isc_buffer_subtract(tbuf, 1);
/* __catz__<digest>.db */
- rlen = (isc_md_type_get_size(ISC_MD_SHA256) * 2 + 1) + 12;
+ rlen = (ISC_SHA256_DIGESTLENGTH * 2 + 1) + 12;
/* optionally prepend with <zonedir>/ */
if (entry->opts.zonedir != NULL) {
unsigned int privatelen = 0;
isc_region_t r;
isc_md_t *md;
- const isc_md_type_t *md_type = NULL;
+ isc_md_type_t md_type = ISC_MD_UNKNOWN;
REQUIRE(key != NULL);
REQUIRE(key->type == dns_rdatatype_dnskey ||
*n = DNS_SIG_ED448SIZE;
break;
case DST_ALG_HMACMD5:
- *n = isc_md_type_get_size(ISC_MD_MD5);
+ *n = ISC_MD5_DIGESTLENGTH;
break;
case DST_ALG_HMACSHA1:
- *n = isc_md_type_get_size(ISC_MD_SHA1);
+ *n = ISC_SHA1_DIGESTLENGTH;
break;
case DST_ALG_HMACSHA224:
- *n = isc_md_type_get_size(ISC_MD_SHA224);
+ *n = ISC_SHA224_DIGESTLENGTH;
break;
case DST_ALG_HMACSHA256:
- *n = isc_md_type_get_size(ISC_MD_SHA256);
+ *n = ISC_SHA256_DIGESTLENGTH;
break;
case DST_ALG_HMACSHA384:
- *n = isc_md_type_get_size(ISC_MD_SHA384);
+ *n = ISC_SHA384_DIGESTLENGTH;
break;
case DST_ALG_HMACSHA512:
- *n = isc_md_type_get_size(ISC_MD_SHA512);
+ *n = ISC_SHA512_DIGESTLENGTH;
break;
case DST_ALG_GSSAPI:
*n = 128; /*%< XXX */
}
static isc_result_t
-hmac_fromdns(const isc_md_type_t *type, dst_key_t *key, isc_buffer_t *data);
+hmac_fromdns(isc_md_type_t type, dst_key_t *key, isc_buffer_t *data);
struct dst_hmac_key {
uint8_t key[ISC_MAX_BLOCK_SIZE];
}
static isc_result_t
-hmac_createctx(const isc_md_type_t *type, const dst_key_t *key,
- dst_context_t *dctx) {
+hmac_createctx(isc_md_type_t type, const dst_key_t *key, dst_context_t *dctx) {
isc_result_t result;
const dst_hmac_key_t *hkey = key->keydata.hmac_key;
isc_hmac_t *ctx = isc_hmac_new(); /* Either returns or abort()s */
}
static bool
-hmac_compare(const isc_md_type_t *type, const dst_key_t *key1,
- const dst_key_t *key2) {
+hmac_compare(isc_md_type_t type, const dst_key_t *key1, const dst_key_t *key2) {
dst_hmac_key_t *hkey1, *hkey2;
hkey1 = key1->keydata.hmac_key;
}
static isc_result_t
-hmac_generate(const isc_md_type_t *type, dst_key_t *key) {
+hmac_generate(isc_md_type_t type, dst_key_t *key) {
isc_buffer_t b;
isc_result_t result;
unsigned int bytes, len;
}
static isc_result_t
-hmac_fromdns(const isc_md_type_t *type, dst_key_t *key, isc_buffer_t *data) {
+hmac_fromdns(isc_md_type_t type, dst_key_t *key, isc_buffer_t *data) {
dst_hmac_key_t *hkey;
unsigned int keylen;
isc_region_t r;
}
static int
-hmac__get_tag_key(const isc_md_type_t *type) {
+hmac__get_tag_key(isc_md_type_t type) {
if (type == ISC_MD_MD5) {
return TAG_HMACMD5_KEY;
} else if (type == ISC_MD_SHA1) {
}
static int
-hmac__get_tag_bits(const isc_md_type_t *type) {
+hmac__get_tag_bits(isc_md_type_t type) {
if (type == ISC_MD_MD5) {
return TAG_HMACMD5_BITS;
} else if (type == ISC_MD_SHA1) {
}
static isc_result_t
-hmac_tofile(const isc_md_type_t *type, const dst_key_t *key,
- const char *directory) {
