Blame SOURCES/0002-enable-openssl.patch

4d1074
diff --git a/configure.ac b/configure.ac
4d1074
index 9f8b31b..38781da 100755
4d1074
--- a/configure.ac
4d1074
+++ b/configure.ac
4d1074
@@ -529,6 +529,20 @@ AC_ARG_ENABLE([thread-sanitizer],
4d1074
   AS_HELP_STRING([--enable-thread-sanitizer], [enable ThreadSanitizer support for detecting data races]))
4d1074
 AC_ARG_ENABLE([memory-sanitizer],
4d1074
   AS_HELP_STRING([--enable-memory-sanitizer], [enable MemorySanitizer support for detecting uninitialized memory reads]))
4d1074
+AC_ARG_WITH([crypto],
4d1074
+  AS_HELP_STRING([--with-crypto=<internal|openssl>], [choose between different implementations of cryptographic functions(default value is --with-crypto=internal)]))
4d1074
+
4d1074
+#if openssl, else use internal as default
4d1074
+AS_IF([test x"${with_crypto}" = x"openssl"], [
4d1074
+  AC_CHECK_LIB([crypto], [EVP_DigestInit], [LIBS="$LIBS -lcrypto"], [], [])
4d1074
+  if test "$ac_cv_lib_crypto_EVP_DigestInit" = no; then
4d1074
+    AC_MSG_ERROR([build with openssl has been specified but openssl library was not found on your system])
4d1074
+  else
4d1074
+    AC_DEFINE([CRYPTO_OPENSSL], [1], [Compile with openssl support])
4d1074
+  fi
4d1074
+], [test x"${with_crypto}" = x"internal" || test x"${with_crypto}" = x"" ], [AC_DEFINE([CRYPTO_INTERNAL], [1], [Compile with internal cryptographic implementation])
4d1074
+], [AC_MSG_ERROR([Unknown value for --with-crypto])]
4d1074
+)
4d1074
 
4d1074
 AS_IF([test "${enable_clippy_only}" != "yes"], [
4d1074
 AC_CHECK_HEADERS([json-c/json.h])
4d1074
diff --git a/lib/subdir.am b/lib/subdir.am
4d1074
index 0b7af18..0533e24 100644
4d1074
--- a/lib/subdir.am
4d1074
+++ b/lib/subdir.am
4d1074
@@ -41,7 +41,6 @@ lib_libfrr_la_SOURCES = \
4d1074
 	lib/libfrr.c \
4d1074
 	lib/linklist.c \
4d1074
 	lib/log.c \
4d1074
-	lib/md5.c \
4d1074
 	lib/memory.c \
4d1074
 	lib/memory_vty.c \
4d1074
 	lib/module.c \
4d1074
diff --git a/lib/subdir.am b/lib/subdir.am
4d1074
index 0533e24..b3d3700 100644
4d1074
--- a/lib/subdir.am
4d1074
+++ b/lib/subdir.am
4d1074
@@ -170,7 +170,6 @@ pkginclude_HEADERS += \
4d1074
 	lib/libospf.h \
4d1074
 	lib/linklist.h \
4d1074
 	lib/log.h \
4d1074
-	lib/md5.h \
4d1074
 	lib/memory.h \
4d1074
 	lib/memory_vty.h \
4d1074
 	lib/module.h \
4d1074
diff --git a/lib/subdir.am b/lib/subdir.am
4d1074
index 53f7115..cea866f 100644
4d1074
--- a/lib/subdir.am
4d1074
+++ b/lib/subdir.am
4d1074
@@ -64,7 +64,6 @@ lib_libfrr_la_SOURCES = \
4d1074
 	lib/ringbuf.c \
4d1074
 	lib/routemap.c \
4d1074
 	lib/sbuf.c \
4d1074
-	lib/sha256.c \
4d1074
 	lib/sigevent.c \
4d1074
 	lib/skiplist.c \
4d1074
 	lib/sockopt.c \
4d1074
@@ -191,7 +190,6 @@ pkginclude_HEADERS += \
4d1074
 	lib/ringbuf.h \
4d1074
 	lib/routemap.h \
4d1074
 	lib/sbuf.h \
4d1074
-	lib/sha256.h \
4d1074
 	lib/sigevent.h \
4d1074
 	lib/skiplist.h \
4d1074
 	lib/smux.h \
4d1074
diff --git a/lib/zebra.h b/lib/zebra.h
4d1074
index 22239f8e60..a308d46cc9 100644
4d1074
--- a/lib/zebra.h
4d1074
+++ b/lib/zebra.h
4d1074
@@ -134,6 +134,11 @@ typedef unsigned char uint8_t;
4d1074
 #endif
4d1074
 #endif
4d1074
 
