From af962228fcf25e3f1bbdceff1a857b5c3394e247 Mon Sep 17 00:00:00 2001
From: Jim Hague <jim@sinodun.com>
Date: Tue, 27 Nov 2018 15:31:05 +0000
Subject: [PATCH] Abstract maximum digest length.

---
 src/openssl/tls-internal.h | 3 +++
 src/openssl/tls.c          | 2 +-
 src/request-internal.c     | 7 ++++---
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/openssl/tls-internal.h b/src/openssl/tls-internal.h
index 59b5b292..4b4b4b49 100644
--- a/src/openssl/tls-internal.h
+++ b/src/openssl/tls-internal.h
@@ -34,6 +34,7 @@
 #ifndef _GETDNS_TLS_INTERNAL_H
 #define _GETDNS_TLS_INTERNAL_H
 
+#include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include <openssl/ssl.h>
 #include <openssl/x509.h>
@@ -51,6 +52,8 @@
 #define HAVE_TLS_CONN_CURVES_LIST	(HAVE_DECL_SSL_SET1_CURVES_LIST)
 #endif
 
+#define GETDNS_TLS_MAX_DIGEST_LENGTH	(EVP_MAX_MD_SIZE)
+
 typedef struct _getdns_tls_context {
 	SSL_CTX* ssl;
 } _getdns_tls_context;
diff --git a/src/openssl/tls.c b/src/openssl/tls.c
index d3e61e5e..9569fe89 100644
--- a/src/openssl/tls.c
+++ b/src/openssl/tls.c
@@ -653,7 +653,7 @@ unsigned char* _getdns_tls_hmac_hash(struct mem_funcs* mfs, int algorithm, const
 	default                : return NULL;
 	}
 
-	res = (unsigned char*) GETDNS_XMALLOC(*mfs, unsigned char, EVP_MAX_MD_SIZE);
+	res = (unsigned char*) GETDNS_XMALLOC(*mfs, unsigned char, GETDNS_TLS_MAX_DIGEST_LENGTH);
 	if (!res)
 		return NULL;
 
diff --git a/src/request-internal.c b/src/request-internal.c
index 76ce6e3e..c0f347af 100644
--- a/src/request-internal.c
+++ b/src/request-internal.c
@@ -44,6 +44,7 @@
 #include "debug.h"
 #include "convert.h"
 #include "general.h"
+#include "tls.h"
 
 /* MAXIMUM_TSIG_SPACE = TSIG name      (dname)    : 256
  *                      TSIG type      (uint16_t) :   2
@@ -54,15 +55,15 @@
  *                      Time Signed    (uint48_t) :   6
  *                      Fudge          (uint16_t) :   2
  *                      Mac Size       (uint16_t) :   2
- *                      Mac            (variable) :   EVP_MAX_MD_SIZE
+ *                      Mac            (variable) :   GETDNS_TLS_MAX_DIGEST_LENGTH
  *                      Original Id    (uint16_t) :   2
  *                      Error          (uint16_t) :   2
  *                      Other Len      (uint16_t) :   2
  *                      Other Data     (nothing)  :   0
  *                                                 ---- +
- *                                                  538 + EVP_MAX_MD_SIZE
+ *                                                  538 + GETDNS_TLS_MAX_DIGEST_LENGTH
  */
-#define MAXIMUM_TSIG_SPACE (538 + EVP_MAX_MD_SIZE)
+#define MAXIMUM_TSIG_SPACE (538 + GETDNS_TLS_MAX_DIGEST_LENGTH)
 
 getdns_dict  dnssec_ok_checking_disabled_spc = {
 	{ RBTREE_NULL, 0, (int (*)(const void *, const void *)) strcmp },