+hmac_tofile(isc_md_type_t type, const dst_key_t *key, const char *directory) {
dst_hmac_key_t *hkey;
dst_private_t priv;
int bytes = (key->key_size + 7) / 8;
}
static int
-hmac__to_dst_alg(const isc_md_type_t *type) {
+hmac__to_dst_alg(isc_md_type_t type) {
if (type == ISC_MD_MD5) {
return DST_ALG_HMACMD5;
} else if (type == ISC_MD_SHA1) {
}
static isc_result_t
-hmac_parse(const isc_md_type_t *type, dst_key_t *key, isc_lex_t *lexer,
+hmac_parse(isc_md_type_t type, dst_key_t *key, isc_lex_t *lexer,
dst_key_t *pub) {
dst_private_t priv;
isc_result_t result = ISC_R_SUCCESS, tresult;
#include <openssl/param_build.h>
#endif
+#include <isc/md.h>
#include <isc/mem.h>
#include <isc/result.h>
#include <isc/safe.h>
#include "dst_parse.h"
#include "openssl_shim.h"
+/* TODO(aydin): remove this crap */
+extern EVP_MD *isc__crypto_md[];
+
#ifndef NID_X9_62_prime256v1
#error "P-256 group is not known (NID_X9_62_prime256v1)"
#endif /* ifndef NID_X9_62_prime256v1 */
CLEANUP(dst__openssl_toresult(ISC_R_NOMEMORY));
}
if (dctx->key->key_alg == DST_ALG_ECDSA256) {
- type = isc__crypto_sha256;
+ type = isc__crypto_md[ISC_MD_SHA256];
} else {
- type = isc__crypto_sha384;
+ type = isc__crypto_md[ISC_MD_SHA384];
}
if (dctx->use == DO_SIGN) {
#define OPENSSLRSA_MAX_MODULUS_BITS 4096
+/* TODO(aydin): remove this crap */
+extern EVP_MD *isc__crypto_md[];
+
typedef struct rsa_components {
bool bnfree;
const BIGNUM *e, *n, *d, *p, *q, *dmp1, *dmq1, *iqmp;
switch (dctx->key->key_alg) {
case DST_ALG_RSASHA1:
case DST_ALG_NSEC3RSASHA1:
- type = isc__crypto_sha1; /* SHA1 + RSA */
+ type = isc__crypto_md[ISC_MD_SHA1]; /* SHA1 + RSA */
break;
case DST_ALG_RSASHA256:
case DST_ALG_RSASHA256PRIVATEOID:
- type = isc__crypto_sha256; /* SHA256 + RSA */
+ type = isc__crypto_md[ISC_MD_SHA256]; /* SHA256 + RSA */
break;
case DST_ALG_RSASHA512:
case DST_ALG_RSASHA512PRIVATEOID:
- type = isc__crypto_sha512;
+ type = isc__crypto_md[ISC_MD_SHA512];
break;
default:
UNREACHABLE();
switch (algorithm) {
case DST_ALG_RSASHA1:
case DST_ALG_NSEC3RSASHA1:
- type = isc__crypto_sha1; /* SHA1 + RSA */
+ type = isc__crypto_md[ISC_MD_SHA1]; /* SHA1 + RSA */
sig = sha1_sig;
len = sizeof(sha1_sig) - 1;
break;
case DST_ALG_RSASHA256:
case DST_ALG_RSASHA256PRIVATEOID:
- type = isc__crypto_sha256; /* SHA256 + RSA */
+ type = isc__crypto_md[ISC_MD_SHA256]; /* SHA256 + RSA */
sig = sha256_sig;
len = sizeof(sha256_sig) - 1;
break;
case DST_ALG_RSASHA512:
case DST_ALG_RSASHA512PRIVATEOID:
- type = isc__crypto_sha512;
+ type = isc__crypto_md[ISC_MD_SHA512];
sig = sha512_sig;
len = sizeof(sha512_sig) - 1;
break;
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#pragma once
+
+#include <openssl/evp.h>
+
+extern EVP_MD *isc__crypto_md[];
#include <isc/crypto.h>
#include <isc/log.h>
+#include <isc/md.h>
#include <isc/mem.h>
#include <isc/tls.h>
#include <isc/util.h>
+#include "crypto_p.h"
