upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

switch isc_md_type_t to a proper enum

Browse source 
Get rid of the OpenSSL-isms that plague the codebase where the hash type
is `EVP_MD *`

By using a proper enum, alongside the cleanup, we also get the ability
to use constants for known hash sizes instead of having a function call
every time.

`EVP_MD_CTX_get0_md` has been removed instead of being adapted since it
wasn't used anymore.
This commit is contained in:
Aydın Mercan 2025-09-16 15:11:37 +02:00
parent 35eeefb437
commit f9ec4a1cdf
No known key found for this signature in database
22 changed files with 170 additions and 192 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/dns/catz.c
View file

@ -1859,7 +1859,7 @@ dns_catz_generate_masterfilename(dns_catz_zone_t *catz, dns_catz_entry_t *entry,
isc_buffer_subtract(tbuf, 1);
/* __catz__<digest>.db */
rlen = (isc_md_type_get_size(ISC_MD_SHA256) * 2 + 1) + 12;
rlen = (ISC_SHA256_DIGESTLENGTH * 2 + 1) + 12;
/* optionally prepend with <zonedir>/ */
if (entry->opts.zonedir != NULL) {

2
lib/dns/ds.c
View file

@ -41,7 +41,7 @@ dns_ds_fromkeyrdata(const dns_name_t *owner, dns_rdata_t *key,
unsigned int privatelen = 0;
isc_region_t r;
isc_md_t *md;
const isc_md_type_t *md_type = NULL;
isc_md_type_t md_type = ISC_MD_UNKNOWN;
REQUIRE(key != NULL);
REQUIRE(key->type == dns_rdatatype_dnskey ||

12
lib/dns/dst_api.c
View file

@ -1321,22 +1321,22 @@ dst_key_sigsize(const dst_key_t *key, unsigned int *n) {
*n = DNS_SIG_ED448SIZE;
break;
case DST_ALG_HMACMD5:
*n = isc_md_type_get_size(ISC_MD_MD5);
*n = ISC_MD5_DIGESTLENGTH;
break;
case DST_ALG_HMACSHA1:
*n = isc_md_type_get_size(ISC_MD_SHA1);
*n = ISC_SHA1_DIGESTLENGTH;
break;
case DST_ALG_HMACSHA224:
*n = isc_md_type_get_size(ISC_MD_SHA224);
*n = ISC_SHA224_DIGESTLENGTH;
break;
case DST_ALG_HMACSHA256:
*n = isc_md_type_get_size(ISC_MD_SHA256);
*n = ISC_SHA256_DIGESTLENGTH;
break;
case DST_ALG_HMACSHA384:
*n = isc_md_type_get_size(ISC_MD_SHA384);
*n = ISC_SHA384_DIGESTLENGTH;
break;
case DST_ALG_HMACSHA512:
*n = isc_md_type_get_size(ISC_MD_SHA512);
*n = ISC_SHA512_DIGESTLENGTH;
break;
case DST_ALG_GSSAPI:
*n = 128; /*%< XXX */

