]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
Use OpenSSL 1.x SHA_CTX API in isc_iterated_hash()
authorOndřej Surý <ondrej@isc.org>
Mon, 16 Jan 2023 11:56:53 +0000 (12:56 +0100)
committerOndřej Surý <ondrej@isc.org>
Wed, 18 Jan 2023 18:36:17 +0000 (19:36 +0100)
If the OpenSSL SHA1_{Init,Update,Final} API is still available, use it.
The API has been deprecated in OpenSSL 3.0, but it is significantly
faster than EVP_MD API, so make an exception here and keep using it
until we can't.

lib/isc/iterated_hash.c

index 5e5b67c388483414249b7616785c94673c33f244..a2a6e234cfb3f84cd7fec80ace98596ab5cccacd 100644 (file)
 
 #include <stdio.h>
 
-#include <openssl/evp.h>
+#include <openssl/opensslv.h>
 
 #include <isc/iterated_hash.h>
-#include <isc/md.h>
 #include <isc/util.h>
 
+#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
+
+#include <openssl/sha.h>
+
+int
+isc_iterated_hash(unsigned char *out, const unsigned int hashalg,
+                 const int iterations, const unsigned char *salt,
+                 const int saltlength, const unsigned char *in,
+                 const int inlength) {
+       REQUIRE(out != NULL);
+
+       int n = 0;
+       size_t len;
+       const unsigned char *buf;
+       SHA_CTX ctx;
+
+       if (hashalg != 1) {
+               return (0);
+       }
+
+       buf = in;
+       len = inlength;
+
+       do {
+               if (SHA1_Init(&ctx) != 1) {
+                       return (0);
+               }
+
+               if (SHA1_Update(&ctx, buf, len) != 1) {
+                       return (0);
+               }
+
+               if (SHA1_Update(&ctx, salt, saltlength) != 1) {
+                       return (0);
+               }
+
+               if (SHA1_Final(out, &ctx) != 1) {
+                       return (0);
+               }
+
+               buf = out;
+               len = SHA_DIGEST_LENGTH;
+       } while (n++ < iterations);
+
+       return (SHA_DIGEST_LENGTH);
+}
+
+#else
+
+#include <openssl/evp.h>
+
+#include <isc/md.h>
+
 int
 isc_iterated_hash(unsigned char *out, const unsigned int hashalg,
                  const int iterations, const unsigned char *salt,
@@ -38,8 +90,9 @@ isc_iterated_hash(unsigned char *out, const unsigned int hashalg,
                return (0);
        }
 
-       len = inlength;
        buf = in;
+       len = inlength;
+
        do {
                if (EVP_DigestInit_ex(ctx, ISC_MD_SHA1, NULL) != 1) {
                        goto fail;
@@ -69,3 +122,5 @@ fail:
        EVP_MD_CTX_free(ctx);
        return (0);
 }
+
+#endif