+
static isc_mem_t *isc__crypto_mctx = NULL;
-#define md_register_algorithm(alg) \
- { \
- isc__crypto_##alg = UNCONST(EVP_##alg()); \
- if (isc__crypto_##alg == NULL) { \
- ERR_clear_error(); \
- } \
+#define md_register_algorithm(alg, upperalg) \
+ { \
+ isc__crypto_md[ISC_MD_##upperalg] = UNCONST(EVP_##alg()); \
+ if (isc__crypto_md[ISC_MD_##upperalg] == NULL) { \
+ ERR_clear_error(); \
+ } \
}
static isc_result_t
register_algorithms(void) {
if (!isc_crypto_fips_mode()) {
- md_register_algorithm(md5);
+ md_register_algorithm(md5, MD5);
}
- md_register_algorithm(sha1);
- md_register_algorithm(sha224);
- md_register_algorithm(sha256);
- md_register_algorithm(sha384);
- md_register_algorithm(sha512);
+ md_register_algorithm(sha1, SHA1);
+ md_register_algorithm(sha224, SHA224);
+ md_register_algorithm(sha256, SHA256);
+ md_register_algorithm(sha384, SHA384);
+ md_register_algorithm(sha512, SHA512);
return ISC_R_SUCCESS;
}
#include <isc/crypto.h>
#include <isc/log.h>
+#include <isc/md.h>
#include <isc/mem.h>
#include <isc/tls.h>
#include <isc/util.h>
+#include "crypto_p.h"
+
static isc_mem_t *isc__crypto_mctx = NULL;
static OSSL_PROVIDER *base = NULL, *fips = NULL;
-#define md_register_algorithm(alg, algname) \
- { \
- REQUIRE(isc__crypto_##alg == NULL); \
- isc__crypto_##alg = EVP_MD_fetch(NULL, algname, NULL); \
- if (isc__crypto_##alg == NULL) { \
- ERR_clear_error(); \
- } \
- }
-
-#define md_unregister_algorithm(alg) \
- { \
- if (isc__crypto_##alg != NULL) { \
- EVP_MD_free(isc__crypto_##alg); \
- isc__crypto_##alg = NULL; \
- } \
+#define md_register_algorithm(alg) \
+ { \
+ REQUIRE(isc__crypto_md[ISC_MD_##alg] == NULL); \
+ isc__crypto_md[ISC_MD_##alg] = EVP_MD_fetch(NULL, #alg, NULL); \
+ if (isc__crypto_md[ISC_MD_##alg] == NULL) { \
+ ERR_clear_error(); \
+ } \
}
static isc_result_t
register_algorithms(void) {
if (!isc_crypto_fips_mode()) {
- md_register_algorithm(md5, "MD5");
+ md_register_algorithm(MD5);
}
- md_register_algorithm(sha1, "SHA1");
- md_register_algorithm(sha224, "SHA224");
- md_register_algorithm(sha256, "SHA256");
- md_register_algorithm(sha384, "SHA384");
- md_register_algorithm(sha512, "SHA512");
+ md_register_algorithm(SHA1);
+ md_register_algorithm(SHA224);
+ md_register_algorithm(SHA256);
+ md_register_algorithm(SHA384);
+ md_register_algorithm(SHA512);
return ISC_R_SUCCESS;
}
static void
unregister_algorithms(void) {
- md_unregister_algorithm(sha512);
- md_unregister_algorithm(sha384);
- md_unregister_algorithm(sha256);
- md_unregister_algorithm(sha224);
- md_unregister_algorithm(sha1);
- md_unregister_algorithm(md5);
+ for (size_t i = 0; i < ISC_MD_MAX; i++) {
+ if (isc__crypto_md[i] != NULL) {
+ EVP_MD_free(isc__crypto_md[i]);
+ isc__crypto_md[i] = NULL;
+ }
+ }
}
-#undef md_unregister_algorithm
#undef md_register_algorithm
#if ISC_MEM_TRACKLINES
* information regarding copyright ownership.
