39 static const char* tsig_str =
"tsig-ssl";
41 static void *create_context();
42 static void init_context(
void *context,
45 static void update(
void *context,
const void *data,
size_t size);
46 static void final(
void *context, uint8_t *digest,
size_t *size);
48 typedef struct tsig_cleanup_table_struct tsig_cleanup_table_type;
49 struct tsig_cleanup_table_struct {
50 tsig_cleanup_table_type* next;
53 static tsig_cleanup_table_type* tsig_cleanup_table = NULL;
61 tsig_openssl_init_algorithm(
const char* digest,
const char* name,
const char* wireformat)
64 const EVP_MD *hmac_algorithm = NULL;
65 ods_log_assert(digest);
67 ods_log_assert(wireformat);
68 hmac_algorithm = EVP_get_digestbyname(digest);
69 if (!hmac_algorithm) {
70 ods_log_error(
"[%s] %s digest not available", tsig_str, digest);
75 algorithm->
wf_name = ldns_dname_new_frm_str(wireformat);
77 ods_log_error(
"[%s] unable to parse %s algorithm", tsig_str,
83 algorithm->
data = hmac_algorithm;
98 tsig_handler_openssl_init()
100 tsig_cleanup_table = NULL;
101 OpenSSL_add_all_digests();
102 ods_log_debug(
"[%s] add md5", tsig_str);
103 if (!tsig_openssl_init_algorithm(
"md5",
"hmac-md5",
104 "hmac-md5.sig-alg.reg.int.")) {
105 return ODS_STATUS_ERR;
108 ods_log_debug(
"[%s] add sha1", tsig_str);
109 if (!tsig_openssl_init_algorithm(
"sha1",
"hmac-sha1",
111 return ODS_STATUS_ERR;
115 #ifdef HAVE_EVP_SHA256
116 ods_log_debug(
"[%s] add sha256", tsig_str);
117 if (!tsig_openssl_init_algorithm(
"sha256",
"hmac-sha256",
119 return ODS_STATUS_ERR;
122 return ODS_STATUS_OK;
126 cleanup_context(
void *data)
128 HMAC_CTX* context = (HMAC_CTX*) data;
129 #ifdef HAVE_SSL_NEW_HMAC
130 HMAC_CTX_free(context);
132 HMAC_CTX_cleanup(context);
137 context_add_cleanup(
void* context)
139 tsig_cleanup_table_type* entry = NULL;
143 CHECKALLOC(entry = (tsig_cleanup_table_type *) malloc(
sizeof(tsig_cleanup_table_type)));
144 entry->cleanup = context;
145 entry->next = tsig_cleanup_table;
146 tsig_cleanup_table = entry;
153 #ifdef HAVE_SSL_NEW_HMAC
154 CHECKALLOC(context = HMAC_CTX_new());
155 HMAC_CTX_reset(context);
157 CHECKALLOC(context = (HMAC_CTX*) malloc(
sizeof(HMAC_CTX)));
158 HMAC_CTX_init(context);
160 context_add_cleanup(context);
167 HMAC_CTX* ctx = (HMAC_CTX*) context;
168 const EVP_MD* md = (
const EVP_MD*) algorithm->
data;
169 HMAC_Init_ex(ctx, key->
data, key->
size, md, NULL);
173 update(
void* context,
const void* data,
size_t size)
175 HMAC_CTX* ctx = (HMAC_CTX*) context;
176 HMAC_Update(ctx, (
unsigned char*) data, (
int) size);
180 final(
void* context, uint8_t* digest,
size_t* size)
182 HMAC_CTX* ctx = (HMAC_CTX*) context;
183 unsigned len = (unsigned) *size;
184 HMAC_Final(ctx, digest, &len);
185 *size = (size_t) len;
194 tsig_handler_openssl_finalize(
void)
196 tsig_cleanup_table_type* entry = tsig_cleanup_table;
199 cleanup_context(entry->cleanup);
void *(* hmac_create)(void)
void(* hmac_final)(void *context, uint8_t *digest, size_t *size)
void(* hmac_init)(void *context, tsig_algo_type *algo, tsig_key_type *key)
void(* hmac_update)(void *context, const void *data, size_t size)
void tsig_handler_add_algo(tsig_algo_type *algo)