diff options
| author |   florian <florian@openbsd.org> | 2020-02-11 17:28:46 +0000 |
|---|---|---|
| committer | florian <florian@openbsd.org> | 2020-02-11 17:28:46 +0000 |
| commit | 49ac168bada985824eb1faba2382ce03527f26af (patch) | |
| tree | 595d1f2350c50b4736483002b396f108fea9f9d9 | |
| parent | Remove unused functionality from dst_api.c. (diff) | |
| download | wireguard-openbsd-49ac168bada985824eb1faba2382ce03527f26af.tar.xz wireguard-openbsd-49ac168bada985824eb1faba2382ce03527f26af.zip | |
Pretty sure sha1 works most of the time, no need to check during
runtime.
| -rw-r--r-- | usr.bin/dig/lib/dns/hmac_link.c | 8 | ||||
| -rw-r--r-- | usr.bin/dig/lib/isc/hmacsha.c | 71 | ||||
| -rw-r--r-- | usr.bin/dig/lib/isc/include/isc/hmacsha.h | 6 | ||||
| -rw-r--r-- | usr.bin/dig/lib/isc/include/isc/sha1.h | 5 | ||||
| -rw-r--r-- | usr.bin/dig/lib/isc/sha1.c | 45 |
5 files changed, 6 insertions, 129 deletions
diff --git a/usr.bin/dig/lib/dns/hmac_link.c b/usr.bin/dig/lib/dns/hmac_link.c index d3dc71d65fb..42124848da6 100644 --- a/usr.bin/dig/lib/dns/hmac_link.c +++ b/usr.bin/dig/lib/dns/hmac_link.c @@ -33,7 +33,7 @@ /* * Principal Author: Brian Wellington - * $Id: hmac_link.c,v 1.1 2020/02/07 09:58:52 florian Exp $ + * $Id: hmac_link.c,v 1.2 2020/02/11 17:28:46 florian Exp $ */ @@ -312,12 +312,6 @@ static dst_func_t hmacsha1_functions = { isc_result_t dst__hmacsha1_init(dst_func_t **funcp) { - /* - * Prevent use of incorrect crypto - */ - RUNTIME_CHECK(isc_sha1_check(ISC_FALSE)); - RUNTIME_CHECK(isc_hmacsha1_check(0)); - REQUIRE(funcp != NULL); if (*funcp == NULL) *funcp = &hmacsha1_functions; diff --git a/usr.bin/dig/lib/isc/hmacsha.c b/usr.bin/dig/lib/isc/hmacsha.c index ca8308e9a70..2d600309d7d 100644 --- a/usr.bin/dig/lib/isc/hmacsha.c +++ b/usr.bin/dig/lib/isc/hmacsha.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: hmacsha.c,v 1.1 2020/02/07 09:58:53 florian Exp $ */ +/* $Id: hmacsha.c,v 1.2 2020/02/11 17:28:46 florian Exp $ */ /* * This code implements the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384 @@ -288,72 +288,3 @@ isc_hmacsha512_verify(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) isc_hmacsha512_sign(ctx, newdigest, ISC_SHA512_DIGESTLENGTH); return (isc_safe_memequal(digest, newdigest, len)); } - -/* - * Check for SHA-1 support; if it does not work, raise a fatal error. - * - * Use the first test vector from RFC 2104, with a second round using - * a too-short key. - * - * Standard use is testing 0 and expecting result true. - * Testing use is testing 1..4 and expecting result false. - */ -isc_boolean_t -isc_hmacsha1_check(int testing) { - isc_hmacsha1_t ctx; - unsigned char key[] = { /* 20*0x0b */ - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b - }; - unsigned char input[] = { /* "Hi There" */ - 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 - }; - unsigned char expected[] = { - 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, - 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e, - 0xf1, 0x46, 0xbe, 0x00 - }; - unsigned char expected2[] = { - 0xa0, 0x75, 0xe0, 0x5f, 0x7f, 0x17, 0x9d, 0x34, - 0xb2, 0xab, 0xc5, 0x19, 0x8f, 0x38, 0x62, 0x36, - 0x42, 0xbd, 0xec, 0xde - }; - isc_boolean_t result; - - /* - * Introduce a fault for testing. - */ - switch (testing) { - case 0: - default: - break; - case 1: - key[0] ^= 0x01; - break; - case 2: - input[0] ^= 0x01; - break; - case 3: - expected[0] ^= 0x01; - break; - case 4: - expected2[0] ^= 0x01; - break; - } - - /* - * These functions do not return anything; any failure will be fatal. - */ - isc_hmacsha1_init(&ctx, key, 