ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

OpenSSL hashes

Browse Source
This commit is contained in:
Francis Dupont
2009-02-06 12:26:23 +00:00
parent ddca7275b2
commit c1d7e0562f
17 changed files with 680 additions and 193 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
bin/tests/Makefile.in
View File

@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.131 2008/09/25 04:02:38 tbox Exp $
# $Id: Makefile.in,v 1.132 2009/02/06 12:26:22 fdupont Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@@ -28,7 +28,7 @@ CDEFINES =
CWARNINGS =
DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
ISCLIBS = ../../lib/isc/libisc.@A@
ISCLIBS = ../../lib/isc/libisc.@A@ @DNS_CRYPTO_LIBS@
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
LWRESLIBS = ../../lib/lwres/liblwres.@A@

4
bin/tests/sockaddr/Makefile.in
View File

@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.21 2007/06/19 23:47:00 tbox Exp $
# $Id: Makefile.in,v 1.22 2009/02/06 12:26:22 fdupont Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@@ -26,7 +26,7 @@ CINCLUDES = ${TEST_INCLUDES} ${ISC_INCLUDES}
CDEFINES =
CWARNINGS =
ISCLIBS = ../../../lib/isc/libisc.@A@
ISCLIBS = ../../../lib/isc/libisc.@A@ @DNS_CRYPTO_LIBS@
TAPIDEPLIBS = ../../../lib/tests/libt_api.@A@
ISCDEPLIBS = ../../../lib/isc/libisc.@A@

4
bin/tests/tasks/Makefile.in
View File

@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.30 2007/06/19 23:47:07 tbox Exp $
# $Id: Makefile.in,v 1.31 2009/02/06 12:26:22 fdupont Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@@ -26,7 +26,7 @@ CINCLUDES = ${TEST_INCLUDES} ${ISC_INCLUDES}
CDEFINES =
CWARNINGS =
ISCLIBS = ../../../lib/isc/libisc.@A@
ISCLIBS = ../../../lib/isc/libisc.@A@ @DNS_CRYPTO_LIBS@
TAPIDEPLIBS = ../../../lib/tests/libt_api.@A@
ISCDEPLIBS = ../../../lib/isc/libisc.@A@

4
bin/tests/timers/Makefile.in
View File

@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.28 2007/06/19 23:47:07 tbox Exp $
# $Id: Makefile.in,v 1.29 2009/02/06 12:26:22 fdupont Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@@ -26,7 +26,7 @@ CINCLUDES = ${TEST_INCLUDES} ${ISC_INCLUDES}
CDEFINES =
CWARNINGS =
ISCLIBS = ../../../lib/isc/libisc.@A@
ISCLIBS = ../../../lib/isc/libisc.@A@ @DNS_CRYPTO_LIBS@
ISCDEPLIBS = ../../../lib/isc/libisc.@A@

26
configure.in
View File

@@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl
esyscmd([sed "s/^/# /" COPYRIGHT])dnl
AC_DIVERT_POP()dnl
AC_REVISION($Revision: 1.466 $)
AC_REVISION($Revision: 1.467 $)
AC_INIT(lib/dns/name.c)
AC_PREREQ(2.59)
@@ -641,6 +641,30 @@ AC_SUBST(USE_OPENSSL)
AC_SUBST(DST_OPENSSL_INC)
DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DNS_OPENSSL_LIBS"
#
# Use OpenSSL for hash functions
#
AC_ARG_ENABLE(openssl-hash,
[ --enable-openssl-hash use OpenSSL for hash functions [[default=no]]],
want_openssl_hash="$enableval", want_openssl_hash="no")
case $want_openssl_hash in
yes)
if test "$USE_OPENSSL" = ""
then
AC_MSG_ERROR([No OpenSSL for hash functions])
fi
ISC_PLATFORM_OPENSSLHASH="#define ISC_PLATFORM_OPENSSLHASH 1"
ISC_OPENSSL_INC="$DST_OPENSSL_INC"
;;
no)
ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH"
ISC_OPENSSL_INC=""
;;
esac
AC_SUBST(ISC_PLATFORM_OPENSSLHASH)
AC_SUBST(ISC_OPENSSL_INC)
#
# PKCS11 (aka crypto hardware) support
#

6
lib/isc/Makefile.in
View File

@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.99 2009/01/27 23:47:54 tbox Exp $
# $Id: Makefile.in,v 1.100 2009/02/06 12:26:22 fdupont Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@@ -27,8 +27,8 @@ CINCLUDES = -I${srcdir}/unix/include \
-I${srcdir}/@ISC_THREAD_DIR@/include \
-I${srcdir}/@ISC_ARCH_DIR@/include \
-I./include \
-I${srcdir}/include
CDEFINES =
-I${srcdir}/include @ISC_OPENSSL_INC@
CDEFINES = @USE_OPENSSL@
CWARNINGS =
# Alphabetically