*/
+#include <openssl/err.h>
#include <openssl/evp.h>
-EVP_MD *isc__crypto_md5 = NULL;
-EVP_MD *isc__crypto_sha1 = NULL;
-EVP_MD *isc__crypto_sha224 = NULL;
-EVP_MD *isc__crypto_sha256 = NULL;
-EVP_MD *isc__crypto_sha384 = NULL;
-EVP_MD *isc__crypto_sha512 = NULL;
+#include <isc/crypto.h>
+#include <isc/md.h>
+
+#include "crypto_p.h"
+
+EVP_MD *isc__crypto_md[] = {
+ [ISC_MD_UNKNOWN] = NULL, [ISC_MD_MD5] = NULL, [ISC_MD_SHA1] = NULL,
+ [ISC_MD_SHA224] = NULL, [ISC_MD_SHA256] = NULL, [ISC_MD_SHA384] = NULL,
+ [ISC_MD_SHA512] = NULL,
+};
#include <isc/types.h>
#include <isc/util.h>
+#include "crypto/crypto_p.h"
#include "openssl_shim.h"
isc_hmac_t *
isc_result_t
isc_hmac_init(isc_hmac_t *hmac_st, const void *key, const size_t keylen,
- const isc_md_type_t *md_type) {
+ isc_md_type_t type) {
EVP_PKEY *pkey;
+ EVP_MD *md;
REQUIRE(hmac_st != NULL);
REQUIRE(key != NULL);
REQUIRE(keylen <= INT_MAX);
+ REQUIRE(type < ISC_MD_MAX);
- if (md_type == NULL) {
+ md = isc__crypto_md[type];
+ if (md == NULL) {
return ISC_R_NOTIMPLEMENTED;
}
return ISC_R_CRYPTOFAILURE;
}
- if (EVP_DigestSignInit(hmac_st, NULL, md_type, NULL, pkey) != 1) {
+ if (EVP_DigestSignInit(hmac_st, NULL, md, NULL, pkey) != 1) {
EVP_PKEY_free(pkey);
ERR_clear_error();
return ISC_R_CRYPTOFAILURE;
return ISC_R_SUCCESS;
}
-const isc_md_type_t *
-isc_hmac_get_md_type(isc_hmac_t *hmac_st) {
- REQUIRE(hmac_st != NULL);
-
- return EVP_MD_CTX_get0_md(hmac_st);
-}
-
size_t
isc_hmac_get_size(isc_hmac_t *hmac_st) {
REQUIRE(hmac_st != NULL);
}
isc_result_t
-isc_hmac(const isc_md_type_t *type, const void *key, const size_t keylen,
+isc_hmac(isc_md_type_t type, const void *key, const size_t keylen,
const unsigned char *buf, const size_t len, unsigned char *digest,
unsigned int *digestlen) {
isc_result_t res;
#pragma once
-#include <openssl/evp.h>
-
#include <isc/types.h>
-extern EVP_MD *isc__crypto_md5;
-extern EVP_MD *isc__crypto_sha1;
-extern EVP_MD *isc__crypto_sha224;
-extern EVP_MD *isc__crypto_sha256;
-extern EVP_MD *isc__crypto_sha384;
-extern EVP_MD *isc__crypto_sha512;
-
bool
isc_crypto_fips_mode(void);
/*
* of digest written to @digest.
*/
isc_result_t
-isc_hmac(const isc_md_type_t *type, const void *key, const size_t keylen,
+isc_hmac(isc_md_type_t type, const void *key, const size_t keylen,
const unsigned char *buf, const size_t len, unsigned char *digest,
unsigned int *digestlen);
isc_result_t
isc_hmac_init(isc_hmac_t *hmac, const void *key, const size_t keylen,
- const isc_md_type_t *type);
+ isc_md_type_t type);
/**
* isc_hmac_reset:
isc_hmac_final(isc_hmac_t *hmac, unsigned char *digest,
unsigned int *digestlen);
-/**
- * isc_hmac_md_type:
- * @hmac: HMAC context
- *
- * This function return the isc_md_type_t previously set for the supplied
- * HMAC context or NULL if no isc_md_type_t has been set.
- */
-const isc_md_type_t *
-isc_hmac_get_md_type(isc_hmac_t *hmac);
-
/**
* isc_hmac_get_size:
*
*
* Enumeration of supported message digest algorithms.