20U); - isc_hmacsha1_update(&ctx, input, 8U); - result = isc_hmacsha1_verify(&ctx, expected, sizeof(expected)); - if (!result) { - return (result); - } - - /* Second round using a byte key */ - isc_hmacsha1_init(&ctx, key, 1U); - isc_hmacsha1_update(&ctx, input, 8U); - return (isc_hmacsha1_verify(&ctx, expected2, sizeof(expected2))); -} diff --git a/usr.bin/dig/lib/isc/include/isc/hmacsha.h b/usr.bin/dig/lib/isc/include/isc/hmacsha.h index b8a97a395f3..ae5c2ed57c4 100644 --- a/usr.bin/dig/lib/isc/include/isc/hmacsha.h +++ b/usr.bin/dig/lib/isc/include/isc/hmacsha.h @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: hmacsha.h,v 1.1 2020/02/07 09:58:54 florian Exp $ */ +/* $Id: hmacsha.h,v 1.2 2020/02/11 17:28:46 florian Exp $ */ /*! \file isc/hmacsha.h * This is the header file for the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, @@ -68,10 +68,6 @@ isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len); isc_boolean_t isc_hmacsha1_verify(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len); -isc_boolean_t -isc_hmacsha1_check(int testing); - - void isc_hmacsha224_init(isc_hmacsha224_t *ctx, const unsigned char *key, unsigned int len); diff --git a/usr.bin/dig/lib/isc/include/isc/sha1.h b/usr.bin/dig/lib/isc/include/isc/sha1.h index eed9fb51859..4c6e45773ec 100644 --- a/usr.bin/dig/lib/isc/include/isc/sha1.h +++ b/usr.bin/dig/lib/isc/include/isc/sha1.h @@ -17,7 +17,7 @@ #ifndef ISC_SHA1_H #define ISC_SHA1_H 1 -/* $Id: sha1.h,v 1.1 2020/02/07 09:58:54 florian Exp $ */ +/* $Id: sha1.h,v 1.2 2020/02/11 17:28:46 florian Exp $ */ /* $NetBSD: sha1.h,v 1.2 1998/05/29 22:55:44 thorpej Exp $ */ @@ -55,9 +55,6 @@ isc_sha1_update(isc_sha1_t *ctx, const unsigned char *data, unsigned int len); void isc_sha1_final(isc_sha1_t *ctx, unsigned char *digest); -isc_boolean_t -isc_sha1_check(isc_boolean_t testing); - ISC_LANG_ENDDECLS #endif /* ISC_SHA1_H */ diff --git a/usr.bin/dig/lib/isc/sha1.c b/usr.bin/dig/lib/isc/sha1.c index 0a3535124cf..2d9447c0c5a 100644 --- a/usr.bin/dig/lib/isc/sha1.c +++ b/usr.bin/dig/lib/isc/sha1.c @@ -14,10 +14,10 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sha1.c,v 1.1 2020/02/07 09:58:54 florian Exp $ */ +/* $Id: sha1.c,v 1.2 2020/02/11 17:28:46 florian Exp $ */ /* $NetBSD: sha1.c,v 1.5 2000/01/22 22:19:14 mycroft Exp $ */ -/* $OpenBSD: sha1.c,v 1.1 2020/02/07 09:58:54 florian Exp $ */ +/* $OpenBSD: sha1.c,v 1.2 2020/02/11 17:28:46 florian Exp $ */ /*! \file * SHA-1 in C @@ -85,44 +85,3 @@ isc_sha1_final(isc_sha1_t *context, unsigned char *digest) { EVP_MD_CTX_free(context->ctx); context->ctx = NULL; } - -/* - * Check for SHA-1 support; if it does not work, raise a fatal error. - * - * Use "a" as the test vector. - * - * Standard use is testing false and result true. - * Testing use is testing true and result false; - */ -isc_boolean_t -isc_sha1_check(isc_boolean_t testing) { - isc_sha1_t ctx; - unsigned char input = 'a'; - unsigned char digest[ISC_SHA1_DIGESTLENGTH]; - unsigned char expected[] = { - 0x86, 0xf7, 0xe4, 0x37, 0xfa, 0xa5, 0xa7, 0xfc, - 0xe1, 0x5d, 0x1d, 0xdc, 0xb9, 0xea, 0xea, 0xea, - 0x37, 0x76, 0x67, 0xb8 - }; - - INSIST(sizeof(expected) == ISC_SHA1_DIGESTLENGTH); - - /* - * Introduce a fault for testing. - */ - if (testing) { - input ^= 0x01; - } - - /* - * These functions do not return anything; any failure will be fatal. - */ - isc_sha1_init(&ctx); - isc_sha1_update(&ctx, &input, 1U); - isc_sha1_final(&ctx, digest); - - /* - * Must return true in standard case, should return false for testing. - */ - return (ISC_TF(memcmp(digest, expected, ISC_SHA1_DIGESTLENGTH) == 0)); -} |