2c2
< * validator/val_nsec3.c - validator NSEC3 denial of existance functions.
---
> * validator/val_nsec3.c - validator NSEC3 denial of existence functions.
41c41
< * for denial of existance, and proofs for presence of types.
---
> * for denial of existence, and proofs for presence of types.
45,51d44
< #ifdef HAVE_OPENSSL_SSL_H
< #include "openssl/ssl.h"
< #endif
< #ifdef HAVE_NSS
< /* nss3 */
< #include "sechash.h"
< #endif
52a46
> #include "validator/val_secalgo.h"
373,374c367,368
< * @param rrsetnum: can be undefined on call, inited.
< * @param rrnum: can be undefined on call, inited.
---
> * @param rrsetnum: can be undefined on call, initialised.
> * @param rrnum: can be undefined on call, initialised.
548,587c542,559
< switch(algo) {
< #if defined(HAVE_EVP_SHA1) || defined(HAVE_NSS)
< case NSEC3_HASH_SHA1:
< #ifdef HAVE_SSL
< hash_len = SHA_DIGEST_LENGTH;
< #else
< hash_len = SHA1_LENGTH;
< #endif
< if(hash_len > max)
< return 0;
< # ifdef HAVE_SSL
< (void)SHA1((unsigned char*)sldns_buffer_begin(buf),
< (unsigned long)sldns_buffer_limit(buf),
< (unsigned char*)res);
< # else
< (void)HASH_HashBuf(HASH_AlgSHA1, (unsigned char*)res,
< (unsigned char*)sldns_buffer_begin(buf),
< (unsigned long)sldns_buffer_limit(buf));
< # endif
< for(i=0; i<iter; i++) {
< sldns_buffer_clear(buf);
< sldns_buffer_write(buf, res, hash_len);
< sldns_buffer_write(buf, salt, saltlen);
< sldns_buffer_flip(buf);
< # ifdef HAVE_SSL
< (void)SHA1(
< (unsigned char*)sldns_buffer_begin(buf),
< (unsigned long)sldns_buffer_limit(buf),
< (unsigned char*)res);
< # else
< (void)HASH_HashBuf(HASH_AlgSHA1,
< (unsigned char*)res,
< (unsigned char*)sldns_buffer_begin(buf),
< (unsigned long)sldns_buffer_limit(buf));
< # endif
< }
< break;
< #endif /* HAVE_EVP_SHA1 or NSS */
< default:
< log_err("nsec3 hash of unknown algo %d", algo);
---
> hash_len = nsec3_hash_algo_size_supported(algo);
> if(hash_len == 0) {
> log_err("nsec3 hash of unknown algo %d", algo);
> return 0;
> }
> if(hash_len > max)
> return 0;
> if(!secalgo_nsec3_hash(algo, (unsigned char*)sldns_buffer_begin(buf),
> sldns_buffer_limit(buf), (unsigned char*)res))
> return 0;
> for(i=0; i<iter; i++) {
> sldns_buffer_clear(buf);
> sldns_buffer_write(buf, res, hash_len);
> sldns_buffer_write(buf, salt, saltlen);
> sldns_buffer_flip(buf);
> if(!secalgo_nsec3_hash(algo,
> (unsigned char*)sldns_buffer_begin(buf),
> sldns_buffer_limit(buf), (unsigned char*)res))
610,653c582,585
< switch(algo) {
< #if defined(HAVE_EVP_SHA1) || defined(HAVE_NSS)