*/
-typedef void isc_md_type_t;
-
-#define ISC_MD_MD5 isc__crypto_md5
-#define ISC_MD_SHA1 isc__crypto_sha1
-#define ISC_MD_SHA224 isc__crypto_sha224
-#define ISC_MD_SHA256 isc__crypto_sha256
-#define ISC_MD_SHA384 isc__crypto_sha384
-#define ISC_MD_SHA512 isc__crypto_sha512
-
-#define ISC_MD5_DIGESTLENGTH isc_md_type_get_size(ISC_MD_MD5)
-#define ISC_MD5_BLOCK_LENGTH isc_md_type_get_block_size(ISC_MD_MD5)
-#define ISC_SHA1_DIGESTLENGTH isc_md_type_get_size(ISC_MD_SHA1)
-#define ISC_SHA1_BLOCK_LENGTH isc_md_type_get_block_size(ISC_MD_SHA1)
-#define ISC_SHA224_DIGESTLENGTH isc_md_type_get_size(ISC_MD_SHA224)
-#define ISC_SHA224_BLOCK_LENGTH isc_md_type_get_block_size(ISC_MD_SHA224)
-#define ISC_SHA256_DIGESTLENGTH isc_md_type_get_size(ISC_MD_SHA256)
-#define ISC_SHA256_BLOCK_LENGTH isc_md_type_get_block_size(ISC_MD_SHA256)
-#define ISC_SHA384_DIGESTLENGTH isc_md_type_get_size(ISC_MD_SHA384)
-#define ISC_SHA384_BLOCK_LENGTH isc_md_type_get_block_size(ISC_MD_SHA384)
-#define ISC_SHA512_DIGESTLENGTH isc_md_type_get_size(ISC_MD_SHA512)
-#define ISC_SHA512_BLOCK_LENGTH isc_md_type_get_block_size(ISC_MD_SHA512)
+typedef enum isc_md_type {
+ ISC_MD_UNKNOWN = 0x00,
+ ISC_MD_MD5 = 0x01,
+ ISC_MD_SHA1 = 0x02,
+ ISC_MD_SHA224 = 0x03,
+ ISC_MD_SHA256 = 0x04,
+ ISC_MD_SHA384 = 0x05,
+ ISC_MD_SHA512 = 0x06,
+ ISC_MD_MAX = 0x07,
+} isc_md_type_t;
+
+#define ISC_MD5_DIGESTLENGTH 16
+#define ISC_MD5_BLOCK_LENGTH 64
+#define ISC_SHA1_DIGESTLENGTH 20
+#define ISC_SHA1_BLOCK_LENGTH 64
+#define ISC_SHA224_DIGESTLENGTH 28
+#define ISC_SHA224_BLOCK_LENGTH 64
+#define ISC_SHA256_DIGESTLENGTH 32
+#define ISC_SHA256_BLOCK_LENGTH 64
+#define ISC_SHA384_DIGESTLENGTH 48
+#define ISC_SHA384_BLOCK_LENGTH 128
+#define ISC_SHA512_DIGESTLENGTH 64
+#define ISC_SHA512_BLOCK_LENGTH 128
#define ISC_MAX_MD_SIZE 64U /* EVP_MAX_MD_SIZE */
#define ISC_MAX_BLOCK_SIZE 128U /* ISC_SHA512_BLOCK_LENGTH */
* at @digestlen, at most ISC_MAX_MD_SIZE bytes will be written.
*/
isc_result_t
-isc_md(const isc_md_type_t *type, const unsigned char *buf, const size_t len,
+isc_md(isc_md_type_t type, const unsigned char *buf, const size_t len,
unsigned char *digest, unsigned int *digestlen);
/**
* to it.
*/
void
-isc_md_free(isc_md_t *);
+isc_md_free(isc_md_t *md);
/**
* isc_md_init:
* initialized before calling this function.
*/
isc_result_t
-isc_md_init(isc_md_t *, const isc_md_type_t *md_type);
+isc_md_init(isc_md_t *md, isc_md_type_t type);
/**
* isc_md_reset:
isc_result_t
isc_md_final(isc_md_t *md, unsigned char *digest, unsigned int *digestlen);
-/**
- * isc_md_get_type:
- * @md: message digest contezt
- *
- * This function return the isc_md_type_t previously set for the supplied
- * message digest context or NULL if no isc_md_type_t has been set.
