support polarssl 1.3

diff --git a/pdns/polarrsakeyinfra.cc b/pdns/polarrsakeyinfra.cc
index 13a25a07796e1456dfba622b0782cd98315bf56d..c06d1537b6e3c626204f828244d18ba6c7daec2e 100644 (file)
--- a/pdns/polarrsakeyinfra.cc
+++ b/pdns/polarrsakeyinfra.cc
@@ -1,8 +1,6 @@
 #include <polarssl/rsa.h>
 #include <polarssl/base64.h>
-#include <polarssl/sha1.h>
-#include <polarssl/sha2.h>
-#include <polarssl/sha4.h>
+#include <sha.hh>
 #include <polarssl/entropy.h>
 #include <polarssl/ctr_drbg.h>
 #include <boost/assign/std/vector.hpp> // for 'operator+=()'
@@ -137,7 +135,8 @@ std::string RSADNSCryptoKeyEngine::sign(const std::string& msg) const
 {
   string hash = this->hash(msg);
   unsigned char signature[mpi_size(&d_context.N)];
-  int hashKind;
+  md_type_t hashKind;
+
   if(hash.size()==20)
     hashKind= SIG_RSA_SHA1;
   else if(hash.size()==32) 
@@ -159,7 +158,7 @@ std::string RSADNSCryptoKeyEngine::sign(const std::string& msg) const
 
 bool RSADNSCryptoKeyEngine::verify(const std::string& msg, const std::string& signature) const
 {
-  int hashKind;
+  md_type_t hashKind;
   string hash=this->hash(msg);
   if(hash.size()==20)
     hashKind= SIG_RSA_SHA1;
@@ -168,7 +167,11 @@ bool RSADNSCryptoKeyEngine::verify(const std::string& msg, const std::string& si
   else
     hashKind = SIG_RSA_SHA512;
   
-  int ret=rsa_pkcs1_verify(const_cast<rsa_context*>(&d_context), RSA_PUBLIC, 
+  int ret=rsa_pkcs1_verify(const_cast<rsa_context*>(&d_context),
+#if POLARSSL_VERSION_NUMBER >= 0x01030000
+    NULL, NULL,
+#endif
+    RSA_PUBLIC,
     hashKind,
     hash.size(),
     (const unsigned char*) hash.c_str(), (unsigned char*) signature.c_str());
@@ -185,12 +188,20 @@ std::string RSADNSCryptoKeyEngine::hash(const std::string& toHash) const
   } 
   else if(d_algorithm == 8) { // RSASHA256
     unsigned char hash[32];
+#if POLARSSL_VERSION_NUMBER >= 0x01030000
+    sha256((unsigned char*)toHash.c_str(), toHash.length(), hash, 0);
+#else
     sha2((unsigned char*)toHash.c_str(), toHash.length(), hash, 0);
+#endif
     return string((char*)hash, sizeof(hash));
   } 
   else if(d_algorithm == 10) { // RSASHA512
     unsigned char hash[64];
+#if POLARSSL_VERSION_NUMBER >= 0x01030000
+    sha512((unsigned char*)toHash.c_str(), toHash.length(), hash, 0);
+#else
     sha4((unsigned char*)toHash.c_str(), toHash.length(), hash, 0);
+#endif
     return string((char*)hash, sizeof(hash));
   }
   throw runtime_error("PolarSSL hashing method can't hash algorithm "+lexical_cast<string>(d_algorithm));

diff --git a/pdns/sha.hh b/pdns/sha.hh
index 055d6f7455bf075c5360e275cba83e76e85282cc..f90e8cb3e7201c613be31a723b41bef0ca4f1b02 100644 (file)
--- a/pdns/sha.hh
+++ b/pdns/sha.hh
@@ -3,9 +3,38 @@
 
 #include <string>
 #include <stdint.h>
-#include <polarssl/sha1.h>
-#include <polarssl/sha2.h>
-#include <polarssl/sha4.h>
+#include <polarssl/version.h>
+#if POLARSSL_VERSION_NUMBER >= 0x01030000
+  #include <polarssl/sha1.h>
+  #include <polarssl/sha256.h>
+  #include <polarssl/sha512.h>
+  typedef sha256_context sha2_context;
+  typedef sha512_context sha4_context;
+  #define sha2_finish sha256_finish
+  #define sha2_hmac_finish sha256_hmac_finish
+  #define sha2_hmac_starts sha256_hmac_starts
+  #define sha2_hmac_update sha256_hmac_update
+  #define sha2_starts sha256_starts
+  #define sha2_update sha256_update
+  #define sha4_finish sha512_finish
+  #define sha4_hmac_finish sha512_hmac_finish
+  #define sha4_hmac_starts sha512_hmac_starts
+  #define sha4_hmac_update sha512_hmac_update
+  #define sha4_starts sha512_starts
+  #define sha4_update sha512_update
+  #define POLARSSL_SHA2_C POLARSSL_SHA256_C
+  #define POLARSSL_SHA4_C POLARSSL_SHA512_C
+  #define SIG_RSA_SHA1    POLARSSL_MD_SHA1
+  #define SIG_RSA_SHA224  POLARSSL_MD_SHA224
+  #define SIG_RSA_SHA256  POLARSSL_MD_SHA256
+  #define SIG_RSA_SHA384  POLARSSL_MD_SHA384
+  #define SIG_RSA_SHA512  POLARSSL_MD_SHA512
+#else
+  #include <polarssl/sha1.h>
+  #include <polarssl/sha2.h>
+  #include <polarssl/sha4.h>
+  typedef int md_type_t;
+#endif
 
 class SHA1Summer
 {