33
lib/isc/hmacmd5.c
View File

@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: hmacmd5.c,v 1.14 2007/06/19 23:47:17 tbox Exp $ */
/* $Id: hmacmd5.c,v 1.15 2009/02/06 12:26:22 fdupont Exp $ */
/*! \file
* This code implements the HMAC-MD5 keyed hash algorithm
@@ -27,10 +27,40 @@
#include <isc/assertions.h>
#include <isc/hmacmd5.h>
#include <isc/md5.h>
#include <isc/platform.h>
#include <isc/string.h>
#include <isc/types.h>
#include <isc/util.h>
#ifdef ISC_PLATFORM_OPENSSLHASH
void
isc_hmacmd5_init(isc_hmacmd5_t *ctx, const unsigned char *key,
unsigned int len)
{
HMAC_Init(ctx, (const void *) key, (int) len, EVP_md5());
}
void
isc_hmacmd5_invalidate(isc_hmacmd5_t *ctx) {
HMAC_CTX_cleanup(ctx);
}
void
isc_hmacmd5_update(isc_hmacmd5_t *ctx, const unsigned char *buf,
unsigned int len)
{
HMAC_Update(ctx, buf, (int) len);
}
void
isc_hmacmd5_sign(isc_hmacmd5_t *ctx, unsigned char *digest) {
HMAC_Final(ctx, digest, NULL);
HMAC_CTX_cleanup(ctx);
}
#else
#define PADLEN 64
#define IPAD 0x36
#define OPAD 0x5C
@@ -98,6 +128,7 @@ isc_hmacmd5_sign(isc_hmacmd5_t *ctx, unsigned char *digest) {
isc_md5_final(&ctx->md5ctx, digest);
isc_hmacmd5_invalidate(ctx);
}
#endif /* !ISC_PLATFORM_OPENSSLHASH */
/*!
* Verify signature - finalize MD5 operation and reapply MD5, then

