diff --git a/bin/tests/Makefile.in b/bin/tests/Makefile.in index 93b63f1c8d..960347b0b1 100644 --- a/bin/tests/Makefile.in +++ b/bin/tests/Makefile.in @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.131 2008/09/25 04:02:38 tbox Exp $ +# $Id: Makefile.in,v 1.132 2009/02/06 12:26:22 fdupont Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -28,7 +28,7 @@ CDEFINES = CWARNINGS = DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@ -ISCLIBS = ../../lib/isc/libisc.@A@ +ISCLIBS = ../../lib/isc/libisc.@A@ @DNS_CRYPTO_LIBS@ ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@ LWRESLIBS = ../../lib/lwres/liblwres.@A@ diff --git a/bin/tests/sockaddr/Makefile.in b/bin/tests/sockaddr/Makefile.in index f0dbbfb310..27655dc3c4 100644 --- a/bin/tests/sockaddr/Makefile.in +++ b/bin/tests/sockaddr/Makefile.in @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.21 2007/06/19 23:47:00 tbox Exp $ +# $Id: Makefile.in,v 1.22 2009/02/06 12:26:22 fdupont Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -26,7 +26,7 @@ CINCLUDES = ${TEST_INCLUDES} ${ISC_INCLUDES} CDEFINES = CWARNINGS = -ISCLIBS = ../../../lib/isc/libisc.@A@ +ISCLIBS = ../../../lib/isc/libisc.@A@ @DNS_CRYPTO_LIBS@ TAPIDEPLIBS = ../../../lib/tests/libt_api.@A@ ISCDEPLIBS = ../../../lib/isc/libisc.@A@ diff --git a/bin/tests/tasks/Makefile.in b/bin/tests/tasks/Makefile.in index f7fc90893c..0307c939c6 100644 --- a/bin/tests/tasks/Makefile.in +++ b/bin/tests/tasks/Makefile.in @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.30 2007/06/19 23:47:07 tbox Exp $ +# $Id: Makefile.in,v 1.31 2009/02/06 12:26:22 fdupont Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -26,7 +26,7 @@ CINCLUDES = ${TEST_INCLUDES} ${ISC_INCLUDES} CDEFINES = CWARNINGS = -ISCLIBS = ../../../lib/isc/libisc.@A@ +ISCLIBS = ../../../lib/isc/libisc.@A@ @DNS_CRYPTO_LIBS@ TAPIDEPLIBS = ../../../lib/tests/libt_api.@A@ ISCDEPLIBS = ../../../lib/isc/libisc.@A@ diff --git a/bin/tests/timers/Makefile.in b/bin/tests/timers/Makefile.in index 0ba198a287..7585b6aebc 100644 --- a/bin/tests/timers/Makefile.in +++ b/bin/tests/timers/Makefile.in @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.28 2007/06/19 23:47:07 tbox Exp $ +# $Id: Makefile.in,v 1.29 2009/02/06 12:26:22 fdupont Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -26,7 +26,7 @@ CINCLUDES = ${TEST_INCLUDES} ${ISC_INCLUDES} CDEFINES = CWARNINGS = -ISCLIBS = ../../../lib/isc/libisc.@A@ +ISCLIBS = ../../../lib/isc/libisc.@A@ @DNS_CRYPTO_LIBS@ ISCDEPLIBS = ../../../lib/isc/libisc.@A@ diff --git a/configure.in b/configure.in index 65054a5f51..e660e56833 100644 --- a/configure.in +++ b/configure.in @@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl esyscmd([sed "s/^/# /" COPYRIGHT])dnl AC_DIVERT_POP()dnl -AC_REVISION($Revision: 1.466 $) +AC_REVISION($Revision: 1.467 $) AC_INIT(lib/dns/name.c) AC_PREREQ(2.59) @@ -641,6 +641,30 @@ AC_SUBST(USE_OPENSSL) AC_SUBST(DST_OPENSSL_INC) DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DNS_OPENSSL_LIBS" +# +# Use OpenSSL for hash functions +# + +AC_ARG_ENABLE(openssl-hash, + [ --enable-openssl-hash use OpenSSL for hash functions [[default=no]]], + want_openssl_hash="$enableval", want_openssl_hash="no") +case $want_openssl_hash in + yes) + if test "$USE_OPENSSL" = "" + then + AC_MSG_ERROR([No OpenSSL for hash functions]) + fi + ISC_PLATFORM_OPENSSLHASH="#define ISC_PLATFORM_OPENSSLHASH 1" + ISC_OPENSSL_INC="$DST_OPENSSL_INC" + ;; + no) + ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH" + ISC_OPENSSL_INC="" + ;; +esac +AC_SUBST(ISC_PLATFORM_OPENSSLHASH) +AC_SUBST(ISC_OPENSSL_INC) + # # PKCS11 (aka crypto hardware) support # diff --git a/lib/isc/Makefile.in b/lib/isc/Makefile.in index 7d8e4608b0..2eba940988 100644 --- a/lib/isc/Makefile.in +++ b/lib/isc/Makefile.in @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.99 2009/01/27 23:47:54 tbox Exp $ +# $Id: Makefile.in,v 1.100 2009/02/06 12:26:22 fdupont Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -27,8 +27,8 @@ CINCLUDES = -I${srcdir}/unix/include \ -I${srcdir}/@ISC_THREAD_DIR@/include \ -I${srcdir}/@ISC_ARCH_DIR@/include \ -I./include \ - -I${srcdir}/include -CDEFINES = + -I${srcdir}/include @ISC_OPENSSL_INC@ +CDEFINES = @USE_OPENSSL@ CWARNINGS = # Alphabetically diff --git a/lib/isc/hmacmd5.c b/lib/isc/hmacmd5.c index 63853dcd41..b8bc578b14 100644 --- a/lib/isc/hmacmd5.c +++ b/lib/isc/hmacmd5.