diff --git a/configure.ac b/configure.ac index 2415fce783..a32fb68f18 100644 --- a/configure.ac +++ b/configure.ac @@ -650,19 +650,6 @@ AC_COMPILE_IFELSE( AC_MSG_RESULT([yes])], [AC_MSG_RESULT([no])]) -AC_MSG_CHECKING([for SipHash support]) -AC_COMPILE_IFELSE( - [AC_LANG_PROGRAM([[#include - #include ]], - [[#if OPENSSL_VERSION_NUMBER < 0x10101010L - #error OpenSSL >= 1.1.1a required for working SipHash initialization - #endif - EVP_PKEY *key = EVP_PKEY_new_raw_private_key( - EVP_PKEY_SIPHASH, NULL, NULL, 0);]])], - [AC_DEFINE([HAVE_OPENSSL_SIPHASH], [1], [define if OpenSSL supports SipHash]) - AC_MSG_RESULT([yes])], - [AC_MSG_RESULT([no])]) - # # Check for OpenSSL SHA-1 support # diff --git a/lib/isc/siphash.c b/lib/isc/siphash.c index 87e3c285ec..cc1610f3f4 100644 --- a/lib/isc/siphash.c +++ b/lib/isc/siphash.c @@ -17,44 +17,6 @@ #include #include -/* - * Creation of EVP_MD_CTX and EVP_PKEY is quite expensive, until - * we fix the code to reuse the context and key we'll use our own - * implementation of siphash. - */ -#if 0 /* HAVE_OPENSSL_SIPHASH */ -#include - -void -isc_siphash24(const uint8_t*k,const uint8_t*in,const size_t inlen,uint8_t*out) -{ - REQUIRE(k != NULL); - REQUIRE(out != NULL); - size_t outlen = 8; - EVP_PKEY_CTX*pctx = NULL; - - EVP_MD_CTX*mctx = EVP_MD_CTX_new(); - EVP_PKEY*key = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH,NULL, - k,16); - RUNTIME_CHECK(mctx != NULL); - RUNTIME_CHECK(key != NULL); - - RUNTIME_CHECK(EVP_DigestSignInit(mctx,&pctx,NULL,NULL,key) == 1); - RUNTIME_CHECK(EVP_PKEY_CTX_ctrl(pctx,EVP_PKEY_SIPHASH, - EVP_PKEY_OP_SIGNCTX, - EVP_PKEY_CTRL_SET_DIGEST_SIZE,outlen, - NULL) == 1); - RUNTIME_CHECK(EVP_DigestSignUpdate(mctx,in,inlen) == 1); - RUNTIME_CHECK(EVP_DigestSignFinal(mctx,out,&outlen) == 1); - - ENSURE(outlen == 8); - - EVP_PKEY_free(key); - EVP_MD_CTX_free(mctx); -} - -#else /* HAVE_OPENSSL_SIPHASH */ - /* * The implementation is based on SipHash reference C implementation by * @@ -185,4 +147,3 @@ isc_siphash24(const uint8_t *k, const uint8_t *in, const size_t inlen, U64TO8_LE(out, b); } -#endif /* HAVE_OPENSSL_SIPHASH */ diff --git a/lib/isc/tests/siphash_test.c b/lib/isc/tests/siphash_test.c index 465d2565c9..7247e6310e 100644 --- a/lib/isc/tests/siphash_test.c +++ b/lib/isc/tests/siphash_test.c @@ -22,32 +22,7 @@ #include -void -native_isc_siphash24(const uint8_t *, const uint8_t *, const size_t, uint8_t *); - -#if HAVE_OPENSSL_SIPHASH - -void -openssl_isc_siphash24(const uint8_t *, const uint8_t *, const size_t, - uint8_t *); - -#undef HAVE_OPENSSL_SIPHASH -#define isc_siphash24 native_isc_siphash24 #include "../siphash.c" -#undef isc_siphash24 - -#define HAVE_OPENSSL_SIPHASH 1 -#define isc_siphash24 openssl_isc_siphash24 -#include "../siphash.c" -#undef isc_siphash24 - -#else /* if HAVE_OPENSSL_SIPHASH */ - -#define isc_siphash24 native_isc_siphash24 -#include "../siphash.c" -#undef isc_siphash24 - -#endif /* if HAVE_OPENSSL_SIPHASH */ const uint8_t vectors[64][8] = { { @@ -692,36 +667,18 @@ const uint8_t vectors[64][8] = { }, }; -#if HAVE_OPENSSL_SIPHASH static void -openssl_isc_siphash24_test(void **state) { +isc_siphash24_test(void **state) { UNUSED(state); uint8_t in[64], out[8], key[16]; - for (int i = 0; i < 16; i++) { + for (size_t i = 0; i < ARRAY_SIZE(key); i++) { key[i] = i; } - for (int i = 0; i < 64; i++) { + for (size_t i = 0; i < ARRAY_SIZE(in); i++) { in[i] = i; - openssl_isc_siphash24(key, in, i, out); - assert_memory_equal(out, vectors[i], 8); - } -} -#endif /* if HAVE_OPENSSL_SIPHASH */ - -static void -native_isc_siphash24_test(void **state) { - UNUSED(state); - - uint8_t in[64], out[8], key[16]; - for (int i = 0; i < 16; i++) { - key[i] = i; - } - - for (int i = 0; i < 64; i++) { - in[i] = i; - native_isc_siphash24(key, in, i, out); + isc_siphash24(key, in, i, out); assert_memory_equal(out, vectors[i], 8); } } @@ -729,10 +686,7 @@ native_isc_siphash24_test(void **state) { int main(void) { const struct CMUnitTest tests[] = { -#if HAVE_OPENSSL_SIPHASH - cmocka_unit_test(openssl_isc_siphash24_test), -#endif /* if HAVE_OPENSSL_SIPHASH */ - cmocka_unit_test(native_isc_siphash24_test), + cmocka_unit_test(isc_siphash24_test), }; return (cmocka_run_group_tests(tests, NULL, NULL));