267
lib/isc/hmacsha.c
View File

@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: hmacsha.c,v 1.8 2007/08/27 03:27:53 marka Exp $ */
/* $Id: hmacsha.c,v 1.9 2009/02/06 12:26:23 fdupont Exp $ */
/*
* This code implements the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384
@@ -26,12 +26,172 @@
#include <isc/assertions.h>
#include <isc/hmacsha.h>
#include <isc/platform.h>
#include <isc/sha1.h>
#include <isc/sha2.h>
#include <isc/string.h>
#include <isc/types.h>
#include <isc/util.h>
#ifdef ISC_PLATFORM_OPENSSLHASH
void
isc_hmacsha1_init(isc_hmacsha1_t *ctx, const unsigned char *key,
unsigned int len)
{
HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha1());
}
void
isc_hmacsha1_invalidate(isc_hmacsha1_t *ctx) {
HMAC_CTX_cleanup(ctx);
}
void
isc_hmacsha1_update(isc_hmacsha1_t *ctx, const unsigned char *buf,
unsigned int len)
{
HMAC_Update(ctx, buf, (int) len);
}
void
isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA1_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA1_DIGESTLENGTH);
HMAC_Final(ctx, newdigest, NULL);
HMAC_CTX_cleanup(ctx);
memcpy(digest, newdigest, len);
memset(newdigest, 0, sizeof(newdigest));
}
void
isc_hmacsha224_init(isc_hmacsha224_t *ctx, const unsigned char *key,
unsigned int len)
{
HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha224());
}
void
isc_hmacsha224_invalidate(isc_hmacsha224_t *ctx) {
HMAC_CTX_cleanup(ctx);
}
void
isc_hmacsha224_update(isc_hmacsha224_t *ctx, const unsigned char *buf,
unsigned int len)
{
HMAC_Update(ctx, buf, (int) len);
}
void
isc_hmacsha224_sign(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA224_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA224_DIGESTLENGTH);
HMAC_Final(ctx, newdigest, NULL);
HMAC_CTX_cleanup(ctx);
memcpy(digest, newdigest, len);
memset(newdigest, 0, sizeof(newdigest));
}
void
isc_hmacsha256_init(isc_hmacsha256_t *ctx, const unsigned char *key,
unsigned int len)
{
HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha256());
}
void
isc_hmacsha256_invalidate(isc_hmacsha256_t *ctx) {
HMAC_CTX_cleanup(ctx);
}
void
isc_hmacsha256_update(isc_hmacsha256_t *ctx, const unsigned char *buf,
unsigned int len)
{
HMAC_Update(ctx, buf, (int) len);
}
void
isc_hmacsha256_sign(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA256_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA256_DIGESTLENGTH);
HMAC_Final(ctx, newdigest, NULL);
HMAC_CTX_cleanup(ctx);
memcpy(digest, newdigest, len);
memset(newdigest, 0, sizeof(newdigest));
}
void
isc_hmacsha384_init(isc_hmacsha384_t *ctx, const unsigned char *key,
unsigned int len)
{
HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha384());
}
void
isc_hmacsha384_invalidate(isc_hmacsha384_t *ctx) {
HMAC_CTX_cleanup(ctx);
}
void
isc_hmacsha384_update(isc_hmacsha384_t *ctx, const unsigned char *buf,
unsigned int len)
{
HMAC_Update(ctx, buf, (int) len);
}
void
isc_hmacsha384_sign(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA384_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA384_DIGESTLENGTH);
HMAC_Final(ctx, newdigest, NULL);
HMAC_CTX_cleanup(ctx);
memcpy(digest, newdigest, len);
memset(newdigest, 0, sizeof(newdigest));
}
void
isc_hmacsha512_init(isc_hmacsha512_t *ctx, const unsigned char *key,
unsigned int len)
{
HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha512());
}
void
isc_hmacsha512_invalidate(isc_hmacsha512_t *ctx) {
HMAC_CTX_cleanup(ctx);
}
void
isc_hmacsha512_update(isc_hmacsha512_t *ctx, const unsigned char *buf,
unsigned int len)
{
HMAC_Update(ctx, buf, (int) len);
}
void
isc_hmacsha512_sign(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA512_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA512_DIGESTLENGTH);
HMAC_Final(ctx, newdigest, NULL);
HMAC_CTX_cleanup(ctx);
memcpy(digest, newdigest, len);
memset(newdigest, 0, sizeof(newdigest));
}
#else
#define IPAD 0x36
#define OPAD 0x5C
@@ -104,19 +264,6 @@ isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
memset(newdigest, 0, sizeof(newdigest));
}
/*
* Verify signature - finalize SHA1 operation and reapply SHA1, then
* compare to the supplied digest.
*/
isc_boolean_t
isc_hmacsha1_verify(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA1_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA1_DIGESTLENGTH);
isc_hmacsha1_sign(ctx, newdigest, ISC_SHA1_DIGESTLENGTH);
return (ISC_TF(memcmp(digest, newdigest, len) == 0));
}
/*
* Start HMAC-SHA224 process. Initialize an sha224 context and digest the key.
*/
@@ -184,19 +331,6 @@ isc_hmacsha224_sign(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) {
memset(newdigest, 0, sizeof(newdigest));
}
/*
* Verify signature - finalize SHA224 operation and reapply SHA224, then
* compare to the supplied digest.
*/
isc_boolean_t
isc_hmacsha224_verify(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA224_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA224_DIGESTLENGTH);
isc_hmacsha224_sign(ctx, newdigest, ISC_SHA224_DIGESTLENGTH);
return (ISC_TF(memcmp(digest, newdigest, len) == 0));
}
/*
* Start HMAC-SHA256 process. Initialize an sha256 context and digest the key.
*/
@@ -264,19 +398,6 @@ isc_hmacsha256_sign(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) {
memset(newdigest, 0, sizeof(newdigest));
}
/*
* Verify signature - finalize SHA256 operation and reapply SHA256, then
* compare to the supplied digest.
*/
isc_boolean_t
isc_hmacsha256_verify(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA256_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA256_DIGESTLENGTH);
isc_hmacsha256_sign(ctx, newdigest, ISC_SHA256_DIGESTLENGTH);
return (ISC_TF(memcmp(digest, newdigest, len) == 0));
}
/*
* Start HMAC-SHA384 process. Initialize an sha384 context and digest the key.
*/
@@ -344,19 +465,6 @@ isc_hmacsha384_sign(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) {
memset(newdigest, 0, sizeof(newdigest));
}
/*
* Verify signature - finalize SHA384 operation and reapply SHA384, then
* compare to the supplied digest.
*/
isc_boolean_t
isc_hmacsha384_verify(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA384_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA384_DIGESTLENGTH);
isc_hmacsha384_sign(ctx, newdigest, ISC_SHA384_DIGESTLENGTH);
return (ISC_TF(memcmp(digest, newdigest, len) == 0));
}
/*
* Start HMAC-SHA512 process. Initialize an sha512 context and digest the key.
*/
@@ -423,6 +531,59 @@ isc_hmacsha512_sign(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) {
memcpy(digest, newdigest, len);
memset(newdigest, 0, sizeof(newdigest));
}
#endif /* !ISC_PLATFORM_OPENSSLHASH */
/*
* Verify signature - finalize SHA1 operation and reapply SHA1, then
* compare to the supplied digest.
*/
isc_boolean_t
isc_hmacsha1_verify(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA1_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA1_DIGESTLENGTH);
isc_hmacsha1_sign(ctx, newdigest, ISC_SHA1_DIGESTLENGTH);
return (ISC_TF(memcmp(digest, newdigest, len) == 0));
}
/*
* Verify signature - finalize SHA224 operation and reapply SHA224, then
* compare to the supplied digest.
*/
isc_boolean_t
isc_hmacsha224_verify(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA224_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA224_DIGESTLENGTH);
isc_hmacsha224_sign(ctx, newdigest, ISC_SHA224_DIGESTLENGTH);
return (ISC_TF(memcmp(digest, newdigest, len) == 0));
}
/*
* Verify signature - finalize SHA256 operation and reapply SHA256, then
* compare to the supplied digest.
*/
isc_boolean_t
isc_hmacsha256_verify(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA256_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA256_DIGESTLENGTH);
isc_hmacsha256_sign(ctx, newdigest, ISC_SHA256_DIGESTLENGTH);
return (ISC_TF(memcmp(digest, newdigest, len) == 0));
}
/*
* Verify signature - finalize SHA384 operation and reapply SHA384, then
* compare to the supplied digest.
*/
isc_boolean_t
isc_hmacsha384_verify(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA384_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA384_DIGESTLENGTH);
isc_hmacsha384_sign(ctx, newdigest, ISC_SHA384_DIGESTLENGTH);
return (ISC_TF(memcmp(digest, newdigest, len) == 0));
}
/*
* Verify signature - finalize SHA512 operation and reapply SHA512, then