23
lib/dns/hmac_link.c
View file

@ -141,7 +141,7 @@
}
static isc_result_t
hmac_fromdns(const isc_md_type_t *type, dst_key_t *key, isc_buffer_t *data);
hmac_fromdns(isc_md_type_t type, dst_key_t *key, isc_buffer_t *data);
struct dst_hmac_key {
uint8_t key[ISC_MAX_BLOCK_SIZE];
@ -161,8 +161,7 @@ getkeybits(dst_key_t *key, struct dst_private_element *element) {
}
static isc_result_t
hmac_createctx(const isc_md_type_t *type, const dst_key_t *key,
dst_context_t *dctx) {
hmac_createctx(isc_md_type_t type, const dst_key_t *key, dst_context_t *dctx) {
isc_result_t result;
const dst_hmac_key_t *hkey = key->keydata.hmac_key;
isc_hmac_t *ctx = isc_hmac_new(); /* Either returns or abort()s */
@ -252,8 +251,7 @@ hmac_verify(const dst_context_t *dctx, const isc_region_t *sig) {
}
static bool
hmac_compare(const isc_md_type_t *type, const dst_key_t *key1,
const dst_key_t *key2) {
hmac_compare(isc_md_type_t type, const dst_key_t *key1, const dst_key_t *key2) {
dst_hmac_key_t *hkey1, *hkey2;
hkey1 = key1->keydata.hmac_key;
@ -270,7 +268,7 @@ hmac_compare(const isc_md_type_t *type, const dst_key_t *key1,
}
static isc_result_t
hmac_generate(const isc_md_type_t *type, dst_key_t *key) {
hmac_generate(isc_md_type_t type, dst_key_t *key) {
isc_buffer_t b;
isc_result_t result;
unsigned int bytes, len;
@ -327,7 +325,7 @@ hmac_todns(const dst_key_t *key, isc_buffer_t *data) {
}
static isc_result_t
hmac_fromdns(const isc_md_type_t *type, dst_key_t *key, isc_buffer_t *data) {
hmac_fromdns(isc_md_type_t type, dst_key_t *key, isc_buffer_t *data) {
dst_hmac_key_t *hkey;
unsigned int keylen;
isc_region_t r;
@ -363,7 +361,7 @@ hmac_fromdns(const isc_md_type_t *type, dst_key_t *key, isc_buffer_t *data) {
}
static int
hmac__get_tag_key(const isc_md_type_t *type) {
hmac__get_tag_key(isc_md_type_t type) {
if (type == ISC_MD_MD5) {
return TAG_HMACMD5_KEY;
} else if (type == ISC_MD_SHA1) {
@ -382,7 +380,7 @@ hmac__get_tag_key(const isc_md_type_t *type) {
}
static int
hmac__get_tag_bits(const isc_md_type_t *type) {
hmac__get_tag_bits(isc_md_type_t type) {
if (type == ISC_MD_MD5) {
return TAG_HMACMD5_BITS;
} else if (type == ISC_MD_SHA1) {
@ -401,8 +399,7 @@ hmac__get_tag_bits(const isc_md_type_t *type) {
}
static isc_result_t
hmac_tofile(const isc_md_type_t *type, const dst_key_t *key,
const char *directory) {
hmac_tofile(isc_md_type_t type, const dst_key_t *key, const char *directory) {
dst_hmac_key_t *hkey;
dst_private_t priv;
int bytes = (key->key_size + 7) / 8;
@ -434,7 +431,7 @@ hmac_tofile(const isc_md_type_t *type, const dst_key_t *key,
}
static int
hmac__to_dst_alg(const isc_md_type_t *type) {
hmac__to_dst_alg(isc_md_type_t type) {
if (type == ISC_MD_MD5) {
return DST_ALG_HMACMD5;
} else if (type == ISC_MD_SHA1) {
@ -453,7 +450,7 @@ hmac__to_dst_alg(const isc_md_type_t *type) {
}
static isc_result_t
hmac_parse(const isc_md_type_t *type, dst_key_t *key, isc_lex_t *lexer,
hmac_parse(isc_md_type_t type, dst_key_t *key, isc_lex_t *lexer,
dst_key_t *pub) {
dst_private_t priv;
isc_result_t result = ISC_R_SUCCESS, tresult;

8
lib/dns/opensslecdsa_link.c
View file

@ -26,6 +26,7 @@
#include <openssl/param_build.h>
#endif
#include <isc/md.h>
#include <isc/mem.h>
#include <isc/result.h>
#include <isc/safe.h>
@ -39,6 +40,9 @@
#include "dst_parse.h"
#include "openssl_shim.h"
/* TODO(aydin): remove this crap */
extern EVP_MD *isc__crypto_md[];
#ifndef NID_X9_62_prime256v1
#error "P-256 group is not known (NID_X9_62_prime256v1)"
#endif /* ifndef NID_X9_62_prime256v1 */
@ -684,9 +688,9 @@ opensslecdsa_createctx(dst_key_t *key, dst_context_t *dctx) {
CLEANUP(dst__openssl_toresult(ISC_R_NOMEMORY));
}
if (dctx->key->key_alg == DST_ALG_ECDSA256) {
type = isc__crypto_sha256;
type = isc__crypto_md[ISC_MD_SHA256];
} else {
type = isc__crypto_sha384;
type = isc__crypto_md[ISC_MD_SHA384];
}
if (dctx->use == DO_SIGN) {

