From: Ruben Kerkhof Date: Fri, 31 Jul 2015 11:02:10 +0000 (+0200) Subject: Bump minimum required polarssl version to 1.3 X-Git-Tag: dnsdist-1.0.0-alpha1~248^2~58^2~7^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a2623ff3461a6989057e7623062a9233b793ce0c;p=thirdparty%2Fpdns.git Bump minimum required polarssl version to 1.3 --- diff --git a/m4/pdns_with_system_polarssl.m4 b/m4/pdns_with_system_polarssl.m4 index 959e7b60f9..942b81b630 100644 --- a/m4/pdns_with_system_polarssl.m4 +++ b/m4/pdns_with_system_polarssl.m4 @@ -14,12 +14,12 @@ AC_DEFUN([PDNS_WITH_SYSTEM_POLARSSL],[ LIBS="" AC_SEARCH_LIBS([sha1_hmac], [mbedtls polarssl],[ POLARSSL_LIBS=$LIBS - AC_MSG_CHECKING([for PolarSSL version >= 1.1]) + AC_MSG_CHECKING([for PolarSSL version >= 1.3]) AC_COMPILE_IFELSE([ AC_LANG_PROGRAM( [[#include ]], [[ - #if POLARSSL_VERSION_NUMBER < 0x01010000 + #if POLARSSL_VERSION_NUMBER < 0x01030000 #error invalid version #endif ]] diff --git a/pdns/dnssecinfra.cc b/pdns/dnssecinfra.cc index cf7abc7f36..5db7895ebb 100644 --- a/pdns/dnssecinfra.cc +++ b/pdns/dnssecinfra.cc @@ -502,25 +502,25 @@ string calculateSHAHMAC(const std::string& key, const std::string& text, TSIGHas }; case TSIG_SHA224: { - sha2_hmac(reinterpret_cast(key.c_str()), key.size(), reinterpret_cast(text.c_str()), text.size(), hash, 1); + sha256_hmac(reinterpret_cast(key.c_str()), key.size(), reinterpret_cast(text.c_str()), text.size(), hash, 1); res.assign(reinterpret_cast(hash), 28); break; }; case TSIG_SHA256: { - sha2_hmac(reinterpret_cast(key.c_str()), key.size(), reinterpret_cast(text.c_str()), text.size(), hash, 0); + sha256_hmac(reinterpret_cast(key.c_str()), key.size(), reinterpret_cast(text.c_str()), text.size(), hash, 0); res.assign(reinterpret_cast(hash), 32); break; }; case TSIG_SHA384: { - sha4_hmac(reinterpret_cast(key.c_str()), key.size(), reinterpret_cast(text.c_str()), text.size(), hash, 1); + sha512_hmac(reinterpret_cast(key.c_str()), key.size(), reinterpret_cast(text.c_str()), text.size(), hash, 1); res.assign(reinterpret_cast(hash), 48); break; }; case TSIG_SHA512: { - sha4_hmac(reinterpret_cast(key.c_str()), key.size(), reinterpret_cast(text.c_str()), text.size(), hash, 0); + sha512_hmac(reinterpret_cast(key.c_str()), key.size(), reinterpret_cast(text.c_str()), text.size(), hash, 0); res.assign(reinterpret_cast(hash), 64); break; }; diff --git a/pdns/polarrsakeyinfra.cc b/pdns/polarrsakeyinfra.cc index bba0193960..eb7da34863 100644 --- a/pdns/polarrsakeyinfra.cc +++ b/pdns/polarrsakeyinfra.cc @@ -141,11 +141,11 @@ std::string RSADNSCryptoKeyEngine::sign(const std::string& msg) const md_type_t hashKind; if(hash.size()==20) - hashKind= SIG_RSA_SHA1; + hashKind= POLARSSL_MD_SHA1; else if(hash.size()==32) - hashKind= SIG_RSA_SHA256; + hashKind= POLARSSL_MD_SHA256; else - hashKind = SIG_RSA_SHA512; + hashKind = POLARSSL_MD_SHA512; int ret=rsa_pkcs1_sign(const_cast(&d_context), NULL, NULL, RSA_PRIVATE, hashKind, @@ -164,16 +164,14 @@ bool RSADNSCryptoKeyEngine::verify(const std::string& msg, const std::string& si md_type_t hashKind; string hash=this->hash(msg); if(hash.size()==20) - hashKind= SIG_RSA_SHA1; + hashKind= POLARSSL_MD_SHA1; else if(hash.size()==32) - hashKind= SIG_RSA_SHA256; + hashKind= POLARSSL_MD_SHA256; else - hashKind = SIG_RSA_SHA512; + hashKind = POLARSSL_MD_SHA512; int ret=rsa_pkcs1_verify(const_cast(&d_context), -#if POLARSSL_VERSION_NUMBER >= 0x01020900 NULL, NULL, -#endif RSA_PUBLIC, hashKind, hash.size(), @@ -191,20 +189,12 @@ std::string RSADNSCryptoKeyEngine::hash(const std::string& toHash) const } else if(d_algorithm == 8) { // RSASHA256 unsigned char hash[32]; -#if POLARSSL_VERSION_NUMBER >= 0x01030000 sha256((unsigned char*)toHash.c_str(), toHash.length(), hash, 0); -#else - sha2((unsigned char*)toHash.c_str(), toHash.length(), hash, 0); -#endif return string((char*)hash, sizeof(hash)); } else if(d_algorithm == 10) { // RSASHA512 unsigned char hash[64]; -#if POLARSSL_VERSION_NUMBER >= 0x01030000 sha512((unsigned char*)toHash.c_str(), toHash.length(), hash, 0); -#else - sha4((unsigned char*)toHash.c_str(), toHash.length(), hash, 0); -#endif return string((char*)hash, sizeof(hash)); } throw runtime_error("PolarSSL hashing method can't hash algorithm "+lexical_cast(d_algorithm)); diff --git a/pdns/sha.hh b/pdns/sha.hh index cea5f52e30..56e5484c3c 100644 --- a/pdns/sha.hh +++ b/pdns/sha.hh @@ -3,40 +3,9 @@ #include #include -#include -#if POLARSSL_VERSION_NUMBER >= 0x01030000 - #include - #include - #include - typedef sha256_context sha2_context; - typedef sha512_context sha4_context; - #define sha2_finish sha256_finish - #define sha2_hmac sha256_hmac - #define sha2_hmac_finish sha256_hmac_finish - #define sha2_hmac_starts sha256_hmac_starts - #define sha2_hmac_update sha256_hmac_update - #define sha2_starts sha256_starts - #define sha2_update sha256_update - #define sha4_finish sha512_finish - #define sha4_hmac sha512_hmac - #define sha4_hmac_finish sha512_hmac_finish - #define sha4_hmac_starts sha512_hmac_starts - #define sha4_hmac_update sha512_hmac_update - #define sha4_starts sha512_starts - #define sha4_update sha512_update - #define POLARSSL_SHA2_C POLARSSL_SHA256_C - #define POLARSSL_SHA4_C POLARSSL_SHA512_C - #define SIG_RSA_SHA1 POLARSSL_MD_SHA1 - #define SIG_RSA_SHA224 POLARSSL_MD_SHA224 - #define SIG_RSA_SHA256 POLARSSL_MD_SHA256 - #define SIG_RSA_SHA384 POLARSSL_MD_SHA384 - #define SIG_RSA_SHA512 POLARSSL_MD_SHA512 -#else - #include - #include - #include - typedef int md_type_t; -#endif +#include +#include +#include class SHA1Summer { @@ -60,77 +29,77 @@ private: class SHA224Summer { public: - SHA224Summer() { sha2_starts(&d_context, 1); }; + SHA224Summer() { sha256_starts(&d_context, 1); }; void feed(const std::string &str) { feed(str.c_str(), str.length()); }; - void feed(const char *ptr, size_t len) { sha2_update(&d_context, reinterpret_cast(ptr), len); }; + void feed(const char *ptr, size_t len) { sha256_update(&d_context, reinterpret_cast(ptr), len); }; const std::string get() const { - sha2_context ctx2; + sha256_context ctx2; unsigned char result[32] = {0}; ctx2=d_context; - sha2_finish(&ctx2, result); + sha256_finish(&ctx2, result); return std::string(result, result + 28); }; private: SHA224Summer(const SHA1Summer&); SHA224Summer& operator=(const SHA1Summer&); - sha2_context d_context; + sha256_context d_context; }; class SHA256Summer { public: - SHA256Summer() { sha2_starts(&d_context, 0); }; + SHA256Summer() { sha256_starts(&d_context, 0); }; void feed(const std::string &str) { feed(str.c_str(), str.length()); }; - void feed(const char *ptr, size_t len) { sha2_update(&d_context, reinterpret_cast(ptr), len); }; + void feed(const char *ptr, size_t len) { sha256_update(&d_context, reinterpret_cast(ptr), len); }; const std::string get() const { - sha2_context ctx2; + sha256_context ctx2; unsigned char result[32] = {0}; ctx2=d_context; - sha2_finish(&ctx2, result); + sha256_finish(&ctx2, result); return std::string(result, result + 32); }; private: SHA256Summer(const SHA1Summer&); SHA256Summer& operator=(const SHA1Summer&); - sha2_context d_context; + sha256_context d_context; }; class SHA384Summer { public: - SHA384Summer() { sha4_starts(&d_context, 1); }; + SHA384Summer() { sha512_starts(&d_context, 1); }; void feed(const std::string &str) { feed(str.c_str(), str.length()); }; - void feed(const char *ptr, size_t len) { sha4_update(&d_context, reinterpret_cast(ptr), len); }; + void feed(const char *ptr, size_t len) { sha512_update(&d_context, reinterpret_cast(ptr), len); }; const std::string get() const { - sha4_context ctx2; + sha512_context ctx2; unsigned char result[64] = {0}; ctx2 = d_context; - sha4_finish(&ctx2, result); + sha512_finish(&ctx2, result); return std::string(result, result + 48); }; private: SHA384Summer(const SHA1Summer&); SHA384Summer& operator=(const SHA1Summer&); - sha4_context d_context; + sha512_context d_context; }; class SHA512Summer { public: - SHA512Summer() { sha4_starts(&d_context, 0); }; + SHA512Summer() { sha512_starts(&d_context, 0); }; void feed(const std::string &str) { feed(str.c_str(), str.length()); }; - void feed(const char *ptr, size_t len) { sha4_update(&d_context, reinterpret_cast(ptr), len); }; + void feed(const char *ptr, size_t len) { sha512_update(&d_context, reinterpret_cast(ptr), len); }; const std::string get() const { - sha4_context ctx2; + sha512_context ctx2; unsigned char result[64] = {0}; ctx2=d_context; - sha4_finish(&ctx2, result); + sha512_finish(&ctx2, result); return std::string(result, result + sizeof result); }; private: SHA512Summer(const SHA1Summer&); SHA512Summer& operator=(const SHA1Summer&); - sha4_context d_context; + sha512_context d_context; }; #endif /* sha.hh */