mirror of
https://github.com/isc-projects/bind9.git
synced 2026-06-10 18:40:00 -04:00
Hardened OpenSSL digest/HMAC calls [RT #37944]
This commit is contained in:
Francis Dupont
parent
2d21161222
commit
cb5b973a9e
11 changed files with 195 additions and 18 deletions
5
CHANGES
5
CHANGES
|
|
@ -1,3 +1,8 @@
|
|||
4012. [bug] Check returned status of OpenSSL digest and HMAC
|
||||
functions when they return one. Note this applies
|
||||
only to FIPS capable OpenSSL libraries put in
|
||||
FIPS mode and MD5. [RT #37944]
|
||||
|
||||
4011. [bug] master's list port inheritance was not properly
|
||||
implemented. [RT #37792]
|
||||
|
||||
|
|
|
|||
|
|
@ -391,6 +391,9 @@ int sigwait(const unsigned int *set, int *sig);
|
|||
/* Define to 1 if you have the `usleep' function. */
|
||||
#undef HAVE_USLEEP
|
||||
|
||||
/* HMAC_*() return ints */
|
||||
#undef HMAC_RETURN_INT
|
||||
|
||||
/* return type of gai_strerror */
|
||||
#undef IRS_GAISTRERROR_RETURN_T
|
||||
|
||||
|
|
|
|||
|
|
@ -331,6 +331,9 @@ typedef __int64 off_t;
|
|||
/* Define if your OpenSSL version supports GOST. */
|
||||
@HAVE_OPENSSL_GOST@
|
||||
|
||||
/* HMAC_*() return ints */
|
||||
@HMAC_RETURN_INT@
|
||||
|
||||
/* Define to 1 if you have the `readline' function. */
|
||||
@HAVE_READLINE@
|
||||
|
||||
|
|
|
|||
38
configure
vendored
38
configure
vendored
|
|
@ -14013,6 +14013,44 @@ case $want_openssl_hash in
|
|||
fi
|
||||
ISC_PLATFORM_OPENSSLHASH="#define ISC_PLATFORM_OPENSSLHASH 1"
|
||||
ISC_OPENSSL_INC="$DST_OPENSSL_INC"
|
||||
ISC_OPENSSL_LIBS="$DST_OPENSSL_LIBS"
|
||||
saved_cflags="$CFLAGS"
|
||||
save_libs="$LIBS"
|
||||
CFLAGS="$CFLAGS $ISC_OPENSSL_INC"
|
||||
LIBS="$LIBS $ISC_OPENSSL_LIBS"
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking HMAC_Init() return type" >&5
|
||||
$as_echo_n "checking HMAC_Init() return type... " >&6; }
|
||||
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||
/* end confdefs.h. */
|
||||
|
||||
#include <openssl/hmac.h>
|
||||
int
|
||||
main ()
|
||||
{
|
||||
|
||||
HMAC_CTX ctx;
|
||||
int n = HMAC_Init(&ctx, NULL, 0, NULL);
|
||||
n += HMAC_Update(&ctx, NULL, 0);
|
||||
n += HMAC_Final(&ctx, NULL, NULL);
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
_ACEOF
|
||||
if ac_fn_c_try_compile "$LINENO"; then :
|
||||
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: int" >&5
|
||||
$as_echo "int" >&6; }
|
||||
|
||||
$as_echo "#define HMAC_RETURN_INT 1" >>confdefs.h
|
||||
|
||||
else
|
||||
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: void" >&5
|
||||
$as_echo "void" >&6; }
|
||||
fi
|
||||
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
|
||||
CFLAGS="$saved_cflags"
|
||||
LIBS="$save_libs"
|
||||
;;
|
||||
no)
|
||||
ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH"
|
||||
|
|
|
|||
17
configure.in
17
configure.in
|
|
@ -979,6 +979,23 @@ case $want_openssl_hash in
|
|||
fi
|
||||
ISC_PLATFORM_OPENSSLHASH="#define ISC_PLATFORM_OPENSSLHASH 1"
|
||||
