From: Ondřej Surý Date: Mon, 16 Jan 2023 11:56:53 +0000 (+0100) Subject: Use OpenSSL 1.x SHA_CTX API in isc_iterated_hash() X-Git-Tag: v9.19.10~34^2~2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=25db8d010337b8f62705b44a7f01aa4658ce1c6f;p=thirdparty%2Fbind9.git Use OpenSSL 1.x SHA_CTX API in isc_iterated_hash() If the OpenSSL SHA1_{Init,Update,Final} API is still available, use it. The API has been deprecated in OpenSSL 3.0, but it is significantly faster than EVP_MD API, so make an exception here and keep using it until we can't. --- diff --git a/lib/isc/iterated_hash.c b/lib/isc/iterated_hash.c index 5e5b67c3884..a2a6e234cfb 100644 --- a/lib/isc/iterated_hash.c +++ b/lib/isc/iterated_hash.c @@ -13,12 +13,64 @@ #include -#include +#include #include -#include #include +#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 + +#include + +int +isc_iterated_hash(unsigned char *out, const unsigned int hashalg, + const int iterations, const unsigned char *salt, + const int saltlength, const unsigned char *in, + const int inlength) { + REQUIRE(out != NULL); + + int n = 0; + size_t len; + const unsigned char *buf; + SHA_CTX ctx; + + if (hashalg != 1) { + return (0); + } + + buf = in; + len = inlength; + + do { + if (SHA1_Init(&ctx) != 1) { + return (0); + } + + if (SHA1_Update(&ctx, buf, len) != 1) { + return (0); + } + + if (SHA1_Update(&ctx, salt, saltlength) != 1) { + return (0); + } + + if (SHA1_Final(out, &ctx) != 1) { + return (0); + } + + buf = out; + len = SHA_DIGEST_LENGTH; + } while (n++ < iterations); + + return (SHA_DIGEST_LENGTH); +} + +#else + +#include + +#include + int isc_iterated_hash(unsigned char *out, const unsigned int hashalg, const int iterations, const unsigned char *salt, @@ -38,8 +90,9 @@ isc_iterated_hash(unsigned char *out, const unsigned int hashalg, return (0); } - len = inlength; buf = in; + len = inlength; + do { if (EVP_DigestInit_ex(ctx, ISC_MD_SHA1, NULL) != 1) { goto fail; @@ -69,3 +122,5 @@ fail: EVP_MD_CTX_free(ctx); return (0); } + +#endif