Commit 7fd3dc63 authored by Ondřej Surý's avatar Ondřej Surý

Add generic message digest API (isc_md) to replace specific MD functions md5/sha1/sha256

parent 4b636bf7
......@@ -257,6 +257,7 @@ build:debian:jessie:amd64:
variables:
CC: gcc
CFLAGS: "-Wall -Wextra -O2 -g"
EXTRA_CONFIGURE: --without-cmocka
<<: *debian_jessie_amd64_image
<<: *build_job
......
......@@ -40,6 +40,7 @@
#include <isc/file.h>
#include <isc/hash.h>
#include <isc/hex.h>
#include <isc/md.h>
#include <isc/mem.h>
#include <isc/mutex.h>
#include <isc/os.h>
......
......@@ -41,7 +41,6 @@
#include <isc/print.h>
#include <isc/refcount.h>
#include <isc/resource.h>
#include <isc/sha2.h>
#include <isc/socket.h>
#include <isc/stat.h>
#include <isc/stats.h>
......@@ -9011,6 +9010,7 @@ load_configuration(const char *filename, named_server_t *server,
bool first = true;
isc_buffer_t b;
unsigned int usedlength;
unsigned int expectedlength;
for (element = cfg_list_first(obj);
element != NULL;
......@@ -9056,21 +9056,26 @@ load_configuration(const char *filename, named_server_t *server,
usedlength = isc_buffer_usedlength(&b);
switch (server->sctx->cookiealg) {
case ns_cookiealg_aes:
if (usedlength != ISC_AES128_KEYLENGTH) {
expectedlength = ISC_AES128_KEYLENGTH;
if (usedlength != expectedlength) {
CHECKM(ISC_R_RANGE,
"AES cookie-secret must be "
"128 bits");
}
break;
case ns_cookiealg_sha1:
if (usedlength != ISC_SHA1_DIGESTLENGTH) {
expectedlength =
isc_md_type_get_size(ISC_MD_SHA1);
if (usedlength != expectedlength) {
CHECKM(ISC_R_RANGE,
"SHA1 cookie-secret must be "
"160 bits");
}
break;
case ns_cookiealg_sha256:
if (usedlength != ISC_SHA256_DIGESTLENGTH) {
expectedlength =
isc_md_type_get_size(ISC_MD_SHA256);
if (usedlength != expectedlength) {
CHECKM(ISC_R_RANGE,
"SHA256 cookie-secret must be "
"256 bits");
......
......@@ -17,8 +17,6 @@
#include <isc/hmacmd5.h>
#include <isc/hmacsha.h>
#include <isc/md5.h>
#include <isc/sha1.h>
#include <isc/util.h>
#include <isc/print.h>
#include <isc/string.h>
......@@ -42,16 +40,13 @@ print_digest(const char *s, const char *hash, unsigned char *d,
int
main(int argc, char **argv) {
isc_sha1_t sha1;
isc_sha224_t sha224;
isc_md5_t md5;
isc_hmacmd5_t hmacmd5;
isc_hmacsha1_t hmacsha1;
isc_hmacsha224_t hmacsha224;
isc_hmacsha256_t hmacsha256;
isc_hmacsha384_t hmacsha384;
isc_hmacsha512_t hmacsha512;
unsigned char digest[ISC_SHA512_DIGESTLENGTH];
unsigned char digest[ISC_MAX_MD_SIZE];
unsigned char buffer[1024];
const char *s;
unsigned char key[20];
......@@ -59,41 +54,6 @@ main(int argc, char **argv) {
UNUSED(argc);
UNUSED(argv);
s = "abc";
isc_sha1_init(&sha1);
memmove(buffer, s, strlen(s));
isc_sha1_update(&sha1, buffer, strlen(s));
isc_sha1_final(&sha1, digest);
print_digest(s, "sha1", digest, ISC_SHA1_DIGESTLENGTH/4);
s = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
isc_sha1_init(&sha1);
memmove(buffer, s, strlen(s));
isc_sha1_update(&sha1, buffer, strlen(s));
isc_sha1_final(&sha1, digest);
print_digest(s, "sha1", digest, ISC_SHA1_DIGESTLENGTH/4);
s = "abc";
isc_sha224_init(&sha224);
memmove(buffer, s, strlen(s));
isc_sha224_update(&sha224, buffer, strlen(s));
isc_sha224_final(digest, &sha224);
print_digest(s, "sha224", digest, ISC_SHA224_DIGESTLENGTH/4);
s = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
isc_sha224_init(&sha224);
memmove(buffer, s, strlen(s));
isc_sha224_update(&sha224, buffer, strlen(s));
isc_sha224_final(digest, &sha224);
print_digest(s, "sha224", digest, ISC_SHA224_DIGESTLENGTH/4);
s = "abc";
isc_md5_init(&md5);
memmove(buffer, s, strlen(s));
isc_md5_update(&md5, buffer, strlen(s));
isc_md5_final(&md5, digest);
print_digest(s, "md5", digest, 4);
/*
* The 3 HMAC-MD5 examples from RFC2104
*/
......
