From: Fred Morcos Date: Tue, 26 Apr 2022 09:14:07 +0000 (+0200) Subject: Avoid using magic numbers for algorithms X-Git-Tag: auth-4.8.0-alpha0~117^2~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=66db59042020446a7f309cf6e65882fe22ecf955;p=thirdparty%2Fpdns.git Avoid using magic numbers for algorithms --- diff --git a/pdns/decafsigners.cc b/pdns/decafsigners.cc index 9ebc9d2aea..5eae78292f 100644 --- a/pdns/decafsigners.cc +++ b/pdns/decafsigners.cc @@ -6,6 +6,7 @@ #include #include #include +#include "dnsseckeeper.hh" #include "dnssecinfra.hh" @@ -425,8 +426,8 @@ const struct LoaderDecafStruct { LoaderDecafStruct() { - DNSCryptoKeyEngine::report(15, &DecafED25519DNSCryptoKeyEngine::maker, true); - DNSCryptoKeyEngine::report(16, &DecafED448DNSCryptoKeyEngine::maker); + DNSCryptoKeyEngine::report(DNSSECKeeper::ED25519, &DecafED25519DNSCryptoKeyEngine::maker, true); + DNSCryptoKeyEngine::report(DNSSECKeeper::ED448, &DecafED448DNSCryptoKeyEngine::maker); } } loaderdecaf; } diff --git a/pdns/opensslsigners.cc b/pdns/opensslsigners.cc index 3b31fa91c9..0123d29fc3 100644 --- a/pdns/opensslsigners.cc +++ b/pdns/opensslsigners.cc @@ -1178,19 +1178,19 @@ namespace { { LoaderStruct() { - DNSCryptoKeyEngine::report(5, &OpenSSLRSADNSCryptoKeyEngine::maker); - DNSCryptoKeyEngine::report(7, &OpenSSLRSADNSCryptoKeyEngine::maker); - DNSCryptoKeyEngine::report(8, &OpenSSLRSADNSCryptoKeyEngine::maker); - DNSCryptoKeyEngine::report(10, &OpenSSLRSADNSCryptoKeyEngine::maker); + DNSCryptoKeyEngine::report(DNSSECKeeper::RSASHA1, &OpenSSLRSADNSCryptoKeyEngine::maker); + DNSCryptoKeyEngine::report(DNSSECKeeper::RSASHA1NSEC3SHA1, &OpenSSLRSADNSCryptoKeyEngine::maker); + DNSCryptoKeyEngine::report(DNSSECKeeper::RSASHA256, &OpenSSLRSADNSCryptoKeyEngine::maker); + DNSCryptoKeyEngine::report(DNSSECKeeper::RSASHA512, &OpenSSLRSADNSCryptoKeyEngine::maker); #ifdef HAVE_LIBCRYPTO_ECDSA - DNSCryptoKeyEngine::report(13, &OpenSSLECDSADNSCryptoKeyEngine::maker); - DNSCryptoKeyEngine::report(14, &OpenSSLECDSADNSCryptoKeyEngine::maker); + DNSCryptoKeyEngine::report(DNSSECKeeper::ECDSA256, &OpenSSLECDSADNSCryptoKeyEngine::maker); + DNSCryptoKeyEngine::report(DNSSECKeeper::ECDSA384, &OpenSSLECDSADNSCryptoKeyEngine::maker); #endif #ifdef HAVE_LIBCRYPTO_ED25519 - DNSCryptoKeyEngine::report(15, &OpenSSLEDDSADNSCryptoKeyEngine::maker); + DNSCryptoKeyEngine::report(DNSSECKeeper::ED25519, &OpenSSLEDDSADNSCryptoKeyEngine::maker); #endif #ifdef HAVE_LIBCRYPTO_ED448 - DNSCryptoKeyEngine::report(16, &OpenSSLEDDSADNSCryptoKeyEngine::maker); + DNSCryptoKeyEngine::report(DNSSECKeeper::ED448, &OpenSSLEDDSADNSCryptoKeyEngine::maker); #endif } } loaderOpenSSL; diff --git a/pdns/sodiumsigners.cc b/pdns/sodiumsigners.cc index a918260e41..380dbb09b3 100644 --- a/pdns/sodiumsigners.cc +++ b/pdns/sodiumsigners.cc @@ -7,6 +7,7 @@ extern "C" { #include } #include "dnssecinfra.hh" +#include "dnsseckeeper.hh" class SodiumED25519DNSCryptoKeyEngine : public DNSCryptoKeyEngine { @@ -204,7 +205,7 @@ const struct LoaderSodiumStruct { LoaderSodiumStruct() { - DNSCryptoKeyEngine::report(15, &SodiumED25519DNSCryptoKeyEngine::maker); + DNSCryptoKeyEngine::report(DNSSECKeeper::ED25519, &SodiumED25519DNSCryptoKeyEngine::maker); } } loadersodium; } diff --git a/pdns/test-signers.cc b/pdns/test-signers.cc index 447456d931..d4c8c28226 100644 --- a/pdns/test-signers.cc +++ b/pdns/test-signers.cc @@ -233,7 +233,7 @@ static void checkRR(const SignerParams& signer) sortedRecords_t rrs; /* values taken from rfc8080 for ed25519 and ed448, rfc5933 for gost */ - DNSName qname(dpk.d_algorithm == 12 ? "www.example.net." : "example.com."); + DNSName qname(dpk.d_algorithm == DNSSECKeeper::ECCGOST ? "www.example.net." : "example.com."); reportBasicTypes(); @@ -241,7 +241,7 @@ static void checkRR(const SignerParams& signer) uint32_t expire = 1440021600; uint32_t inception = 1438207200; - if (dpk.d_algorithm == 12) { + if (dpk.d_algorithm == DNSSECKeeper::ECCGOST) { rrc.d_signer = DNSName("example.net."); inception = 946684800; expire = 1893456000;