11
lib/isc/include/isc/hmacmd5.h
View File

@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: hmacmd5.h,v 1.12 2007/06/19 23:47:18 tbox Exp $ */
/* $Id: hmacmd5.h,v 1.13 2009/02/06 12:26:23 fdupont Exp $ */
/*! \file isc/hmacmd5.h
* \brief This is the header file for the HMAC-MD5 keyed hash algorithm
@@ -27,14 +27,23 @@
#include <isc/lang.h>
#include <isc/md5.h>
#include <isc/platform.h>
#include <isc/types.h>
#define ISC_HMACMD5_KEYLENGTH 64
#ifdef ISC_PLATFORM_OPENSSLHASH
#include <openssl/hmac.h>
typedef HMAC_CTX isc_hmacmd5_t;
#else
typedef struct {
isc_md5_t md5ctx;
unsigned char key[ISC_HMACMD5_KEYLENGTH];
} isc_hmacmd5_t;
#endif
ISC_LANG_BEGINDECLS

15
lib/isc/include/isc/hmacsha.h
View File

@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: hmacsha.h,v 1.7 2007/06/19 23:47:18 tbox Exp $ */
/* $Id: hmacsha.h,v 1.8 2009/02/06 12:26:23 fdupont Exp $ */
/*! \file isc/hmacsha.h
* This is the header file for the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256,
@@ -25,6 +25,7 @@
#define ISC_HMACSHA_H 1
#include <isc/lang.h>
#include <isc/platform.h>
#include <isc/sha1.h>
#include <isc/sha2.h>
#include <isc/types.h>
@@ -35,6 +36,17 @@
#define ISC_HMACSHA384_KEYLENGTH ISC_SHA384_BLOCK_LENGTH
#define ISC_HMACSHA512_KEYLENGTH ISC_SHA512_BLOCK_LENGTH
#ifdef ISC_PLATFORM_OPENSSLHASH
#include <openssl/hmac.h>
typedef HMAC_CTX isc_hmacsha1_t;
typedef HMAC_CTX isc_hmacsha224_t;
typedef HMAC_CTX isc_hmacsha256_t;
typedef HMAC_CTX isc_hmacsha384_t;
typedef HMAC_CTX isc_hmacsha512_t;
#else
typedef struct {
isc_sha1_t sha1ctx;
unsigned char key[ISC_HMACSHA1_KEYLENGTH];
@@ -59,6 +71,7 @@ typedef struct {
isc_sha512_t sha512ctx;
unsigned char key[ISC_HMACSHA512_KEYLENGTH];
} isc_hmacsha512_t;
#endif
ISC_LANG_BEGINDECLS

11
lib/isc/include/isc/md5.h
View File

@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: md5.h,v 1.16 2007/06/19 23:47:18 tbox Exp $ */
/* $Id: md5.h,v 1.17 2009/02/06 12:26:23 fdupont Exp $ */
/*! \file isc/md5.h
* \brief This is the header file for the MD5 message-digest algorithm.
@@ -44,15 +44,24 @@
#define ISC_MD5_H 1
#include <isc/lang.h>
#include <isc/platform.h>
#include <isc/types.h>
#define ISC_MD5_DIGESTLENGTH 16U
#ifdef ISC_PLATFORM_OPENSSLHASH
#include <openssl/evp.h>
typedef EVP_MD_CTX isc_md5_t;
#else
typedef struct {
isc_uint32_t buf[4];
isc_uint32_t bytes[2];
isc_uint32_t in[16];
} isc_md5_t;
#endif
ISC_LANG_BEGINDECLS

7
lib/isc/include/isc/platform.h.in
View File

@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: platform.h.in,v 1.49 2008/12/01 03:51:47 marka Exp $ */
/* $Id: platform.h.in,v 1.50 2009/02/06 12:26:23 fdupont Exp $ */
#ifndef ISC_PLATFORM_H
#define ISC_PLATFORM_H 1
@@ -284,6 +284,11 @@
*/
@ISC_PLATFORM_HAVESTRINGSH@
/*
* Define if the hash functions must be provided by OpenSSL.
*/
@ISC_PLATFORM_OPENSSLHASH@
/***
*** Windows dll support.
***/