4d1074
+#ifdef CRYPTO_OPENSSL
4d1074
+#include <openssl/evp.h>
4d1074
+#include <openssl/hmac.h>
4d1074
+#endif
4d1074
+
4d1074
 #include "openbsd-tree.h"
4d1074
 
4d1074
 #include <netinet/in.h>
4d1074
diff --git a/ospfd/ospf_packet.c b/ospfd/ospf_packet.c
4d1074
index 6bc8c25153..b951e94ae6 100644
4d1074
--- a/ospfd/ospf_packet.c
4d1074
+++ b/ospfd/ospf_packet.c
4d1074
@@ -33,7 +33,9 @@
4d1074
 #include "log.h"
4d1074
 #include "sockopt.h"
4d1074
 #include "checksum.h"
4d1074
+#if  !defined(CRYPTO_OPENSSL) && !defined(HAVE_NETTLE)
4d1074
 #include "md5.h"
4d1074
+#endif
4d1074
 #include "vrf.h"
4d1074
 #include "lib_errors.h"
4d1074
 
4d1074
@@ -332,7 +334,11 @@ static unsigned int ospf_packet_max(struct ospf_interface *oi)
4d1074
 static int ospf_check_md5_digest(struct ospf_interface *oi,
4d1074
 				 struct ospf_header *ospfh)
4d1074
 {
4d1074
+#ifdef CRYPTO_OPENSSL
4d1074
+	EVP_MD_CTX *ctx;
4d1074
+#else
4d1074
 	MD5_CTX ctx;
4d1074
+#endif
4d1074
 	unsigned char digest[OSPF_AUTH_MD5_SIZE];
4d1074
 	struct crypt_key *ck;
4d1074
 	struct ospf_neighbor *nbr;
4d1074
@@ -361,11 +367,21 @@ static int ospf_check_md5_digest(struct ospf_interface *oi,
4d1074
 	}
4d1074
 
4d1074
 	/* Generate a digest for the ospf packet - their digest + our digest. */
4d1074
+#ifdef CRYPTO_OPENSSL
4d1074
+	unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
4d1074
+	ctx = EVP_MD_CTX_new();
4d1074
+	EVP_DigestInit(ctx, EVP_md5());
4d1074
+	EVP_DigestUpdate(ctx, ospfh, length);
4d1074
+	EVP_DigestUpdate(ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE);
4d1074
+	EVP_DigestFinal(ctx, digest, &md5_size);
4d1074
+	EVP_MD_CTX_free(ctx);
4d1074
+#elif CRYPTO_INTERNAL
4d1074
 	memset(&ctx, 0, sizeof(ctx));
4d1074
 	MD5Init(&ctx;;
4d1074
 	MD5Update(&ctx, ospfh, length);
4d1074
 	MD5Update(&ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE);
4d1074
 	MD5Final(digest, &ctx;;
4d1074
+#endif
4d1074
 