......@@ -69,6 +69,9 @@
/* Define if clock_gettime is available. */
#undef HAVE_CLOCK_GETTIME
/* Use cmocka */
#undef HAVE_CMOCKA
/* Define to 1 if you have the <cmocka.h> header file. */
#undef HAVE_CMOCKA_H
......
......@@ -19541,19 +19541,19 @@ case $with_cmocka in #(
yes) :
pkg_failed=no
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for cmocka" >&5
$as_echo_n "checking for cmocka... " >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for cmocka >= 1.0.0" >&5
$as_echo_n "checking for cmocka >= 1.0.0... " >&6; }
if test -n "$CMOCKA_CFLAGS"; then
pkg_cv_CMOCKA_CFLAGS="$CMOCKA_CFLAGS"
elif test -n "$PKG_CONFIG"; then
if test -n "$PKG_CONFIG" && \
{ { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"cmocka\""; } >&5
($PKG_CONFIG --exists --print-errors "cmocka") 2>&5
{ { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"cmocka >= 1.0.0\""; } >&5
($PKG_CONFIG --exists --print-errors "cmocka >= 1.0.0") 2>&5
ac_status=$?
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
pkg_cv_CMOCKA_CFLAGS=`$PKG_CONFIG --cflags "cmocka" 2>/dev/null`
pkg_cv_CMOCKA_CFLAGS=`$PKG_CONFIG --cflags "cmocka >= 1.0.0" 2>/dev/null`
test "x$?" != "x0" && pkg_failed=yes
else
pkg_failed=yes
......@@ -19565,12 +19565,12 @@ if test -n "$CMOCKA_LIBS"; then
pkg_cv_CMOCKA_LIBS="$CMOCKA_LIBS"
elif test -n "$PKG_CONFIG"; then
if test -n "$PKG_CONFIG" && \
{ { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"cmocka\""; } >&5
($PKG_CONFIG --exists --print-errors "cmocka") 2>&5
{ { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"cmocka >= 1.0.0\""; } >&5
($PKG_CONFIG --exists --print-errors "cmocka >= 1.0.0") 2>&5
ac_status=$?