- */
-const isc_md_type_t *
-isc_md_get_md_type(isc_md_t *md);
-
/**
* isc_md_size:
*
size_t
isc_md_get_block_size(isc_md_t *md);
-/**
- * isc_md_size:
- *
- * This function return the size of the message digest when passed an
- * isc_md_type_t , i.e. the size of the hash.
- */
-size_t
-isc_md_type_get_size(const isc_md_type_t *md_type);
-
/**
* isc_md_block_size:
*
* isc_md_type_t.
*/
size_t
-isc_md_type_get_block_size(const isc_md_type_t *md_type);
+isc_md_type_get_block_size(isc_md_type_t type);
#include <openssl/err.h>
#include <openssl/opensslv.h>
-#include <isc/crypto.h>
#include <isc/iterated_hash.h>
+#include <isc/md.h>
#include <isc/thread.h>
#include <isc/util.h>
+#include "crypto/crypto_p.h"
+
#if OPENSSL_VERSION_NUMBER < 0x30000000L
#include <openssl/sha.h>
mdctx = EVP_MD_CTX_new();
INSIST(mdctx != NULL);
- RUNTIME_CHECK(EVP_DigestInit_ex(basectx, isc__crypto_sha1, NULL) == 1);
+ RUNTIME_CHECK(EVP_DigestInit_ex(basectx, isc__crypto_md[ISC_MD_SHA1],
+ NULL) == 1);
initialized = true;
}
#include <isc/md.h>
#include <isc/util.h>
+#include "crypto/crypto_p.h"
#include "openssl_shim.h"
isc_md_t *
}
isc_result_t
-isc_md_init(isc_md_t *md, const isc_md_type_t *md_type) {
+isc_md_init(isc_md_t *md, isc_md_type_t type) {
+ EVP_MD *evp;
+
REQUIRE(md != NULL);
+ REQUIRE(type < ISC_MD_MAX);
- if (md_type == NULL) {
+ evp = isc__crypto_md[type];
+ if (evp == NULL) {
return ISC_R_NOTIMPLEMENTED;
}
- if (EVP_DigestInit_ex(md, md_type, NULL) != 1) {
+ if (EVP_DigestInit_ex(md, evp, NULL) != 1) {
ERR_clear_error();
return ISC_R_CRYPTOFAILURE;
}
return ISC_R_SUCCESS;
}
-const isc_md_type_t *
-isc_md_get_md_type(isc_md_t *md) {
- REQUIRE(md != NULL);
-
- return EVP_MD_CTX_get0_md(md);
-}
-
size_t
isc_md_get_size(isc_md_t *md) {
REQUIRE(md != NULL);
}
size_t
-isc_md_type_get_size(const isc_md_type_t *md_type) {
- STATIC_ASSERT(ISC_MAX_MD_SIZE >= EVP_MAX_MD_SIZE,
- "Change ISC_MAX_MD_SIZE to be greater than or equal to "
- "EVP_MAX_MD_SIZE");
- if (md_type != NULL) {
- return (size_t)EVP_MD_size(md_type);
- }
+isc_md_type_get_block_size(isc_md_type_t type) {
+ EVP_MD *evp;
- return ISC_MAX_MD_SIZE;
-}
-
-size_t
-isc_md_type_get_block_size(const isc_md_type_t *md_type) {
+ REQUIRE(type < ISC_MD_MAX);
STATIC_ASSERT(ISC_MAX_MD_SIZE >= EVP_MAX_MD_SIZE,
"Change ISC_MAX_MD_SIZE to be greater than or equal to "
"EVP_MAX_MD_SIZE");
- if (md_type != NULL) {
- return (size_t)EVP_MD_block_size(md_type);
+
+ evp = isc__crypto_md[type];
+ if (evp != NULL) {
+ return (size_t)EVP_MD_block_size(evp);
}
return ISC_MAX_MD_SIZE;
}
isc_result_t
-isc_md(const isc_md_type_t *md_type, const unsigned char *buf, const size_t len,
+isc_md(isc_md_type_t type, const unsigned char *buf, const size_t len,
unsigned char *digest, unsigned int *digestlen) {
isc_md_t *md;
isc_result_t res;
md = isc_md_new();
- res = isc_md_init(md, md_type);