4d1074
 	/* compare the two */
4d1074
 	if (memcmp((caddr_t)ospfh + length, digest, OSPF_AUTH_MD5_SIZE)) {
4d1074
@@ -389,7 +404,11 @@ static int ospf_make_md5_digest(struct ospf_interface *oi,
4d1074
 {
4d1074
 	struct ospf_header *ospfh;
4d1074
 	unsigned char digest[OSPF_AUTH_MD5_SIZE] = {0};
4d1074
+#ifdef CRYPTO_OPENSSL
4d1074
+	EVP_MD_CTX *ctx;
4d1074
+#else
4d1074
 	MD5_CTX ctx;
4d1074
+#endif
4d1074
 	void *ibuf;
4d1074
 	uint32_t t;
4d1074
 	struct crypt_key *ck;
4d1074
@@ -422,11 +441,21 @@ static int ospf_make_md5_digest(struct ospf_interface *oi,
4d1074
 	}
4d1074
 
4d1074
 	/* Generate a digest for the entire packet + our secret key. */
4d1074
+#ifdef CRYPTO_OPENSSL
4d1074
+	unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
4d1074
+	ctx = EVP_MD_CTX_new();
4d1074
+	EVP_DigestInit(ctx, EVP_md5());
4d1074
+	EVP_DigestUpdate(ctx, ibuf, ntohs(ospfh->length));
4d1074
+	EVP_DigestUpdate(ctx, auth_key, OSPF_AUTH_MD5_SIZE);
4d1074
+	EVP_DigestFinal(ctx, digest, &md5_size);
4d1074
+	EVP_MD_CTX_free(ctx);
4d1074
+#elif CRYPTO_INTERNAL
4d1074
 	memset(&ctx, 0, sizeof(ctx));
4d1074
 	MD5Init(&ctx;;
4d1074
 	MD5Update(&ctx, ibuf, ntohs(ospfh->length));
4d1074
 	MD5Update(&ctx, auth_key, OSPF_AUTH_MD5_SIZE);
4d1074
 	MD5Final(digest, &ctx;;
4d1074
+#endif
4d1074
 
4d1074
 	/* Append md5 digest to the end of the stream. */
4d1074
 	stream_put(op->s, digest, OSPF_AUTH_MD5_SIZE);
4d1074
diff --git a/ripd/ripd.c b/ripd/ripd.c
4d1074
index e0ff0430f8..b311ac5717 100644
4d1074
--- a/ripd/ripd.c
4d1074
+++ b/ripd/ripd.c
4d1074
@@ -37,7 +37,9 @@
4d1074
 #include "if_rmap.h"
4d1074
 #include "plist.h"
4d1074
 #include "distribute.h"
4d1074
+#if !defined(CRYPTO_OPENSSL) && !defined(HAVE_NETTLE)
4d1074
 #include "md5.h"
4d1074
+#endif
4d1074
 #include "keychain.h"
4d1074
 #include "privs.h"
4d1074
 #include "lib_errors.h"
4d1074
@@ -870,7 +872,11 @@ static int rip_auth_md5(struct rip_packet *packet, struct sockaddr_in *from,
4d1074
 	struct rip_md5_data *md5data;
4d1074
 	struct keychain *keychain;
4d1074
 	struct key *key;
4d1074
+#ifdef CRYPTO_OPENSSL
4d1074
+	EVP_MD_CTX *ctx;
4d1074
+#else
4d1074
 	MD5_CTX ctx;
4d1074
+#endif
4d1074
 	uint8_t digest[RIP_AUTH_MD5_SIZE];
4d1074
 	uint16_t packet_len;
4d1074
 	char auth_str[RIP_AUTH_MD5_SIZE];
4d1074
@@ -934,11 +940,21 @@ static int rip_auth_md5(struct rip_packet *packet, struct sockaddr_in *from,
4d1074
 		return 0;
4d1074
 