11
lib/isc/include/isc/sha1.h
View File

@@ -18,7 +18,7 @@
#ifndef ISC_SHA1_H
#define ISC_SHA1_H 1
/* $Id: sha1.h,v 1.17 2007/06/19 23:47:18 tbox Exp $ */
/* $Id: sha1.h,v 1.18 2009/02/06 12:26:23 fdupont Exp $ */
/* $NetBSD: sha1.h,v 1.2 1998/05/29 22:55:44 thorpej Exp $ */
@@ -29,16 +29,25 @@
*/
#include <isc/lang.h>
#include <isc/platform.h>
#include <isc/types.h>
#define ISC_SHA1_DIGESTLENGTH 20U
#define ISC_SHA1_BLOCK_LENGTH 64U
#ifdef ISC_PLATFORM_OPENSSLHASH
#include <openssl/evp.h>
typedef EVP_MD_CTX isc_sha1_t;
#else
typedef struct {
isc_uint32_t state[5];
isc_uint32_t count[2];
unsigned char buffer[ISC_SHA1_BLOCK_LENGTH];
} isc_sha1_t;
#endif
ISC_LANG_BEGINDECLS

17
lib/isc/include/isc/sha2.h
View File

@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: sha2.h,v 1.9 2007/06/19 23:47:18 tbox Exp $ */
/* $Id: sha2.h,v 1.10 2009/02/06 12:26:23 fdupont Exp $ */
/* $FreeBSD: src/sys/crypto/sha2/sha2.h,v 1.1.2.1 2001/07/03 11:01:36 ume Exp $ */
/* $KAME: sha2.h,v 1.3 2001/03/12 08:27:48 itojun Exp $ */
@@ -58,6 +58,7 @@
#define ISC_SHA2_H
#include <isc/lang.h>
#include <isc/platform.h>
#include <isc/types.h>
/*** SHA-224/256/384/512 Various Length Definitions ***********************/
@@ -75,11 +76,16 @@
#define ISC_SHA512_DIGESTLENGTH 64U
#define ISC_SHA512_DIGESTSTRINGLENGTH (ISC_SHA512_DIGESTLENGTH * 2 + 1)
ISC_LANG_BEGINDECLS
/*** SHA-256/384/512 Context Structures *******************************/
#ifdef ISC_PLATFORM_OPENSSLHASH
#include <openssl/evp.h>
typedef EVP_MD_CTX isc_sha256_t;
typedef EVP_MD_CTX isc_sha512_t;
#else
/*
* Keep buffer immediately after bitcount to preserve alignment.
*/
@@ -97,10 +103,13 @@ typedef struct {
isc_uint64_t bitcount[2];
isc_uint8_t buffer[ISC_SHA512_BLOCK_LENGTH];
} isc_sha512_t;
#endif
typedef isc_sha256_t isc_sha224_t;
typedef isc_sha512_t isc_sha384_t;
ISC_LANG_BEGINDECLS
/*** SHA-224/256/384/512 Function Prototypes ******************************/
void isc_sha224_init (isc_sha224_t *);

28
lib/isc/md5.c
View File

@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: md5.c,v 1.14 2007/06/19 23:47:17 tbox Exp $ */
/* $Id: md5.c,v 1.15 2009/02/06 12:26:23 fdupont Exp $ */
/*! \file
* This code implements the MD5 message-digest algorithm.
@@ -38,10 +38,35 @@
#include <isc/assertions.h>
#include <isc/md5.h>
#include <isc/platform.h>
#include <isc/string.h>
#include <isc/types.h>
#include <isc/util.h>
#ifdef ISC_PLATFORM_OPENSSLHASH
void
isc_md5_init(isc_md5_t *ctx) {
EVP_DigestInit(ctx, EVP_md5());
}
void
isc_md5_invalidate(isc_md5_t *ctx) {
EVP_MD_CTX_cleanup(ctx);
}
void
isc_md5_update(isc_md5_t *ctx, const unsigned char *buf, unsigned int len) {
EVP_DigestUpdate(ctx, (const void *) buf, (size_t) len);
}
void
isc_md5_final(isc_md5_t *ctx, unsigned char *digest) {
EVP_DigestFinal(ctx, digest, NULL);
}
#else
static void
byteSwap(isc_uint32_t *buf, unsigned words)
{
@@ -249,3 +274,4 @@ isc_md5_final(isc_md5_t *ctx, unsigned char *digest) {
memcpy(digest, ctx->buf, 16);
memset(ctx, 0, sizeof(isc_md5_t)); /* In case it's sensitive */
}
#endif

