From: Christian Hofstaedtler <christian.hofstaedtler@deduktiva.com>
Date: Sat, 2 Jan 2016 21:01:46 +0000 (+0100)
Subject: Port dns_random.cc to OpenSSL
X-Git-Tag: dnsdist-1.0.0-alpha2~61^2~5
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ba6cbc80a0a7aad5dee6e00bb88690fbe291c572;p=pdns

Port dns_random.cc to OpenSSL
---

diff --git a/pdns/dns_random.cc b/pdns/dns_random.cc
index b25b1a1c1..b96665492 100644
--- a/pdns/dns_random.cc
+++ b/pdns/dns_random.cc
@@ -1,11 +1,13 @@
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
-#ifdef HAVE_MBEDTLS2
+#if HAVE_MBEDTLS2
 #include <mbedtls/aes.h>
-#else
+#elif HAVE_MBEDTLS
 #include <polarssl/aes.h>
 #include "mbedtlscompat.hh"
+#elif HAVE_OPENSSL
+#include <openssl/aes.h>
 #endif
 #include <iostream>
 #include <cstdlib>
@@ -14,22 +16,35 @@
 #include <unistd.h>
 #include <sys/time.h>
 #include <limits>
+#include <stdexcept>
 #include <stdint.h>
 #include "dns_random.hh"
 
 using namespace std;
 
+#ifdef HAVE_MBEDTLS
 static mbedtls_aes_context g_ctx;
+static size_t g_offset;
+#elif defined(HAVE_OPENSSL)
+static AES_KEY aes_key;
+static unsigned int g_offset;
+#endif
 static unsigned char g_counter[16], g_stream[16];
 static uint32_t g_in;
-static size_t g_offset;
 
 static bool g_initialized;
 
 void dns_random_init(const char data[16])
 {
   g_offset = 0;
+  memset(&g_stream, 0, sizeof(g_stream));
+#if HAVE_MBEDTLS
   mbedtls_aes_setkey_enc(&g_ctx, (const unsigned char*)data, 128);
+#elif HAVE_OPENSSL
+  if (AES_set_encrypt_key((const unsigned char*)data, 128, &aes_key) < 0) {
+    throw std::runtime_error("AES_set_encrypt_key failed");
+  }
+#endif
 
   struct timeval now;
   gettimeofday(&now, 0);
@@ -47,7 +62,13 @@ unsigned int dns_random(unsigned int n)
   if(!g_initialized)
     abort();
   uint32_t out;
+#ifdef HAVE_MBEDTLS
   mbedtls_aes_crypt_ctr(&g_ctx, sizeof(g_in), &g_offset, g_counter, (unsigned char*) &g_stream, (unsigned char*) &g_in, (unsigned char*) &out);
+#elif defined(HAVE_OPENSSL)
+  AES_ctr128_encrypt((const unsigned char*)&g_in, (unsigned char*) &out, sizeof(g_in), &aes_key, g_counter, g_stream, &g_offset);
+#else
+#error "No dns_random implementation found"
+#endif
   return out % n;
 }