ISC_OPENSSL_INC="$DST_OPENSSL_INC"
|
||||
ISC_OPENSSL_LIBS="$DST_OPENSSL_LIBS"
|
||||
saved_cflags="$CFLAGS"
|
||||
save_libs="$LIBS"
|
||||
CFLAGS="$CFLAGS $ISC_OPENSSL_INC"
|
||||
LIBS="$LIBS $ISC_OPENSSL_LIBS"
|
||||
AC_MSG_CHECKING([HMAC_Init() return type])
|
||||
AC_TRY_COMPILE([
|
||||
#include <openssl/hmac.h>],[
|
||||
HMAC_CTX ctx;
|
||||
int n = HMAC_Init(&ctx, NULL, 0, NULL);
|
||||
n += HMAC_Update(&ctx, NULL, 0);
|
||||
n += HMAC_Final(&ctx, NULL, NULL);],[
|
||||
AC_MSG_RESULT(int)
|
||||
AC_DEFINE(HMAC_RETURN_INT, 1, [HMAC_*() return ints])],[
|
||||
AC_MSG_RESULT(void)])
|
||||
CFLAGS="$saved_cflags"
|
||||
LIBS="$save_libs"
|
||||
;;
|
||||
no)
|
||||
ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH"
|
||||
|
|
|
|||
|
|
@ -39,7 +39,12 @@ void
|
|||
isc_hmacmd5_init(isc_hmacmd5_t *ctx, const unsigned char *key,
|
||||
unsigned int len)
|
||||
{
|
||||
#ifdef HMAC_RETURN_INT
|
||||
RUNTIME_CHECK(HMAC_Init(ctx, (const void *) key,
|
||||
(int) len, EVP_md5()) == 1);
|
||||
#else
|
||||
HMAC_Init(ctx, (const void *) key, (int) len, EVP_md5());
|
||||
#endif
|
||||
}
|
||||
|
||||
void
|
||||
|
|
@ -51,12 +56,20 @@ void
|
|||
isc_hmacmd5_update(isc_hmacmd5_t *ctx, const unsigned char *buf,
|
||||
unsigned int len)
|
||||
{
|
||||
#ifdef HMAC_RETURN_INT
|
||||
RUNTIME_CHECK(HMAC_Update(ctx, buf, (int) len) == 1);
|
||||
#else
|
||||
HMAC_Update(ctx, buf, (int) len);
|
||||
#endif
|
||||
}
|
||||
|
||||
void
|
||||
isc_hmacmd5_sign(isc_hmacmd5_t *ctx, unsigned char *digest) {
|
||||
#ifdef HMAC_RETURN_INT
|
||||
RUNTIME_CHECK(HMAC_Final(ctx, digest, NULL) == 1);
|
||||
#else
|
||||
HMAC_Final(ctx, digest, NULL);
|
||||
#endif
|
||||
HMAC_CTX_cleanup(ctx);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -40,7 +40,12 @@ void
|
|||
isc_hmacsha1_init(isc_hmacsha1_t *ctx, const unsigned char *key,
|
||||
unsigned int len)
|
||||
{
|
||||
#ifdef HMAC_RETURN_INT
|
||||
RUNTIME_CHECK(HMAC_Init(ctx, (const void *) key,
|
||||
(int) len, EVP_sha1()) == 1);
|
||||
#else
|
||||
HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha1());
|
||||
#endif
|
||||
}
|
||||
|
||||
void
|
||||
|
|
@ -52,7 +57,11 @@ void
|
|||
isc_hmacsha1_update(isc_hmacsha1_t *ctx, const unsigned char *buf,
|
||||
unsigned int len)
|
||||
{
|
||||
#ifdef HMAC_RETURN_INT
|
||||
RUNTIME_CHECK(HMAC_Update(ctx, buf, (int) len) == 1);
|
||||
#else
|
||||
HMAC_Update(ctx, buf, (int) len);
|
||||
#endif
|
||||
}
|
||||
|
||||
void
|
||||
|
|
@ -61,7 +70,11 @@ isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
|
|||
|
||||
REQUIRE(len <= ISC_SHA1_DIGESTLENGTH);
|
||||
|
||||
#ifdef HMAC_RETURN_INT
|
||||
RUNTIME_CHECK(HMAC_Final(ctx, newdigest, NULL) == 1);
|
||||
#else
|
||||
HMAC_Final(ctx, newdigest, NULL);
|
||||
#endif
|
||||
HMAC_CTX_cleanup(ctx);
|
||||
memmove(digest, newdigest, len);
|
||||
memset(newdigest, 0, sizeof(newdigest));
|
||||
|
|
@ -71,7 +84,12 @@ void
|
|||
isc_hmacsha224_init(isc_hmacsha224_t *ctx, const unsigned char *key,