39
lib/isc/sha1.c
View File

@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: sha1.c,v 1.18 2007/06/19 23:47:17 tbox Exp $ */
/* $Id: sha1.c,v 1.19 2009/02/06 12:26:23 fdupont Exp $ */
/* $NetBSD: sha1.c,v 1.5 2000/01/22 22:19:14 mycroft Exp $ */
/* $OpenBSD: sha1.c,v 1.9 1997/07/23 21:12:32 kstailey Exp $ */
@@ -38,11 +38,47 @@
#include "config.h"
#include <isc/assertions.h>
#include <isc/platform.h>
#include <isc/sha1.h>
#include <isc/string.h>
#include <isc/types.h>
#include <isc/util.h>
#ifdef ISC_PLATFORM_OPENSSLHASH
void
isc_sha1_init(isc_sha1_t *context)
{
INSIST(context != NULL);
EVP_DigestInit(context, EVP_sha1());
}
void
isc_sha1_invalidate(isc_sha1_t *context) {
EVP_MD_CTX_cleanup(context);
}
void
isc_sha1_update(isc_sha1_t *context, const unsigned char *data,
unsigned int len)
{
INSIST(context != 0);
INSIST(data != 0);
EVP_DigestUpdate(context, (const void *) data, (size_t) len);
}
void
isc_sha1_final(isc_sha1_t *context, unsigned char *digest) {
INSIST(digest != 0);
INSIST(context != 0);
EVP_DigestFinal(context, digest, NULL);
}
#else
#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
/*@{*/
@@ -313,3 +349,4 @@ isc_sha1_final(isc_sha1_t *context, unsigned char *digest) {
memset(context, 0, sizeof(isc_sha1_t));
}
#endif

