OpenSSL hashes

c1d7e056 · Francis Dupont · ddca7275 · c1d7e056 · c1d7e056 · c1d7e056
Commit c1d7e056 authored Feb 06, 2009 by Francis Dupont
--- a/bin/tests/Makefile.in
+++ b/bin/tests/Makefile.in
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.

-# $Id: Makefile.in,v 1.131 2008/09/25 04:02:38 tbox Exp $
+# $Id: Makefile.in,v 1.132 2009/02/06 12:26:22 fdupont Exp $

 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -28,7 +28,7 @@ CDEFINES =
 CWARNINGS =

 DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
-ISCLIBS =	../../lib/isc/libisc.@A@
+ISCLIBS =	../../lib/isc/libisc.@A@ @DNS_CRYPTO_LIBS@
 ISCCFGLIBS = 	../../lib/isccfg/libisccfg.@A@
 LWRESLIBS =	../../lib/lwres/liblwres.@A@


--- a/bin/tests/sockaddr/Makefile.in
+++ b/bin/tests/sockaddr/Makefile.in
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.

-# $Id: Makefile.in,v 1.21 2007/06/19 23:47:00 tbox Exp $
+# $Id: Makefile.in,v 1.22 2009/02/06 12:26:22 fdupont Exp $

 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -26,7 +26,7 @@ CINCLUDES =	${TEST_INCLUDES} ${ISC_INCLUDES}
 CDEFINES =
 CWARNINGS =

-ISCLIBS =	../../../lib/isc/libisc.@A@
+ISCLIBS =	../../../lib/isc/libisc.@A@ @DNS_CRYPTO_LIBS@
 TAPIDEPLIBS =	../../../lib/tests/libt_api.@A@

 ISCDEPLIBS =	../../../lib/isc/libisc.@A@

--- a/bin/tests/tasks/Makefile.in
+++ b/bin/tests/tasks/Makefile.in
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.

-# $Id: Makefile.in,v 1.30 2007/06/19 23:47:07 tbox Exp $
+# $Id: Makefile.in,v 1.31 2009/02/06 12:26:22 fdupont Exp $

 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -26,7 +26,7 @@ CINCLUDES =	${TEST_INCLUDES} ${ISC_INCLUDES}
 CDEFINES =
 CWARNINGS =

-ISCLIBS =	../../../lib/isc/libisc.@A@
+ISCLIBS =	../../../lib/isc/libisc.@A@ @DNS_CRYPTO_LIBS@
 TAPIDEPLIBS =	../../../lib/tests/libt_api.@A@

 ISCDEPLIBS =	../../../lib/isc/libisc.@A@

--- a/bin/tests/timers/Makefile.in
+++ b/bin/tests/timers/Makefile.in
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.

-# $Id: Makefile.in,v 1.28 2007/06/19 23:47:07 tbox Exp $
+# $Id: Makefile.in,v 1.29 2009/02/06 12:26:22 fdupont Exp $

 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -26,7 +26,7 @@ CINCLUDES =	${TEST_INCLUDES} ${ISC_INCLUDES}
 CDEFINES =
 CWARNINGS =

-ISCLIBS =	../../../lib/isc/libisc.@A@
+ISCLIBS =	../../../lib/isc/libisc.@A@ @DNS_CRYPTO_LIBS@

 ISCDEPLIBS =	../../../lib/isc/libisc.@A@


--- a/configure.in
+++ b/configure.in
@@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl
 esyscmd([sed "s/^/# /" COPYRIGHT])dnl
 AC_DIVERT_POP()dnl

-AC_REVISION($Revision: 1.466 $)
+AC_REVISION($Revision: 1.467 $)

 AC_INIT(lib/dns/name.c)
 AC_PREREQ(2.59)
@@ -641,6 +641,30 @@ AC_SUBST(USE_OPENSSL)
 AC_SUBST(DST_OPENSSL_INC)
 DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DNS_OPENSSL_LIBS"