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: hmacmd5.c,v 1.14 2007/06/19 23:47:17 tbox Exp $ */ +/* $Id: hmacmd5.c,v 1.15 2009/02/06 12:26:22 fdupont Exp $ */ /*! \file * This code implements the HMAC-MD5 keyed hash algorithm @@ -27,10 +27,40 @@ #include #include #include +#include #include #include #include +#ifdef ISC_PLATFORM_OPENSSLHASH + +void +isc_hmacmd5_init(isc_hmacmd5_t *ctx, const unsigned char *key, + unsigned int len) +{ + HMAC_Init(ctx, (const void *) key, (int) len, EVP_md5()); +} + +void +isc_hmacmd5_invalidate(isc_hmacmd5_t *ctx) { + HMAC_CTX_cleanup(ctx); +} + +void +isc_hmacmd5_update(isc_hmacmd5_t *ctx, const unsigned char *buf, + unsigned int len) +{ + HMAC_Update(ctx, buf, (int) len); +} + +void +isc_hmacmd5_sign(isc_hmacmd5_t *ctx, unsigned char *digest) { + HMAC_Final(ctx, digest, NULL); + HMAC_CTX_cleanup(ctx); +} + +#else + #define PADLEN 64 #define IPAD 0x36 #define OPAD 0x5C @@ -98,6 +128,7 @@ isc_hmacmd5_sign(isc_hmacmd5_t *ctx, unsigned char *digest) { isc_md5_final(&ctx->md5ctx, digest); isc_hmacmd5_invalidate(ctx); } +#endif /* !ISC_PLATFORM_OPENSSLHASH */ /*! * Verify signature - finalize MD5 operation and reapply MD5, then diff --git a/lib/isc/hmacsha.c b/lib/isc/hmacsha.c index dfcd8bf5a9..ce03fd0447 100644 --- a/lib/isc/hmacsha.c +++ b/lib/isc/hmacsha.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: hmacsha.c,v 1.8 2007/08/27 03:27:53 marka Exp $ */ +/* $Id: hmacsha.c,v 1.9 2009/02/06 12:26:23 fdupont Exp $ */ /* * This code implements the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384 @@ -26,12 +26,172 @@ #include #include +#include #include #include #include #include #include +#ifdef ISC_PLATFORM_OPENSSLHASH + +void +isc_hmacsha1_init(isc_hmacsha1_t *ctx, const unsigned char *key, + unsigned int len) +{ + HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha1()); +} + +void +isc_hmacsha1_invalidate(isc_hmacsha1_t *ctx) { + HMAC_CTX_cleanup(ctx); +} + +void +isc_hmacsha1_update(isc_hmacsha1_t *ctx, const unsigned char *buf, + unsigned int len) +{ + HMAC_Update(ctx, buf, (int) len); +} + +void +isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) { + unsigned char newdigest[ISC_SHA1_DIGESTLENGTH]; + + REQUIRE(len <= ISC_SHA1_DIGESTLENGTH); + + HMAC_Final(ctx, newdigest, NULL); + HMAC_CTX_cleanup(ctx); + memcpy(digest, newdigest, len); + memset(newdigest, 0, sizeof(newdigest)); +} + +void +isc_hmacsha224_init(isc_hmacsha224_t *ctx, const unsigned char *key, + unsigned int len) +{ + HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha224()); +} + +void +isc_hmacsha224_invalidate(isc_hmacsha224_t *ctx) { + HMAC_CTX_cleanup(ctx); +} + +void +isc_hmacsha224_update(isc_hmacsha224_t *ctx, const unsigned char *buf, + unsigned int len) +{ + HMAC_Update(ctx, buf, (int) len); +} + +void +isc_hmacsha224_sign(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) { + unsigned char newdigest[ISC_SHA224_DIGESTLENGTH]; + + REQUIRE(len <= ISC_SHA224_DIGESTLENGTH); + + HMAC_Final(ctx, newdigest, NULL); + HMAC_CTX_cleanup(ctx); + memcpy(digest, newdigest, len); + memset(newdigest, 0, sizeof(newdigest)); +} + +void +isc_hmacsha256_init(isc_hmacsha256_t *ctx, const unsigned char *key, + unsigned int len) +{ + HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha256()); +} + +void +isc_hmacsha256_invalidate(isc_hmacsha256_t *ctx) { + HMAC_CTX_cleanup(ctx); +} + +void +isc_hmacsha256_update(isc_hmacsha256_t *ctx, const unsigned char *buf, + unsigned int len) +{ + HMAC_Update(ctx, buf, (int) len); +} + +void +isc_hmacsha256_sign(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) { + unsigned char newdigest[ISC_SHA256_DIGESTLENGTH]; + + REQUIRE(len <= ISC_SHA256_DIGESTLENGTH); + + HMAC_Final(ctx, newdigest, NULL); + HMAC_CTX_cleanup(ctx); + memcpy(digest, newdigest, len); + memset(newdigest, 0, sizeof(newdigest)); +} + +void +isc_hmacsha384_init(isc_hmacsha384_t *ctx, const unsigned char *key, + unsigned