386
lib/isc/sha2.c
View File

@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: sha2.c,v 1.15 2009/01/18 23:48:14 tbox Exp $ */
/* $Id: sha2.c,v 1.16 2009/02/06 12:26:23 fdupont Exp $ */
/* $FreeBSD: src/sys/crypto/sha2/sha2.c,v 1.2.2.2 2002/03/05 08:36:47 ume Exp $ */
/* $KAME: sha2.c,v 1.8 2001/11/08 01:07:52 itojun Exp $ */
@@ -58,10 +58,149 @@
#include <config.h>
#include <isc/assertions.h>
#include <isc/platform.h>
#include <isc/sha2.h>
#include <isc/string.h>
#include <isc/util.h>
#ifdef ISC_PLATFORM_OPENSSLHASH
void
isc_sha224_init(isc_sha224_t *context) {
if (context == (isc_sha224_t *)0) {
return;
}
EVP_DigestInit(context, EVP_sha224());
}
void
isc_sha224_update(isc_sha224_t *context, const isc_uint8_t* data, size_t len) {
if (len == 0U) {
/* Calling with no data is valid - we do nothing */
return;
}
/* Sanity check: */
REQUIRE(context != (isc_sha224_t *)0 && data != (isc_uint8_t*)0);
EVP_DigestUpdate(context, (const void *) data, len);
}
void
isc_sha224_final(isc_uint8_t digest[], isc_sha224_t *context) {
/* Sanity check: */
REQUIRE(context != (isc_sha224_t *)0);
/* If no digest buffer is passed, we don't bother doing this: */
if (digest != (isc_uint8_t*)0) {
EVP_DigestFinal(context, digest, NULL);
} else {
EVP_MD_CTX_cleanup(context);
}
}
void
isc_sha256_init(isc_sha256_t *context) {
if (context == (isc_sha256_t *)0) {
return;
}
EVP_DigestInit(context, EVP_sha256());
}
void
isc_sha256_update(isc_sha256_t *context, const isc_uint8_t *data, size_t len) {
if (len == 0U) {
/* Calling with no data is valid - we do nothing */
return;
}
/* Sanity check: */
REQUIRE(context != (isc_sha256_t *)0 && data != (isc_uint8_t*)0);
EVP_DigestUpdate(context, (const void *) data, len);
}
void
isc_sha256_final(isc_uint8_t digest[], isc_sha256_t *context) {
/* Sanity check: */
REQUIRE(context != (isc_sha256_t *)0);
/* If no digest buffer is passed, we don't bother doing this: */
if (digest != (isc_uint8_t*)0) {
EVP_DigestFinal(context, digest, NULL);
} else {
EVP_MD_CTX_cleanup(context);
}
}
void
isc_sha512_init(isc_sha512_t *context) {
if (context == (isc_sha512_t *)0) {
return;
}
EVP_DigestInit(context, EVP_sha512());
}
void isc_sha512_update(isc_sha512_t *context, const isc_uint8_t *data, size_t len) {
if (len == 0U) {
/* Calling with no data is valid - we do nothing */
return;
}
/* Sanity check: */
REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0);
EVP_DigestUpdate(context, (const void *) data, len);
}
void isc_sha512_final(isc_uint8_t digest[], isc_sha512_t *context) {
/* Sanity check: */
REQUIRE(context != (isc_sha512_t *)0);
/* If no digest buffer is passed, we don't bother doing this: */
if (digest != (isc_uint8_t*)0) {
EVP_DigestFinal(context, digest, NULL);
} else {
EVP_MD_CTX_cleanup(context);
}
}
void
isc_sha384_init(isc_sha384_t *context) {
if (context == (isc_sha384_t *)0) {
return;
}
EVP_DigestInit(context, EVP_sha384());
}
void
isc_sha384_update(isc_sha384_t *context, const isc_uint8_t* data, size_t len) {
if (len == 0U) {
/* Calling with no data is valid - we do nothing */
return;
}
/* Sanity check: */
REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0);
EVP_DigestUpdate(context, (const void *) data, len);
}
void
isc_sha384_final(isc_uint8_t digest[], isc_sha384_t *context) {
/* Sanity check: */
REQUIRE(context != (isc_sha384_t *)0);
/* If no digest buffer is passed, we don't bother doing this: */
if (digest != (isc_uint8_t*)0) {
EVP_DigestFinal(context, digest, NULL);
} else {
EVP_MD_CTX_cleanup(context);
}
}
#else
/*
* UNROLLED TRANSFORM LOOP NOTE:
* You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
@@ -394,13 +533,6 @@ static const isc_uint64_t sha512_initial_hash_value[8] = {
};
#endif
/*
* Constant used by SHA256/384/512_End() functions for converting the
* digest to a readable hexadecimal character string:
*/
static const char *sha2_hex_digits = "0123456789abcdef";
/*** SHA-224: *********************************************************/
void
@@ -427,41 +559,6 @@ isc_sha224_final(isc_uint8_t digest[], isc_sha224_t *context) {
memset(sha256_digest, 0, ISC_SHA256_DIGESTLENGTH);
}
char *
isc_sha224_end(isc_sha224_t *context, char buffer[]) {
isc_uint8_t digest[ISC_SHA224_DIGESTLENGTH], *d = digest;
unsigned int i;
/* Sanity check: */
REQUIRE(context != (isc_sha224_t *)0);
if (buffer != (char*)0) {
isc_sha224_final(digest, context);
for (i = 0; i < ISC_SHA224_DIGESTLENGTH; i++) {
*buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
*buffer++ = sha2_hex_digits[*d & 0x0f];
d++;
}
*buffer = (char)0;
} else {
memset(context, 0, sizeof(context));
}
memset(digest, 0, ISC_SHA224_DIGESTLENGTH);
return buffer;
}
char*
isc_sha224_data(const isc_uint8_t *data, size_t len,
char digest[ISC_SHA224_DIGESTSTRINGLENGTH])
{
isc_sha224_t context;
isc_sha224_init(&context);
isc_sha224_update(&context, data, len);
return (isc_sha224_end(&context, digest));
}
/*** SHA-256: *********************************************************/
void
isc_sha256_init(isc_sha256_t *context) {
@@ -772,42 +869,6 @@ isc_sha256_final(isc_uint8_t digest[], isc_sha256_t *context) {
usedspace = 0;
}
char *
isc_sha256_end(isc_sha256_t *context, char buffer[]) {
isc_uint8_t digest[ISC_SHA256_DIGESTLENGTH], *d = digest;