+#
+# Use OpenSSL for hash functions
+#
+
+AC_ARG_ENABLE(openssl-hash,
+	[  --enable-openssl-hash   use OpenSSL for hash functions [[default=no]]],
+	want_openssl_hash="$enableval", want_openssl_hash="no")
+case $want_openssl_hash in
+	yes)
+		if test "$USE_OPENSSL" = ""
+		then
+			AC_MSG_ERROR([No OpenSSL for hash functions])
+		fi
+		ISC_PLATFORM_OPENSSLHASH="#define ISC_PLATFORM_OPENSSLHASH 1"
+		ISC_OPENSSL_INC="$DST_OPENSSL_INC"
+		;;
+	no)
+		ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH"
+		ISC_OPENSSL_INC=""
+		;;
+esac
+AC_SUBST(ISC_PLATFORM_OPENSSLHASH)
+AC_SUBST(ISC_OPENSSL_INC)
+
 #
 # PKCS11 (aka crypto hardware) support
 #

--- a/lib/isc/Makefile.in
+++ b/lib/isc/Makefile.in
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.

-# $Id: Makefile.in,v 1.99 2009/01/27 23:47:54 tbox Exp $
+# $Id: Makefile.in,v 1.100 2009/02/06 12:26:22 fdupont Exp $

 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -27,8 +27,8 @@ CINCLUDES =	-I${srcdir}/unix/include \
 		-I${srcdir}/@ISC_THREAD_DIR@/include \
 		-I${srcdir}/@ISC_ARCH_DIR@/include \
 		-I./include \
-		-I${srcdir}/include
-CDEFINES =
+		-I${srcdir}/include @ISC_OPENSSL_INC@
+CDEFINES =	@USE_OPENSSL@
 CWARNINGS =

 # Alphabetically

--- a/lib/isc/hmacmd5.c
+++ b/lib/isc/hmacmd5.c
@@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: hmacmd5.c,v 1.14 2007/06/19 23:47:17 tbox Exp $ */
+/* $Id: hmacmd5.c,v 1.15 2009/02/06 12:26:22 fdupont Exp $ */

 /*! \file
 * This code implements the HMAC-MD5 keyed hash algorithm
@@ -27,10 +27,40 @@
 #include <isc/assertions.h>
 #include <isc/hmacmd5.h>
 #include <isc/md5.h>
+#include <isc/platform.h>
 #include <isc/string.h>
 #include <isc/types.h>
 #include <isc/util.h>

+#ifdef ISC_PLATFORM_OPENSSLHASH
+
+void
+isc_hmacmd5_init(isc_hmacmd5_t *ctx, const unsigned char *key,
+		 unsigned int len)
+{
+	HMAC_Init(ctx, (const void *) key, (int) len, EVP_md5());
+}
+
+void
+isc_hmacmd5_invalidate(isc_hmacmd5_t *ctx) {
+	HMAC_CTX_cleanup(ctx);
+}
+
+void
+isc_hmacmd5_update(isc_hmacmd5_t *ctx, const unsigned char *buf,
+		   unsigned int len)
+{
+	HMAC_Update(ctx, buf, (int) len);
+}
+
+void
+isc_hmacmd5_sign(isc_hmacmd5_t *ctx, unsigned char *digest) {
+	HMAC_Final(ctx, digest, NULL);
+	HMAC_CTX_cleanup(ctx);
+}
+
+#else
+
 #define PADLEN 64
 #define IPAD 0x36
 #define OPAD 0x5C
@@ -98,6 +128,7 @@ isc_hmacmd5_sign(isc_hmacmd5_t *ctx, unsigned char *digest) {
 	isc_md5_final(&ctx->md5ctx, digest);
 	isc_hmacmd5_invalidate(ctx);
 }
+#endif /* !ISC_PLATFORM_OPENSSLHASH */

 /*!
 * Verify signature - finalize MD5 operation and reapply MD5, then

--- a/lib/isc/hmacsha.c
+++ b/lib/isc/hmacsha.c
@@ -14,7 +14,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: hmacsha.c,v 1.8 2007/08/27 03:27:53 marka Exp $ */
+/* $Id: hmacsha.c,v 1.9 2009/02/06 12:26:23 fdupont Exp $ */

