From: Kees Monshouwer Date: Fri, 14 Aug 2015 20:08:03 +0000 (+0200) Subject: compile against mbed TLS 2.0.0 X-Git-Tag: dnsdist-1.0.0-alpha1~248^2~62^2~10^2~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3dd164ab0a6702539b186079d8065f60b0f4e3fb;p=thirdparty%2Fpdns.git compile against mbed TLS 2.0.0 --- diff --git a/build-scripts/build-auth-rpm b/build-scripts/build-auth-rpm index 861b325b06..b13e104b15 100755 --- a/build-scripts/build-auth-rpm +++ b/build-scripts/build-auth-rpm @@ -404,7 +404,7 @@ export CPPFLAGS="-DLDAP_DEPRECATED" --disable-dependency-tracking \ --disable-silent-rules \ --with-modules='' \ - --with-system-polarssl \ + --with-system-mbedtls \ --with-lua \ --with-dynmodules='%{backends}' \ --enable-cryptopp \ diff --git a/build-scripts/debian-authoritative/rules b/build-scripts/debian-authoritative/rules index abf9354889..74625af980 100755 --- a/build-scripts/debian-authoritative/rules +++ b/build-scripts/debian-authoritative/rules @@ -26,7 +26,7 @@ override_dh_auto_configure: --libexecdir='$${prefix}/lib' \ --with-dynmodules="$(backends)" \ --with-modules="" \ - --with-system-polarssl \ + --with-system-mbedtls \ --with-pgsql-includes=`pg_config --includedir` \ --enable-cryptopp \ --enable-botan1.10 \ diff --git a/pdns/base64.cc b/pdns/base64.cc index 68755733d5..e901e9ab39 100644 --- a/pdns/base64.cc +++ b/pdns/base64.cc @@ -3,7 +3,7 @@ #endif #include "base64.hh" #include -#include +#include int B64Decode(const std::string& src, std::string& dst) { @@ -12,9 +12,10 @@ int B64Decode(const std::string& src, std::string& dst) return 0; } size_t dlen = ( src.length() * 6 + 7 ) / 8 ; + size_t olen = 0; boost::scoped_array d( new unsigned char[dlen] ); - if ( base64_decode( d.get(), &dlen, (const unsigned char*) src.c_str(), src.length() ) == 0 ) { - dst = std::string( (const char*) d.get(), dlen ); + if ( mbedtls_base64_decode( d.get(), dlen, &olen, (const unsigned char*) src.c_str(), src.length() ) == 0 ) { + dst = std::string( (const char*) d.get(), olen ); return 0; } return -1; @@ -24,9 +25,10 @@ std::string Base64Encode (const std::string& src) { if (!src.empty()) { size_t dlen = ( ( ( src.length() + 2 ) / 3 ) * 4 ) + 1; + size_t olen = 0; boost::scoped_array dst( new unsigned char[dlen] ); - if( base64_encode( dst.get(), &dlen, (const unsigned char*) src.c_str(), src.length() ) == 0 ) - return std::string( (const char*) dst.get(), dlen ); + if( mbedtls_base64_encode( dst.get(), dlen, &olen, (const unsigned char*) src.c_str(), src.length() ) == 0 ) + return std::string( (const char*) dst.get(), olen ); } return ""; } diff --git a/pdns/dns_random.cc b/pdns/dns_random.cc index 34a043ef04..8c00949496 100644 --- a/pdns/dns_random.cc +++ b/pdns/dns_random.cc @@ -1,7 +1,7 @@ #ifdef HAVE_CONFIG_H #include "config.h" #endif -#include +#include #include #include #include @@ -14,7 +14,7 @@ using namespace std; -static aes_context g_ctx; +static mbedtls_aes_context g_ctx; static unsigned char g_counter[16], g_stream[16]; static uint32_t g_in; static size_t g_offset; @@ -24,7 +24,7 @@ static bool g_initialized; void dns_random_init(const char data[16]) { g_offset = 0; - aes_setkey_enc(&g_ctx, (const unsigned char*)data, 128); + mbedtls_aes_setkey_enc(&g_ctx, (const unsigned char*)data, 128); struct timeval now; gettimeofday(&now, 0); @@ -42,7 +42,7 @@ unsigned