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
pkg_cv_CMOCKA_LIBS=`$PKG_CONFIG --libs "cmocka" 2>/dev/null`
pkg_cv_CMOCKA_LIBS=`$PKG_CONFIG --libs "cmocka >= 1.0.0" 2>/dev/null`
test "x$?" != "x0" && pkg_failed=yes
else
pkg_failed=yes
......@@ -19591,14 +19591,14 @@ else
_pkg_short_errors_supported=no
fi
if test $_pkg_short_errors_supported = yes; then
CMOCKA_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "cmocka" 2>&1`
CMOCKA_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "cmocka >= 1.0.0" 2>&1`
else
CMOCKA_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "cmocka" 2>&1`
CMOCKA_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "cmocka >= 1.0.0" 2>&1`
fi
# Put the nasty error message in config.log where it belongs
echo "$CMOCKA_PKG_ERRORS" >&5
as_fn_error $? "Package requirements (cmocka) were not met:
as_fn_error $? "Package requirements (cmocka >= 1.0.0) were not met:
$CMOCKA_PKG_ERRORS
......@@ -19629,6 +19629,8 @@ else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
$as_echo "#define HAVE_CMOCKA 1" >>confdefs.h
fi ;; #(
*) :
......@@ -19711,6 +19713,9 @@ if test "$ac_res" != no; then :
CMOCKA_CFLAGS="-I$with_cmocka/include"
CMOCKA_LIBS="-L$with_cmocka/lib -lcmocka"
$as_echo "#define HAVE_CMOCKA 1" >>confdefs.h
else
as_fn_error $? "cmocka unit testing framework not found in $with_cmocka path" "$LINENO" 5
fi
......@@ -19761,6 +19766,47 @@ rm -f core conftest.err conftest.$ac_objext \
# AM_CONDITIONAL([LD_WRAP], [test $enable_ld_wrap = yes])
LDFLAGS=$save_LDFLAGS
#
# Check for -Wl,--wrap= support
#
save_LDFLAGS=$LDFLAGS
LDFLAGS="--wrap=printf"
LD_WRAP_TESTS=false
enable_ld_wrap=no
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for linker support for --wrap option" >&5
$as_echo_n "checking for linker support for --wrap option... " >&6; }
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <stdio.h>
int
main ()
{
__wrap_printf("success"); return (0);
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
enable_ld_wrap=yes
LD_WRAP_TESTS=true
$as_echo "#define LD_WRAP 1" >>confdefs.h
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
# AM_CONDITIONAL([LD_WRAP], [test $enable_ld_wrap = yes])
LDFLAGS=$save_LDFLAGS
#
......
......@@ -2390,7 +2390,8 @@ AC_ARG_WITH([cmocka],
AS_CASE([$with_cmocka],
[no],[:],
[yes],[PKG_CHECK_MODULES([CMOCKA], [cmocka])],
[yes],[PKG_CHECK_MODULES([CMOCKA], [cmocka >= 1.0.0],
[AC_DEFINE([HAVE_CMOCKA], [1], [Use cmocka])])],
[*],[
save_CFLAGS="$CFLAGS"
save_LIBS="$LIBS"
......@@ -2408,6 +2409,7 @@ AS_CASE([$with_cmocka],
[
CMOCKA_CFLAGS="-I$with_cmocka/include"
CMOCKA_LIBS="-L$with_cmocka/lib -lcmocka"
AC_DEFINE([HAVE_CMOCKA], [1], [Use cmocka])
],
[AC_MSG_ERROR([cmocka unit testing framework not found in $with_cmocka path])])
])
......@@ -2436,6 +2438,28 @@ AC_SUBST([LD_WRAP_TESTS])
LDFLAGS=$save_LDFLAGS
#
# Check for -Wl,--wrap= support
#
save_LDFLAGS=$LDFLAGS
LDFLAGS="--wrap=printf"
LD_WRAP_TESTS=false
enable_ld_wrap=no
AC_MSG_CHECKING([for linker support for --wrap option])
AC_LINK_IFELSE(
[AC_LANG_PROGRAM([#include <stdio.h>], [__wrap_printf("success"); return (0);])],
[enable_ld_wrap=yes
LD_WRAP_TESTS=true
AC_DEFINE([LD_WRAP], [1], [define if the linker supports --wrap option])
AC_MSG_RESULT([yes])],
[AC_MSG_RESULT([no])])
# AM_CONDITIONAL([LD_WRAP], [test $enable_ld_wrap = yes])
AC_SUBST([LD_WRAP_TESTS])
LDFLAGS=$save_LDFLAGS
#
# Check whether to build Automated Test Framework unit tests
#
......
......@@ -23,6 +23,7 @@
#include <isc/file.h>
#include <isc/hex.h>
#include <isc/log.h>
#include <isc/md.h>
#include <isc/mem.h>
#include <isc/netaddr.h>
#include <isc/parseint.h>
......@@ -30,8 +31,6 @@
#include <isc/print.h>
#include <isc/region.h>
#include <isc/result.h>
#include <isc/sha1.h>
#include <isc/sha2.h>
#include <isc/sockaddr.h>
#include <isc/string.h>
#include <isc/symtab.h>
......
......@@ -53,7 +53,7 @@
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;USE_MD5;_DEBUG;_WINDOWS;_USRDLL;LIBBIND9_EXPORTS;%(PreprocessorDefinitions);%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;LIBBIND9_EXPORTS;%(PreprocessorDefinitions);%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AdditionalIncludeDirectories>./;../../../;include;../include;../../isc/win32;../../isc/win32/include;../../isc/include;../../isccfg/include;../../dns/include;@LIBXML2_INC@@OPENSSL_INC@@GEOIP_INC@%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<FunctionLevelLinking>true</FunctionLevelLinking>
<PrecompiledHeaderOutputFile>.\$(Configuration)\$(TargetName).pch</PrecompiledHeaderOutputFile>
......@@ -81,7 +81,7 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;USE_MD5;NDEBUG;_WINDOWS;_USRDLL;LIBBIND9_EXPORTS;%(PreprocessorDefinitions);%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;LIBBIND9_EXPORTS;%(PreprocessorDefinitions);%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AdditionalIncludeDirectories>./;../../../;include;../include;../../isc/win32;../../isc/win32/include;../../isc/include;../../isccfg/include;../../dns/include;@LIBXML2_INC@@OPENSSL_INC@@GEOIP_INC@%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
<WholeProgramOptimization>false</WholeProgramOptimization>
......
......@@ -29,7 +29,7 @@ USE_ISC_SPNEGO = @USE_ISC_SPNEGO@
CINCLUDES = -I. -I${top_srcdir}/lib/dns -Iinclude ${DNS_INCLUDES} \
${ISC_INCLUDES} @OPENSSL_INCLUDES@ @DST_GSSAPI_INC@
CDEFINES = -DUSE_MD5 @USE_GSSAPI@ ${USE_ISC_SPNEGO}
CDEFINES = @USE_GSSAPI@ ${USE_ISC_SPNEGO}
CWARNINGS =
......
......@@ -17,11 +17,11 @@
#include <stdbool.h>
#include <isc/hex.h>
#include <isc/md.h>
#include <isc/mem.h>
#include <isc/parseint.h>
#include <isc/print.h>
#include <isc/result.h>
#include <isc/sha2.h>
#include <isc/task.h>
#include <isc/util.h>
......@@ -1420,12 +1420,27 @@ dns_catz_update_process(dns_catz_zones_t *catzs, dns_catz_zone_t *zone,
return (result);
}
static isc_result_t
digest2hex(unsigned char *digest, unsigned int digestlen,
char *hash, size_t hashlen)
{
unsigned int i;
int ret;
for (i = 0; i < digestlen; i++) {
size_t left = hashlen - i * 2;
ret = snprintf(hash + i * 2, left, "%02x", digest[i]);
if (ret < 0 || (size_t)ret >= left) {
return (ISC_R_NOSPACE);
}
}
return (ISC_R_SUCCESS);
}
isc_result_t
dns_catz_generate_masterfilename(dns_catz_zone_t *zone, dns_catz_entry_t *entry,
isc_buffer_t **buffer)
{
isc_buffer_t *tbuf = NULL;
isc_sha256_t sha256;
isc_region_t r;
isc_result_t result;
size_t rlen;
......@@ -1453,7 +1468,7 @@ dns_catz_generate_masterfilename(dns_catz_zone_t *zone, dns_catz_entry_t *entry,
goto cleanup;
/* __catz__<digest>.db */
rlen = ISC_SHA256_DIGESTSTRINGLENGTH + 12;
rlen = (isc_md_type_get_size(ISC_MD_SHA256) * 2 + 1) + 12;
/* optionally prepend with <zonedir>/ */
if (entry->opts.zonedir != NULL)
......@@ -1470,11 +1485,20 @@ dns_catz_generate_masterfilename(dns_catz_zone_t *zone, dns_catz_entry_t *entry,
isc_buffer_usedregion(tbuf, &r);
isc_buffer_putstr(*buffer, "__catz__");
if (tbuf->used > ISC_SHA256_DIGESTSTRINGLENGTH) {
isc_sha256_init(&sha256);
isc_sha256_update(&sha256, r.base, r.length);
if (tbuf->used > ISC_SHA256_DIGESTLENGTH * 2 + 1) {
unsigned char digest[ISC_MAX_MD_SIZE];
unsigned int digestlen;
/* we can do that because digest string < 2 * DNS_NAME */
isc_sha256_end(&sha256, (char *) r.base);
result = isc_md(ISC_MD_SHA256, r.base, r.length,
digest, &digestlen);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
result = digest2hex(digest, digestlen, (char *)r.base,
ISC_SHA256_DIGESTLENGTH * 2 + 1);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
isc_buffer_putstr(*buffer, (char *) r.base);
} else {
isc_buffer_copyregion(*buffer, &r);
......
......@@ -18,8 +18,7 @@
#include <isc/buffer.h>
#include <isc/region.h>
#include <isc/sha1.h>
#include <isc/sha2.h>
#include <isc/md.h>
#include <isc/util.h>
#include <dns/ds.h>
......@@ -38,19 +37,21 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key,
{
dns_fixedname_t fname;
dns_name_t *name;
unsigned char digest[ISC_SHA384_DIGESTLENGTH];
unsigned char digest[ISC_MAX_MD_SIZE];
unsigned int digestlen;
isc_region_t r;
isc_buffer_t b;
dns_rdata_ds_t ds;
isc_sha1_t sha1;
isc_sha256_t sha256;
isc_sha384_t sha384;
isc_md_t *md;
isc_md_type_t md_type = 0;
isc_result_t ret;
REQUIRE(key != NULL);
REQUIRE(key->type == dns_rdatatype_dnskey);
if (!dst_ds_digest_supported(digest_type))
if (!dst_ds_digest_supported(digest_type)) {
return (ISC_R_NOTIMPLEMENTED);
}
name = dns_fixedname_initname(&fname);
(void)dns_name_downcase(owner, name, NULL);
......@@ -58,61 +59,65 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key,
memset(buffer, 0, DNS_DS_BUFFERSIZE);
isc_buffer_init(&b, buffer, DNS_DS_BUFFERSIZE);
md = isc_md_new();
if (md == NULL) {
return (ISC_R_NOMEMORY);
}
switch (digest_type) {
case DNS_DSDIGEST_SHA1:
isc_sha1_init(&sha1);
dns_name_toregion(name, &r);
isc_sha1_update(&sha1, r.base, r.length);
dns_rdata_toregion(key, &r);
INSIST(r.length >= 4);
isc_sha1_update(&sha1, r.base, r.length);
isc_sha1_final(&sha1, digest);
md_type = ISC_MD_SHA1;
break;
case DNS_DSDIGEST_SHA384:
isc_sha384_init(&sha384);
dns_name_toregion(name, &r);
isc_sha384_update(&sha384, r.base, r.length);
dns_rdata_toregion(key, &r);
INSIST(r.length >= 4);
isc_sha384_update(&sha384, r.base, r.length);
isc_sha384_final(digest, &sha384);
md_type = ISC_MD_SHA384;
break;
case DNS_DSDIGEST_SHA256:
default:
isc_sha256_init(&sha256);
dns_name_toregion(name, &r);
isc_sha256_update(&sha256, r.base, r.length);
dns_rdata_toregion(key, &r);
INSIST(r.length >= 4);
isc_sha256_update(&sha256, r.base, r.length);
isc_sha256_final(digest, &sha256);
md_type = ISC_MD_SHA256;
break;
}
ret = isc_md_init(md, md_type);
if (ret != ISC_R_SUCCESS) {
goto end;
}
dns_name_toregion(name, &r);
ret = isc_md_update(md, r.base, r.length);
if (ret != ISC_R_SUCCESS) {
goto end;
}
dns_rdata_toregion(key, &r);
INSIST(r.length >= 4);
ret = isc_md_update(md, r.base, r.length);
if (ret != ISC_R_SUCCESS) {
goto end;
}
ret = isc_md_final(md, digest, &digestlen);
if (ret != ISC_R_SUCCESS) {
goto end;
}
ds.mctx = NULL;
ds.common.rdclass = key->rdclass;
ds.common.rdtype = dns_rdatatype_ds;
ds.algorithm = r.base[3];
ds.key_tag = dst_region_computeid(&r, ds.algorithm);
ds.digest_type = digest_type;
switch (digest_type) {
case DNS_DSDIGEST_SHA1:
ds.length = ISC_SHA1_DIGESTLENGTH;
break;
case DNS_DSDIGEST_SHA384:
ds.length = ISC_SHA384_DIGESTLENGTH;
break;
case DNS_DSDIGEST_SHA256:
default:
ds.length = ISC_SHA256_DIGESTLENGTH;
break;
}
ds.digest = digest;
ds.length = digestlen;
return (dns_rdata_fromstruct(rdata, key->rdclass, dns_rdatatype_ds,
&ds, &b));
ret = dns_rdata_fromstruct(rdata, key->rdclass, dns_rdatatype_ds,
&ds, &b);
end:
if (md != NULL) {
isc_md_free(md);
}
return (ret);
}
......@@ -1202,22 +1202,22 @@ dst_key_sigsize(const dst_key_t *key, unsigned int *n) {
*n = DNS_SIG_ED448SIZE;
break;
case DST_ALG_HMACMD5:
*n = 16;
*n = isc_md_type_get_size(ISC_MD_MD5);
break;
case DST_ALG_HMACSHA1:
*n = ISC_SHA1_DIGESTLENGTH;
*n = isc_md_type_get_size(ISC_MD_SHA1);
break;
case DST_ALG_HMACSHA224:
*n = ISC_SHA224_DIGESTLENGTH;
*n = isc_md_type_get_size(ISC_MD_SHA224);
break;
case DST_ALG_HMACSHA256:
*n = ISC_SHA256_DIGESTLENGTH;
*n = isc_md_type_get_size(ISC_MD_SHA256);
break;
case DST_ALG_HMACSHA384:
*n = ISC_SHA384_DIGESTLENGTH;
*n = isc_md_type_get_size(ISC_MD_SHA384);
break;
case DST_ALG_HMACSHA512:
*n = ISC_SHA512_DIGESTLENGTH;
*n = isc_md_type_get_size(ISC_MD_SHA512);
break;
case DST_ALG_GSSAPI:
*n = 128; /*%< XXX */
......
......@@ -33,12 +33,10 @@
#include <isc/lang.h>
#include <isc/buffer.h>
#include <isc/magic.h>
#include <isc/md.h>
#include <isc/region.h>
#include <isc/types.h>
#include <isc/md5.h>
#include <isc/refcount.h>
#include <isc/sha1.h>
#include <isc/sha2.h>
#include <isc/stdtime.h>
#include <isc/hmacmd5.h>
#include <isc/hmacsha.h>
......@@ -148,10 +146,6 @@ struct dst_context {
union {
void *generic;
dst_gssapi_signverifyctx_t *gssctx;
isc_md5_t *md5ctx;
isc_sha1_t *sha1ctx;
isc_sha256_t *sha256ctx;
isc_sha512_t *sha512ctx;
isc_hmacmd5_t *hmacmd5ctx;
isc_hmacsha1_t *hmacsha1ctx;
isc_hmacsha224_t *hmacsha224ctx;
......
......@@ -30,10 +30,9 @@
#include <isc/buffer.h>
#include <isc/hmacmd5.h>
#include <isc/hmacsha.h>
#include <isc/md5.h>
#include <isc/nonce.h>
#include <isc/random.h>
#include <isc/sha1.h>
#include <isc/md.h>
#include <isc/mem.h>
#include <isc/safe.h>
#include <isc/string.h>
......@@ -52,7 +51,7 @@
static isc_result_t hmacmd5_fromdns(dst_key_t *key, isc_buffer_t *data);
struct dst_hmacmd5_key {
unsigned char key[ISC_MD5_BLOCK_LENGTH];
unsigned char key[ISC_HMAC_MAX_MD_CBLOCK];
};
static isc_result_t
......@@ -206,9 +205,9 @@ hmacmd5_todns(const dst_key_t *key, isc_buffer_t *data) {
static isc_result_t
hmacmd5_fromdns(dst_key_t *key, isc_buffer_t *data) {
dst_hmacmd5_key_t *hkey;
int keylen;
unsigned int keylen;
isc_region_t r;
isc_md5_t md5ctx;
isc_result_t res;
isc_buffer_remainingregion(data, &r);
if (r.length == 0)
......@@ -221,10 +220,11 @@ hmacmd5_fromdns(dst_key_t *key, isc_buffer_t *data) {
memset(hkey->key, 0, sizeof(hkey->key));
if (r.length > ISC_MD5_BLOCK_LENGTH) {
isc_md5_init(&md5ctx);
isc_md5_update(&md5ctx, r.base, r.length);
isc_md5_final(&md5ctx, hkey->key);
keylen = ISC_MD5_DIGESTLENGTH;
res = isc_md(ISC_MD_MD5, r.base, r.length,
hkey->key, &keylen);
if (res != ISC_R_SUCCESS) {
return (res);
}
} else {
memmove(hkey->key, r.base, r.length);
keylen = r.length;
......@@ -357,7 +357,6 @@ dst__hmacmd5_init(dst_func_t **funcp) {
* Prevent use of incorrect crypto
*/
RUNTIME_CHECK(isc_md5_check(false));
RUNTIME_CHECK(isc_hmacmd5_check(0));
REQUIRE(funcp != NULL);
......@@ -369,7 +368,7 @@ dst__hmacmd5_init(dst_func_t **funcp) {
static isc_result_t hmacsha1_fromdns(dst_key_t *key, isc_buffer_t *data);
struct dst_hmacsha1_key {
unsigned char key[ISC_SHA1_BLOCK_LENGTH];
unsigned char key[ISC_HMAC_MAX_MD_CBLOCK];
};
static isc_result_t
......@@ -512,9 +511,9 @@ hmacsha1_todns(const dst_key_t *key, isc_buffer_t *data) {
static isc_result_t
hmacsha1_fromdns(dst_key_t *key, isc_buffer_t *data) {
dst_hmacsha1_key_t *hkey;
int keylen;
unsigned int keylen;
isc_region_t r;
isc_sha1_t sha1ctx;
isc_result_t res;
isc_buffer_remainingregion(data, &r);
if (r.length == 0)
......@@ -527,10 +526,12 @@ hmacsha1_fromdns(dst_key_t *key, isc_buffer_t *data) {
memset(hkey->key, 0, sizeof(hkey->key));
if (r.length > ISC_SHA1_BLOCK_LENGTH) {
isc_sha1_init(&sha1ctx);
isc_sha1_update(&sha1ctx, r.base, r.length);
isc_sha1_final(&sha1ctx, hkey->key);
keylen = ISC_SHA1_DIGESTLENGTH;
res = isc_md(ISC_MD_SHA1, r.base, r.length,
hkey->key, &keylen);
REQUIRE(res != ISC_R_SUCCESS);
if (res != ISC_R_SUCCESS) {
return (res);
}
} else {
memmove(hkey->key, r.base, r.length);
keylen = r.length;
......@@ -647,7 +648,6 @@ dst__hmacsha1_init(dst_func_t **funcp) {
/*
* Prevent use of incorrect crypto
*/
RUNTIME_CHECK(isc_sha1_check(false));
RUNTIME_CHECK(isc_hmacsha1_check(0));