+ res = isc_md_init(md, type);
if (res != ISC_R_SUCCESS) {
goto end;
}
#include <openssl/opensslv.h>
#include <openssl/ssl.h>
-#if !HAVE_EVP_MD_CTX_GET0_MD
-#define EVP_MD_CTX_get0_md EVP_MD_CTX_md
-#endif /* if !HAVE_EVP_MD_CTX_GET0_MD */
-
#if !HAVE_BIO_READ_EX
int
BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
#include <isc/ht.h>
#include <isc/log.h>
#include <isc/magic.h>
+#include <isc/md.h>
#include <isc/mem.h>
#include <isc/mutex.h>
#include <isc/once.h>
#include "openssl_shim.h"
+/* TODO(aydin): remove this crap */
+extern EVP_MD *isc__crypto_md[];
+
#define COMMON_SSL_OPTIONS \
(SSL_OP_NO_COMPRESSION | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
-1, -1, 0);
X509_set_issuer_name(cert, name);
- X509_sign(cert, pkey, isc__crypto_sha256);
+ X509_sign(cert, pkey, isc__crypto_md[ISC_MD_SHA256]);
rv = SSL_CTX_use_certificate(ctx, cert);
if (rv != 1) {
goto ssl_error;
static isc_result_t
sign(unsigned char *data, unsigned int length, unsigned char *out,
uint32_t algorithm, isccc_region_t *secret) {
- const isc_md_type_t *md_type;
+ isc_md_type_t md_type;
isccc_region_t source, target;
unsigned char digest[ISC_MAX_MD_SIZE];
unsigned int digestlen = sizeof(digest);
static isc_result_t
verify(isccc_sexpr_t *alist, unsigned char *data, unsigned int length,
uint32_t algorithm, isccc_region_t *secret) {
- const isc_md_type_t *md_type;
+ isc_md_type_t md_type;
isccc_region_t source;
isccc_region_t target;
isccc_sexpr_t *_auth, *hmacvalue;
'ERR_get_error_all': '#include <openssl/err.h>',
'BIO_read_ex': '#include <openssl/bio.h>',
'BIO_write_ex': '#include <openssl/bio.h>',
- 'EVP_MD_CTX_get0_md': '#include <openssl/evp.h>',
'EVP_PKEY_eq': '#include <openssl/evp.h>',
'SSL_CTX_set1_cert_store': '#include <openssl/ssl.h>',
}
static void
isc_hmac_test(isc_hmac_t *hmac_st, const void *key, size_t keylen,
- const isc_md_type_t *type, const char *buf, size_t buflen,
+ isc_md_type_t type, const char *buf, size_t buflen,
const char *result, const size_t repeats) {
isc_result_t res;
isc_hmac_t *hmac_st = *state;
assert_non_null(hmac_st);
- assert_int_equal(isc_hmac_init(hmac_st, "", 0, NULL),
+ assert_int_equal(isc_hmac_init(hmac_st, "", 0, ISC_MD_UNKNOWN),
ISC_R_NOTIMPLEMENTED);
if (!isc_crypto_fips_mode()) {
}
static void
-isc_md_test(isc_md_t *md, const isc_md_type_t *type, const char *buf,
- size_t buflen, const char *result, const size_t repeats) {
+isc_md_test(isc_md_t *md, isc_md_type_t type, const char *buf, size_t buflen,
+ const char *result, const size_t repeats) {
isc_result_t res;
assert_non_null(md);
expect_assert_failure(isc_md_init(NULL, ISC_MD_MD5));
- assert_int_equal(isc_md_init(md, NULL), ISC_R_NOTIMPLEMENTED);
+ assert_int_equal(isc_md_init(md, ISC_MD_UNKNOWN), ISC_R_NOTIMPLEMENTED);
if (isc_crypto_fips_mode()) {
assert_int_equal(isc_md_init(md, ISC_MD_MD5),
projects / thirdparty / bind9.git / commitdiff