15
lib/dns/opensslrsa_link.c
View file

@ -39,6 +39,9 @@
#define OPENSSLRSA_MAX_MODULUS_BITS 4096
/* TODO(aydin): remove this crap */
extern EVP_MD *isc__crypto_md[];
typedef struct rsa_components {
bool bnfree;
const BIGNUM *e, *n, *d, *p, *q, *dmp1, *dmq1, *iqmp;
@ -210,15 +213,15 @@ opensslrsa_createctx(dst_key_t *key, dst_context_t *dctx) {
switch (dctx->key->key_alg) {
case DST_ALG_RSASHA1:
case DST_ALG_NSEC3RSASHA1:
type = isc__crypto_sha1; /* SHA1 + RSA */
type = isc__crypto_md[ISC_MD_SHA1]; /* SHA1 + RSA */
break;
case DST_ALG_RSASHA256:
case DST_ALG_RSASHA256PRIVATEOID:
type = isc__crypto_sha256; /* SHA256 + RSA */
type = isc__crypto_md[ISC_MD_SHA256]; /* SHA256 + RSA */
break;
case DST_ALG_RSASHA512:
case DST_ALG_RSASHA512PRIVATEOID:
type = isc__crypto_sha512;
type = isc__crypto_md[ISC_MD_SHA512];
break;
default:
UNREACHABLE();
@ -1312,19 +1315,19 @@ check_algorithm(unsigned short algorithm) {
switch (algorithm) {
case DST_ALG_RSASHA1:
case DST_ALG_NSEC3RSASHA1:
type = isc__crypto_sha1; /* SHA1 + RSA */
type = isc__crypto_md[ISC_MD_SHA1]; /* SHA1 + RSA */
sig = sha1_sig;
len = sizeof(sha1_sig) - 1;
break;
case DST_ALG_RSASHA256:
case DST_ALG_RSASHA256PRIVATEOID:
type = isc__crypto_sha256; /* SHA256 + RSA */
type = isc__crypto_md[ISC_MD_SHA256]; /* SHA256 + RSA */
sig = sha256_sig;
len = sizeof(sha256_sig) - 1;
break;
case DST_ALG_RSASHA512:
case DST_ALG_RSASHA512PRIVATEOID:
type = isc__crypto_sha512;
type = isc__crypto_md[ISC_MD_SHA512];
sig = sha512_sig;
len = sizeof(sha512_sig) - 1;
break;

18
lib/isc/crypto/crypto_p.h Normal file
View file

@ -0,0 +1,18 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
#pragma once
#include <openssl/evp.h>
extern EVP_MD *isc__crypto_md[];

27
lib/isc/crypto/ossl1_1.c
View file

@ -19,31 +19,34 @@
#include <isc/crypto.h>
#include <isc/log.h>
#include <isc/md.h>
#include <isc/mem.h>
#include <isc/tls.h>
#include <isc/util.h>
#include "crypto_p.h"
static isc_mem_t *isc__crypto_mctx = NULL;
#define md_register_algorithm(alg) \
{ \
isc__crypto_##alg = UNCONST(EVP_##alg()); \
if (isc__crypto_##alg == NULL) { \
ERR_clear_error(); \
} \
#define md_register_algorithm(alg, upperalg) \
{ \
isc__crypto_md[ISC_MD_##upperalg] = UNCONST(EVP_##alg()); \
if (isc__crypto_md[ISC_MD_##upperalg] == NULL) { \
ERR_clear_error(); \
} \
}
static isc_result_t
register_algorithms(void) {
if (!isc_crypto_fips_mode()) {
md_register_algorithm(md5);
md_register_algorithm(md5, MD5);
}
md_register_algorithm(sha1);
md_register_algorithm(sha224);
md_register_algorithm(sha256);
md_register_algorithm(sha384);
md_register_algorithm(sha512);
md_register_algorithm(sha1, SHA1);
md_register_algorithm(sha224, SHA224);
md_register_algorithm(sha256, SHA256);
md_register_algorithm(sha384, SHA384);
md_register_algorithm(sha512, SHA512);
return ISC_R_SUCCESS;
}

