xref: /openbsd-src/usr.sbin/nsd/iterated_hash.c (revision a904e10382628c737f903abd24b9073d85e51e87) 
162ac0c33Sjakob /*
262ac0c33Sjakob  * iterated_hash.c -- nsec3 hash calculation.
362ac0c33Sjakob  *
4d3fecca9Ssthen  * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
562ac0c33Sjakob  *
662ac0c33Sjakob  * See LICENSE for the license.
762ac0c33Sjakob  *
862ac0c33Sjakob  * With thanks to Ben Laurie.
962ac0c33Sjakob  */
10aee1b7aaSsthen #include "config.h"
1162ac0c33Sjakob #ifdef NSEC3
12*a904e103Sflorian #if defined(HAVE_SHA1_INIT) && !defined(DEPRECATED_SHA1_INIT)
1362ac0c33Sjakob #include <openssl/sha.h>
14*a904e103Sflorian #else
15*a904e103Sflorian #include <openssl/evp.h>
16*a904e103Sflorian #endif
1762ac0c33Sjakob #include <stdio.h>
1862ac0c33Sjakob #include <assert.h>
1962ac0c33Sjakob 
2062ac0c33Sjakob #include "iterated_hash.h"
21*a904e103Sflorian #include "util.h"
2262ac0c33Sjakob 
2362ac0c33Sjakob int
iterated_hash(unsigned char out[SHA_DIGEST_LENGTH],const unsigned char * salt,int saltlength,const unsigned char * in,int inlength,int iterations)2462ac0c33Sjakob iterated_hash(unsigned char out[SHA_DIGEST_LENGTH],
2562ac0c33Sjakob 	const unsigned char *salt, int saltlength,
2662ac0c33Sjakob 	const unsigned char *in, int inlength, int iterations)
2762ac0c33Sjakob {
2862ac0c33Sjakob #if defined(NSEC3) && defined(HAVE_SSL)
29*a904e103Sflorian #if defined(HAVE_SHA1_INIT) && !defined(DEPRECATED_SHA1_INIT)
3062ac0c33Sjakob 	SHA_CTX ctx;
31*a904e103Sflorian #else
32*a904e103Sflorian 	EVP_MD_CTX* ctx;
33*a904e103Sflorian #endif
3462ac0c33Sjakob 	int n;
35*a904e103Sflorian #if defined(HAVE_SHA1_INIT) && !defined(DEPRECATED_SHA1_INIT)
36*a904e103Sflorian #else
37*a904e103Sflorian 	ctx = EVP_MD_CTX_create();
38*a904e103Sflorian 	if(!ctx) {
39*a904e103Sflorian 		log_msg(LOG_ERR, "out of memory in iterated_hash");
40*a904e103Sflorian 		return 0;
41*a904e103Sflorian 	}
42*a904e103Sflorian #endif
4362ac0c33Sjakob 	assert(in && inlength > 0 && iterations >= 0);
4462ac0c33Sjakob 	for(n=0 ; n <= iterations ; ++n)
4562ac0c33Sjakob 	{
46*a904e103Sflorian #if defined(HAVE_SHA1_INIT) && !defined(DEPRECATED_SHA1_INIT)
4762ac0c33Sjakob 		SHA1_Init(&ctx);
4862ac0c33Sjakob 		SHA1_Update(&ctx, in, inlength);
4962ac0c33Sjakob 		if(saltlength > 0)
5062ac0c33Sjakob 			SHA1_Update(&ctx, salt, saltlength);
5162ac0c33Sjakob 		SHA1_Final(out, &ctx);
52*a904e103Sflorian #else
53*a904e103Sflorian 		if(!EVP_DigestInit(ctx, EVP_sha1()))
54*a904e103Sflorian 			log_msg(LOG_ERR, "iterated_hash could not EVP_DigestInit");
55*a904e103Sflorian 
56*a904e103Sflorian 		if(!EVP_DigestUpdate(ctx, in, inlength))
57*a904e103Sflorian 			log_msg(LOG_ERR, "iterated_hash could not EVP_DigestUpdate");
58*a904e103Sflorian 		if(saltlength > 0) {
59*a904e103Sflorian 			if(!EVP_DigestUpdate(ctx, salt, saltlength))
60*a904e103Sflorian 				log_msg(LOG_ERR, "iterated_hash could not EVP_DigestUpdate salt");
61*a904e103Sflorian 		}
62*a904e103Sflorian 		if(!EVP_DigestFinal_ex(ctx, out, NULL))
63*a904e103Sflorian 			log_msg(LOG_ERR, "iterated_hash could not EVP_DigestFinal_ex");
64*a904e103Sflorian #endif
6562ac0c33Sjakob 		in=out;
6662ac0c33Sjakob 		inlength=SHA_DIGEST_LENGTH;
6762ac0c33Sjakob 	}
68*a904e103Sflorian #if defined(HAVE_SHA1_INIT) && !defined(DEPRECATED_SHA1_INIT)
69*a904e103Sflorian #else
70*a904e103Sflorian 	EVP_MD_CTX_destroy(ctx);
71*a904e103Sflorian #endif
7262ac0c33Sjakob 	return SHA_DIGEST_LENGTH;
7362ac0c33Sjakob #else
74aee1b7aaSsthen 	(void)out; (void)salt; (void)saltlength;
75aee1b7aaSsthen 	(void)in; (void)inlength; (void)iterations;
7662ac0c33Sjakob 	return 0;
7762ac0c33Sjakob #endif
7862ac0c33Sjakob }
7962ac0c33Sjakob 
8062ac0c33Sjakob #endif /* NSEC3 */
81