From 0cdede21df0269530d5ef94b11ff5f5c2d3e1dfd Mon Sep 17 00:00:00 2001
From: Jim Hague <jim@sinodun.com>
Date: Tue, 27 Nov 2018 15:29:48 +0000
Subject: [PATCH] Abstract SHA1 calculation.

---
 src/dnssec.c      |  5 +++--
 src/openssl/tls.c |  5 +++++
 src/tls.h         | 10 ++++++++++
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/src/dnssec.c b/src/dnssec.c
index 0e0e9ba1..4e0f2af3 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -209,6 +209,7 @@
 #include "list.h"
 #include "util/val_secalgo.h"
 #include "anchor.h"
+#include "tls.h"
 
 #define SIGNATURE_VERIFIED         0x10000
 #define NSEC3_ITERATION_COUNT_HIGH 0x20000
@@ -1582,12 +1583,12 @@ static uint8_t *_getdns_nsec3_hash_label(uint8_t *label, size_t label_len,
 	(void)memcpy(dst, salt + 1, *salt);
 	dst += *salt;
 
-	(void)SHA1(buf, dst - buf, md);
+	_getdns_tls_sha1(buf, dst - buf, md);
 	if (iterations) {
 		(void)memcpy(buf + SHA_DIGEST_LENGTH, salt + 1, *salt);
 		while (iterations--) {
 			(void)memcpy(buf, md, SHA_DIGEST_LENGTH);
-			SHA1(buf, SHA_DIGEST_LENGTH + *salt, md);
+			_getdns_tls_sha1(buf, SHA_DIGEST_LENGTH + *salt, md);
 		}
 	}
 	*label = gldns_b32_ntop_extended_hex(
diff --git a/src/openssl/tls.c b/src/openssl/tls.c
index f14603fb..d3e61e5e 100644
--- a/src/openssl/tls.c
+++ b/src/openssl/tls.c
@@ -747,4 +747,9 @@ unsigned char* _getdns_tls_hmac_end(struct mem_funcs* mfs, _getdns_tls_hmac* h,
 	return res;
 }
 
+void _getdns_tls_sha1(const void* data, size_t data_size, unsigned char* buf)
+{
+	SHA1(data, data_size, buf);
+}
+
 /* tls.c */
diff --git a/src/tls.h b/src/tls.h
index 8adc47e7..fae8e939 100644
--- a/src/tls.h
+++ b/src/tls.h
@@ -378,4 +378,14 @@ getdns_return_t _getdns_tls_hmac_add(_getdns_tls_hmac* h, const void* data, size
  */
 unsigned char* _getdns_tls_hmac_end(struct mem_funcs* mfs, _getdns_tls_hmac* h, size_t* output_size);
 
+/**
+ * Calculate a SHA1 hash.
+ *
+ * @param data		the data to hash.
+ * @param data_size	the size of the data to hash.
+ * @param buf		the buffer to receive the hash. Must be at least
+ * 			SHA_DIGEST_LENGTH bytes.
+ */
+void _getdns_tls_sha1(const void* data, size_t data_size, unsigned char* buf);
+
 #endif /* _GETDNS_TLS_H */