4d1074
 	/* MD5 digest authentication. */
4d1074
+#ifdef CRYPTO_OPENSSL
4d1074
+	unsigned int md5_size = RIP_AUTH_MD5_SIZE;
4d1074
+	ctx = EVP_MD_CTX_new();
4d1074
+	EVP_DigestInit(ctx, EVP_md5());
4d1074
+	EVP_DigestUpdate(ctx, packet, packet_len + RIP_HEADER_SIZE);
4d1074
+	EVP_DigestUpdate(ctx, auth_str, RIP_AUTH_MD5_SIZE);
4d1074
+	EVP_DigestFinal(ctx, digest, &md5_size);
4d1074
+	EVP_MD_CTX_free(ctx);
4d1074
+#elif CRYPTO_INTERNAL
4d1074
 	memset(&ctx, 0, sizeof(ctx));
4d1074
 	MD5Init(&ctx;;
4d1074
 	MD5Update(&ctx, packet, packet_len + RIP_HEADER_SIZE);
4d1074
 	MD5Update(&ctx, auth_str, RIP_AUTH_MD5_SIZE);
4d1074
 	MD5Final(digest, &ctx;;
4d1074
+#endif
4d1074
 
4d1074
 	if (memcmp(md5data->digest, digest, RIP_AUTH_MD5_SIZE) == 0)
4d1074
 		return packet_len;
4d1074
@@ -1063,7 +1078,11 @@ static void rip_auth_md5_set(struct stream *s, struct rip_interface *ri,
4d1074
 			     size_t doff, char *auth_str, int authlen)
4d1074
 {
4d1074
 	unsigned long len;
4d1074
+#ifdef CRYPTO_OPENSSL
4d1074
+	EVP_MD_CTX *ctx;
4d1074
+#else
4d1074
 	MD5_CTX ctx;
4d1074
+#endif
4d1074
 	unsigned char digest[RIP_AUTH_MD5_SIZE];
4d1074
 
4d1074
 	/* Make it sure this interface is configured as MD5
4d1074
@@ -1092,11 +1111,21 @@ static void rip_auth_md5_set(struct stream *s, struct rip_interface *ri,
4d1074
 	stream_putw(s, RIP_AUTH_DATA);
4d1074
 
4d1074
 	/* Generate a digest for the RIP packet. */
4d1074
+#ifdef CRYPTO_OPENSSL
4d1074
+	unsigned int md5_size = RIP_AUTH_MD5_SIZE;
4d1074
+	ctx = EVP_MD_CTX_new();
4d1074
+	EVP_DigestInit(ctx, EVP_md5());
4d1074
+	EVP_DigestUpdate(ctx, STREAM_DATA(s), stream_get_endp(s));
4d1074
+	EVP_DigestUpdate(ctx, auth_str, RIP_AUTH_MD5_SIZE);
4d1074
+	EVP_DigestFinal(ctx, digest, &md5_size);
4d1074
+	EVP_MD_CTX_free(ctx);
4d1074
+#elif CRYPTO_INTERNAL
4d1074
 	memset(&ctx, 0, sizeof(ctx));
4d1074
 	MD5Init(&ctx;;
4d1074
 	MD5Update(&ctx, STREAM_DATA(s), stream_get_endp(s));
4d1074
 	MD5Update(&ctx, auth_str, RIP_AUTH_MD5_SIZE);
4d1074
 	MD5Final(digest, &ctx;;
4d1074
+#endif
4d1074
 
4d1074
 	/* Copy the digest to the packet. */
4d1074
 	stream_write(s, digest, RIP_AUTH_MD5_SIZE);
4d1074
diff --git a/isisd/isis_tlvs.c b/isisd/isis_tlvs.c
4d1074
index 488dfedae4..862d675e84 100644
4d1074
--- a/isisd/isis_tlvs.c
4d1074
+++ b/isisd/isis_tlvs.c
4d1074
@@ -22,7 +22,9 @@
4d1074
  */
4d1074
 #include <zebra.h>
4d1074
 
4d1074
+#ifdef CRYPTO_INTERNAL
4d1074
 #include "md5.h"
4d1074
+#endif
4d1074
 #include "memory.h"
4d1074
 #include "stream.h"
4d1074
 #include "sbuf.h"
4d1074
@@ -2770,8 +2772,13 @@ static void update_auth_hmac_md5(struct isis_auth *auth, struct stream *s,
4d1074
 		safe_auth_md5(s, &checksum, &rem_lifetime);
4d1074
 
4d1074
 	memset(STREAM_DATA(s) + auth->offset, 0, 16);
4d1074
+#ifdef CRYPTO_OPENSSL
4d1074
+	uint8_t* result = (uint8_t*)HMAC(EVP_md5(), auth->passwd, auth->plength, STREAM_DATA(s), stream_get_endp(s), NULL, NULL);
4d1074
+	memcpy(digest, result, 16);
4d1074
+#elif  CRYPTO_INTERNAL
4d1074
 	hmac_md5(STREAM_DATA(s), stream_get_endp(s), auth->passwd,
4d1074
 		 auth->plength, digest);
4d1074
+#endif
4d1074
 	memcpy(auth->value, digest, 16);
4d1074
 	memcpy(STREAM_DATA(s) + auth->offset, digest, 16);
4d1074
 
4d1074
@@ -3310,8 +3317,13 @@ static bool auth_validator_hmac_md5(struct isis_passwd *passwd,
4d1074
 		safe_auth_md5(stream, &checksum, &rem_lifetime);
4d1074
 
4d1074
 	memset(STREAM_DATA(stream) + auth->offset, 0, 16);
4d1074
+#ifdef CRYPTO_OPENSSL
4d1074
+	uint8_t* result = (uint8_t*)HMAC(EVP_md5(), passwd->passwd, passwd->len, STREAM_DATA(stream), stream_get_endp(stream), NULL, NULL);
4d1074
+	memcpy(digest, result, 16);
4d1074
+#elif  CRYPTO_INTERNAL
4d1074
 	hmac_md5(STREAM_DATA(stream), stream_get_endp(stream), passwd->passwd,
4d1074
 		 passwd->len, digest);
4d1074
+#endif
4d1074
 	memcpy(STREAM_DATA(stream) + auth->offset, auth->value, 16);
4d1074
 
4d1074
 	bool rv = !memcmp(digest, auth->value, 16);
4d1074
diff --git a/isisd/isis_lsp.c b/isisd/isis_lsp.c
4d1074
index 1991666..2e4fe55 100644
4d1074
--- a/isisd/isis_lsp.c
4d1074
+++ b/isisd/isis_lsp.c
4d1074
@@ -35,7 +35,9 @@
4d1074
 #include "hash.h"
4d1074
 #include "if.h"
4d1074
 #include "checksum.h"
4d1074
+#ifdef CRYPTO_INTERNAL
4d1074
 #include "md5.h"
4d1074
+#endif
4d1074
 #include "table.h"
4d1074
 #include "srcdest_table.h"
4d1074
 #include "lib_errors.h"
4d1074
diff --git a/isisd/isis_pdu.c b/isisd/isis_pdu.c
4d1074
index 9c63311..7cf594c 100644
4d1074
--- a/isisd/isis_pdu.c
4d1074
+++ b/isisd/isis_pdu.c
4d1074
@@ -33,7 +33,9 @@
4d1074
 #include "prefix.h"
4d1074
 #include "if.h"
4d1074
 #include "checksum.h"
4d1074
+#ifdef CRYPTO_INTERNAL
4d1074
 #include "md5.h"
4d1074
+#endif
4d1074
 #include "lib_errors.h"
4d1074
 
4d1074
 #include "isisd/dict.h"
4d1074
diff --git a/isisd/isis_te.c b/isisd/isis_te.c
4d1074
index 4ea6c2c..72ff0d2 100644
4d1074
--- a/isisd/isis_te.c
4d1074
+++ b/isisd/isis_te.c
4d1074
@@ -38,7 +38,9 @@
4d1074
 #include "if.h"
4d1074
 #include "vrf.h"
4d1074
 #include "checksum.h"
4d1074
+#ifdef CRYPTO_INTERNAL
4d1074
 #include "md5.h"
4d1074
+#endif
4d1074
 #include "sockunion.h"
4d1074
 #include "network.h"
4d1074
 #include "sbuf.h"