Use thread_local EVP_MD in isc_iterated_hash()

Cherry-pick small fixup commit from 9.18/9.16 branches needed for
thread-safety.  This fixup commit is not needed for 9.19+ because of
reworked application setup, but it decouples isc_iterated_hash and
isc_md units and keeps all the branches in sync.

diff --git a/lib/isc/iterated_hash.c b/lib/isc/iterated_hash.c
index cafbb5a9776f6e2d62f1bd1d1d351010bacdee09..263a7b9c6a7154bc0f255ce53090cd1958c65df5 100644 (file)
--- a/lib/isc/iterated_hash.c
+++ b/lib/isc/iterated_hash.c
@@ -11,6 +11,7 @@
  * information regarding copyright ownership.
  */
 
+#include <stdbool.h>
 #include <stdio.h>
 
 #include <openssl/opensslv.h>
@@ -79,11 +80,10 @@ isc__iterated_hash_shutdown(void) {
 
 #include <openssl/evp.h>
 
-#include <isc/md.h>
-
 static thread_local bool initialized = false;
 static thread_local EVP_MD_CTX *mdctx = NULL;
 static thread_local EVP_MD_CTX *basectx = NULL;
+static thread_local EVP_MD *md = NULL;
 
 int
 isc_iterated_hash(unsigned char *out, const unsigned int hashalg,
@@ -142,8 +142,10 @@ isc__iterated_hash_initialize(void) {
        INSIST(basectx != NULL);
        mdctx = EVP_MD_CTX_new();
        INSIST(mdctx != NULL);
+       md = EVP_MD_fetch(NULL, "SHA1", NULL);
+       INSIST(md != NULL);
 
-       RUNTIME_CHECK(EVP_DigestInit_ex(basectx, ISC_MD_SHA1, NULL) == 1);
+       RUNTIME_CHECK(EVP_DigestInit_ex(basectx, md, NULL) == 1);
        initialized = true;
 }
 
@@ -159,6 +161,8 @@ isc__iterated_hash_shutdown(void) {
        REQUIRE(basectx != NULL);
        EVP_MD_CTX_free(basectx);
        basectx = NULL;
+       EVP_MD_free(md);
+       md = NULL;
 
        initialized = false;
 }