 /*
 * This code implements the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384
@@ -26,12 +26,172 @@

 #include <isc/assertions.h>
 #include <isc/hmacsha.h>
+#include <isc/platform.h>
 #include <isc/sha1.h>
 #include <isc/sha2.h>
 #include <isc/string.h>
 #include <isc/types.h>
 #include <isc/util.h>

+#ifdef ISC_PLATFORM_OPENSSLHASH
+
+void
+isc_hmacsha1_init(isc_hmacsha1_t *ctx, const unsigned char *key,
+		  unsigned int len)
+{
+	HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha1());
+}
+
+void
+isc_hmacsha1_invalidate(isc_hmacsha1_t *ctx) {
+	HMAC_CTX_cleanup(ctx);
+}
+
+void
+isc_hmacsha1_update(isc_hmacsha1_t *ctx, const unsigned char *buf,
+		   unsigned int len)
+{
+	HMAC_Update(ctx, buf, (int) len);
+}
+
+void
+isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
+	unsigned char newdigest[ISC_SHA1_DIGESTLENGTH];
+
+	REQUIRE(len <= ISC_SHA1_DIGESTLENGTH);
+
+	HMAC_Final(ctx, newdigest, NULL);
+	HMAC_CTX_cleanup(ctx);
+	memcpy(digest, newdigest, len);
+	memset(newdigest, 0, sizeof(newdigest));
+}
+
+void
+isc_hmacsha224_init(isc_hmacsha224_t *ctx, const unsigned char *key,
+		    unsigned int len)
+{
+	HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha224());
+}
+
+void
+isc_hmacsha224_invalidate(isc_hmacsha224_t *ctx) {
+	HMAC_CTX_cleanup(ctx);
+}
+
+void
+isc_hmacsha224_update(isc_hmacsha224_t *ctx, const unsigned char *buf,
+		   unsigned int len)
+{
+	HMAC_Update(ctx, buf, (int) len);
+}
+
+void
+isc_hmacsha224_sign(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) {
+	unsigned char newdigest[ISC_SHA224_DIGESTLENGTH];
+
+	REQUIRE(len <= ISC_SHA224_DIGESTLENGTH);
+
+	HMAC_Final(ctx, newdigest, NULL);
+	HMAC_CTX_cleanup(ctx);
+	memcpy(digest, newdigest, len);
+	memset(newdigest, 0, sizeof(newdigest));
+}
+
+void
+isc_hmacsha256_init(isc_hmacsha256_t *ctx, const unsigned char *key,
+		    unsigned int len)
+{
+	HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha256());
+}
+
+void
+isc_hmacsha256_invalidate(isc_hmacsha256_t *ctx) {
+	HMAC_CTX_cleanup(ctx);
+}
+
+void
+isc_hmacsha256_update(isc_hmacsha256_t *ctx, const unsigned char *buf,
+		   unsigned int len)
+{
+	HMAC_Update(ctx, buf, (int) len);
+}
+
+void
+isc_hmacsha256_sign(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) {
+	unsigned char newdigest[ISC_SHA256_DIGESTLENGTH];
+
+	REQUIRE(len <= ISC_SHA256_DIGESTLENGTH);
+
+	HMAC_Final(ctx, newdigest, NULL);
+	HMAC_CTX_cleanup(ctx);
+	memcpy(digest, newdigest, len);
+	memset(newdigest, 0, sizeof(newdigest));
+}
+
+void
+isc_hmacsha384_init(isc_hmacsha384_t *ctx, const unsigned char *key,
+		    unsigned int len)
+{
+	HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha384());
+}
+
+void
+isc_hmacsha384_invalidate(isc_hmacsha384_t *ctx) {
+	HMAC_CTX_cleanup(ctx);
+}
+
+void
+isc_hmacsha384_update(isc_hmacsha384_t *ctx, const unsigned char *buf,
+		   unsigned int len)
+{
+	HMAC_Update(ctx, buf, (int) len);
+}
+
+void
+isc_hmacsha384_sign(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) {
+	unsigned char newdigest[ISC_SHA384_DIGESTLENGTH];
+
+	REQUIRE(len <= ISC_SHA384_DIGESTLENGTH);
+
+	HMAC_Final(ctx, newdigest, NULL);
+	HMAC_CTX_cleanup(ctx);
+	memcpy(digest, newdigest, len);
+	memset(newdigest, 0, sizeof(newdigest));
+}
+
+void
+isc_hmacsha512_init(isc_hmacsha512_t *ctx, const unsigned char *key,
+		    unsigned int len)
+{
+	HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha512());
+}
+
+void
+isc_hmacsha512_invalidate(isc_hmacsha512_t *ctx) {
+	HMAC_CTX_cleanup(ctx);
+}
+
+void
+isc_hmacsha512_update(isc_hmacsha512_t *ctx, const unsigned char *buf,
+		   unsigned int len)
+{
+	HMAC_Update(ctx, buf, (int) len);
+}
+
+void
+isc_hmacsha512_sign(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) {
+	unsigned char newdigest[ISC_SHA512_DIGESTLENGTH];
+
+	REQUIRE(len <= ISC_SHA512_DIGESTLENGTH);
+
+	HMAC_Final(ctx, newdigest, NULL);
+	HMAC_CTX_cleanup(ctx);
+	memcpy(digest, newdigest, len);
+	memset(newdigest, 0, sizeof(newdigest));
+}
+
+#else
+
 #define IPAD 0x36
 #define OPAD 0x5C

