From: Peter van Dijk Date: Thu, 17 Oct 2013 12:42:29 +0000 (+0200) Subject: support polarssl 1.3 X-Git-Tag: rec-3.6.0-rc1~402 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f5352b13b9c8dcc6ab3cef8df0076f2253c81007;p=pdns support polarssl 1.3 --- diff --git a/pdns/polarrsakeyinfra.cc b/pdns/polarrsakeyinfra.cc index 13a25a077..c06d1537b 100644 --- a/pdns/polarrsakeyinfra.cc +++ b/pdns/polarrsakeyinfra.cc @@ -1,8 +1,6 @@ #include #include -#include -#include -#include +#include #include #include #include // for 'operator+=()' @@ -137,7 +135,8 @@ std::string RSADNSCryptoKeyEngine::sign(const std::string& msg) const { string hash = this->hash(msg); unsigned char signature[mpi_size(&d_context.N)]; - int hashKind; + md_type_t hashKind; + if(hash.size()==20) hashKind= SIG_RSA_SHA1; else if(hash.size()==32) @@ -159,7 +158,7 @@ std::string RSADNSCryptoKeyEngine::sign(const std::string& msg) const bool RSADNSCryptoKeyEngine::verify(const std::string& msg, const std::string& signature) const { - int hashKind; + md_type_t hashKind; string hash=this->hash(msg); if(hash.size()==20) hashKind= SIG_RSA_SHA1; @@ -168,7 +167,11 @@ bool RSADNSCryptoKeyEngine::verify(const std::string& msg, const std::string& si else hashKind = SIG_RSA_SHA512; - int ret=rsa_pkcs1_verify(const_cast(&d_context), RSA_PUBLIC, + int ret=rsa_pkcs1_verify(const_cast(&d_context), +#if POLARSSL_VERSION_NUMBER >= 0x01030000 + NULL, NULL, +#endif + RSA_PUBLIC, hashKind, hash.size(), (const unsigned char*) hash.c_str(), (unsigned char*) signature.c_str()); @@ -185,12 +188,20 @@ std::string RSADNSCryptoKeyEngine::hash(const std::string& toHash) const } else if(d_algorithm == 8) { // RSASHA256 unsigned char hash[32]; +#if POLARSSL_VERSION_NUMBER >= 0x01030000 + sha256((unsigned char*)toHash.c_str(), toHash.length(), hash, 0); +#else sha2((unsigned char*)toHash.c_str(), toHash.length(), hash, 0); +#endif return string((char*)hash, sizeof(hash)); } else if(d_algorithm == 10) { // RSASHA512 unsigned char hash[64]; +#if POLARSSL_VERSION_NUMBER >= 0x01030000 + sha512((unsigned char*)toHash.c_str(), toHash.length(), hash, 0); +#else sha4((unsigned char*)toHash.c_str(), toHash.length(), hash, 0); +#endif return string((char*)hash, sizeof(hash)); } throw runtime_error("PolarSSL hashing method can't hash algorithm "+lexical_cast(d_algorithm)); diff --git a/pdns/sha.hh b/pdns/sha.hh index 055d6f745..f90e8cb3e 100644 --- a/pdns/sha.hh +++ b/pdns/sha.hh @@ -3,9 +3,38 @@ #include #include -#include -#include -#include +#include +#if POLARSSL_VERSION_NUMBER >= 0x01030000 + #include + #include + #include + typedef sha256_context sha2_context; + typedef sha512_context sha4_context; + #define sha2_finish sha256_finish + #define sha2_hmac_finish sha256_hmac_finish + #define sha2_hmac_starts sha256_hmac_starts + #define sha2_hmac_update sha256_hmac_update + #define sha2_starts sha256_starts + #define sha2_update sha256_update + #define sha4_finish sha512_finish + #define sha4_hmac_finish sha512_hmac_finish + #define sha4_hmac_starts sha512_hmac_starts + #define sha4_hmac_update sha512_hmac_update + #define sha4_starts sha512_starts + #define sha4_update sha512_update + #define POLARSSL_SHA2_C POLARSSL_SHA256_C + #define POLARSSL_SHA4_C POLARSSL_SHA512_C + #define SIG_RSA_SHA1 POLARSSL_MD_SHA1 + #define SIG_RSA_SHA224 POLARSSL_MD_SHA224 + #define SIG_RSA_SHA256 POLARSSL_MD_SHA256 + #define SIG_RSA_SHA384 POLARSSL_MD_SHA384 + #define SIG_RSA_SHA512 POLARSSL_MD_SHA512 +#else + #include + #include + #include + typedef int md_type_t; +#endif class SHA1Summer {