unsigned int i;
/* Sanity check: */
REQUIRE(context != (isc_sha256_t *)0);
if (buffer != (char*)0) {
isc_sha256_final(digest, context);
for (i = 0; i < ISC_SHA256_DIGESTLENGTH; i++) {
*buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
*buffer++ = sha2_hex_digits[*d & 0x0f];
d++;
}
*buffer = (char)0;
} else {
memset(context, 0, sizeof(context));
}
memset(digest, 0, ISC_SHA256_DIGESTLENGTH);
return buffer;
}
char *
isc_sha256_data(const isc_uint8_t* data, size_t len,
char digest[ISC_SHA256_DIGESTSTRINGLENGTH])
{
isc_sha256_t context;
isc_sha256_init(&context);
isc_sha256_update(&context, data, len);
return (isc_sha256_end(&context, digest));
}
/*** SHA-512: *********************************************************/
void
isc_sha512_init(isc_sha512_t *context) {
@@ -1115,41 +1176,6 @@ void isc_sha512_final(isc_uint8_t digest[], isc_sha512_t *context) {
memset(context, 0, sizeof(context));
}
char *
isc_sha512_end(isc_sha512_t *context, char buffer[]) {
isc_uint8_t digest[ISC_SHA512_DIGESTLENGTH], *d = digest;
unsigned int i;
/* Sanity check: */
REQUIRE(context != (isc_sha512_t *)0);
if (buffer != (char*)0) {
isc_sha512_final(digest, context);
for (i = 0; i < ISC_SHA512_DIGESTLENGTH; i++) {
*buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
*buffer++ = sha2_hex_digits[*d & 0x0f];
d++;
}
*buffer = (char)0;
} else {
memset(context, 0, sizeof(context));
}
memset(digest, 0, ISC_SHA512_DIGESTLENGTH);
return buffer;
}
char *
isc_sha512_data(const isc_uint8_t *data, size_t len,
char digest[ISC_SHA512_DIGESTSTRINGLENGTH])
{
isc_sha512_t context;
isc_sha512_init(&context);
isc_sha512_update(&context, data, len);
return (isc_sha512_end(&context, digest));
}
/*** SHA-384: *********************************************************/
void
@@ -1197,6 +1223,130 @@ isc_sha384_final(isc_uint8_t digest[], isc_sha384_t *context) {
/* Zero out state data */
memset(context, 0, sizeof(context));
}
#endif /* !ISC_PLATFORM_OPENSSLHASH */
/*
* Constant used by SHA256/384/512_End() functions for converting the
* digest to a readable hexadecimal character string:
*/
static const char *sha2_hex_digits = "0123456789abcdef";
char *
isc_sha224_end(isc_sha224_t *context, char buffer[]) {
isc_uint8_t digest[ISC_SHA224_DIGESTLENGTH], *d = digest;
unsigned int i;
/* Sanity check: */
REQUIRE(context != (isc_sha224_t *)0);
if (buffer != (char*)0) {
isc_sha224_final(digest, context);
for (i = 0; i < ISC_SHA224_DIGESTLENGTH; i++) {
*buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
*buffer++ = sha2_hex_digits[*d & 0x0f];
d++;
}
*buffer = (char)0;
} else {
#ifdef ISC_PLATFORM_OPENSSLHASH
EVP_MD_CTX_cleanup(context);
#else
memset(context, 0, sizeof(context));
#endif
}
memset(digest, 0, ISC_SHA224_DIGESTLENGTH);
return buffer;
}
char *
isc_sha224_data(const isc_uint8_t *data, size_t len,
char digest[ISC_SHA224_DIGESTSTRINGLENGTH])
{
isc_sha224_t context;
isc_sha224_init(&context);
isc_sha224_update(&context, data, len);
return (isc_sha224_end(&context, digest));
}
char *
isc_sha256_end(isc_sha256_t *context, char buffer[]) {
isc_uint8_t digest[ISC_SHA256_DIGESTLENGTH], *d = digest;
unsigned int i;
/* Sanity check: */
REQUIRE(context != (isc_sha256_t *)0);
if (buffer != (char*)0) {
isc_sha256_final(digest, context);
for (i = 0; i < ISC_SHA256_DIGESTLENGTH; i++) {
*buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
*buffer++ = sha2_hex_digits[*d & 0x0f];
d++;
}
*buffer = (char)0;
} else {
#ifdef ISC_PLATFORM_OPENSSLHASH
EVP_MD_CTX_cleanup(context);
#else
memset(context, 0, sizeof(context));
#endif
}
memset(digest, 0, ISC_SHA256_DIGESTLENGTH);
return buffer;
}
char *
isc_sha256_data(const isc_uint8_t* data, size_t len,
char digest[ISC_SHA256_DIGESTSTRINGLENGTH])
{
isc_sha256_t context;
isc_sha256_init(&context);
isc_sha256_update(&context, data, len);
return (isc_sha256_end(&context, digest));
}
char *
isc_sha512_end(isc_sha512_t *context, char buffer[]) {
isc_uint8_t digest[ISC_SHA512_DIGESTLENGTH], *d = digest;
unsigned int i;
/* Sanity check: */
REQUIRE(context != (isc_sha512_t *)0);
if (buffer != (char*)0) {
isc_sha512_final(digest, context);
for (i = 0; i < ISC_SHA512_DIGESTLENGTH; i++) {
*buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
*buffer++ = sha2_hex_digits[*d & 0x0f];
d++;
}
*buffer = (char)0;
} else {
#ifdef ISC_PLATFORM_OPENSSLHASH
EVP_MD_CTX_cleanup(context);
#else
memset(context, 0, sizeof(context));
#endif
}
memset(digest, 0, ISC_SHA512_DIGESTLENGTH);
return buffer;
}
char *
isc_sha512_data(const isc_uint8_t *data, size_t len,
char digest[ISC_SHA512_DIGESTSTRINGLENGTH])
{
isc_sha512_t context;
isc_sha512_init(&context);
isc_sha512_update(&context, data, len);
return (isc_sha512_end(&context, digest));
}
char *
isc_sha384_end(isc_sha384_t *context, char buffer[]) {
@@ -1215,14 +1365,18 @@ isc_sha384_end(isc_sha384_t *context, char buffer[]) {
d++;
}
*buffer = (char)0;
} else {
} else {
#ifdef ISC_PLATFORM_OPENSSLHASH
EVP_MD_CTX_cleanup(context);
#else
memset(context, 0, sizeof(context));
#endif
}
memset(digest, 0, ISC_SHA384_DIGESTLENGTH);
return buffer;
}
char*
char *
isc_sha384_data(const isc_uint8_t *data, size_t len,
char digest[ISC_SHA384_DIGESTSTRINGLENGTH])
{