From b308f866c0bddfd8be293b7f11f03315558fd2d8 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Wed, 14 Sep 2022 17:35:47 +1000
Subject: [PATCH] Have 'named -V' report supported algorithms

These cover DNSSEC, DS, HMAC and TKEY algorithms.
---
 bin/named/main.c | 87 ++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 84 insertions(+), 3 deletions(-)

diff --git a/bin/named/main.c b/bin/named/main.c
index af9b7b9c93..6a355cf750 100644
--- a/bin/named/main.c
+++ b/bin/named/main.c
@@ -462,11 +462,55 @@ set_flags(const char *arg, struct flag_def *defs, unsigned int *ret) {
 	}
 }
 
+static void
+list_dnssec_algorithms(isc_buffer_t *b) {
+	for (dst_algorithm_t i = DST_ALG_UNKNOWN; i < DST_MAX_ALGS; i++) {
+		if (i == DST_ALG_DH || i == DST_ALG_GSSAPI ||
+		    (i >= DST_ALG_HMAC_FIRST && i <= DST_ALG_HMAC_LAST))
+		{
+			continue;
+		}
+		if (dst_algorithm_supported(i)) {
+			isc_buffer_putstr(b, " ");
+			(void)dns_secalg_totext(i, b);
+		}
+	}
+}
+
+static void
+list_ds_algorithms(isc_buffer_t *b) {
+	for (size_t i = 0; i < 256; i++) {
+		if (dst_ds_digest_supported(i)) {
+			isc_buffer_putstr(b, " ");
+			(void)dns_dsdigest_totext(i, b);
+		}
+	}
+}
+
+static void
+list_hmac_algorithms(isc_buffer_t *b) {
+	isc_buffer_t sb = *b;
+	for (dst_algorithm_t i = DST_ALG_HMAC_FIRST; i <= DST_ALG_HMAC_LAST;
+	     i++) {
+		if (dst_algorithm_supported(i)) {
+			isc_buffer_putstr(b, " ");
+			isc_buffer_putstr(b, dst_hmac_algorithm_totext(i));
+		}
+	}
+	for (unsigned char *s = isc_buffer_used(&sb); s != isc_buffer_used(b);
+	     s++) {
+		*s = toupper(*s);
+	}
+}
+
 static void
 printversion(bool verbose) {
 	char rndcconf[PATH_MAX], *dot = NULL;
-#if defined(HAVE_GEOIP2)
 	isc_mem_t *mctx = NULL;
+	isc_result_t result;
+	isc_buffer_t b;
+	char buf[512];
+#if defined(HAVE_GEOIP2)
 	cfg_parser_t *parser = NULL;
 	cfg_obj_t *config = NULL;
 	const cfg_obj_t *defaults = NULL, *obj = NULL;
@@ -538,7 +582,45 @@ printversion(bool verbose) {
 	printf("compiled with protobuf-c version: %s\n", PROTOBUF_C_VERSION);
 	printf("linked to protobuf-c version: %s\n", protobuf_c_version());
 #endif /* if defined(HAVE_DNSTAP) */
-	printf("threads support is enabled\n\n");
+	printf("threads support is enabled\n");
+
+	isc_mem_create(&mctx);
+	result = dst_lib_init(mctx, named_g_engine);
+
+	isc_buffer_init(&b, buf, sizeof(buf));
+	isc_buffer_putstr(&b, "DNSSEC algorithms:");
+	if (result == ISC_R_SUCCESS) {
+		list_dnssec_algorithms(&b);
+	}
+	printf("%.*s\n", (int)isc_buffer_usedlength(&b), buf);
+
+	isc_buffer_init(&b, buf, sizeof(buf));
+	isc_buffer_putstr(&b, "DS algorithms:");
+	if (result == ISC_R_SUCCESS) {
+		list_ds_algorithms(&b);
+	}
+	printf("%.*s\n", (int)isc_buffer_usedlength(&b), buf);
+
+	isc_buffer_init(&b, buf, sizeof(buf));
+	isc_buffer_putstr(&b, "HMAC algorithms:");
+	if (result == ISC_R_SUCCESS) {
+		list_hmac_algorithms(&b);
+	}
+	printf("%.*s\n", (int)isc_buffer_usedlength(&b), buf);
+
+	printf("TKEY mode 2 support (Diffie-Hellman): %s\n",
+	       (result == ISC_R_SUCCESS &&
+		dst_algorithm_supported(DST_ALG_DH) &&
+		dst_algorithm_supported(DST_ALG_HMACMD5))
+		       ? "yes"
+		       : "no");
+
+	printf("TKEY mode 3 support (GSS-API): %s\n",
+	       (result == ISC_R_SUCCESS &&
+		dst_algorithm_supported(DST_ALG_GSSAPI))
+		       ? "yes"
+		       : "no");
+	printf("\n");
 
 	/*
 	 * The default rndc.conf and rndc.key paths are in the same
@@ -564,7 +646,6 @@ printversion(bool verbose) {
 	printf("  named lock file:      %s\n", named_g_defaultlockfile);
 #if defined(HAVE_GEOIP2)
 #define RTC(x) RUNTIME_CHECK((x) == ISC_R_SUCCESS)
-	isc_mem_create(&mctx);
 	RTC(cfg_parser_create(mctx, named_g_lctx, &parser));
 	RTC(named_config_parsedefaults(parser, &config));
 	RTC(cfg_map_get(config, "options", &defaults));