@@ -104,19 +264,6 @@ isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
 	memset(newdigest, 0, sizeof(newdigest));
 }

-/*
- * Verify signature - finalize SHA1 operation and reapply SHA1, then
- * compare to the supplied digest.
- */
-isc_boolean_t
-isc_hmacsha1_verify(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
-	unsigned char newdigest[ISC_SHA1_DIGESTLENGTH];
-
-	REQUIRE(len <= ISC_SHA1_DIGESTLENGTH);
-	isc_hmacsha1_sign(ctx, newdigest, ISC_SHA1_DIGESTLENGTH);
-	return (ISC_TF(memcmp(digest, newdigest, len) == 0));
-}
-
 /*
 * Start HMAC-SHA224 process.  Initialize an sha224 context and digest the key.
 */
@@ -184,19 +331,6 @@ isc_hmacsha224_sign(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) {
 	memset(newdigest, 0, sizeof(newdigest));
 }

-/*
- * Verify signature - finalize SHA224 operation and reapply SHA224, then
- * compare to the supplied digest.
- */
-isc_boolean_t
-isc_hmacsha224_verify(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) {
-	unsigned char newdigest[ISC_SHA224_DIGESTLENGTH];
-
-	REQUIRE(len <= ISC_SHA224_DIGESTLENGTH);
-	isc_hmacsha224_sign(ctx, newdigest, ISC_SHA224_DIGESTLENGTH);
-	return (ISC_TF(memcmp(digest, newdigest, len) == 0));
-}
-
 /*
 * Start HMAC-SHA256 process.  Initialize an sha256 context and digest the key.
 */
@@ -264,19 +398,6 @@ isc_hmacsha256_sign(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) {
 	memset(newdigest, 0, sizeof(newdigest));
 }

-/*
- * Verify signature - finalize SHA256 operation and reapply SHA256, then
- * compare to the supplied digest.
- */
-isc_boolean_t
-isc_hmacsha256_verify(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) {
-	unsigned char newdigest[ISC_SHA256_DIGESTLENGTH];
-
-	REQUIRE(len <= ISC_SHA256_DIGESTLENGTH);
-	isc_hmacsha256_sign(ctx, newdigest, ISC_SHA256_DIGESTLENGTH);
-	return (ISC_TF(memcmp(digest, newdigest, len) == 0));
-}
-
 /*
 * Start HMAC-SHA384 process.  Initialize an sha384 context and digest the key.
 */
@@ -344,19 +465,6 @@ isc_hmacsha384_sign(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) {
 	memset(newdigest, 0, sizeof(newdigest));
 }