< case NSEC3_HASH_SHA1:
< #ifdef HAVE_SSL
< c->hash_len = SHA_DIGEST_LENGTH;
< #else
< c->hash_len = SHA1_LENGTH;
< #endif
< c->hash = (uint8_t*)regional_alloc(region,
< c->hash_len);
< if(!c->hash)
< return 0;
< # ifdef HAVE_SSL
< (void)SHA1((unsigned char*)sldns_buffer_begin(buf),
< (unsigned long)sldns_buffer_limit(buf),
< (unsigned char*)c->hash);
< # else
< (void)HASH_HashBuf(HASH_AlgSHA1,
< (unsigned char*)c->hash,
< (unsigned char*)sldns_buffer_begin(buf),
< (unsigned long)sldns_buffer_limit(buf));
< # endif
< for(i=0; i<iter; i++) {
< sldns_buffer_clear(buf);
< sldns_buffer_write(buf, c->hash, c->hash_len);
< sldns_buffer_write(buf, salt, saltlen);
< sldns_buffer_flip(buf);
< # ifdef HAVE_SSL
< (void)SHA1(
< (unsigned char*)sldns_buffer_begin(buf),
< (unsigned long)sldns_buffer_limit(buf),
< (unsigned char*)c->hash);
< # else
< (void)HASH_HashBuf(HASH_AlgSHA1,
< (unsigned char*)c->hash,
< (unsigned char*)sldns_buffer_begin(buf),
< (unsigned long)sldns_buffer_limit(buf));
< # endif
< }
< break;
< #endif /* HAVE_EVP_SHA1 or NSS */
< default:
< log_err("nsec3 hash of unknown algo %d", algo);
< return -1;
---
> c->hash_len = nsec3_hash_algo_size_supported(algo);
> if(c->hash_len == 0) {
> log_err("nsec3 hash of unknown algo %d", algo);
> return -1;
654a587,600
> c->hash = (uint8_t*)regional_alloc(region, c->hash_len);
> if(!c->hash)
> return 0;
> (void)secalgo_nsec3_hash(algo, (unsigned char*)sldns_buffer_begin(buf),
> sldns_buffer_limit(buf), (unsigned char*)c->hash);
> for(i=0; i<iter; i++) {
> sldns_buffer_clear(buf);
> sldns_buffer_write(buf, c->hash, c->hash_len);
> sldns_buffer_write(buf, salt, saltlen);
> sldns_buffer_flip(buf);
> (void)secalgo_nsec3_hash(algo,
> (unsigned char*)sldns_buffer_begin(buf),
> sldns_buffer_limit(buf), (unsigned char*)c->hash);
> }
< * validator/val_nsec3.c - validator NSEC3 denial of existance functions.
---
> * validator/val_nsec3.c - validator NSEC3 denial of existence functions.
41c41
< * for denial of existance, and proofs for presence of types.
---
> * for denial of existence, and proofs for presence of types.
45,51d44
< #ifdef HAVE_OPENSSL_SSL_H
< #include "openssl/ssl.h"
< #endif
< #ifdef HAVE_NSS
< /* nss3 */
< #include "sechash.h"
< #endif
52a46
> #include "validator/val_secalgo.h"
373,374c367,368
< * @param rrsetnum: can be undefined on call, inited.
< * @param rrnum: can be undefined on call, inited.
---
> * @param rrsetnum: can be undefined on call, initialised.
> * @param rrnum: can be undefined on call, initialised.
