Stop leaking OpenSSL types and defines in the isc/hmac.h

The <isc/md.h> header directly included <openssl/hmac.h> header which
enforced all users of the libisc library to explicitly list the include
path to OpenSSL and link with -lcrypto.  By hiding the specific
implementation into the private namespace, we no longer enforce this.
In the long run, this might also allow us to switch cryptographic
library implementation without affecting the downstream users.

(cherry picked from commit 70100c664a06bef484326c651b9fd29ec453a5fc)

diff --git a/lib/isc/hmac.c b/lib/isc/hmac.c
index 0d0ae36172a8e5278c96c9eb29114fa60ffa5787..7399792eba14890f4f69da4530b6e807cab5428d 100644 (file)
--- a/lib/isc/hmac.c
+++ b/lib/isc/hmac.c
@@ -25,9 +25,9 @@
 
 isc_hmac_t *
 isc_hmac_new(void) {
-       isc_hmac_t *hmac = HMAC_CTX_new();
+       HMAC_CTX *hmac = HMAC_CTX_new();
        RUNTIME_CHECK(hmac != NULL);
-       return (hmac);
+       return ((struct hmac *)hmac);
 }
 
 void
@@ -120,10 +120,8 @@ isc_result_t
 isc_hmac(const isc_md_type_t *type, const void *key, const int keylen,
         const unsigned char *buf, const size_t len, unsigned char *digest,
         unsigned int *digestlen) {
-       isc_hmac_t *hmac = NULL;
        isc_result_t res;
-
-       hmac = isc_hmac_new();
+       isc_hmac_t *hmac = isc_hmac_new();
 
        res = isc_hmac_init(hmac, key, keylen, type);
        if (res != ISC_R_SUCCESS) {

diff --git a/lib/isc/include/isc/hmac.h b/lib/isc/include/isc/hmac.h
index e26bd35a29743d3ff19a813e0dc9fb7a526c2be5..5dcbcf71de265aafb4038ff30939eec3710f4ff2 100644 (file)
--- a/lib/isc/include/isc/hmac.h
+++ b/lib/isc/include/isc/hmac.h
@@ -22,9 +22,7 @@
 #include <isc/result.h>
 #include <isc/types.h>
 
-#include <openssl/hmac.h>
-
-typedef HMAC_CTX isc_hmac_t;
+typedef void isc_hmac_t;
 
 /**
  * isc_hmac: