summaryrefslogtreecommitdiff
path: root/lib/dns/hmac_link.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/dns/hmac_link.c')
-rw-r--r--lib/dns/hmac_link.c42
1 files changed, 27 insertions, 15 deletions
diff --git a/lib/dns/hmac_link.c b/lib/dns/hmac_link.c
index d99c5fb00f42..690301d7c236 100644
--- a/lib/dns/hmac_link.c
+++ b/lib/dns/hmac_link.c
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -76,7 +76,7 @@ hmacmd5_createctx(dst_key_t *key, dst_context_t *dctx) {
hmacmd5ctx = isc_mem_get(dctx->mctx, sizeof(isc_hmacmd5_t));
if (hmacmd5ctx == NULL)
return (ISC_R_NOMEMORY);
- isc_hmacmd5_init(hmacmd5ctx, hkey->key, ISC_SHA1_BLOCK_LENGTH);
+ isc_hmacmd5_init(hmacmd5ctx, hkey->key, ISC_MD5_BLOCK_LENGTH);
dctx->ctxdata.hmacmd5ctx = hmacmd5ctx;
return (ISC_R_SUCCESS);
}
@@ -139,7 +139,7 @@ hmacmd5_compare(const dst_key_t *key1, const dst_key_t *key2) {
else if (hkey1 == NULL || hkey2 == NULL)
return (ISC_FALSE);
- if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA1_BLOCK_LENGTH))
+ if (isc_safe_memequal(hkey1->key, hkey2->key, ISC_MD5_BLOCK_LENGTH))
return (ISC_TRUE);
else
return (ISC_FALSE);
@@ -150,17 +150,17 @@ hmacmd5_generate(dst_key_t *key, int pseudorandom_ok, void (*callback)(int)) {
isc_buffer_t b;
isc_result_t ret;
unsigned int bytes;
- unsigned char data[ISC_SHA1_BLOCK_LENGTH];
+ unsigned char data[ISC_MD5_BLOCK_LENGTH];
UNUSED(callback);
bytes = (key->key_size + 7) / 8;
- if (bytes > ISC_SHA1_BLOCK_LENGTH) {
- bytes = ISC_SHA1_BLOCK_LENGTH;
- key->key_size = ISC_SHA1_BLOCK_LENGTH * 8;
+ if (bytes > ISC_MD5_BLOCK_LENGTH) {
+ bytes = ISC_MD5_BLOCK_LENGTH;
+ key->key_size = ISC_MD5_BLOCK_LENGTH * 8;
}
- memset(data, 0, ISC_SHA1_BLOCK_LENGTH);
+ memset(data, 0, ISC_MD5_BLOCK_LENGTH);
ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0));
if (ret != ISC_R_SUCCESS)
@@ -169,7 +169,7 @@ hmacmd5_generate(dst_key_t *key, int pseudorandom_ok, void (*callback)(int)) {
isc_buffer_init(&b, data, bytes);
isc_buffer_add(&b, bytes);
ret = hmacmd5_fromdns(key, &b);
- memset(data, 0, ISC_SHA1_BLOCK_LENGTH);
+ memset(data, 0, ISC_MD5_BLOCK_LENGTH);
return (ret);
}
@@ -223,7 +223,7 @@ hmacmd5_fromdns(dst_key_t *key, isc_buffer_t *data) {
memset(hkey->key, 0, sizeof(hkey->key));
- if (r.length > ISC_SHA1_BLOCK_LENGTH) {
+ if (r.length > ISC_MD5_BLOCK_LENGTH) {
isc_md5_init(&md5ctx);
isc_md5_update(&md5ctx, r.base, r.length);
isc_md5_final(&md5ctx, hkey->key);
@@ -236,6 +236,8 @@ hmacmd5_fromdns(dst_key_t *key, isc_buffer_t *data) {
key->key_size = keylen * 8;
key->keydata.hmacmd5 = hkey;
+ isc_buffer_forward(data, r.length);
+
return (ISC_R_SUCCESS);
}
@@ -415,7 +417,7 @@ hmacsha1_compare(const dst_key_t *key1, const dst_key_t *key2) {
