From: Ondřej Surý <ondrej@isc.org>
Date: Thu, 12 Mar 2020 08:45:58 +0000 (+0100)
Subject: Stop leaking OpenSSL types and defines in the isc/hmac.h
X-Git-Tag: v9.16.3~29^2
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=8717ce376b425bb8e2380874a6f6b83a3d15d049;p=thirdparty%2Fbind9.git

Stop leaking OpenSSL types and defines in the isc/hmac.h

The <isc/md.h> header directly included <openssl/hmac.h> header which
enforced all users of the libisc library to explicitly list the include
path to OpenSSL and link with -lcrypto.  By hiding the specific
implementation into the private namespace, we no longer enforce this.
In the long run, this might also allow us to switch cryptographic
library implementation without affecting the downstream users.

(cherry picked from commit 70100c664a06bef484326c651b9fd29ec453a5fc)
---

diff --git a/lib/isc/hmac.c b/lib/isc/hmac.c
index 0d0ae36172a..7399792eba1 100644
--- a/lib/isc/hmac.c
+++ b/lib/isc/hmac.c
@@ -25,9 +25,9 @@
 
 isc_hmac_t *
 isc_hmac_new(void) {
-	isc_hmac_t *hmac = HMAC_CTX_new();
+	HMAC_CTX *hmac = HMAC_CTX_new();
 	RUNTIME_CHECK(hmac != NULL);
-	return (hmac);
+	return ((struct hmac *)hmac);
 }
 
 void
@@ -120,10 +120,8 @@ isc_result_t
 isc_hmac(const isc_md_type_t *type, const void *key, const int keylen,
 	 const unsigned char *buf, const size_t len, unsigned char *digest,
 	 unsigned int *digestlen) {
-	isc_hmac_t *hmac = NULL;
 	isc_result_t res;
-
-	hmac = isc_hmac_new();
+	isc_hmac_t *hmac = isc_hmac_new();
 
 	res = isc_hmac_init(hmac, key, keylen, type);
 	if (res != ISC_R_SUCCESS) {
diff --git a/lib/isc/include/isc/hmac.h b/lib/isc/include/isc/hmac.h
index e26bd35a297..5dcbcf71de2 100644
--- a/lib/isc/include/isc/hmac.h
+++ b/lib/isc/include/isc/hmac.h
@@ -22,9 +22,7 @@
 #include <isc/result.h>
 #include <isc/types.h>
 
-#include <openssl/hmac.h>
-
-typedef HMAC_CTX isc_hmac_t;
+typedef void isc_hmac_t;
 
 /**
  * isc_hmac: