Test whether the crypto library supports the HMAC algorithm

When initialising HMAC support check that the crypto library supports the algorithm rather than just assuming it is supported.
2023-02-24 12:59:18 +11:00
parent ffebd217f5
commit 97627c554b
2 changed files with 8 additions and 4 deletions
--- a/lib/dns/dst_api.c
+++ b/lib/dns/dst_api.c
@@ -199,9 +199,7 @@ dst_lib_init(isc_mem_t *mctx, const char *engine) {

 	memset(dst_t_func, 0, sizeof(dst_t_func));
 	RETERR(dst__openssl_init(engine)); /* Sets FIPS mode. */
-	if (!isc_fips_mode()) {
-		RETERR(dst__hmacmd5_init(&dst_t_func[DST_ALG_HMACMD5]));
-	}
+	RETERR(dst__hmacmd5_init(&dst_t_func[DST_ALG_HMACMD5]));
 	RETERR(dst__hmacsha1_init(&dst_t_func[DST_ALG_HMACSHA1]));
 	RETERR(dst__hmacsha224_init(&dst_t_func[DST_ALG_HMACSHA224]));
 	RETERR(dst__hmacsha256_init(&dst_t_func[DST_ALG_HMACSHA256]));
--- a/lib/dns/hmac_link.c
+++ b/lib/dns/hmac_link.c
@@ -127,7 +127,13 @@
 	isc_result_t dst__hmac##alg##_init(dst_func_t **funcp) {               \
 		REQUIRE(funcp != NULL);                                        \
 		if (*funcp == NULL) {                                          \
-			*funcp = &hmac##alg##_functions;                       \
+			isc_hmac_t *ctx = isc_hmac_new();                      \
+			if (isc_hmac_init(ctx, "test", 4, ISC_MD_##alg) ==     \
+			    ISC_R_SUCCESS)                                     \
+			{                                                      \
+				*funcp = &hmac##alg##_functions;               \
+			}                                                      \
+			isc_hmac_free(ctx);                                    \
 		}                                                              \
 		return (ISC_R_SUCCESS);                                        \
 	}