE_INIT | \
+#define DST_SIGMODE_ALL		(DST_SIGMODE_INIT | \
-				 DST_SIG_MODE_UPDATE | \
+				 DST_SIGMODE_UPDATE | \
-				 DST_SIG_MODE_FINAL)
+				 DST_SIGMODE_FINAL)
 
 /* A buffer of this size is large enough to hold any key */
 #define DST_MAX_KEY_SIZE	1024
@@ -64,8 +64,8 @@ dst_supported_algorithm(const int alg);
 /* Sign a block of data.
  *
  * Requires:
- *	"mode" is some combination of DST_SIG_MODE_INIT, DST_SIG_MODE_UPDATE,
+ *	"mode" is some combination of DST_SIGMODE_INIT, DST_SIGMODE_UPDATE,
- *		and DST_SIG_MODE_FINAL.
+ *		and DST_SIGMODE_FINAL.
  *	"key" is a valid key.
  *	"context" contains a value appropriate for the value of "mode".
  *	"data" is a valid region.
@@ -82,8 +82,8 @@ dst_sign(const int mode, dst_key_t *key, dst_context_t *context,
 /* Verify a signature on a block of data.
  *
  * Requires:
- *	"mode" is some combination of DST_SIG_MODE_INIT, DST_SIG_MODE_UPDATE,
+ *	"mode" is some combination of DST_SIGMODE_INIT, DST_SIGMODE_UPDATE,
- *		and DST_SIG_MODE_FINAL.
+ *		and DST_SIGMODE_FINAL.
  *	"key" is a valid key.
  *	"context" contains a value appropriate for the value of "mode".
  *	"data" is a valid region.

lib/dns/sec/dst/openssl_link.c

@@ -19,7 +19,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: openssl_link.c,v 1.1 1999/07/12 20:08:29 bwelling Exp $
+ * $Id: openssl_link.c,v 1.2 1999/08/26 20:41:54 bwelling Exp $
  */
 
 #include <config.h>
@@ -97,7 +97,7 @@ dst_s_openssl_init()
  *	UPDATE (hash (more) data), FINAL (generate a signature).  This
  *	routine performs one or more of these steps.
  * Parameters
- *	mode		DST_SIG_MODE_{INIT_UPDATE_FINAL|ALL}
+ *	mode		DST_SIGMODE_{INIT_UPDATE_FINAL|ALL}
  *	key		key to use for signing
  *	context		the context to use for this computation
  *	data		data to be signed
@@ -114,7 +114,7 @@ dst_openssl_sign(const int mode, dst_key_t *key, void **context,
 	isc_region_t r;
 	SHA_CTX *ctx = NULL;
 	
-	if (mode & DST_SIG_MODE_INIT) { 
+	if (mode & DST_SIGMODE_INIT) { 
 		ctx = (SHA_CTX *) isc_mem_get(mctx, sizeof(SHA_CTX));
 		if (ctx == NULL)
 			return (DST_R_NOMEMORY);
@@ -123,13 +123,13 @@ dst_openssl_sign(const int mode, dst_key_t *key, void **context,
 		ctx = (SHA_CTX *) *context;
 	REQUIRE (ctx != NULL);
 
-	if (mode & DST_SIG_MODE_INIT)
+	if (mode & DST_SIGMODE_INIT)
 		SHA1_Init(ctx);
 
-	if ((mode & DST_SIG_MODE_UPDATE))
+	if ((mode & DST_SIGMODE_UPDATE))
 		SHA1_Update(ctx, data->base, data->length);
 
-	if (mode & DST_SIG_MODE_FINAL) {
+	if (mode & DST_SIGMODE_FINAL) {
 		DSA *dsa;
 		DSA_SIG *dsasig;
 		unsigned char digest[SHA_DIGEST_LENGTH];
@@ -169,7 +169,7 @@ dst_openssl_sign(const int mode, dst_key_t *key, void **context,
  *	FINAL (generate a signature).  This routine performs one or more of 
  *	these steps.
  * Parameters
- *	mode		DST_SIG_MODE_{INIT_UPDATE_FINAL|ALL}
+ *	mode		DST_SIGMODE_{INIT_UPDATE_FINAL|ALL}
  *	key		key to use for verifying
  *	context		the context to use for this computation
  *	data		signed data
@@ -186,7 +186,7 @@ dst_openssl_verify(const int mode, dst_key_t *key, void **context,
 	int status = 0;
 	SHA_CTX *ctx = NULL;
 	
-	if (mode & DST_SIG_MODE_INIT) { 
+	if (mode & DST_SIGMODE_INIT) { 
 		ctx = (SHA_CTX *) isc_mem_get(mctx, sizeof(SHA_CTX));
 		if (ctx == NULL)
 			return (DST_R_NOMEMORY);
@@ -195,13 +195,13 @@ dst_openssl_verify(const int mode, dst_key_t *key, void **context,
 		ctx = (SHA_CTX *) *context;
 	REQUIRE (ctx != NULL);
 