50
lib/isc/crypto/ossl3.c
View file

@ -20,57 +20,51 @@
#include <isc/crypto.h>
#include <isc/log.h>
#include <isc/md.h>
#include <isc/mem.h>
#include <isc/tls.h>
#include <isc/util.h>
#include "crypto_p.h"
static isc_mem_t *isc__crypto_mctx = NULL;
static OSSL_PROVIDER *base = NULL, *fips = NULL;
#define md_register_algorithm(alg, algname) \
{ \
REQUIRE(isc__crypto_##alg == NULL); \
isc__crypto_##alg = EVP_MD_fetch(NULL, algname, NULL); \
if (isc__crypto_##alg == NULL) { \
ERR_clear_error(); \
} \
}
#define md_unregister_algorithm(alg) \
{ \
if (isc__crypto_##alg != NULL) { \
EVP_MD_free(isc__crypto_##alg); \
isc__crypto_##alg = NULL; \
} \
#define md_register_algorithm(alg) \
{ \
REQUIRE(isc__crypto_md[ISC_MD_##alg] == NULL); \
isc__crypto_md[ISC_MD_##alg] = EVP_MD_fetch(NULL, #alg, NULL); \
if (isc__crypto_md[ISC_MD_##alg] == NULL) { \
ERR_clear_error(); \
} \
}
static isc_result_t
register_algorithms(void) {
if (!isc_crypto_fips_mode()) {
md_register_algorithm(md5, "MD5");
md_register_algorithm(MD5);
}
md_register_algorithm(sha1, "SHA1");
md_register_algorithm(sha224, "SHA224");
md_register_algorithm(sha256, "SHA256");
md_register_algorithm(sha384, "SHA384");
md_register_algorithm(sha512, "SHA512");
md_register_algorithm(SHA1);
md_register_algorithm(SHA224);
md_register_algorithm(SHA256);
md_register_algorithm(SHA384);
md_register_algorithm(SHA512);
return ISC_R_SUCCESS;
}
static void
unregister_algorithms(void) {
md_unregister_algorithm(sha512);
md_unregister_algorithm(sha384);
md_unregister_algorithm(sha256);
md_unregister_algorithm(sha224);
md_unregister_algorithm(sha1);
md_unregister_algorithm(md5);
for (size_t i = 0; i < ISC_MD_MAX; i++) {
if (isc__crypto_md[i] != NULL) {
EVP_MD_free(isc__crypto_md[i]);
isc__crypto_md[i] = NULL;
}
}
}
#undef md_unregister_algorithm
#undef md_register_algorithm
#if ISC_MEM_TRACKLINES

17
lib/isc/crypto/ossl_common.c
View file

@ -11,11 +11,16 @@
* information regarding copyright ownership.
*/
#include <openssl/err.h>
#include <openssl/evp.h>
EVP_MD *isc__crypto_md5 = NULL;
EVP_MD *isc__crypto_sha1 = NULL;
EVP_MD *isc__crypto_sha224 = NULL;
EVP_MD *isc__crypto_sha256 = NULL;
EVP_MD *isc__crypto_sha384 = NULL;
EVP_MD *isc__crypto_sha512 = NULL;
#include <isc/crypto.h>
#include <isc/md.h>
#include "crypto_p.h"
EVP_MD *isc__crypto_md[] = {
[ISC_MD_UNKNOWN] = NULL, [ISC_MD_MD5] = NULL, [ISC_MD_SHA1] = NULL,
[ISC_MD_SHA224] = NULL, [ISC_MD_SHA256] = NULL, [ISC_MD_SHA384] = NULL,
[ISC_MD_SHA512] = NULL,
};

19
lib/isc/hmac.c
View file

@ -23,6 +23,7 @@
#include <isc/types.h>
#include <isc/util.h>
#include "crypto/crypto_p.h"
#include "openssl_shim.h"
isc_hmac_t *
@ -43,14 +44,17 @@ isc_hmac_free(isc_hmac_t *hmac_st) {
isc_result_t
isc_hmac_init(isc_hmac_t *hmac_st, const void *key, const size_t keylen,
const isc_md_type_t *md_type) {
isc_md_type_t type) {
EVP_PKEY *pkey;
EVP_MD *md;
REQUIRE(hmac_st != NULL);
REQUIRE(key != NULL);
REQUIRE(keylen <= INT_MAX);
REQUIRE(type < ISC_MD_MAX);
if (md_type == NULL) {
md = isc__crypto_md[type];
if (md == NULL) {
return ISC_R_NOTIMPLEMENTED;
}
@ -60,7 +64,7 @@ isc_hmac_init(isc_hmac_t *hmac_st, const void *key, const size_t keylen,
return ISC_R_CRYPTOFAILURE;
}
if (EVP_DigestSignInit(hmac_st, NULL, md_type, NULL, pkey) != 1) {
if (EVP_DigestSignInit(hmac_st, NULL, md, NULL, pkey) != 1) {
EVP_PKEY_free(pkey);
ERR_clear_error();
return ISC_R_CRYPTOFAILURE;
@ -119,13 +123,6 @@ isc_hmac_final(isc_hmac_t *hmac_st, unsigned char *digest,
return ISC_R_SUCCESS;
}
const isc_md_type_t *
isc_hmac_get_md_type(isc_hmac_t *hmac_st) {
REQUIRE(hmac_st != NULL);
return EVP_MD_CTX_get0_md(hmac_st);
}
size_t
isc_hmac_get_size(isc_hmac_t *hmac_st) {
REQUIRE(hmac_st != NULL);
@ -141,7 +138,7 @@ isc_hmac_get_block_size(isc_hmac_t *hmac_st) {
}
isc_result_t
isc_hmac(const isc_md_type_t *type, const void *key, const size_t keylen,
isc_hmac(isc_md_type_t type, const void *key, const size_t keylen,
const unsigned char *buf, const size_t len, unsigned char *digest,
unsigned int *digestlen) {
isc_result_t res;