else if (hkey1 == NULL || hkey2 == NULL)
return (ISC_FALSE);
- if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA1_BLOCK_LENGTH))
+ if (isc_safe_memequal(hkey1->key, hkey2->key, ISC_SHA1_BLOCK_LENGTH))
return (ISC_TRUE);
else
return (ISC_FALSE);
@@ -512,6 +514,8 @@ hmacsha1_fromdns(dst_key_t *key, isc_buffer_t *data) {
key->key_size = keylen * 8;
key->keydata.hmacsha1 = hkey;
+ isc_buffer_forward(data, r.length);
+
return (ISC_R_SUCCESS);
}
@@ -691,7 +695,7 @@ hmacsha224_compare(const dst_key_t *key1, const dst_key_t *key2) {
else if (hkey1 == NULL || hkey2 == NULL)
return (ISC_FALSE);
- if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA224_BLOCK_LENGTH))
+ if (isc_safe_memequal(hkey1->key, hkey2->key, ISC_SHA224_BLOCK_LENGTH))
return (ISC_TRUE);
else
return (ISC_FALSE);
@@ -790,6 +794,8 @@ hmacsha224_fromdns(dst_key_t *key, isc_buffer_t *data) {
key->key_size = keylen * 8;
key->keydata.hmacsha224 = hkey;
+ isc_buffer_forward(data, r.length);
+
return (ISC_R_SUCCESS);
}
@@ -969,7 +975,7 @@ hmacsha256_compare(const dst_key_t *key1, const dst_key_t *key2) {
else if (hkey1 == NULL || hkey2 == NULL)
return (ISC_FALSE);
- if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA256_BLOCK_LENGTH))
+ if (isc_safe_memequal(hkey1->key, hkey2->key, ISC_SHA256_BLOCK_LENGTH))
return (ISC_TRUE);
else
return (ISC_FALSE);
@@ -1068,6 +1074,8 @@ hmacsha256_fromdns(dst_key_t *key, isc_buffer_t *data) {
key->key_size = keylen * 8;
key->keydata.hmacsha256 = hkey;
+ isc_buffer_forward(data, r.length);
+
return (ISC_R_SUCCESS);
}
@@ -1247,7 +1255,7 @@ hmacsha384_compare(const dst_key_t *key1, const dst_key_t *key2) {
else if (hkey1 == NULL || hkey2 == NULL)
return (ISC_FALSE);
- if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA384_BLOCK_LENGTH))
+ if (isc_safe_memequal(hkey1->key, hkey2->key, ISC_SHA384_BLOCK_LENGTH))
return (ISC_TRUE);
else
return (ISC_FALSE);
@@ -1346,6 +1354,8 @@ hmacsha384_fromdns(dst_key_t *key, isc_buffer_t *data) {
key->key_size = keylen * 8;
key->keydata.hmacsha384 = hkey;
+ isc_buffer_forward(data, r.length);
+
return (ISC_R_SUCCESS);
}
@@ -1525,7 +1535,7 @@ hmacsha512_compare(const dst_key_t *key1, const dst_key_t *key2) {
else if (hkey1 == NULL || hkey2 == NULL)
return (ISC_FALSE);
- if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA512_BLOCK_LENGTH))
+ if (isc_safe_memequal(hkey1->key, hkey2->key, ISC_SHA512_BLOCK_LENGTH))
return (ISC_TRUE);
else
return (ISC_FALSE);
@@ -1624,6 +1634,8 @@ hmacsha512_fromdns(dst_key_t *key, isc_buffer_t *data) {
key->key_size = keylen * 8;
key->keydata.hmacsha512 = hkey;
+ isc_buffer_forward(data, r.length);
+
return (ISC_R_SUCCESS);
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-05 05:37:54 +0000