|
||||
unsigned int len)
|
||||
{
|
||||
#ifdef HMAC_RETURN_INT
|
||||
RUNTIME_CHECK(HMAC_Init(ctx, (const void *) key,
|
||||
(int) len, EVP_sha224()) == 1);
|
||||
#else
|
||||
HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha224());
|
||||
#endif
|
||||
}
|
||||
|
||||
void
|
||||
|
|
@ -83,7 +101,11 @@ void
|
|||
isc_hmacsha224_update(isc_hmacsha224_t *ctx, const unsigned char *buf,
|
||||
unsigned int len)
|
||||
{
|
||||
#ifdef HMAC_RETURN_INT
|
||||
RUNTIME_CHECK(HMAC_Update(ctx, buf, (int) len) == 1);
|
||||
#else
|
||||
HMAC_Update(ctx, buf, (int) len);
|
||||
#endif
|
||||
}
|
||||
|
||||
void
|
||||
|
|
@ -92,7 +114,11 @@ isc_hmacsha224_sign(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) {
|
|||
|
||||
REQUIRE(len <= ISC_SHA224_DIGESTLENGTH);
|
||||
|
||||
#ifdef HMAC_RETURN_INT
|
||||
RUNTIME_CHECK(HMAC_Final(ctx, newdigest, NULL) == 1);
|
||||
#else
|
||||
HMAC_Final(ctx, newdigest, NULL);
|
||||
#endif
|
||||
HMAC_CTX_cleanup(ctx);
|
||||
memmove(digest, newdigest, len);
|
||||
memset(newdigest, 0, sizeof(newdigest));
|
||||
|
|
@ -102,7 +128,12 @@ void
|
|||
isc_hmacsha256_init(isc_hmacsha256_t *ctx, const unsigned char *key,
|
||||
unsigned int len)
|
||||
{
|
||||
#ifdef HMAC_RETURN_INT
|
||||
RUNTIME_CHECK(HMAC_Init(ctx, (const void *) key,
|
||||
(int) len, EVP_sha256()) == 1);
|
||||
#else
|
||||
HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha256());
|
||||
#endif
|
||||
}
|
||||
|
||||
void
|
||||
|
|
@ -114,7 +145,11 @@ void
|
|||
isc_hmacsha256_update(isc_hmacsha256_t *ctx, const unsigned char *buf,
|
||||
unsigned int len)
|
||||
{
|
||||
#ifdef HMAC_RETURN_INT
|
||||
RUNTIME_CHECK(HMAC_Update(ctx, buf, (int) len) == 1);
|
||||
#else
|
||||
HMAC_Update(ctx, buf, (int) len);
|
||||
#endif
|
||||
}
|
||||
|
||||
void
|
||||
|
|
@ -123,7 +158,11 @@ isc_hmacsha256_sign(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) {
|
|||
|
||||
REQUIRE(len <= ISC_SHA256_DIGESTLENGTH);
|
||||
|
||||
#ifdef HMAC_RETURN_INT
|
||||
RUNTIME_CHECK(HMAC_Final(ctx, newdigest, NULL) == 1);
|
||||
#else
|
||||
HMAC_Final(ctx, newdigest, NULL);
|
||||
#endif
|
||||
HMAC_CTX_cleanup(ctx);
|
||||
memmove(digest, newdigest, len);
|
||||
memset(newdigest, 0, sizeof(newdigest));
|
||||
|
|
@ -133,7 +172,12 @@ void
|
|||
isc_hmacsha384_init(isc_hmacsha384_t *ctx, const unsigned char *key,
|
||||
unsigned int len)
|
||||
{
|
||||
#ifdef HMAC_RETURN_INT
|
||||
RUNTIME_CHECK(HMAC_Init(ctx, (const void *) key,
|
||||
(int) len, EVP_sha384()) == 1);
|
||||
#else
|
||||
HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha384());
|
||||
#endif
|
||||
}
|
||||
|
||||
void
|
||||
|
|
@ -145,7 +189,11 @@ void
|
|||
isc_hmacsha384_update(isc_hmacsha384_t *ctx, const unsigned char *buf,
|
||||
unsigned int len)
|
||||
{
|
||||
#ifdef HMAC_RETURN_INT
|
||||
RUNTIME_CHECK(HMAC_Update(ctx, buf, (int) len) == 1);
|
||||
#else
|
||||
HMAC_Update(ctx, buf, (int) len);
|
||||
#endif
|