int dns_random(unsigned int n) if(!g_initialized) abort(); uint32_t out; - aes_crypt_ctr(&g_ctx, sizeof(g_in), &g_offset, g_counter, (unsigned char*) &g_stream, (unsigned char*) &g_in, (unsigned char*) &out); + mbedtls_aes_crypt_ctr(&g_ctx, sizeof(g_in), &g_offset, g_counter, (unsigned char*) &g_stream, (unsigned char*) &g_in, (unsigned char*) &out); return out % n; } diff --git a/pdns/dnssecinfra.cc b/pdns/dnssecinfra.cc index 9547f7e3a4..696a3788a7 100644 --- a/pdns/dnssecinfra.cc +++ b/pdns/dnssecinfra.cc @@ -12,8 +12,10 @@ #include #include "dnssecinfra.hh" #include "dnsseckeeper.hh" -#include -#include +#include +#include +#include +#include #include // for 'operator+=()' #include #include "base64.hh" @@ -397,7 +399,7 @@ string hashQNameWithSalt(const NSEC3PARAMRecordContent& ns3prc, const DNSName& q for(;;) { toHash.append(ns3prc.d_salt); - sha1((unsigned char*)toHash.c_str(), toHash.length(), hash); + mbedtls_sha1((unsigned char*)toHash.c_str(), toHash.length(), hash); toHash.assign((char*)hash, sizeof(hash)); if(!times--) break; @@ -487,66 +489,41 @@ void decodeDERIntegerSequence(const std::string& input, vector& output) } } -string calculateMD5HMAC(const std::string& key, const std::string& text) -{ - std::string res; - unsigned char hash[16]; - - md5_hmac(reinterpret_cast(key.c_str()), key.size(), reinterpret_cast(text.c_str()), text.size(), hash); - res.assign(reinterpret_cast(hash), 16); +string calculateHMAC(const std::string& key, const std::string& text, TSIGHashEnum hasher) { - return res; -} + mbedtls_md_type_t md_type; + const mbedtls_md_info_t *md_info; -string calculateSHAHMAC(const std::string& key, const std::string& text, TSIGHashEnum hasher) -{ - std::string res; - unsigned char hash[64]; + unsigned char hash[MBEDTLS_MD_MAX_SIZE]; switch(hasher) { - case TSIG_SHA1: - { - sha1_hmac(reinterpret_cast(key.c_str()), key.size(), reinterpret_cast(text.c_str()), text.size(), hash); - res.assign(reinterpret_cast(hash), 20); + case TSIG_MD5: + md_type = MBEDTLS_MD_MD5; break; - }; - case TSIG_SHA224: - { - sha256_hmac(reinterpret_cast(key.c_str()), key.size(), reinterpret_cast(text.c_str()), text.size(), hash, 1); - res.assign(reinterpret_cast(hash), 28); + case TSIG_SHA1: + md_type = MBEDTLS_MD_SHA1; break; - }; - case TSIG_SHA256: - { - sha256_hmac(reinterpret_cast(key.c_str()), key.size(), reinterpret_cast(text.c_str()), text.size(), hash, 0); - res.assign(reinterpret_cast(hash), 32); + case TSIG_SHA224: + md_type = MBEDTLS_MD_SHA224; break; - }; - case TSIG_SHA384: - { - sha512_hmac(reinterpret_cast(key.c_str()), key.size(), reinterpret_cast(text.c_str()), text.size(), hash, 1); - res.assign(reinterpret_cast(hash), 48); + case TSIG_SHA256: + md_type = MBEDTLS_MD_SHA256; break; - }; - case TSIG_SHA512: - { - sha512_hmac(reinterpret_cast(key.c_str()), key.size(), reinterpret_cast(text.c_str()), text.size(), hash, 0); - res.assign(reinterpret_cast(hash), 64); + case TSIG_SHA384: + md_type = MBEDTLS_MD_SHA384; break; - }; - default: - throw new PDNSException("Unknown hash algorithm requested for SHA"); - }; - - return res; -} - -string calculateHMAC(const std::string& key, const std::string& text, TSIGHashEnum hash) { - if (hash == TSIG_MD5) return calculateMD5HMAC(key, text); + case TSIG_SHA512: + md_type = MBEDTLS_MD_SHA512; + break; + default: + throw new