9
lib/isc/include/isc/crypto.h
View file

@ -13,17 +13,8 @@
#pragma once
#include <openssl/evp.h>
#include <isc/types.h>
extern EVP_MD *isc__crypto_md5;
extern EVP_MD *isc__crypto_sha1;
extern EVP_MD *isc__crypto_sha224;
extern EVP_MD *isc__crypto_sha256;
extern EVP_MD *isc__crypto_sha384;
extern EVP_MD *isc__crypto_sha512;
bool
isc_crypto_fips_mode(void);
/*

14
lib/isc/include/isc/hmac.h
View file

@ -43,7 +43,7 @@ typedef void isc_hmac_t;
* of digest written to @digest.
*/
isc_result_t
isc_hmac(const isc_md_type_t *type, const void *key, const size_t keylen,
isc_hmac(isc_md_type_t type, const void *key, const size_t keylen,
const unsigned char *buf, const size_t len, unsigned char *digest,
unsigned int *digestlen);
@ -77,7 +77,7 @@ isc_hmac_free(isc_hmac_t *hmac);
isc_result_t
isc_hmac_init(isc_hmac_t *hmac, const void *key, const size_t keylen,
const isc_md_type_t *type);
isc_md_type_t type);
/**
* isc_hmac_reset:
@ -118,16 +118,6 @@ isc_result_t
isc_hmac_final(isc_hmac_t *hmac, unsigned char *digest,
unsigned int *digestlen);
/**
* isc_hmac_md_type:
* @hmac: HMAC context
*
* This function return the isc_md_type_t previously set for the supplied
* HMAC context or NULL if no isc_md_type_t has been set.
*/
const isc_md_type_t *
isc_hmac_get_md_type(isc_hmac_t *hmac);
/**
* isc_hmac_get_size:
*