int len) +{ + HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha384()); +} + +void +isc_hmacsha384_invalidate(isc_hmacsha384_t *ctx) { + HMAC_CTX_cleanup(ctx); +} + +void +isc_hmacsha384_update(isc_hmacsha384_t *ctx, const unsigned char *buf, + unsigned int len) +{ + HMAC_Update(ctx, buf, (int) len); +} + +void +isc_hmacsha384_sign(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) { + unsigned char newdigest[ISC_SHA384_DIGESTLENGTH]; + + REQUIRE(len <= ISC_SHA384_DIGESTLENGTH); + + HMAC_Final(ctx, newdigest, NULL); + HMAC_CTX_cleanup(ctx); + memcpy(digest, newdigest, len); + memset(newdigest, 0, sizeof(newdigest)); +} + +void +isc_hmacsha512_init(isc_hmacsha512_t *ctx, const unsigned char *key, + unsigned int len) +{ + HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha512()); +} + +void +isc_hmacsha512_invalidate(isc_hmacsha512_t *ctx) { + HMAC_CTX_cleanup(ctx); +} + +void +isc_hmacsha512_update(isc_hmacsha512_t *ctx, const unsigned char *buf, + unsigned int len) +{ + HMAC_Update(ctx, buf, (int) len); +} + +void +isc_hmacsha512_sign(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) { + unsigned char newdigest[ISC_SHA512_DIGESTLENGTH]; + + REQUIRE(len <= ISC_SHA512_DIGESTLENGTH); + + HMAC_Final(ctx, newdigest, NULL); + HMAC_CTX_cleanup(ctx); + memcpy(digest, newdigest, len); + memset(newdigest, 0, sizeof(newdigest)); +} + +#else + #define IPAD 0x36 #define OPAD 0x5C @@ -104,19 +264,6 @@ isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) { memset(newdigest, 0, sizeof(newdigest)); } -/* - * Verify signature - finalize SHA1 operation and reapply SHA1, then - * compare to the supplied digest. - */ -isc_boolean_t -isc_hmacsha1_verify(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) { - unsigned char newdigest[ISC_SHA1_DIGESTLENGTH]; - - REQUIRE(len <= ISC_SHA1_DIGESTLENGTH); - isc_hmacsha1_sign(ctx, newdigest, ISC_SHA1_DIGESTLENGTH); - return (ISC_TF(memcmp(digest, newdigest, len) == 0)); -} - /* * Start HMAC-SHA224 process. Initialize an sha224 context and digest the key. */ @@ -184,19 +331,6 @@ isc_hmacsha224_sign(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) { memset(newdigest, 0, sizeof(newdigest)); } -/* - * Verify signature - finalize SHA224 operation and reapply SHA224, then - * compare to the supplied digest. - */ -isc_boolean_t -isc_hmacsha224_verify(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) { - unsigned char newdigest[ISC_SHA224_DIGESTLENGTH]; - - REQUIRE(len <= ISC_SHA224_DIGESTLENGTH); - isc_hmacsha224_sign(ctx, newdigest, ISC_SHA224_DIGESTLENGTH); - return (ISC_TF(memcmp(digest, newdigest, len) == 0)); -} - /* * Start HMAC-SHA256 process. Initialize an sha256 context and digest the key. */ @@ -264,19 +398,6 @@ isc_hmacsha256_sign(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) { memset(newdigest, 0, sizeof(newdigest)); } -/* - * Verify signature - finalize SHA256 operation and reapply SHA256, then - * compare to the supplied digest. - */ -isc_boolean_t -isc_hmacsha256_verify(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) { - unsigned char newdigest[ISC_SHA256_DIGESTLENGTH]; - - REQUIRE(len <= ISC_SHA256_DIGESTLENGTH); - isc_hmacsha256_sign(ctx, newdigest, ISC_SHA256_DIGESTLENGTH); - return (ISC_TF(memcmp(digest, newdigest, len) == 0)); -} - /* * Start HMAC-SHA384 process. Initialize an sha384 context and digest the key. */ @@ -344,19 +465,6 @@ isc_hmacsha384_sign(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) { memset(newdigest, 0, sizeof(newdigest)); } -/* - * Verify signature - finalize SHA384 operation and reapply SHA384, then - * compare to the supplied digest. - */ -isc_boolean_t -isc_hmacsha384_verify(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) { - unsigned char newdigest[ISC_SHA384_DIGESTLENGTH]; - - REQUIRE(len <= ISC_SHA384_DIGESTLENGTH); - isc_hmacsha384_sign(ctx, newdigest, ISC_SHA384_DIGESTLENGTH); - return (ISC_TF(memcmp(digest, newdigest, len) == 0)); -} - /* * Start HMAC-SHA512 process. Initialize an sha512 context and digest the key. */ @@ -423,6 +531,59 @@ isc_hmacsha512_sign(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) { memcpy(digest, newdigest, len); memset(newdigest, 0, sizeof(newdigest)); } +#endif /* !ISC_PLATFORM_OPENSSLHASH */ + +/* + * Verify signature - finalize SHA1 operation and reapply SHA1, then + * compare to the supplied digest. + */ +isc_boolean_t +isc_hmacsha1_verify(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) { + unsigned char newdigest[ISC_SHA1_DIGESTLENGTH]; + + REQUIRE(len <= ISC_SHA1_DIGESTLENGTH); + isc_hmacsha1_sign(ctx, newdigest, ISC_SHA1_DIGESTLENGTH); + return (ISC_TF(memcmp(digest, newdigest, len) == 0)); +} + +/* + * Verify signature - finalize SHA224 operation and reapply SHA224, then + * compare to the supplied digest. + */ +isc_boolean_t +isc_hmacsha224_verify(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) { + unsigned char newdigest[ISC_SHA224_DIGESTLENGTH]; + + REQUIRE(len <= ISC_SHA224_DIGESTLENGTH); + isc_hmacsha224_sign(ctx, newdigest, ISC_SHA224_DIGESTLENGTH); + return (ISC_TF(memcmp(digest, newdigest, len) == 0)); +} + +/* + * Verify signature - finalize SHA256 operation and reapply SHA256, then + * compare to the supplied digest. + */ +isc_boolean_t +isc_hmacsha256_verify(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) { + unsigned char newdigest[ISC_SHA256_DIGESTLENGTH]; + + REQUIRE(len <= ISC_SHA256_DIGESTLENGTH); + isc_hmacsha256_sign(ctx, newdigest, ISC_SHA256_DIGESTLENGTH); + return (ISC_TF(memcmp(digest, newdigest, len) == 0)); +} + +/* + * Verify signature - finalize SHA384 operation and reapply SHA384, then + * compare to the supplied digest. + */ +isc_boolean_t +isc_hmacsha384_verify(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) { + unsigned char newdigest[ISC_SHA384_DIGESTLENGTH]; + + REQUIRE(len <= ISC_SHA384_DIGESTLENGTH); + isc_hmacsha384_sign(ctx, newdigest, ISC_SHA384_DIGESTLENGTH); + return (ISC_TF(memcmp(digest, newdigest, len) == 0)); +} /* * Verify signature - finalize SHA512 operation and reapply SHA512, then diff --git a/lib/isc/include/isc/hmacmd5.h b/lib/isc/include/isc/hmacmd5.h index fab9c580c5..38b0450e54 100644 --- a/lib/isc/include/isc/hmacmd5.h +++ b/lib/isc/include/isc/hmacmd5.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: hmacmd5.h,v 1.12 2007/06/19 23:47:18 tbox Exp $ */ +/* $Id: hmacmd5.h,v 1.13 2009/02/06 12:26:23 fdupont Exp $ */ /*! \file isc/hmacmd5.h * \brief This is the header file for the HMAC-MD5 keyed hash algorithm @@ -27,14 +27,23 @@ #include #include +#include #include #define ISC_HMACMD5_KEYLENGTH 64 +#ifdef ISC_PLATFORM_OPENSSLHASH +#include + +typedef HMAC_CTX isc_hmacmd5_t; + +#else + typedef struct { isc_md5_t md5ctx; unsigned char key[ISC_HMACMD5_KEYLENGTH]; } isc_hmacmd5_t; +#endif ISC_LANG_BEGINDECLS diff --git a/lib/isc/include/isc/hmacsha.h b/lib/isc/include/isc/hmacsha.h index 362b37f81a..ba960ae9c1 100644 --- a/lib/isc/include/isc/hmacsha.h +++ b/lib/isc/include/isc/hmacsha.h @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: hmacsha.h,v 1.7 2007/06/19 23:47:18 tbox Exp $ */ +/* $Id: hmacsha.h,v 1.8 2009/02/06 12:26:23 fdupont Exp $ */ /*! \file isc/hmacsha.h * This is the header file for the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, @@ -25,6 +25,7 @@ #define ISC_HMACSHA_H 1 #include +#include #include #include #include @@ -35,6 +36,17 @@ #define ISC_HMACSHA384_KEYLENGTH ISC_SHA384_BLOCK_LENGTH #define ISC_HMACSHA512_KEYLENGTH ISC_SHA512_BLOCK_LENGTH +#ifdef ISC_PLATFORM_OPENSSLHASH +#include + +typedef HMAC_CTX isc_hmacsha1_t; +typedef HMAC_CTX isc_hmacsha224_t; +typedef HMAC_CTX isc_hmacsha256_t; +typedef HMAC_CTX isc_hmacsha384_t; +typedef HMAC_CTX isc_hmacsha512_t; + +#else + typedef struct { isc_sha1_t sha1ctx; unsigned char key[ISC_HMACSHA1_KEYLENGTH]; @@ -59,6 +71,7 @@ typedef struct { isc_sha512_t sha512ctx; unsigned char key[ISC_HMACSHA512_KEYLENGTH]; } isc_hmacsha512_t; +#endif ISC_LANG_BEGINDECLS diff --git a/lib/isc/include/isc/md5.h b/lib/isc/include/isc/md5.h index 5b0d785cd1..3d763b05e0 100644 --- a/lib/isc/include/isc/md5.h +++ b/lib/isc/include/isc/md5.