From 97627c554b6cf20b3ac747bfebb1635c10a5d87f Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Fri, 24 Feb 2023 12:59:18 +1100 Subject: [PATCH] Test whether the crypto library supports the HMAC algorithm When initialising HMAC support check that the crypto library supports the algorithm rather than just assuming it is supported. --- lib/dns/dst_api.c | 4 +--- lib/dns/hmac_link.c | 8 +++++++- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c index 4cd63395c26..ff58b9a87cc 100644 --- a/lib/dns/dst_api.c +++ b/lib/dns/dst_api.c @@ -199,9 +199,7 @@ dst_lib_init(isc_mem_t *mctx, const char *engine) { memset(dst_t_func, 0, sizeof(dst_t_func)); RETERR(dst__openssl_init(engine)); /* Sets FIPS mode. */ - if (!isc_fips_mode()) { - RETERR(dst__hmacmd5_init(&dst_t_func[DST_ALG_HMACMD5])); - } + RETERR(dst__hmacmd5_init(&dst_t_func[DST_ALG_HMACMD5])); RETERR(dst__hmacsha1_init(&dst_t_func[DST_ALG_HMACSHA1])); RETERR(dst__hmacsha224_init(&dst_t_func[DST_ALG_HMACSHA224])); RETERR(dst__hmacsha256_init(&dst_t_func[DST_ALG_HMACSHA256])); diff --git a/lib/dns/hmac_link.c b/lib/dns/hmac_link.c index d099d9e65fc..2c900080b85 100644 --- a/lib/dns/hmac_link.c +++ b/lib/dns/hmac_link.c @@ -127,7 +127,13 @@ isc_result_t dst__hmac##alg##_init(dst_func_t **funcp) { \ REQUIRE(funcp != NULL); \ if (*funcp == NULL) { \ - *funcp = &hmac##alg##_functions; \ + isc_hmac_t *ctx = isc_hmac_new(); \ + if (isc_hmac_init(ctx, "test", 4, ISC_MD_##alg) == \ + ISC_R_SUCCESS) \ + { \ + *funcp = &hmac##alg##_functions; \ + } \ + isc_hmac_free(ctx); \ } \ return (ISC_R_SUCCESS); \ } -- 2.47.3