69
lib/isc/include/isc/md.h
View file

@ -35,27 +35,29 @@ typedef void isc_md_t;
*
* Enumeration of supported message digest algorithms.
*/
typedef void isc_md_type_t;
typedef enum isc_md_type {
ISC_MD_UNKNOWN = 0x00,
ISC_MD_MD5 = 0x01,
ISC_MD_SHA1 = 0x02,
ISC_MD_SHA224 = 0x03,
ISC_MD_SHA256 = 0x04,
ISC_MD_SHA384 = 0x05,
ISC_MD_SHA512 = 0x06,
ISC_MD_MAX = 0x07,
} isc_md_type_t;
#define ISC_MD_MD5 isc__crypto_md5
#define ISC_MD_SHA1 isc__crypto_sha1
#define ISC_MD_SHA224 isc__crypto_sha224
#define ISC_MD_SHA256 isc__crypto_sha256
#define ISC_MD_SHA384 isc__crypto_sha384
#define ISC_MD_SHA512 isc__crypto_sha512
#define ISC_MD5_DIGESTLENGTH isc_md_type_get_size(ISC_MD_MD5)
#define ISC_MD5_BLOCK_LENGTH isc_md_type_get_block_size(ISC_MD_MD5)
#define ISC_SHA1_DIGESTLENGTH isc_md_type_get_size(ISC_MD_SHA1)
#define ISC_SHA1_BLOCK_LENGTH isc_md_type_get_block_size(ISC_MD_SHA1)
#define ISC_SHA224_DIGESTLENGTH isc_md_type_get_size(ISC_MD_SHA224)
#define ISC_SHA224_BLOCK_LENGTH isc_md_type_get_block_size(ISC_MD_SHA224)
#define ISC_SHA256_DIGESTLENGTH isc_md_type_get_size(ISC_MD_SHA256)
#define ISC_SHA256_BLOCK_LENGTH isc_md_type_get_block_size(ISC_MD_SHA256)
#define ISC_SHA384_DIGESTLENGTH isc_md_type_get_size(ISC_MD_SHA384)
#define ISC_SHA384_BLOCK_LENGTH isc_md_type_get_block_size(ISC_MD_SHA384)
#define ISC_SHA512_DIGESTLENGTH isc_md_type_get_size(ISC_MD_SHA512)
#define ISC_SHA512_BLOCK_LENGTH isc_md_type_get_block_size(ISC_MD_SHA512)
#define ISC_MD5_DIGESTLENGTH 16
#define ISC_MD5_BLOCK_LENGTH 64
#define ISC_SHA1_DIGESTLENGTH 20
#define ISC_SHA1_BLOCK_LENGTH 64
#define ISC_SHA224_DIGESTLENGTH 28
#define ISC_SHA224_BLOCK_LENGTH 64
#define ISC_SHA256_DIGESTLENGTH 32
#define ISC_SHA256_BLOCK_LENGTH 64
#define ISC_SHA384_DIGESTLENGTH 48
#define ISC_SHA384_BLOCK_LENGTH 128
#define ISC_SHA512_DIGESTLENGTH 64
#define ISC_SHA512_BLOCK_LENGTH 128
#define ISC_MAX_MD_SIZE 64U /* EVP_MAX_MD_SIZE */
#define ISC_MAX_BLOCK_SIZE 128U /* ISC_SHA512_BLOCK_LENGTH */
@ -74,7 +76,7 @@ typedef void isc_md_type_t;
* at @digestlen, at most ISC_MAX_MD_SIZE bytes will be written.
*/
isc_result_t
isc_md(const isc_md_type_t *type, const unsigned char *buf, const size_t len,
isc_md(isc_md_type_t type, const unsigned char *buf, const size_t len,
unsigned char *digest, unsigned int *digestlen);
/**
@ -93,7 +95,7 @@ isc_md_new(void);
* to it.
*/
void
isc_md_free(isc_md_t *);
isc_md_free(isc_md_t *md);
/**
* isc_md_init:
@ -104,7 +106,7 @@ isc_md_free(isc_md_t *);
* initialized before calling this function.
*/
isc_result_t
isc_md_init(isc_md_t *, const isc_md_type_t *md_type);
isc_md_init(isc_md_t *md, isc_md_type_t type);
/**
* isc_md_reset:
@ -144,16 +146,6 @@ isc_md_update(isc_md_t *md, const unsigned char *buf, const size_t len);
isc_result_t
isc_md_final(isc_md_t *md, unsigned char *digest, unsigned int *digestlen);
/**
* isc_md_get_type:
* @md: message digest contezt
*
* This function return the isc_md_type_t previously set for the supplied
* message digest context or NULL if no isc_md_type_t has been set.
*/
const isc_md_type_t *
isc_md_get_md_type(isc_md_t *md);
/**
* isc_md_size:
*
@ -172,15 +164,6 @@ isc_md_get_size(isc_md_t *md);
size_t
isc_md_get_block_size(isc_md_t *md);
/**
* isc_md_size:
*
* This function return the size of the message digest when passed an
* isc_md_type_t , i.e. the size of the hash.
*/
size_t
isc_md_type_get_size(const isc_md_type_t *md_type);
/**
* isc_md_block_size:
*
@ -188,4 +171,4 @@ isc_md_type_get_size(const isc_md_type_t *md_type);
* isc_md_type_t.
*/
size_t
isc_md_type_get_block_size(const isc_md_type_t *md_type);
isc_md_type_get_block_size(isc_md_type_t type);

