interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Abstract cookie SHA256 calculation.

This commit is contained in:
Jim Hague 2018-11-27 15:31:33 +00:00
parent af962228fc
commit 26bcddd029
3 changed files with 32 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/openssl/tls.c
View File

@ -731,7 +731,7 @@ unsigned char* _getdns_tls_hmac_end(struct mem_funcs* mfs, _getdns_tls_hmac* h,
unsigned char* res; unsigned char* res;
unsigned int md_len; unsigned int md_len;
res = (unsigned char*) GETDNS_XMALLOC(*mfs, unsigned char, EVP_MAX_MD_SIZE); res = (unsigned char*) GETDNS_XMALLOC(*mfs, unsigned char, GETDNS_TLS_MAX_DIGEST_LENGTH);
if (!res) if (!res)
return NULL; return NULL;
@ -752,4 +752,21 @@ void _getdns_tls_sha1(const void* data, size_t data_size, unsigned char* buf)
SHA1(data, data_size, buf); SHA1(data, data_size, buf);
} }
void _getdns_tls_cookie_sha256(uint32_t secret, void* addr, size_t addrlen, unsigned char* buf, size_t* buflen)
{
const EVP_MD *md;
EVP_MD_CTX *mdctx;
unsigned int md_len;
md = EVP_sha256();
mdctx = EVP_MD_CTX_create();
EVP_DigestInit_ex(mdctx, md, NULL);
EVP_DigestUpdate(mdctx, &secret, sizeof(secret));
EVP_DigestUpdate(mdctx, addr, addrlen);
EVP_DigestFinal_ex(mdctx, buf, &md_len);
EVP_MD_CTX_destroy(mdctx);
*buflen = md_len;
}
/* tls.c */ /* tls.c */

14
src/stub.c
View File

@ -121,10 +121,8 @@ rollover_secret()
static void static void
calc_new_cookie(getdns_upstream *upstream, uint8_t *cookie) calc_new_cookie(getdns_upstream *upstream, uint8_t *cookie)
{ {
const EVP_MD *md; unsigned char md_value[GETDNS_TLS_MAX_DIGEST_LENGTH];
EVP_MD_CTX *mdctx; size_t md_len;
unsigned char md_value[EVP_MAX_MD_SIZE];
unsigned int md_len;
size_t i; size_t i;
sa_family_t af = upstream->addr.ss_family; sa_family_t af = upstream->addr.ss_family;
void *sa_addr = ((struct sockaddr*)&upstream->addr)->sa_data; void *sa_addr = ((struct sockaddr*)&upstream->addr)->sa_data;
@ -132,13 +130,7 @@ calc_new_cookie(getdns_upstream *upstream, uint8_t *cookie)
: af == AF_INET ? sizeof(struct sockaddr_in) : af == AF_INET ? sizeof(struct sockaddr_in)
: 0 ) - sizeof(sa_family_t); : 0 ) - sizeof(sa_family_t);
md = EVP_sha256(); _getdns_tls_cookie_sha256(secret, sa_addr, addr_len, md_value, &md_len);
mdctx = EVP_MD_CTX_create();
EVP_DigestInit_ex(mdctx, md, NULL);
EVP_DigestUpdate(mdctx, &secret, sizeof(secret));
EVP_DigestUpdate(mdctx, sa_addr, addr_len);
EVP_DigestFinal_ex(mdctx, md_value, &md_len);
EVP_MD_CTX_destroy(mdctx);
(void) memset(cookie, 0, 8); (void) memset(cookie, 0, 8);
for (i = 0; i < md_len; i++) for (i = 0; i < md_len; i++)

11
src/tls.h
View File

@ -388,4 +388,15 @@ unsigned char* _getdns_tls_hmac_end(struct mem_funcs* mfs, _getdns_tls_hmac* h,
*/ */
void _getdns_tls_sha1(const void* data, size_t data_size, unsigned char* buf); void _getdns_tls_sha1(const void* data, size_t data_size, unsigned char* buf);
/**
* Calculate SHA256 for cookie.
*
* @param secret the secret.
* @param addr the address.
* @param addrlen the address length.
* @param buf buffer to receive hash.
* @param buflen receive the hash length.
*/
void _getdns_tls_cookie_sha256(uint32_t secret, void* addr, size_t addrlen, unsigned char* buf, size_t* buflen);
#endif /* _GETDNS_TLS_H */ #endif /* _GETDNS_TLS_H */