PDNSException("Unknown hash algorithm requested from calculateHMAC()"); + } - // add other algorithms here + md_info = mbedtls_md_info_from_type( md_type ); + if( mbedtls_md_hmac( md_info, reinterpret_cast(key.c_str()), key.size(), reinterpret_cast(text.c_str()), text.size(), hash ) == 0 ) + return string( (char*) hash, mbedtls_md_get_size( md_info ) ); - return calculateSHAHMAC(key, text, hash); + return ""; } string makeTSIGMessageFromTSIGPacket(const string& opacket, unsigned int tsigOffset, const DNSName& keyname, const TSIGRecordContent& trc, const string& previous, bool timersonly, unsigned int dnsHeaderOffset) diff --git a/pdns/dnssecinfra.hh b/pdns/dnssecinfra.hh index 31ff2936e2..5a31e3d22c 100644 --- a/pdns/dnssecinfra.hh +++ b/pdns/dnssecinfra.hh @@ -129,9 +129,6 @@ void decodeDERIntegerSequence(const std::string& input, vector& output); class DNSPacket; void addRRSigs(DNSSECKeeper& dk, UeberBackend& db, const std::set& authMap, vector& rrs); - -string calculateMD5HMAC(const std::string& key, const std::string& text); -string calculateSHAHMAC(const std::string& key, const std::string& text, TSIGHashEnum hash); string calculateHMAC(const std::string& key, const std::string& text, TSIGHashEnum hash); string makeTSIGMessageFromTSIGPacket(const string& opacket, unsigned int tsigoffset, const DNSName& keyname, const TSIGRecordContent& trc, const string& previous, bool timersonly, unsigned int dnsHeaderOffset=0); diff --git a/pdns/mbedtlssigners.cc b/pdns/mbedtlssigners.cc index d40d81ec92..84c9b9464e 100644 --- a/pdns/mbedtlssigners.cc +++ b/pdns/mbedtlssigners.cc @@ -1,19 +1,19 @@ #ifdef HAVE_CONFIG_H #include "config.h" #endif -#include -#include +#include +#include #include -#include -#include +#include +#include #include // for 'operator+=()' #include #include "dnssecinfra.hh" using namespace boost::assign; -#define PDNSSEC_MI(x) mpi_init(&d_context.x) -#define PDNSSEC_MC(x) PDNSSEC_MI(x); mpi_copy(&d_context.x, const_cast(&orig.d_context.x)) -#define PDNSSEC_MF(x) mpi_free(&d_context.x) +#define PDNSSEC_MI(x) mbedtls_mpi_init(&d_context.x) +#define PDNSSEC_MC(x) PDNSSEC_MI(x); mbedtls_mpi_copy(&d_context.x, const_cast(&orig.d_context.x)) +#define PDNSSEC_MF(x) mbedtls_mpi_free(&d_context.x) class RSADNSCryptoKeyEngine : public DNSCryptoKeyEngine { @@ -58,12 +58,12 @@ public: return *this; } - const rsa_context& getConstContext() const + const mbedtls_rsa_context& getConstContext() const { return d_context; } - rsa_context& getContext() + mbedtls_rsa_context& getContext() { return d_context; } @@ -77,7 +77,7 @@ public: std::string getPublicKeyString() const; int getBits() const { - return mpi_size(&d_context.N)*8; + return mbedtls_mpi_size(&d_context.N)*8; } void fromISCMap(DNSKEYRecordContent& drc, std::map& stormap); void fromPEMString(DNSKEYRecordContent& drc, const std::string& raw); @@ -88,7 +88,7 @@ public: } private: - rsa_context d_context; + mbedtls_rsa_context d_context; }; // see above @@ -97,23 +97,24 @@ private: #undef PDNSSEC_MF -inline bool operator<(const mpi& a, const mpi& b) +inline bool operator<(const mbedtls_mpi& a, const mbedtls_mpi& b) { - return mpi_cmp_mpi(&a, &b) < 0; + return mbedtls_mpi_cmp_mpi(&a, &b) < 0; } void RSADNSCryptoKeyEngine::create(unsigned int bits) { - entropy_context entropy; - ctr_drbg_context