7
lib/isc/iterated_hash.c
View file

@ -17,11 +17,13 @@
#include <openssl/err.h>
#include <openssl/opensslv.h>
#include <isc/crypto.h>
#include <isc/iterated_hash.h>
#include <isc/md.h>
#include <isc/thread.h>
#include <isc/util.h>
#include "crypto/crypto_p.h"
#if OPENSSL_VERSION_NUMBER < 0x30000000L
#include <openssl/sha.h>
@ -150,7 +152,8 @@ isc__iterated_hash_initialize(void) {
mdctx = EVP_MD_CTX_new();
INSIST(mdctx != NULL);
RUNTIME_CHECK(EVP_DigestInit_ex(basectx, isc__crypto_sha1, NULL) == 1);
RUNTIME_CHECK(EVP_DigestInit_ex(basectx, isc__crypto_md[ISC_MD_SHA1],
NULL) == 1);
initialized = true;
}

45
lib/isc/md.c
View file

@ -20,6 +20,7 @@
#include <isc/md.h>
#include <isc/util.h>
#include "crypto/crypto_p.h"
#include "openssl_shim.h"
isc_md_t *
@ -39,14 +40,18 @@ isc_md_free(isc_md_t *md) {
}
isc_result_t
isc_md_init(isc_md_t *md, const isc_md_type_t *md_type) {
REQUIRE(md != NULL);
isc_md_init(isc_md_t *md, isc_md_type_t type) {
EVP_MD *evp;
if (md_type == NULL) {
REQUIRE(md != NULL);
REQUIRE(type < ISC_MD_MAX);
evp = isc__crypto_md[type];
if (evp == NULL) {
return ISC_R_NOTIMPLEMENTED;
}
if (EVP_DigestInit_ex(md, md_type, NULL) != 1) {
if (EVP_DigestInit_ex(md, evp, NULL) != 1) {
ERR_clear_error();
return ISC_R_CRYPTOFAILURE;
}
@ -95,13 +100,6 @@ isc_md_final(isc_md_t *md, unsigned char *digest, unsigned int *digestlen) {
return ISC_R_SUCCESS;
}
const isc_md_type_t *
isc_md_get_md_type(isc_md_t *md) {
REQUIRE(md != NULL);
return EVP_MD_CTX_get0_md(md);
}
size_t
isc_md_get_size(isc_md_t *md) {
REQUIRE(md != NULL);
@ -117,38 +115,31 @@ isc_md_get_block_size(isc_md_t *md) {
}
size_t
isc_md_type_get_size(const isc_md_type_t *md_type) {
isc_md_type_get_block_size(isc_md_type_t type) {
EVP_MD *evp;
REQUIRE(type < ISC_MD_MAX);
STATIC_ASSERT(ISC_MAX_MD_SIZE >= EVP_MAX_MD_SIZE,
"Change ISC_MAX_MD_SIZE to be greater than or equal to "
"EVP_MAX_MD_SIZE");
if (md_type != NULL) {
return (size_t)EVP_MD_size(md_type);
}
return ISC_MAX_MD_SIZE;
}
size_t
isc_md_type_get_block_size(const isc_md_type_t *md_type) {
STATIC_ASSERT(ISC_MAX_MD_SIZE >= EVP_MAX_MD_SIZE,
"Change ISC_MAX_MD_SIZE to be greater than or equal to "
"EVP_MAX_MD_SIZE");
if (md_type != NULL) {
return (size_t)EVP_MD_block_size(md_type);
evp = isc__crypto_md[type];
if (evp != NULL) {
return (size_t)EVP_MD_block_size(evp);
}
return ISC_MAX_MD_SIZE;
}
isc_result_t
isc_md(const isc_md_type_t *md_type, const unsigned char *buf, const size_t len,
isc_md(isc_md_type_t type, const unsigned char *buf, const size_t len,
unsigned char *digest, unsigned int *digestlen) {
isc_md_t *md;
isc_result_t res;
md = isc_md_new();
res = isc_md_init(md, md_type);
res = isc_md_init(md, type);
if (res != ISC_R_SUCCESS) {
goto end;
}

4
lib/isc/openssl_shim.h
View file

@ -18,10 +18,6 @@
#include <openssl/opensslv.h>
#include <openssl/ssl.h>
#if !HAVE_EVP_MD_CTX_GET0_MD
#define EVP_MD_CTX_get0_md EVP_MD_CTX_md
#endif /* if !HAVE_EVP_MD_CTX_GET0_MD */
#if !HAVE_BIO_READ_EX
int
BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);