||||
}
|
||||
|
||||
void
|
||||
|
|
@ -154,7 +202,11 @@ isc_hmacsha384_sign(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) {
|
|||
|
||||
REQUIRE(len <= ISC_SHA384_DIGESTLENGTH);
|
||||
|
||||
#ifdef HMAC_RETURN_INT
|
||||
RUNTIME_CHECK(HMAC_Final(ctx, newdigest, NULL) == 1);
|
||||
#else
|
||||
HMAC_Final(ctx, newdigest, NULL);
|
||||
#endif
|
||||
HMAC_CTX_cleanup(ctx);
|
||||
memmove(digest, newdigest, len);
|
||||
memset(newdigest, 0, sizeof(newdigest));
|
||||
|
|
@ -164,7 +216,12 @@ void
|
|||
isc_hmacsha512_init(isc_hmacsha512_t *ctx, const unsigned char *key,
|
||||
unsigned int len)
|
||||
{
|
||||
#ifdef HMAC_RETURN_INT
|
||||
RUNTIME_CHECK(HMAC_Init(ctx, (const void *) key,
|
||||
(int) len, EVP_sha512()) == 1);
|
||||
#else
|
||||
HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha512());
|
||||
#endif
|
||||
}
|
||||
|
||||
void
|
||||
|
|
@ -176,7 +233,11 @@ void
|
|||
isc_hmacsha512_update(isc_hmacsha512_t *ctx, const unsigned char *buf,
|
||||
unsigned int len)
|
||||
{
|
||||
#ifdef HMAC_RETURN_INT
|
||||
RUNTIME_CHECK(HMAC_Update(ctx, buf, (int) len) == 1);
|
||||
#else
|
||||
HMAC_Update(ctx, buf, (int) len);
|
||||
#endif
|
||||
}
|
||||
|
||||
void
|
||||
|
|
@ -185,7 +246,11 @@ isc_hmacsha512_sign(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) {
|
|||
|
||||
REQUIRE(len <= ISC_SHA512_DIGESTLENGTH);
|
||||
|
||||
#ifdef HMAC_RETURN_INT
|
||||
RUNTIME_CHECK(HMAC_Final(ctx, newdigest, NULL) == 1);
|
||||
#else
|
||||
HMAC_Final(ctx, newdigest, NULL);
|
||||
#endif
|
||||
HMAC_CTX_cleanup(ctx);
|
||||
memmove(digest, newdigest, len);
|
||||
memset(newdigest, 0, sizeof(newdigest));
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@
|
|||
|
||||
void
|
||||
isc_md5_init(isc_md5_t *ctx) {
|
||||
EVP_DigestInit(ctx, EVP_md5());
|
||||
RUNTIME_CHECK(EVP_DigestInit(ctx, EVP_md5()) == 1);
|
||||
}
|
||||
|
||||
void
|
||||
|
|
@ -57,12 +57,14 @@ isc_md5_invalidate(isc_md5_t *ctx) {
|
|||
|
||||
void
|
||||
isc_md5_update(isc_md5_t *ctx, const unsigned char *buf, unsigned int len) {
|
||||
EVP_DigestUpdate(ctx, (const void *) buf, (size_t) len);
|
||||
RUNTIME_CHECK(EVP_DigestUpdate(ctx,
|
||||
(const void *) buf,
|
||||
(size_t) len) == 1);
|
||||
}
|
||||
|
||||
void
|
||||
isc_md5_final(isc_md5_t *ctx, unsigned char *digest) {
|
||||
EVP_DigestFinal(ctx, digest, NULL);
|
||||
RUNTIME_CHECK(EVP_DigestFinal(ctx, digest, NULL) == 1);
|
||||
}
|
||||
|
||||
#else
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@ isc_sha1_init(isc_sha1_t *context)
|
|||
{
|
||||
INSIST(context != NULL);
|
||||
|
||||
EVP_DigestInit(context, EVP_sha1());
|
||||
RUNTIME_CHECK(EVP_DigestInit(context, EVP_sha1()) == 1);
|
||||
}
|
||||
|
||||
void
|
||||
|
|
@ -66,7 +66,9 @@ isc_sha1_update(isc_sha1_t *context, const unsigned char *data,
|
|||
INSIST(context != 0);
|
||||
INSIST(data != 0);
|
||||
|
||||
EVP_DigestUpdate(context, (const void *) data, (size_t) len);
|
||||
