mirror of
https://github.com/isc-projects/bind9.git
synced 2026-06-11 05:00:00 -04:00
Use OpenSSL 1.x SHA_CTX API in isc_iterated_hash()
If the OpenSSL SHA1_{Init,Update,Final} API is still available, use it.
The API has been deprecated in OpenSSL 3.0, but it is significantly
faster than EVP_MD API, so make an exception here and keep using it
until we can't.
(cherry picked from commit 25db8d0103)
This commit is contained in:
Ondřej Surý
Ondřej Surý
parent
a1dcbcab8d
commit
bf1a29e9e1
1 changed files with 70 additions and 7 deletions
|
|
@ -13,12 +13,64 @@
|
|||
|
||||
#include <stdio.h>
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/opensslv.h>
|
||||
|
||||
#include <isc/iterated_hash.h>
|
||||
#include <isc/md.h>
|
||||
#include <isc/util.h>
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
|
||||
|
||||
#include <openssl/sha.h>
|
||||
|
||||
int
|
||||
isc_iterated_hash(unsigned char *out, const unsigned int hashalg,
|
||||
const int iterations, const unsigned char *salt,
|
||||
const int saltlength, const unsigned char *in,
|
||||
const int inlength) {
|
||||
REQUIRE(out != NULL);
|
||||
|
||||
int n = 0;
|
||||
size_t len;
|
||||
const unsigned char *buf;
|
||||
SHA_CTX ctx;
|
||||
|
||||
if (hashalg != 1) {
|
||||
return (0);
|
||||
}
|
||||
|
||||
buf = in;
|
||||
len = inlength;
|
||||
|
||||
do {
|
||||
if (SHA1_Init(&ctx) != 1) {
|
||||
return (0);
|
||||
}
|
||||
|
||||
if (SHA1_Update(&ctx, buf, len) != 1) {
|
||||
return (0);
|
||||
}
|
||||
|
||||
if (SHA1_Update(&ctx, salt, saltlength) != 1) {
|
||||
return (0);
|
||||
}
|
||||
|
||||
if (SHA1_Final(out, &ctx) != 1) {
|
||||
return (0);
|
||||
}
|
||||
|
||||
buf = out;
|
||||
len = SHA_DIGEST_LENGTH;
|
||||
} while (n++ < iterations);
|
||||
|
||||
return (SHA_DIGEST_LENGTH);
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
#include <isc/md.h>
|
||||
|
||||
int
|
||||
isc_iterated_hash(unsigned char *out, const unsigned int hashalg,
|
||||
const int iterations, const unsigned char *salt,
|
||||
|
|
@ -30,18 +82,24 @@ isc_iterated_hash(unsigned char *out, const unsigned int hashalg,
|
|||
size_t len;
|
||||
unsigned int outlength = 0;
|
||||
const unsigned char *buf;
|
||||
EVP_MD_CTX *ctx = EVP_MD_CTX_create();
|
||||
|
||||
RUNTIME_CHECK(ctx != NULL);
|
||||
EVP_MD_CTX *ctx;
|
||||
;
|
||||
EVP_MD *md;
|
||||
|
||||
if (hashalg != 1) {
|
||||
return (0);
|
||||
}
|
||||
|
||||
len = inlength;
|
||||
ctx = EVP_MD_CTX_new();
|
||||
RUNTIME_CHECK(ctx != NULL);
|
||||
md = EVP_MD_fetch(NULL, "SHA1", NULL);
|
||||
RUNTIME_CHECK(md != NULL);
|
||||
|
||||
buf = in;
|
||||
len = inlength;
|
||||
|
||||
do {
|
||||
if (EVP_DigestInit_ex(ctx, ISC_MD_SHA1, NULL) != 1) {
|
||||
if (EVP_DigestInit_ex(ctx, md, NULL) != 1) {
|
||||
goto fail;
|
||||
}
|
||||
|
||||
|
|
@ -62,10 +120,15 @@ isc_iterated_hash(unsigned char *out, const unsigned int hashalg,
|
|||
} while (n++ < iterations);
|
||||
|
||||
EVP_MD_CTX_free(ctx);
|
||||
EVP_MD_free(md);
|
||||
|
||||
return (outlength);
|
||||
|
||||
fail:
|
||||
EVP_MD_CTX_free(ctx);
|
||||
EVP_MD_free(md);
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
|
|
|||
Loading…
Reference in a new issue