Hardened OpenSSL digest/HMAC calls [RT #37944]

2025-08-31 14:35:26 +00:00 · 2014-12-02 12:41:01 +01:00
parent 401f7510d7
commit fc63119c8b
11 changed files with 193 additions and 18 deletions
--- a/win32utils/Configure
+++ b/win32utils/Configure
@@ -365,6 +365,7 @@ my @substdefh = ("AES_SIT",
                 "HAVE_PKCS11_ECDSA",
                 "HAVE_PKCS11_GOST",
                 "HAVE_READLINE",
+                 "HMAC_RETURN_INT",
                 "HMAC_SHA1_SIT",
                 "HMAC_SHA256_SIT",
                 "ISC_LIST_CHECKINIT",
@@ -1876,6 +1877,30 @@ if ($enable_openssl_hash eq "yes") {
        die "No OpenSSL for hash functions\n";
    }
    $configdefp{"ISC_PLATFORM_OPENSSLHASH"} = 1;
+    if ($verbose) {
+        print "checking HMAC_Init() return type\n";
+    }
+    open F, ">testhmac.c" || die $!;
+    print F << 'EOF';
+#include <openssl/hmac.h>
+
+int
+main(void)
+{
+        HMAC_CTX ctx;
+        int n = HMAC_Init(&ctx, NULL, 0, NULL);
+        n += HMAC_Update(&ctx, NULL, 0);
+        n += HMAC_Final(&ctx, NULL, NULL);
+        return(n);
+}
+EOF
+    close F;
+    my $include = $configinc{"OPENSSL_INC"};
+    my $library = $configlib{"OPENSSL_LIB"};
+    $compret = `cl /nologo /MD /I "$include" testhmac.c "$library"`;
+    if (grep { -f and -x } ".\\testhmac.exe") {
+        $configdefh{"HMAC_RETURN_INT"} = 1;
+    }
 }

 # with-pkcs11