548,587c542,559
< switch(algo) {
< #if defined(HAVE_EVP_SHA1) || defined(HAVE_NSS)
< case NSEC3_HASH_SHA1:
< #ifdef HAVE_SSL
< hash_len = SHA_DIGEST_LENGTH;
< #else
< hash_len = SHA1_LENGTH;
< #endif
< if(hash_len > max)
< return 0;
< # ifdef HAVE_SSL
< (void)SHA1((unsigned char*)sldns_buffer_begin(buf),
< (unsigned long)sldns_buffer_limit(buf),
< (unsigned char*)res);
< # else
< (void)HASH_HashBuf(HASH_AlgSHA1, (unsigned char*)res,
< (unsigned char*)sldns_buffer_begin(buf),
< (unsigned long)sldns_buffer_limit(buf));
< # endif
< for(i=0; i<iter; i++) {
< sldns_buffer_clear(buf);
< sldns_buffer_write(buf, res, hash_len);
< sldns_buffer_write(buf, salt, saltlen);
< sldns_buffer_flip(buf);
< # ifdef HAVE_SSL
< (void)SHA1(
< (unsigned char*)sldns_buffer_begin(buf),
< (unsigned long)sldns_buffer_limit(buf),
< (unsigned char*)res);
< # else
< (void)HASH_HashBuf(HASH_AlgSHA1,
< (unsigned char*)res,
< (unsigned char*)sldns_buffer_begin(buf),
< (unsigned long)sldns_buffer_limit(buf));
< # endif
< }
< break;
< #endif /* HAVE_EVP_SHA1 or NSS */
< default:
< log_err("nsec3 hash of unknown algo %d", algo);
---
> hash_len = nsec3_hash_algo_size_supported(algo);
> if(hash_len == 0) {
> log_err("nsec3 hash of unknown algo %d", algo);
> return 0;
> }
> if(hash_len > max)
> return 0;
> if(!secalgo_nsec3_hash(algo, (unsigned char*)sldns_buffer_begin(buf),
> sldns_buffer_limit(buf), (unsigned char*)res))
> return 0;
> for(i=0; i<iter; i++) {
> sldns_buffer_clear(buf);
> sldns_buffer_write(buf, res, hash_len);
> sldns_buffer_write(buf, salt, saltlen);
> sldns_buffer_flip(buf);
> if(!secalgo_nsec3_hash(algo,
> (unsigned char*)sldns_buffer_begin(buf),
> sldns_buffer_limit(buf), (unsigned char*)res))
610,653c582,585
< switch(algo) {
< #if defined(HAVE_EVP_SHA1) || defined(HAVE_NSS)
< case NSEC3_HASH_SHA1:
< #ifdef HAVE_SSL
< c->hash_len = SHA_DIGEST_LENGTH;
< #else
< c->hash_len = SHA1_LENGTH;
< #endif
< c->hash = (uint8_t*)regional_alloc(region,
< c->hash_len);
< if(!c->hash)
< return 0;
< # ifdef HAVE_SSL
< (void)SHA1((unsigned char*)sldns_buffer_begin(buf),
< (unsigned long)sldns_buffer_limit(buf),
< (unsigned char*)c->hash);
< # else
< (void)HASH_HashBuf(HASH_AlgSHA1,
< (unsigned char*)c->hash,
< (unsigned char*)sldns_buffer_begin(buf),
< (unsigned long)sldns_buffer_limit(buf));
< # endif
< for(i=0; i<iter; i++) {
< sldns_buffer_clear(buf);
< sldns_buffer_write(buf, c->hash, c->hash_len);
< sldns_buffer_write(buf, salt, saltlen);
< sldns_buffer_flip(buf);
< # ifdef HAVE_SSL
< (void)SHA1(
< (unsigned char*)sldns_buffer_begin(buf),
< (unsigned long)sldns_buffer_limit(buf),
< (unsigned char*)c->hash);
< # else
< (void)HASH_HashBuf(HASH_AlgSHA1,
< (unsigned char*)c->hash,
< (unsigned char*)sldns_buffer_begin(buf),
< (unsigned long)sldns_buffer_limit(buf));
< # endif
< }
< break;
< #endif /* HAVE_EVP_SHA1 or NSS */
< default:
< log_err("nsec3 hash of unknown algo %d", algo);
< return -1;
---
> c->hash_len = nsec3_hash_algo_size_supported(algo);
> if(c->hash_len == 0) {
> log_err("nsec3 hash of unknown algo %d", algo);
> return -1;
654a587,600
> c->hash = (uint8_t*)regional_alloc(region, c->hash_len);
> if(!c->hash)
> return 0;
> (void)secalgo_nsec3_hash(algo, (unsigned char*)sldns_buffer_begin(buf),
> sldns_buffer_limit(buf), (unsigned char*)c->hash);
> for(i=0; i<iter; i++) {
> sldns_buffer_clear(buf);
> sldns_buffer_write(buf, c->hash, c->hash_len);
> sldns_buffer_write(buf, salt, saltlen);
> sldns_buffer_flip(buf);
> (void)secalgo_nsec3_hash(algo,
> (unsigned char*)sldns_buffer_begin(buf),
> sldns_buffer_limit(buf), (unsigned char*)c->hash);
> }