-/*
- * Verify signature - finalize SHA384 operation and reapply SHA384, then
- * compare to the supplied digest.
- */
-isc_boolean_t
-isc_hmacsha384_verify(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) {
-	unsigned char newdigest[ISC_SHA384_DIGESTLENGTH];
-
-	REQUIRE(len <= ISC_SHA384_DIGESTLENGTH);
-	isc_hmacsha384_sign(ctx, newdigest, ISC_SHA384_DIGESTLENGTH);
-	return (ISC_TF(memcmp(digest, newdigest, len) == 0));
-}
-
 /*
 * Start HMAC-SHA512 process.  Initialize an sha512 context and digest the key.
 */
@@ -423,6 +531,59 @@ isc_hmacsha512_sign(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) {
 	memcpy(digest, newdigest, len);
 	memset(newdigest, 0, sizeof(newdigest));
 }
+#endif /* !ISC_PLATFORM_OPENSSLHASH */
+
+/*
+ * Verify signature - finalize SHA1 operation and reapply SHA1, then
+ * compare to the supplied digest.
+ */
+isc_boolean_t
+isc_hmacsha1_verify(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
+	unsigned char newdigest[ISC_SHA1_DIGESTLENGTH];
+
+	REQUIRE(len <= ISC_SHA1_DIGESTLENGTH);
+	isc_hmacsha1_sign(ctx, newdigest, ISC_SHA1_DIGESTLENGTH);
+	return (ISC_TF(memcmp(digest, newdigest, len) == 0));
+}
+
+/*
+ * Verify signature - finalize SHA224 operation and reapply SHA224, then
+ * compare to the supplied digest.
+ */
+isc_boolean_t
+isc_hmacsha224_verify(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) {
+	unsigned char newdigest[ISC_SHA224_DIGESTLENGTH];
+
+	REQUIRE(len <= ISC_SHA224_DIGESTLENGTH);
+	isc_hmacsha224_sign(ctx, newdigest, ISC_SHA224_DIGESTLENGTH);
+	return (ISC_TF(memcmp(digest, newdigest, len) == 0));
+}
+
+/*
+ * Verify signature - finalize SHA256 operation and reapply SHA256, then
+ * compare to the supplied digest.
+ */
+isc_boolean_t
+isc_hmacsha256_verify(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) {
+	unsigned char newdigest[ISC_SHA256_DIGESTLENGTH];
+
+	REQUIRE(len <= ISC_SHA256_DIGESTLENGTH);
+	isc_hmacsha256_sign(ctx, newdigest, ISC_SHA256_DIGESTLENGTH);
+	return (ISC_TF(memcmp(digest, newdigest, len) == 0));
+}
+
+/*
+ * Verify signature - finalize SHA384 operation and reapply SHA384, then
+ * compare to the supplied digest.
+ */
+isc_boolean_t
+isc_hmacsha384_verify(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) {
+	unsigned char newdigest[ISC_SHA384_DIGESTLENGTH];
+
+	REQUIRE(len <= ISC_SHA384_DIGESTLENGTH);
+	isc_hmacsha384_sign(ctx, newdigest, ISC_SHA384_DIGESTLENGTH);
+	return (ISC_TF(memcmp(digest, newdigest, len) == 0));
+}

 /*
 * Verify signature - finalize SHA512 operation and reapply SHA512, then

--- a/lib/isc/include/isc/hmacmd5.h
+++ b/lib/isc/include/isc/hmacmd5.h
@@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: hmacmd5.h,v 1.12 2007/06/19 23:47:18 tbox Exp $ */
+/* $Id: hmacmd5.h,v 1.13 2009/02/06 12:26:23 fdupont Exp $ */

 /*! \file isc/hmacmd5.h
 * \brief This is the header file for the HMAC-MD5 keyed hash algorithm
@@ -27,14 +27,23 @@

 #include <isc/lang.h>
 #include <isc/md5.h>
+#include <isc/platform.h>
 #include <isc/types.h>