RUNTIME_CHECK(EVP_DigestUpdate(context,
|
||||
(const void *) data,
|
||||
(size_t) len) == 1);
|
||||
}
|
||||
|
||||
void
|
||||
|
|
@ -74,7 +76,7 @@ isc_sha1_final(isc_sha1_t *context, unsigned char *digest) {
|
|||
INSIST(digest != 0);
|
||||
INSIST(context != 0);
|
||||
|
||||
EVP_DigestFinal(context, digest, NULL);
|
||||
RUNTIME_CHECK(EVP_DigestFinal(context, digest, NULL) == 1);
|
||||
}
|
||||
|
||||
#else
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ isc_sha224_init(isc_sha224_t *context) {
|
|||
if (context == (isc_sha224_t *)0) {
|
||||
return;
|
||||
}
|
||||
EVP_DigestInit(context, EVP_sha224());
|
||||
RUNTIME_CHECK(EVP_DigestInit(context, EVP_sha224()) == 1);
|
||||
}
|
||||
|
||||
void
|
||||
|
|
@ -88,7 +88,8 @@ isc_sha224_update(isc_sha224_t *context, const isc_uint8_t* data, size_t len) {
|
|||
/* Sanity check: */
|
||||
REQUIRE(context != (isc_sha224_t *)0 && data != (isc_uint8_t*)0);
|
||||
|
||||
EVP_DigestUpdate(context, (const void *) data, len);
|
||||
RUNTIME_CHECK(EVP_DigestUpdate(context,
|
||||
(const void *) data, len) == 1);
|
||||
}
|
||||
|
||||
void
|
||||
|
|
@ -98,7 +99,7 @@ isc_sha224_final(isc_uint8_t digest[], isc_sha224_t *context) {
|
|||
|
||||
/* If no digest buffer is passed, we don't bother doing this: */
|
||||
if (digest != (isc_uint8_t*)0) {
|
||||
EVP_DigestFinal(context, digest, NULL);
|
||||
RUNTIME_CHECK(EVP_DigestFinal(context, digest, NULL) == 1);
|
||||
} else {
|
||||
EVP_MD_CTX_cleanup(context);
|
||||
}
|
||||
|
|
@ -109,7 +110,7 @@ isc_sha256_init(isc_sha256_t *context) {
|
|||
if (context == (isc_sha256_t *)0) {
|
||||
return;
|
||||
}
|
||||
EVP_DigestInit(context, EVP_sha256());
|
||||
RUNTIME_CHECK(EVP_DigestInit(context, EVP_sha256()) == 1);
|
||||
}
|
||||
|
||||
void
|
||||
|
|
@ -127,7 +128,8 @@ isc_sha256_update(isc_sha256_t *context, const isc_uint8_t *data, size_t len) {
|
|||
/* Sanity check: */
|
||||
REQUIRE(context != (isc_sha256_t *)0 && data != (isc_uint8_t*)0);
|
||||
|
||||
EVP_DigestUpdate(context, (const void *) data, len);
|
||||
RUNTIME_CHECK(EVP_DigestUpdate(context,
|
||||
(const void *) data, len) == 1);
|
||||
}
|
||||
|
||||
void
|
||||
|
|
@ -137,7 +139,7 @@ isc_sha256_final(isc_uint8_t digest[], isc_sha256_t *context) {
|
|||
|
||||
/* If no digest buffer is passed, we don't bother doing this: */
|
||||
if (digest != (isc_uint8_t*)0) {
|
||||
EVP_DigestFinal(context, digest, NULL);
|
||||
RUNTIME_CHECK(EVP_DigestFinal(context, digest, NULL) == 1);
|
||||
} else {
|
||||
EVP_MD_CTX_cleanup(context);
|
||||
}
|
||||
|
|
@ -148,7 +150,7 @@ isc_sha512_init(isc_sha512_t *context) {
|
|||
if (context == (isc_sha512_t *)0) {
|
||||
return;
|
||||
}
|
||||
EVP_DigestInit(context, EVP_sha512());
|
||||
RUNTIME_CHECK(EVP_DigestInit(context, EVP_sha512()) == 1);
|
||||
}
|
||||
|
||||
void
|
||||
|
|
@ -165,7 +167,8 @@ void isc_sha512_update(isc_sha512_t *context, const isc_uint8_t *data, size_t le
|
|||
/* Sanity check: */
|
||||
REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0);
|
||||
|
||||
EVP_DigestUpdate(context, (const void *) data, len);
|
||||
RUNTIME_CHECK(EVP_DigestUpdate(context,
|
||||
(const void *) data, len) == 1);
|
||||
}
|
||||
|
||||
void isc_sha512_final(isc_uint8_t digest[], isc_sha512_t *context) {
|
||||
|
|
@ -174,7 +177,7 @@ void isc_sha512_final(isc_uint8_t digest[], isc_sha512_t *context) {
|
|||
|
||||
/* If no digest buffer is passed, we don't bother doing this: */
|
||||
if (digest != (isc_uint8_t*)0) {
|
||||
EVP_DigestFinal(context, digest, NULL);
|
||||
RUNTIME_CHECK(EVP_DigestFinal(context, digest, NULL) == 1);
|
||||
} else {
|
||||
EVP_MD_CTX_cleanup(context);
|
||||
}
|
||||
|
|
@ -185,7 +188,7 @@ isc_sha384_init(isc_sha384_t *context) {
|
|||
if (context == (isc_sha384_t *)0) {
|
||||
return;
|
||||
}
|
||||
EVP_DigestInit(context, EVP_sha384());
|
||||
RUNTIME_CHECK(EVP_DigestInit(context, EVP_sha384()) == 1);
|
||||
}
|
||||
|
||||
void
|
||||
|
|
@ -203,7 +206,8 @@ isc_sha384_update(isc_sha384_t *context, const isc_uint8_t* data, size_t len) {
|
|||
/* Sanity check: */
|
||||
REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0);
|
||||
|
||||
EVP_DigestUpdate(context, (const void *) data, len);
|
||||
RUNTIME_CHECK(EVP_DigestUpdate(context,
|
||||
(const void *) data, len) == 1);
|
||||
}
|
||||
|
||||
void
|
||||
|
|
@ -213,7 +217,7 @@ isc_sha384_final(isc_uint8_t digest[], isc_sha384_t *context) {
|
|||
|
||||
/* If no digest buffer is passed, we don't bother doing this: */
|
||||
if (digest != (isc_uint8_t*)0) {
|
||||
EVP_DigestFinal(context, digest, NULL);
|
||||
RUNTIME_CHECK(EVP_DigestFinal(context, digest, NULL) == 1);
|
||||
} else {
|
||||
EVP_MD_CTX_cleanup(context);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -321,6 +321,7 @@ my @substdefh = ("ALLOW_FILTER_AAAA",
|
|||
"HAVE_OPENSSL_ECDSA",
|
||||
"HAVE_OPENSSL_GOST",
|
||||
"HAVE_READLINE",
|
||||
"HMAC_RETURN_INT",
|
||||
"ISC_LIST_CHECKINIT",
|
||||
"WITH_IDN");
|
||||
|
||||
|
|
@ -1527,6 +1528,30 @@ if ($enable_openssl_hash eq "yes") {
|
|||
die "No OpenSSL for hash functions\n";
|
||||
}
|
||||
$configdefp{"ISC_PLATFORM_OPENSSLHASH"} = 1;
|
||||
if ($verbose) {
|
||||
print "checking HMAC_Init() return type\n";
|
||||
}
|
||||
open F, ">testhmac.c" || die $!;
|
||||
print F << 'EOF';
|
||||
#include <openssl/hmac.h>
|
||||
|
||||
int
|
||||
main(void)
|
||||
{
|
||||
HMAC_CTX ctx;
|
||||
int n = HMAC_Init(&ctx, NULL, 0, NULL);
|
||||
n += HMAC_Update(&ctx, NULL, 0);
|
||||
n += HMAC_Final(&ctx, NULL, NULL);
|
||||
return(n);
|
||||
}
|
||||
EOF
|
||||
close F;
|
||||
my $include = $configinc{"OPENSSL_INC"};
|
||||
my $library = $configlib{"OPENSSL_LIB"};
|
||||
$compret = `cl /nologo /MD /I "$include" testhmac.c "$library"`;
|
||||
if (grep { -f and -x } ".\\testhmac.exe") {
|
||||
$configdefh{"HMAC_RETURN_INT"} = 1;
|
||||
}
|
||||
}
|
||||
|
||||
# with-pkcs11
|
||||
|
|
|
|||
Loading…
Reference in a new issue