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: md5.h,v 1.16 2007/06/19 23:47:18 tbox Exp $ */ +/* $Id: md5.h,v 1.17 2009/02/06 12:26:23 fdupont Exp $ */ /*! \file isc/md5.h * \brief This is the header file for the MD5 message-digest algorithm. @@ -44,15 +44,24 @@ #define ISC_MD5_H 1 #include +#include #include #define ISC_MD5_DIGESTLENGTH 16U +#ifdef ISC_PLATFORM_OPENSSLHASH +#include + +typedef EVP_MD_CTX isc_md5_t; + +#else + typedef struct { isc_uint32_t buf[4]; isc_uint32_t bytes[2]; isc_uint32_t in[16]; } isc_md5_t; +#endif ISC_LANG_BEGINDECLS diff --git a/lib/isc/include/isc/platform.h.in b/lib/isc/include/isc/platform.h.in index a20e5925a6..9458f63245 100644 --- a/lib/isc/include/isc/platform.h.in +++ b/lib/isc/include/isc/platform.h.in @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: platform.h.in,v 1.49 2008/12/01 03:51:47 marka Exp $ */ +/* $Id: platform.h.in,v 1.50 2009/02/06 12:26:23 fdupont Exp $ */ #ifndef ISC_PLATFORM_H #define ISC_PLATFORM_H 1 @@ -284,6 +284,11 @@ */ @ISC_PLATFORM_HAVESTRINGSH@ +/* + * Define if the hash functions must be provided by OpenSSL. + */ +@ISC_PLATFORM_OPENSSLHASH@ + /*** *** Windows dll support. ***/ diff --git a/lib/isc/include/isc/sha1.h b/lib/isc/include/isc/sha1.h index 63f12bb1e0..3cafea253b 100644 --- a/lib/isc/include/isc/sha1.h +++ b/lib/isc/include/isc/sha1.h @@ -18,7 +18,7 @@ #ifndef ISC_SHA1_H #define ISC_SHA1_H 1 -/* $Id: sha1.h,v 1.17 2007/06/19 23:47:18 tbox Exp $ */ +/* $Id: sha1.h,v 1.18 2009/02/06 12:26:23 fdupont Exp $ */ /* $NetBSD: sha1.h,v 1.2 1998/05/29 22:55:44 thorpej Exp $ */ @@ -29,16 +29,25 @@ */ #include +#include #include #define ISC_SHA1_DIGESTLENGTH 20U #define ISC_SHA1_BLOCK_LENGTH 64U +#ifdef ISC_PLATFORM_OPENSSLHASH +#include + +typedef EVP_MD_CTX isc_sha1_t; + +#else + typedef struct { isc_uint32_t state[5]; isc_uint32_t count[2]; unsigned char buffer[ISC_SHA1_BLOCK_LENGTH]; } isc_sha1_t; +#endif ISC_LANG_BEGINDECLS diff --git a/lib/isc/include/isc/sha2.h b/lib/isc/include/isc/sha2.h index 203600fda3..9a5615cf97 100644 --- a/lib/isc/include/isc/sha2.h +++ b/lib/isc/include/isc/sha2.h @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sha2.h,v 1.9 2007/06/19 23:47:18 tbox Exp $ */ +/* $Id: sha2.h,v 1.10 2009/02/06 12:26:23 fdupont Exp $ */ /* $FreeBSD: src/sys/crypto/sha2/sha2.h,v 1.1.2.1 2001/07/03 11:01:36 ume Exp $ */ /* $KAME: sha2.h,v 1.3 2001/03/12 08:27:48 itojun Exp $ */ @@ -58,6 +58,7 @@ #define ISC_SHA2_H #include +#include #include /*** SHA-224/256/384/512 Various Length Definitions ***********************/ @@ -75,11 +76,16 @@ #define ISC_SHA512_DIGESTLENGTH 64U #define ISC_SHA512_DIGESTSTRINGLENGTH (ISC_SHA512_DIGESTLENGTH * 2 + 1) - -ISC_LANG_BEGINDECLS - /*** SHA-256/384/512 Context Structures *******************************/ +#ifdef ISC_PLATFORM_OPENSSLHASH +#include + +typedef EVP_MD_CTX isc_sha256_t; +typedef EVP_MD_CTX isc_sha512_t; + +#else + /* * Keep buffer immediately after bitcount to preserve alignment. */ @@ -97,10 +103,13 @@ typedef struct { isc_uint64_t bitcount[2]; isc_uint8_t buffer[ISC_SHA512_BLOCK_LENGTH]; } isc_sha512_t; +#endif typedef isc_sha256_t isc_sha224_t; typedef isc_sha512_t isc_sha384_t; +ISC_LANG_BEGINDECLS + /*** SHA-224/256/384/512 Function Prototypes ******************************/ void isc_sha224_init (isc_sha224_t *); diff --git a/lib/isc/md5.c b/lib/isc/md5.c index 5004c3e4db..a331d4472c 100644 --- a/lib/isc/md5.c +++ b/lib/isc/md5.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: md5.c,v 1.14 2007/06/19 23:47:17 tbox Exp $ */ +/* $Id: md5.c,v 1.15 2009/02/06 12:26:23 fdupont Exp $ */ /*! \file * This code implements the MD5 message-digest algorithm. @@ -38,10 +38,35 @@ #include #include +#include #include #include #include +#ifdef ISC_PLATFORM_OPENSSLHASH + +void +isc_md5_init(isc_md5_t *ctx) { + EVP_DigestInit(ctx, EVP_md5()); +} + +void +isc_md5_invalidate(isc_md5_t *ctx) { + EVP_MD_CTX_cleanup(ctx); +} + +void +isc_md5_update(isc_md5_t *ctx, const unsigned char *buf, unsigned int len) { + EVP_DigestUpdate(ctx, (const void *) buf, (size_t) len); +} + +void +isc_md5_final(isc_md5_t *ctx, unsigned char *digest) { + EVP_DigestFinal(ctx, digest, NULL); +} + +#else + static void byteSwap(isc_uint32_t *buf, unsigned words) { @@ -249,3 +274,4 @@ isc_md5_final(isc_md5_t *ctx, unsigned char *digest) { memcpy(digest, ctx->buf, 16); memset(ctx, 0, sizeof(isc_md5_t)); /* In case it's sensitive */ } +#endif diff --git a/lib/isc/sha1.c b/lib/isc/sha1.c index 3575288481..6941642855 100644 --- a/lib/isc/sha1.c +++ b/lib/isc/sha1.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sha1.c,v 1.18 2007/06/19 23:47:17 tbox Exp $ */ +/* $Id: sha1.c,v 1.19 2009/02/06 12:26:23 fdupont Exp $ */ /* $NetBSD: sha1.c,v 1.5 2000/01/22 22:19:14 mycroft Exp $ */ /* $OpenBSD: sha1.c,v 1.9 1997/07/23 21:12:32 kstailey Exp $ */ @@ -38,11 +38,47 @@ #include "config.h" #include +#include #include #include #include #include +#ifdef ISC_PLATFORM_OPENSSLHASH + +void +isc_sha1_init(isc_sha1_t *context) +{ + INSIST(context != NULL); + + EVP_DigestInit(context, EVP_sha1()); +} + +void +isc_sha1_invalidate(isc_sha1_t *context) { + EVP_MD_CTX_cleanup(context); +} + +void +isc_sha1_update(isc_sha1_t *context, const unsigned char *data, + unsigned int len) +{ + INSIST(context != 0); + INSIST(data != 0); + + EVP_DigestUpdate(context, (const void *) data, (size_t) len); +} + +void +isc_sha1_final(isc_sha1_t *context, unsigned char *digest) { + INSIST(digest != 0); + INSIST(context != 0); + + EVP_DigestFinal(context, digest, NULL); +} + +#else + #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) /*@{*/ @@ -313,3 +349,4 @@ isc_sha1_final(isc_sha1_t *context, unsigned char *digest) { memset(context, 0, sizeof(isc_sha1_t)); } +#endif diff --git a/lib/isc/sha2.c b/lib/isc/sha2.c index 52cfebe48d..38f69e1ac0 100644 --- a/lib/isc/sha2.c +++ b/lib/isc/sha2.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sha2.c,v 1.15 2009/01/18 23:48:14 tbox Exp $ */ +/* $Id: sha2.c,v 1.16 2009/02/06 12:26:23 fdupont Exp $ */ /* $FreeBSD: src/sys/crypto/sha2/sha2.c,v 1.2.2.2 2002/03/05 08:36:47 ume Exp $ */ /* $KAME: sha2.c,v 1.8 2001/11/08 01:07:52 itojun Exp $ */ @@ -58,10 +58,149 @@ #include #include +#include #include #include #include +#ifdef ISC_PLATFORM_OPENSSLHASH + +void +isc_sha224_init(isc_sha224_t *context) { + if (context == (isc_sha224_t *)0) { + return; + } + EVP_DigestInit(context, EVP_sha224()); +} + +void +isc_sha224_update(isc_sha224_t *context, const isc_uint8_t* data, size_t len) { + if (len == 0U) { + /* Calling with no data is valid - we do nothing */ + return; + } + + /* Sanity check: */ + REQUIRE(context != (isc_sha224_t *)0 && data != (isc_uint8_t*)0); + + EVP_DigestUpdate(context, (const void *) data, len); +} + +void +isc_sha224_final(isc_uint8_t digest[], isc_sha224_t *context) { + /* Sanity check: */ + REQUIRE(context != (isc_sha224_t *)0); + + /* If no digest buffer is passed, we don't bother doing this: */ + if (digest != (isc_uint8_t*)0) { + EVP_DigestFinal(context, digest, NULL); + } else { + EVP_MD_CTX_cleanup(context); + } +} + +void +isc_sha256_init(isc_sha256_t *context) { + if (context == (isc_sha256_t *)0) { + return; + } + EVP_DigestInit(context, EVP_sha256()); +} + +void +isc_sha256_update(isc_sha256_t *context, const isc_uint8_t *data, size_t len) { + if (len == 0U) { + /* Calling with no data is valid - we do nothing */ + return; + } + + /* Sanity check: */ + REQUIRE(context != (isc_sha256_t *)0 && data != (isc_uint8_t*)0); + + EVP_DigestUpdate(context, (const void *) data, len); +} + +void +isc_sha256_final(isc_uint8_t digest[], isc_sha256_t *context) { + /* Sanity check: */ + REQUIRE(context != (isc_sha256_t *)0); + + /* If no digest buffer is passed, we don't bother doing this: */ + if (digest != (isc_uint8_t*)0) { + EVP_DigestFinal(context, digest, NULL); + } else { + EVP_MD_CTX_cleanup(context); + } +} + +void +isc_sha512_init(isc_sha512_t *context) { + if (context == (isc_sha512_t *)0) { + return; + } + EVP_DigestInit(context, EVP_sha512()); +} + +void isc_sha512_update(isc_sha512_t *context, const isc_uint8_t *data, size_t len) { + if (len == 0U) { + /* Calling with no data is valid - we do nothing */ + return; + } + + /* Sanity check: */ + REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0); + + EVP_DigestUpdate(context, (const void *) data, len); +} + +void isc_sha512_final(isc_uint8_t digest[], isc_sha512_t *context) { + /* Sanity check: */ + REQUIRE(context != (isc_sha512_t *)0); + + /* If no digest buffer is passed, we don't bother doing this: */ + if (digest != (isc_uint8_t*)0) { + EVP_DigestFinal(context, digest, NULL); + } else { + EVP_MD_CTX_cleanup(context); + } +} + +void +isc_sha384_init(isc_sha384_t *context) { + if (context == (isc_sha384_t *)0) { + return; + } + EVP_DigestInit(context, EVP_sha384()); +} + +void +isc_sha384_update(isc_sha384_t *context, const isc_uint8_t* data, size_t len) { + if (len == 0U) { + /* Calling with no data is valid - we do nothing */ + return; + } + + /* Sanity check: */ + REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0); + + EVP_DigestUpdate(context, (const void *) data, len); +} + +void +isc_sha384_final(isc_uint8_t digest[], isc_sha384_t *context) { + /* Sanity check: */ + REQUIRE(context != (isc_sha384_t *)0); + + /* If no digest buffer is passed, we don't bother doing this: */ + if (digest != (isc_uint8_t*)0) { + EVP_DigestFinal(context, digest, NULL); + } else { + EVP_MD_CTX_cleanup(context); + } +} + +#else + /* * UNROLLED TRANSFORM LOOP NOTE: * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform @@ -394,13 +533,6 @@ static const isc_uint64_t sha512_initial_hash_value[8] = { }; #endif -/* - * Constant used by SHA256/384/512_End() functions for converting the - * digest to a readable hexadecimal character string: - */ -static const char *sha2_hex_digits = "0123456789abcdef"; - - /*** SHA-224: *********************************************************/ void @@ -427,41 +559,6 @@ isc_sha224_final(isc_uint8_t digest[], isc_sha224_t *context) { memset(sha256_digest, 0, ISC_SHA256_DIGESTLENGTH); } -char * -isc_sha224_end(isc_sha224_t *context, char buffer[]) { - isc_uint8_t digest[ISC_SHA224_DIGESTLENGTH], *d = digest; - unsigned int i; - - /* Sanity check: */ - REQUIRE(context != (isc_sha224_t *)0); - - if (buffer != (char*)0) { - isc_sha224_final(digest, context); - - for (i = 0; i < ISC_SHA224_DIGESTLENGTH; i++) { - *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; - *buffer++ = sha2_hex_digits[*d & 0x0f]; - d++; - } - *buffer = (char)0; - } else { - memset(context, 0, sizeof(context)); - } - memset(digest, 0, ISC_SHA224_DIGESTLENGTH); - return buffer; -} - -char* -isc_sha224_data(const isc_uint8_t *data, size_t len, - char digest[ISC_SHA224_DIGESTSTRINGLENGTH]) -{ - isc_sha224_t context; - - isc_sha224_init(&context); - isc_sha224_update(&context, data, len); - return (isc_sha224_end(&context, digest)); -} - /*** SHA-256: *********************************************************/ void isc_sha256_init(isc_sha256_t *context) { @@ -772,42 +869,6 @@ isc_sha256_final(isc_uint8_t digest[], isc_sha256_t *context) { usedspace = 0; } -char * -isc_sha256_end(isc_sha256_t *context, char buffer[]) { - isc_uint8_t digest[ISC_SHA256_DIGESTLENGTH], *d = digest; - unsigned int i; - - /* Sanity check: */ - REQUIRE(context != (isc_sha256_t *)0); - - if (buffer != (char*)0) { - isc_sha256_final(digest, context); - - for (i = 0; i < ISC_SHA256_DIGESTLENGTH; i++) { - *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; - *buffer++ = sha2_hex_digits[*d & 0x0f]; - d++; - } - *buffer = (char)0; - } else { - memset(context, 0, sizeof(context)); - } - memset(digest, 0, ISC_SHA256_DIGESTLENGTH); - return buffer; -} - -char * -isc_sha256_data(const isc_uint8_t* data, size_t len, - char digest[ISC_SHA256_DIGESTSTRINGLENGTH]) -{ - isc_sha256_t context; - - isc_sha256_init(&context); - isc_sha256_update(&context, data, len); - return (isc_sha256_end(&context, digest)); -} - - /*** SHA-512: *********************************************************/ void isc_sha512_init(isc_sha512_t *context) { @@ -1115,41 +1176,6 @@ void isc_sha512_final(isc_uint8_t digest[], isc_sha512_t *context) { memset(context, 0, sizeof(context)); } -char * -isc_sha512_end(isc_sha512_t *context, char buffer[]) { - isc_uint8_t digest[ISC_SHA512_DIGESTLENGTH], *d = digest; - unsigned int i; - - /* Sanity check: */ - REQUIRE(context != (isc_sha512_t *)0); - - if (buffer != (char*)0) { - isc_sha512_final(digest, context); - - for (i = 0; i < ISC_SHA512_DIGESTLENGTH; i++) { - *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; - *buffer++ = sha2_hex_digits[*d & 0x0f]; - d++; - } - *buffer = (char)0; - } else { - memset(context, 0, sizeof(context)); - } - memset(digest, 0, ISC_SHA512_DIGESTLENGTH); - return buffer; -} - -char * -isc_sha512_data(const isc_uint8_t *data, size_t len, - char digest[ISC_SHA512_DIGESTSTRINGLENGTH]) -{ - isc_sha512_t context; - - isc_sha512_init(&context); - isc_sha512_update(&context, data, len); - return (isc_sha512_end(&context, digest)); -} - /*** SHA-384: *********************************************************/ void @@ -1197,6 +1223,130 @@ isc_sha384_final(isc_uint8_t digest[], isc_sha384_t *context) { /* Zero out state data */ memset(context, 0, sizeof(context)); } +#endif /* !ISC_PLATFORM_OPENSSLHASH */ + +/* + * Constant used by SHA256/384/512_End() functions for converting the + * digest to a readable hexadecimal character string: + */ +static const char *sha2_hex_digits = "0123456789abcdef"; + +char * +isc_sha224_end(isc_sha224_t *context, char buffer[]) { + isc_uint8_t digest[ISC_SHA224_DIGESTLENGTH], *d = digest; + unsigned int i; + + /* Sanity check: */ + REQUIRE(context != (isc_sha224_t *)0); + + if (buffer != (char*)0) { + isc_sha224_final(digest, context); + + for (i = 0; i < ISC_SHA224_DIGESTLENGTH; i++) { + *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; + *buffer++ = sha2_hex_digits[*d & 0x0f]; + d++; + } + *buffer = (char)0; + } else { +#ifdef ISC_PLATFORM_OPENSSLHASH + EVP_MD_CTX_cleanup(context); +#else + memset(context, 0, sizeof(context)); +#endif + } + memset(digest, 0, ISC_SHA224_DIGESTLENGTH); + return buffer; +} + +char * +isc_sha224_data(const isc_uint8_t *data, size_t len, + char digest[ISC_SHA224_DIGESTSTRINGLENGTH]) +{ + isc_sha224_t context; + + isc_sha224_init(&context); + isc_sha224_update(&context, data, len); + return (isc_sha224_end(&context, digest)); +} + +char * +isc_sha256_end(isc_sha256_t *context, char buffer[]) { + isc_uint8_t digest[ISC_SHA256_DIGESTLENGTH], *d = digest; + unsigned int i; + + /* Sanity check: */ + REQUIRE(context != (isc_sha256_t *)0); + + if (buffer != (char*)0) { + isc_sha256_final(digest, context); + + for (i = 0; i < ISC_SHA256_DIGESTLENGTH; i++) { + *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; + *buffer++ = sha2_hex_digits[*d & 0x0f]; + d++; + } + *buffer = (char)0; + } else { +#ifdef ISC_PLATFORM_OPENSSLHASH + EVP_MD_CTX_cleanup(context); +#else + memset(context, 0, sizeof(context)); +#endif + } + memset(digest, 0, ISC_SHA256_DIGESTLENGTH); + return buffer; +} + +char * +isc_sha256_data(const isc_uint8_t* data, size_t len, + char digest[ISC_SHA256_DIGESTSTRINGLENGTH]) +{ + isc_sha256_t context; + + isc_sha256_init(&context); + isc_sha256_update(&context, data, len); + return (isc_sha256_end(&context, digest)); +} + +char * +isc_sha512_end(isc_sha512_t *context, char buffer[]) { + isc_uint8_t digest[ISC_SHA512_DIGESTLENGTH], *d = digest; + unsigned int i; + + /* Sanity check: */ + REQUIRE(context != (isc_sha512_t *)0); + + if (buffer != (char*)0) { + isc_sha512_final(digest, context); + + for (i = 0; i < ISC_SHA512_DIGESTLENGTH; i++) { + *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; + *buffer++ = sha2_hex_digits[*d & 0x0f]; + d++; + } + *buffer = (char)0; + } else { +#ifdef ISC_PLATFORM_OPENSSLHASH + EVP_MD_CTX_cleanup(context); +#else + memset(context, 0, sizeof(context)); +#endif + } + memset(digest, 0, ISC_SHA512_DIGESTLENGTH); + return buffer; +} + +char * +isc_sha512_data(const isc_uint8_t *data, size_t len, + char digest[ISC_SHA512_DIGESTSTRINGLENGTH]) +{ + isc_sha512_t context; + + isc_sha512_init(&context); + isc_sha512_update(&context, data, len); + return (isc_sha512_end(&context, digest)); +} char * isc_sha384_end(isc_sha384_t *context, char buffer[]) { @@ -1215,14 +1365,18 @@ isc_sha384_end(isc_sha384_t *context, char buffer[]) { d++; } *buffer = (char)0; - } else { + } else { +#ifdef ISC_PLATFORM_OPENSSLHASH + EVP_MD_CTX_cleanup(context); +#else memset(context, 0, sizeof(context)); +#endif } memset(digest, 0, ISC_SHA384_DIGESTLENGTH); return buffer; } -char* +char * isc_sha384_data(const isc_uint8_t *data, size_t len, char digest[ISC_SHA384_DIGESTSTRINGLENGTH]) {