 #define ISC_HMACMD5_KEYLENGTH 64

+#ifdef ISC_PLATFORM_OPENSSLHASH
+#include <openssl/hmac.h>
+
+typedef HMAC_CTX isc_hmacmd5_t;
+
+#else
+
 typedef struct {
 	isc_md5_t md5ctx;
 	unsigned char key[ISC_HMACMD5_KEYLENGTH];
 } isc_hmacmd5_t;
+#endif

 ISC_LANG_BEGINDECLS


--- a/lib/isc/include/isc/hmacsha.h
+++ b/lib/isc/include/isc/hmacsha.h
@@ -14,7 +14,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: hmacsha.h,v 1.7 2007/06/19 23:47:18 tbox Exp $ */
+/* $Id: hmacsha.h,v 1.8 2009/02/06 12:26:23 fdupont Exp $ */

 /*! \file isc/hmacsha.h
 * This is the header file for the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256,
@@ -25,6 +25,7 @@
 #define ISC_HMACSHA_H 1

 #include <isc/lang.h>
+#include <isc/platform.h>
 #include <isc/sha1.h>
 #include <isc/sha2.h>
 #include <isc/types.h>
@@ -35,6 +36,17 @@
 #define ISC_HMACSHA384_KEYLENGTH ISC_SHA384_BLOCK_LENGTH
 #define ISC_HMACSHA512_KEYLENGTH ISC_SHA512_BLOCK_LENGTH

+#ifdef ISC_PLATFORM_OPENSSLHASH
+#include <openssl/hmac.h>
+
+typedef HMAC_CTX isc_hmacsha1_t;
+typedef HMAC_CTX isc_hmacsha224_t;
+typedef HMAC_CTX isc_hmacsha256_t;
+typedef HMAC_CTX isc_hmacsha384_t;
+typedef HMAC_CTX isc_hmacsha512_t;
+
+#else
+
 typedef struct {
 	isc_sha1_t sha1ctx;
 	unsigned char key[ISC_HMACSHA1_KEYLENGTH];
@@ -59,6 +71,7 @@ typedef struct {
 	isc_sha512_t sha512ctx;
 	unsigned char key[ISC_HMACSHA512_KEYLENGTH];
 } isc_hmacsha512_t;
+#endif

 ISC_LANG_BEGINDECLS


--- a/lib/isc/include/isc/md5.h
+++ b/lib/isc/include/isc/md5.h
@@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: md5.h,v 1.16 2007/06/19 23:47:18 tbox Exp $ */
+/* $Id: md5.h,v 1.17 2009/02/06 12:26:23 fdupont Exp $ */

 /*! \file isc/md5.h
 * \brief This is the header file for the MD5 message-digest algorithm.
@@ -44,15 +44,24 @@
 #define ISC_MD5_H 1

 #include <isc/lang.h>
+#include <isc/platform.h>
 #include <isc/types.h>

 #define ISC_MD5_DIGESTLENGTH 16U

+#ifdef ISC_PLATFORM_OPENSSLHASH
+#include <openssl/evp.h>
+
+typedef EVP_MD_CTX isc_md5_t;
+
+#else
+
 typedef struct {
 	isc_uint32_t buf[4];
 	isc_uint32_t bytes[2];
 	isc_uint32_t in[16];
 } isc_md5_t;
+#endif

 ISC_LANG_BEGINDECLS


--- a/lib/isc/include/isc/platform.h.in
+++ b/lib/isc/include/isc/platform.h.in
@@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: platform.h.in,v 1.49 2008/12/01 03:51:47 marka Exp $ */
+/* $Id: platform.h.in,v 1.50 2009/02/06 12:26:23 fdupont Exp $ */

 #ifndef ISC_PLATFORM_H
 #define ISC_PLATFORM_H 1
@@ -284,6 +284,11 @@
 */
 @ISC_PLATFORM_HAVESTRINGSH@

+/*
+ * Define if the hash functions must be provided by OpenSSL.
+ */
+@ISC_PLATFORM_OPENSSLHASH@
+