-	if (mode & DST_SIG_MODE_INIT)
+	if (mode & DST_SIGMODE_INIT)
 		SHA1_Init(ctx);
 
-	if ((mode & DST_SIG_MODE_UPDATE))
+	if ((mode & DST_SIGMODE_UPDATE))
 		SHA1_Update(ctx, data->base, data->length);
 
-	if (mode & DST_SIG_MODE_FINAL) {
+	if (mode & DST_SIGMODE_FINAL) {
 		DSA *dsa;
 		DSA_SIG *dsasig;
 		unsigned char digest[SHA_DIGEST_LENGTH];

lib/dns/tsig.c

@@ -16,7 +16,7 @@
  */
 
 /*
- * $Id: tsig.c,v 1.2 1999/08/25 14:43:45 bwelling Exp $
+ * $Id: tsig.c,v 1.3 1999/08/26 20:41:53 bwelling Exp $
  * Principal Author: Brian Wellington
  */
 
@@ -217,7 +217,7 @@ dns_tsig_sign(dns_message_t *msg) {
 	isc_buffer_init(&databuf, data, sizeof(data), ISC_BUFFERTYPE_BINARY);
 
 	if (!dns_tsig_emptykey(key)) {
-		ret = dst_sign(DST_SIG_MODE_INIT, key->key, &ctx, NULL, NULL);
+		ret = dst_sign(DST_SIGMODE_INIT, key->key, &ctx, NULL, NULL);
 		if (ret != ISC_R_SUCCESS)
 			goto cleanup_algorithm;
 	}
@@ -232,7 +232,7 @@ dns_tsig_sign(dns_message_t *msg) {
 			       msg->querytsig->siglen);
 			isc_buffer_add(&databuf, msg->querytsig->siglen);
 			isc_buffer_used(&databuf, &r);
-			ret = dst_sign(DST_SIG_MODE_UPDATE, key->key, &ctx, &r,
+			ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r,
 					NULL);
 			if (ret != ISC_R_SUCCESS)
 				goto cleanup_algorithm;
@@ -268,18 +268,18 @@ dns_tsig_sign(dns_message_t *msg) {
 				ISC_BUFFERTYPE_BINARY);
 		dns_message_renderheader(msg, &headerbuf);
 		isc_buffer_used(&headerbuf, &r);
-		ret = dst_sign(DST_SIG_MODE_UPDATE, key->key, &ctx, &r, NULL);
+		ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r, NULL);
 		if (ret != ISC_R_SUCCESS)
 			goto cleanup_other;
 		isc_buffer_used(msg->buffer, &r);
 		isc_region_consume(&r, DNS_MESSAGE_HEADERLEN);
-		ret = dst_sign(DST_SIG_MODE_UPDATE, key->key, &ctx, &r, NULL);
+		ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r, NULL);
 		if (ret != ISC_R_SUCCESS)
 			goto cleanup_other;
 
 		/* Digest the name, class, ttl, alg */
 		dns_name_toregion(&key->name, &r);
-		ret = dst_sign(DST_SIG_MODE_UPDATE, key->key, &ctx, &r, NULL);
+		ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r, NULL);
 		if (ret != ISC_R_SUCCESS)
 			goto cleanup_other;
 
@@ -287,12 +287,12 @@ dns_tsig_sign(dns_message_t *msg) {
 		isc_buffer_putuint16(&databuf, dns_rdataclass_any);
 		isc_buffer_putuint32(&databuf, 0); /* ttl */
 		isc_buffer_used(&databuf, &r);
-		ret = dst_sign(DST_SIG_MODE_UPDATE, key->key, &ctx, &r, NULL);
+		ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r, NULL);
 		if (ret != ISC_R_SUCCESS)
 			goto cleanup_other;
 		
 		dns_name_toregion(tsig->algorithm, &r);
-		ret = dst_sign(DST_SIG_MODE_UPDATE, key->key, &ctx, &r, NULL);
+		ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r, NULL);
 		if (ret != ISC_R_SUCCESS)
 			goto cleanup_other;
 
@@ -315,14 +315,14 @@ dns_tsig_sign(dns_message_t *msg) {
 		isc_buffer_putuint16(&databuf, tsig->otherlen);
 
 		isc_buffer_used(&databuf, &r);
-		ret = dst_sign(DST_SIG_MODE_UPDATE, key->key, &ctx, &r, NULL);
+		ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r, NULL);
 		if (ret != ISC_R_SUCCESS)
 			goto cleanup_other;
 
 		if (tsig->otherlen > 0) {
 			r.length = tsig->otherlen;
 			r.base = tsig->other;
-			ret = dst_sign(DST_SIG_MODE_UPDATE, key->key, &ctx, &r,
+			ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r,
 				       NULL);
 			if (ret != ISC_R_SUCCESS)
 				goto cleanup_other;
@@ -338,7 +338,7 @@ dns_tsig_sign(dns_message_t *msg) {
 
 		isc_buffer_init(&sigbuf, tsig->signature, tsig->siglen,
 				ISC_BUFFERTYPE_BINARY);
-		ret = dst_sign(DST_SIG_MODE_FINAL, key->key, &ctx, NULL,
+		ret = dst_sign(DST_SIGMODE_FINAL, key->key, &ctx, NULL,
 			       &sigbuf);
 		if (ret != ISC_R_SUCCESS)
 			goto cleanup_signature;
@@ -518,7 +518,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg) {
 		sig_r.base = tsig->signature;
 		sig_r.length = tsig->siglen;
 