ctr_drbg; + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; - entropy_init( &entropy ); - int ret=ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, (unsigned char *) "PowerDNS", 8); + mbedtls_entropy_init( &entropy ); + mbedtls_ctr_drbg_init( &ctr_drbg ); + int ret=mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (unsigned char *) "PowerDNS", 8); if(ret < 0) throw runtime_error("Entropy gathering for key generation failed"); - rsa_init(&d_context, RSA_PKCS_V15, 0); // FIXME this leaks memory (it does?) - ret=rsa_gen_key(&d_context, ctr_drbg_random, &ctr_drbg, bits, 65537); + mbedtls_rsa_init(&d_context, MBEDTLS_RSA_PKCS_V15, 0); // FIXME this leaks memory (it does?) + ret=mbedtls_rsa_gen_key(&d_context, mbedtls_ctr_drbg_random, &ctr_drbg, bits, 65537); if(ret < 0) throw runtime_error("Key generation failed"); } @@ -121,33 +122,33 @@ void RSADNSCryptoKeyEngine::create(unsigned int bits) std::string RSADNSCryptoKeyEngine::getPubKeyHash() const { unsigned char hash[20]; - unsigned char N[mpi_size(&d_context.N)]; - mpi_write_binary(&d_context.N, N, sizeof(N)); - unsigned char E[mpi_size(&d_context.E)]; - mpi_write_binary(&d_context.E, E, sizeof(E)); + unsigned char N[mbedtls_mpi_size(&d_context.N)]; + mbedtls_mpi_write_binary(&d_context.N, N, sizeof(N)); + unsigned char E[mbedtls_mpi_size(&d_context.E)]; + mbedtls_mpi_write_binary(&d_context.E, E, sizeof(E)); - sha1_context ctx; - sha1_starts(&ctx); - sha1_update(&ctx, N, sizeof(N)); - sha1_update(&ctx, E, sizeof(E)); - sha1_finish(&ctx, hash); + mbedtls_sha1_context ctx; + mbedtls_sha1_starts(&ctx); + mbedtls_sha1_update(&ctx, N, sizeof(N)); + mbedtls_sha1_update(&ctx, E, sizeof(E)); + mbedtls_sha1_finish(&ctx, hash); return string((char*)hash, sizeof(hash)); } std::string RSADNSCryptoKeyEngine::sign(const std::string& msg) const { string hash = this->hash(msg); - unsigned char signature[mpi_size(&d_context.N)]; - md_type_t hashKind; + unsigned char signature[mbedtls_mpi_size(&d_context.N)]; + mbedtls_md_type_t hashKind; if(hash.size()==20) - hashKind= POLARSSL_MD_SHA1; + hashKind= MBEDTLS_MD_SHA1; else if(hash.size()==32) - hashKind= POLARSSL_MD_SHA256; + hashKind= MBEDTLS_MD_SHA256; else - hashKind = POLARSSL_MD_SHA512; + hashKind = MBEDTLS_MD_SHA512; - int ret=rsa_pkcs1_sign(const_cast(&d_context), NULL, NULL, RSA_PRIVATE, + int ret=mbedtls_rsa_pkcs1_sign(const_cast(&d_context), NULL, NULL, MBEDTLS_RSA_PRIVATE, hashKind, hash.size(), (const unsigned char*) hash.c_str(), signature); @@ -161,18 +162,18 @@ std::string RSADNSCryptoKeyEngine::sign(const std::string& msg) const bool RSADNSCryptoKeyEngine::verify(const std::string& msg, const std::string& signature) const { - md_type_t hashKind; + mbedtls_md_type_t hashKind; string hash=this->hash(msg); if(hash.size()==20) - hashKind= POLARSSL_MD_SHA1; + hashKind= MBEDTLS_MD_SHA1; else if(hash.size()==32) - hashKind= POLARSSL_MD_SHA256; + hashKind= MBEDTLS_MD_SHA256; else - hashKind = POLARSSL_MD_SHA512; + hashKind = MBEDTLS_MD_SHA512; - int ret=rsa_pkcs1_verify(const_cast(&d_context), + int ret=mbedtls_rsa_pkcs1_verify(const_cast(&d_context), NULL, NULL, - RSA_PUBLIC, + MBEDTLS_RSA_PUBLIC, hashKind, hash.size(), (const unsigned char*) hash.c_str(), (unsigned char*) signature.c_str()); @@ -184,17 +185,17 @@ std::string RSADNSCryptoKeyEngine::hash(const std::string& toHash) const { if(d_algorithm <= 7 ) { // RSASHA1 unsigned char hash[20]; - sha1((unsigned char*)toHash.c_str(), toHash.length(), hash); + mbedtls_sha1((unsigned char*)toHash.c_str(), toHash.length(), hash); return string((char*)hash, sizeof(hash)); } else if(d_algorithm == 8) { // RSASHA256 unsigned char hash[32]; - sha256((unsigned char*)toHash.c_str(), toHash.length(), hash, 0); + mbedtls_sha256((unsigned char*)toHash.c_str(), toHash.length(), hash, 0); return string((char*)hash, sizeof(hash)); } else if(d_algorithm == 10) { // RSASHA512 unsigned char hash[64]; - sha512((unsigned char*)toHash.c_str(), toHash.length(), hash, 0); + mbedtls_sha512((unsigned char*)toHash.c_str(), toHash.length(), hash, 0); return string((char*)hash, sizeof(hash)); } throw runtime_error("mbed TLS hashing method can't hash algorithm "+lexical_cast(d_algorithm)); @@ -204,7 +205,7 @@ std::string RSADNSCryptoKeyEngine::hash(const std::string& toHash) const DNSCryptoKeyEngine::storvector_t RSADNSCryptoKeyEngine::convertToISCVector() const { storvector_t storvect; - typedef vector > outputs_t; + typedef vector > outputs_t; outputs_t outputs; push_back(outputs)("Modulus", &d_context.N)("PublicExponent",&d_context.E) ("PrivateExponent",&d_context.D) @@ -227,8 +228,8 @@ DNSCryptoKeyEngine::storvector_t RSADNSCryptoKeyEngine::convertToISCVector() con storvect.push_back(make_pair("Algorithm", algorithm)); BOOST_FOREACH(outputs_t::value_type value, outputs) { - unsigned char tmp[mpi_size(value.second)]; - mpi_write_binary(value.second, tmp, sizeof(tmp)); + unsigned char tmp[mbedtls_mpi_size(value.second)]; + mbedtls_mpi_write_binary(value.second, tmp, sizeof(tmp)); storvect.push_back(make_pair(value.first, string((char*)tmp, sizeof(tmp)))); } return storvect; @@ -239,10 +240,10 @@ void RSADNSCryptoKeyEngine::fromISCMap(DNSKEYRecordContent& drc, std::map places_t; + typedef map places_t; places_t places; - rsa_init(&d_context, RSA_PKCS_V15, 0); + mbedtls_rsa_init(&d_context, MBEDTLS_RSA_PKCS_V15, 0); places["Modulus"]=&d_context.N; places["PublicExponent"]=&d_context.E; @@ -258,10 +259,10 @@ void RSADNSCryptoKeyEngine::fromISCMap(DNSKEYRecordContent& drc, std::map> 3; // no clue what this does + d_context.len = ( mbedtls_mpi_bitlen( &d_context.N ) + 7 ) >> 3; // no clue what this does drc.d_key = this->getPublicKeyString(); drc.d_protocol=3; } @@ -271,9 +272,9 @@ void RSADNSCryptoKeyEngine::fromPEMString(DNSKEYRecordContent& drc, const std::s vector integers; decodeDERIntegerSequence(raw, integers); cerr<<"Got "< places; + map places; - rsa_init(&d_context, RSA_PKCS_V15, 0); + mbedtls_rsa_init(&d_context, MBEDTLS_RSA_PKCS_V15, 0); places[1]=&d_context.N; places[2]=&d_context.E; @@ -289,7 +290,7 @@ void RSADNSCryptoKeyEngine::fromPEMString(DNSKEYRecordContent& drc, const std::s for(int n = 0; n < 9 ; ++n) { if(places.count(n)) { if(places[n]) { - mpi_read_binary(places[n], (const unsigned char*)integers[n].c_str(), integers[n].length()); + mbedtls_mpi_read_binary(places[n], (const unsigned char*)integers[n].c_str(), integers[n].length()); if(n==1) modulus=integers[n]; if(n==2) @@ -297,7 +298,7 @@ void RSADNSCryptoKeyEngine::fromPEMString(DNSKEYRecordContent& drc, const std::s } } } - d_context.len = ( mpi_msb( &d_context.N ) + 7 ) >> 3; // no clue what this does + d_context.len = ( mbedtls_mpi_bitlen( &d_context.N ) + 7 ) >> 3; // no clue what this does if(exponent.length() < 255) drc.d_key.assign(1, (char) (unsigned int) exponent.length()); @@ -313,7 +314,7 @@ void RSADNSCryptoKeyEngine::fromPEMString(DNSKEYRecordContent& drc, const std::s void RSADNSCryptoKeyEngine::fromPublicKeyString(const std::string& rawString) { - rsa_init(&d_context, RSA_PKCS_V15, 0); + mbedtls_rsa_init(&d_context, MBEDTLS_RSA_PKCS_V15, 0); string exponent, modulus; const unsigned char* raw = (const unsigned char*)rawString.c_str(); @@ -324,21 +325,21 @@ void RSADNSCryptoKeyEngine::fromPublicKeyString(const std::string& rawString) exponent=rawString.substr(3, raw[1]*0xff + raw[2]); modulus = rawString.substr(3+ raw[1]*0xff + raw[2]); } - mpi_read_binary(&d_context.E, (unsigned char*)exponent.c_str(), exponent.length()); - mpi_read_binary(&d_context.N, (unsigned char*)modulus.c_str(), modulus.length()); - d_context.len = ( mpi_msb( &d_context.N ) + 7 ) >> 3; // no clue what this does + mbedtls_mpi_read_binary(&d_context.E, (unsigned char*)exponent.c_str(), exponent.length()); + mbedtls_mpi_read_binary(&d_context.N, (unsigned char*)modulus.c_str(), modulus.length()); + d_context.len = ( mbedtls_mpi_bitlen( &d_context.N ) + 7 ) >> 3; // no clue what this does } string RSADNSCryptoKeyEngine::getPublicKeyString() const { string keystring; - char tmp[std::max(mpi_size(&d_context.E), mpi_size(&d_context.N))]; + char tmp[std::max(mbedtls_mpi_size(&d_context.E), mbedtls_mpi_size(&d_context.N))]; - mpi_write_binary(&d_context.E, (unsigned char*)tmp, mpi_size(&d_context.E) ); - string exponent((char*)tmp, mpi_size(&d_context.E)); + mbedtls_mpi_write_binary(&d_context.E, (unsigned char*)tmp, mbedtls_mpi_size(&d_context.E) ); + string exponent((char*)tmp, mbedtls_mpi_size(&d_context.E)); - mpi_write_binary(&d_context.N, (unsigned char*)tmp, mpi_size(&d_context.N) ); - string modulus((char*)tmp, mpi_size(&d_context.N)); + mbedtls_mpi_write_binary(&d_context.N, (unsigned char*)tmp, mbedtls_mpi_size(&d_context.N) ); + string modulus((char*)tmp, mbedtls_mpi_size(&d_context.N)); if(exponent.length() < 255) keystring.assign(1, (char) (unsigned int) exponent.length()); diff --git a/pdns/md5.hh b/pdns/md5.hh index 6dd6683dd5..aaad52f8bc 100644 --- a/pdns/md5.hh +++ b/pdns/md5.hh @@ -3,12 +3,12 @@ #include #include -#include +#include inline std::string pdns_md5sum(const std::string& input) { unsigned char result[16] = {0}; - md5(reinterpret_cast(input.c_str()), input.length(), result); + mbedtls_md5(reinterpret_cast(input.c_str()), input.length(), result); return std::string(result, result + sizeof result); } diff --git a/pdns/pkcs11signers.cc b/pdns/pkcs11signers.cc index e16c273977..1b2e853bf2 100644 --- a/pdns/pkcs11signers.cc +++ b/pdns/pkcs11signers.cc @@ -1,10 +1,6 @@ #ifdef HAVE_CONFIG_H #include "config.h" #endif -#include -#include -#include -#include #include // for 'operator+=()' #include #include diff --git a/pdns/sha.hh b/pdns/sha.hh index 1b0fcf73df..eff8e920a7 100644 --- a/pdns/sha.hh +++ b/pdns/sha.hh @@ -3,84 +3,84 @@ #include #include -#include -#include -#include +#include +#include +#include class SHA1Summer { public: - SHA1Summer() { sha1_starts(&d_context); }; + SHA1Summer() { mbedtls_sha1_starts(&d_context); }; void feed(const std::string &str) { feed(str.c_str(), str.length()); }; - void feed(const char *ptr, size_t len) { sha1_update(&d_context, reinterpret_cast(ptr), len); }; + void feed(const char *ptr, size_t len) { mbedtls_sha1_update(&d_context, reinterpret_cast(ptr), len); }; const std::string get() const { - sha1_context ctx2; + mbedtls_sha1_context ctx2; unsigned char result[20] = {0}; ctx2=d_context; - sha1_finish(&ctx2, result); + mbedtls_sha1_finish(&ctx2, result); return std::string(result, result + sizeof result); }; private: SHA1Summer(const SHA1Summer&); SHA1Summer& operator=(const SHA1Summer&); - sha1_context d_context; + mbedtls_sha1_context d_context; }; class SHA256Summer { public: - SHA256Summer() { sha256_starts(&d_context, 0); }; + SHA256Summer() { mbedtls_sha256_starts(&d_context, 0); }; void feed(const std::string &str) { feed(str.c_str(), str.length()); }; - void feed(const char *ptr, size_t len) { sha256_update(&d_context, reinterpret_cast(ptr), len); }; + void feed(const char *ptr, size_t len) { mbedtls_sha256_update(&d_context, reinterpret_cast(ptr), len); }; const std::string get() const { - sha256_context ctx2; + mbedtls_sha256_context ctx2; unsigned char result[32] = {0}; ctx2=d_context; - sha256_finish(&ctx2, result); + mbedtls_sha256_finish(&ctx2, result); return std::string(result, result + 32); }; private: SHA256Summer(const SHA1Summer&); SHA256Summer& operator=(const SHA1Summer&); - sha256_context d_context; + mbedtls_sha256_context d_context; }; class SHA384Summer { public: - SHA384Summer() { sha512_starts(&d_context, 1); }; + SHA384Summer() { mbedtls_sha512_starts(&d_context, 1); }; void feed(const std::string &str) { feed(str.c_str(), str.length()); }; - void feed(const char *ptr, size_t len) { sha512_update(&d_context, reinterpret_cast(ptr), len); }; + void feed(const char *ptr, size_t len) { mbedtls_sha512_update(&d_context, reinterpret_cast(ptr), len); }; const std::string get() const { - sha512_context ctx2; + mbedtls_sha512_context ctx2; unsigned char result[64] = {0}; ctx2 = d_context; - sha512_finish(&ctx2, result); + mbedtls_sha512_finish(&ctx2, result); return std::string(result, result + 48); }; private: SHA384Summer(const SHA1Summer&); SHA384Summer& operator=(const SHA1Summer&); - sha512_context d_context; + mbedtls_sha512_context d_context; }; class SHA512Summer { public: - SHA512Summer() { sha512_starts(&d_context, 0); }; + SHA512Summer() { mbedtls_sha512_starts(&d_context, 0); }; void feed(const std::string &str) { feed(str.c_str(), str.length()); }; - void feed(const char *ptr, size_t len) { sha512_update(&d_context, reinterpret_cast(ptr), len); }; + void feed(const char *ptr, size_t len) { mbedtls_sha512_update(&d_context, reinterpret_cast(ptr), len); }; const std::string get() const { - sha512_context ctx2; + mbedtls_sha512_context ctx2; unsigned char result[64] = {0}; ctx2=d_context; - sha512_finish(&ctx2, result); + mbedtls_sha512_finish(&ctx2, result); return std::string(result, result + sizeof result); }; private: SHA512Summer(const SHA1Summer&); SHA512Summer& operator=(const SHA1Summer&); - sha512_context d_context; + mbedtls_sha512_context d_context; }; #endif /* sha.hh */ diff --git a/pdns/version.cc b/pdns/version.cc index d3a5ef356e..eb8f2366d1 100644 --- a/pdns/version.cc +++ b/pdns/version.cc @@ -25,7 +25,7 @@ #endif #include "logger.hh" #include "version.hh" -#include +#include static ProductType productType;