md_type = EVP_sha512();
break;
default:
- throw new PDNSException("Unknown hash algorithm requested from calculateHMAC()");
+ throw PDNSException("Unknown hash algorithm requested from calculateHMAC()");
}
unsigned char* out = HMAC(md_type, reinterpret_cast<const unsigned char*>(key.c_str()), key.size(), reinterpret_cast<const unsigned char*>(text.c_str()), text.size(), hash, &outlen);
- if (out != NULL && outlen > 0) {
- return string((char*) hash, outlen);
+ if (out == NULL || outlen == 0) {
+ throw PDNSException("HMAC computation failed");
}
- return "";
+ return string((char*) hash, outlen);
+}
+
+bool constantTimeStringEquals(const std::string& a, const std::string& b)
+{
+ if (a.size() != b.size()) {
+ return false;
+ }
+ const size_t size = a.size();
+#if OPENSSL_VERSION_NUMBER >= 0x0090819fL
+ return CRYPTO_memcmp(a.c_str(), b.c_str(), size) == 0;
+#else
+ const volatile unsigned char *_a = (const volatile unsigned char *) a.c_str();
+ const volatile unsigned char *_b = (const volatile unsigned char *) b.c_str();
+ unsigned char res = 0;
+
+ for (size_t idx = 0; idx < size; idx++) {
+ res |= _a[idx] ^ _b[idx];
+ }
+
+ return res == 0;
+#endif
}
string makeTSIGMessageFromTSIGPacket(const string& opacket, unsigned int tsigOffset, const DNSName& keyname, const TSIGRecordContent& trc, const string& previous, bool timersonly, unsigned int dnsHeaderOffset)