6
lib/isc/tls.c
View file

@ -38,6 +38,7 @@
#include <isc/ht.h>
#include <isc/log.h>
#include <isc/magic.h>
#include <isc/md.h>
#include <isc/mem.h>
#include <isc/mutex.h>
#include <isc/once.h>
@ -51,6 +52,9 @@
#include "openssl_shim.h"
/* TODO(aydin): remove this crap */
extern EVP_MD *isc__crypto_md[];
#define COMMON_SSL_OPTIONS \
(SSL_OP_NO_COMPRESSION | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
@ -315,7 +319,7 @@ isc_tlsctx_createserver(const char *keyfile, const char *certfile,
-1, -1, 0);
X509_set_issuer_name(cert, name);
X509_sign(cert, pkey, isc__crypto_sha256);
X509_sign(cert, pkey, isc__crypto_md[ISC_MD_SHA256]);
rv = SSL_CTX_use_certificate(ctx, cert);
if (rv != 1) {
goto ssl_error;

4
lib/isccc/cc.c
View file

@ -242,7 +242,7 @@ list_towire(isccc_sexpr_t *list, isc_buffer_t **buffer) {
static isc_result_t
sign(unsigned char *data, unsigned int length, unsigned char *out,
uint32_t algorithm, isccc_region_t *secret) {
const isc_md_type_t *md_type;
isc_md_type_t md_type;
isccc_region_t source, target;
unsigned char digest[ISC_MAX_MD_SIZE];
unsigned int digestlen = sizeof(digest);
@ -353,7 +353,7 @@ isccc_cc_towire(isccc_sexpr_t *alist, isc_buffer_t **buffer, uint32_t algorithm,
static isc_result_t
verify(isccc_sexpr_t *alist, unsigned char *data, unsigned int length,
uint32_t algorithm, isccc_region_t *secret) {
const isc_md_type_t *md_type;
isc_md_type_t md_type;
isccc_region_t source;
isccc_region_t target;
isccc_sexpr_t *_auth, *hmacvalue;

1
meson.build
View file

@ -642,7 +642,6 @@ foreach fn, header : {
'ERR_get_error_all': '#include <openssl/err.h>',
'BIO_read_ex': '#include <openssl/bio.h>',
'BIO_write_ex': '#include <openssl/bio.h>',
'EVP_MD_CTX_get0_md': '#include <openssl/evp.h>',
'EVP_PKEY_eq': '#include <openssl/evp.h>',
'SSL_CTX_set1_cert_store': '#include <openssl/ssl.h>',
}

4
tests/isc/hmac_test.c
View file

@ -94,7 +94,7 @@ ISC_RUN_TEST_IMPL(isc_hmac_free) {
static void
isc_hmac_test(isc_hmac_t *hmac_st, const void *key, size_t keylen,
const isc_md_type_t *type, const char *buf, size_t buflen,
isc_md_type_t type, const char *buf, size_t buflen,
const char *result, const size_t repeats) {
isc_result_t res;
@ -131,7 +131,7 @@ ISC_RUN_TEST_IMPL(isc_hmac_init) {
isc_hmac_t *hmac_st = *state;
assert_non_null(hmac_st);
assert_int_equal(isc_hmac_init(hmac_st, "", 0, NULL),
assert_int_equal(isc_hmac_init(hmac_st, "", 0, ISC_MD_UNKNOWN),
ISC_R_NOTIMPLEMENTED);
if (!isc_crypto_fips_mode()) {

6
tests/isc/md_test.c
View file

@ -82,8 +82,8 @@ ISC_RUN_TEST_IMPL(isc_md_free) {
}
static void
isc_md_test(isc_md_t *md, const isc_md_type_t *type, const char *buf,
size_t buflen, const char *result, const size_t repeats) {
isc_md_test(isc_md_t *md, isc_md_type_t type, const char *buf, size_t buflen,
const char *result, const size_t repeats) {
isc_result_t res;
assert_non_null(md);
@ -118,7 +118,7 @@ ISC_RUN_TEST_IMPL(isc_md_init) {
expect_assert_failure(isc_md_init(NULL, ISC_MD_MD5));
assert_int_equal(isc_md_init(md, NULL), ISC_R_NOTIMPLEMENTED);
assert_int_equal(isc_md_init(md, ISC_MD_UNKNOWN), ISC_R_NOTIMPLEMENTED);
if (isc_crypto_fips_mode()) {
assert_int_equal(isc_md_init(md, ISC_MD_MD5),