-		ret = dst_verify(DST_SIG_MODE_INIT, key, &ctx, NULL, &sig_r);
+		ret = dst_verify(DST_SIGMODE_INIT, key, &ctx, NULL, &sig_r);
 		if (ret != ISC_R_SUCCESS)
 			goto cleanup_key;
 
@@ -527,14 +527,14 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg) {
 					ISC_BUFFERTYPE_BINARY);
 			isc_buffer_putuint16(&databuf, msg->querytsig->siglen);
 			isc_buffer_used(&databuf, &r);
-			ret = dst_verify(DST_SIG_MODE_UPDATE, key, &ctx, &r,
+			ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &r,
 					 NULL);
 			if (ret != ISC_R_SUCCESS)
 				goto cleanup_key;
 			if (msg->querytsig->siglen > 0) {
 				r.length = msg->querytsig->siglen;
 				r.base = msg->querytsig->signature;
-				ret = dst_verify(DST_SIG_MODE_UPDATE, key,
+				ret = dst_verify(DST_SIGMODE_UPDATE, key,
 						 &ctx, &r, NULL);
 				if (ret != ISC_R_SUCCESS)
 					goto cleanup_key;
@@ -553,7 +553,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg) {
 		/* Digest the modified header */
 		header_r.base = (unsigned char *) header;
 		header_r.length = DNS_MESSAGE_HEADERLEN;
-		ret = dst_verify(DST_SIG_MODE_UPDATE, key, &ctx, &header_r,
+		ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &header_r,
 				 &sig_r);
 		if (ret != ISC_R_SUCCESS)
 			goto cleanup_key;
@@ -562,13 +562,13 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg) {
 		isc_buffer_used(source, &source_r);
 		r.base = source_r.base + DNS_MESSAGE_HEADERLEN;
 		r.length = msg->tsigstart - DNS_MESSAGE_HEADERLEN;
-		ret = dst_verify(DST_SIG_MODE_UPDATE, key, &ctx, &r, &sig_r);
+		ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &r, &sig_r);
 		if (ret != ISC_R_SUCCESS)
 			goto cleanup_key;
 
 		/* Digest the key name */
 		dns_name_toregion(&tsigkey->name, &r);
-		ret = dst_verify(DST_SIG_MODE_UPDATE, key, &ctx, &r, &sig_r);
+		ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &r, &sig_r);
 		if (ret != ISC_R_SUCCESS)
 			goto cleanup_key;
 
@@ -577,13 +577,13 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg) {
 		isc_buffer_putuint16(&databuf, tsig->common.rdclass);
 		isc_buffer_putuint32(&databuf, dataset->ttl);
 		isc_buffer_used(&databuf, &r);
-		ret = dst_verify(DST_SIG_MODE_UPDATE, key, &ctx, &r, &sig_r);
+		ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &r, &sig_r);
 		if (ret != ISC_R_SUCCESS)
 			goto cleanup_key;
 
 		/* Digest the key algorithm */
 		dns_name_toregion(&tsigkey->algorithm, &r);
-		ret = dst_verify(DST_SIG_MODE_UPDATE, key, &ctx, &r, &sig_r);
+		ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &r, &sig_r);
 		if (ret != ISC_R_SUCCESS)
 			goto cleanup_key;
 
@@ -594,18 +594,18 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg) {
 		isc_buffer_putuint16(&databuf, tsig->error);
 		isc_buffer_putuint16(&databuf, tsig->otherlen);
 		isc_buffer_used(&databuf, &r);
-		ret = dst_verify(DST_SIG_MODE_UPDATE, key, &ctx, &r, &sig_r);
+		ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &r, &sig_r);
 
 		if (tsig->otherlen > 0) {
 			r.base = tsig->other;
 			r.length = tsig->otherlen;
-			ret = dst_verify(DST_SIG_MODE_UPDATE, key, &ctx, &r,
+			ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &r,
 					 &sig_r);
 			if (ret != ISC_R_SUCCESS)
 				goto cleanup_key;
 		}
 
-		ret = dst_verify(DST_SIG_MODE_FINAL, key, &ctx, NULL, &sig_r);
+		ret = dst_verify(DST_SIGMODE_FINAL, key, &ctx, NULL, &sig_r);
 		if (ret == DST_R_VERIFY_FINAL_FAILURE) {
 			msg->tsigstatus = dns_tsigerror_badsig;
 			return (DNS_R_TSIGVERIFYFAILURE);