diff --git a/ChangeLog b/ChangeLog index 4bf8d71f14..93c0fffe02 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +836. [bug] fdupont + Moved duplicated getXXXHashAlgorithm() function to new + xxx_common.h include files in the cryptolink library. + (Trac #3471, git xxx) + 835. [build] fdupont The configure script checks if OpenSSL supports SHA-2, in order to avoid very old (and likely subject to unfixed security bugs) diff --git a/src/lib/cryptolink/Makefile.am b/src/lib/cryptolink/Makefile.am index 3aa9fa51f1..005db8379c 100644 --- a/src/lib/cryptolink/Makefile.am +++ b/src/lib/cryptolink/Makefile.am @@ -13,11 +13,13 @@ libkea_cryptolink_la_SOURCES += crypto_hash.h crypto_hash.cc libkea_cryptolink_la_SOURCES += crypto_hmac.h crypto_hmac.cc if HAVE_BOTAN libkea_cryptolink_la_SOURCES += botan_link.cc +libkea_cryptolink_la_SOURCES += botan_common.h libkea_cryptolink_la_SOURCES += botan_hash.cc libkea_cryptolink_la_SOURCES += botan_hmac.cc endif if HAVE_OPENSSL libkea_cryptolink_la_SOURCES += openssl_link.cc +libkea_cryptolink_la_SOURCES += openssl_common.h libkea_cryptolink_la_SOURCES += openssl_hash.cc libkea_cryptolink_la_SOURCES += openssl_hmac.cc endif diff --git a/src/lib/cryptolink/botan_common.h b/src/lib/cryptolink/botan_common.h new file mode 100644 index 0000000000..0434c3a71d --- /dev/null +++ b/src/lib/cryptolink/botan_common.h @@ -0,0 +1,26 @@ +// Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC") +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +// AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +// PERFORMANCE OF THIS SOFTWARE. + +namespace isc { +namespace cryptolink { + +/// @brief Decode the HashAlgorithm enum into a name usable by Botan +/// +/// @param algorithm algorithm to be converted +/// @return static text representation of the algorithm name +const char* +getBotanHashAlgorithmName(isc::cryptolink::HashAlgorithm algorithm); + +} // namespace cryptolink +} // namespace isc diff --git a/src/lib/cryptolink/botan_hash.cc b/src/lib/cryptolink/botan_hash.cc index 2df255d35e..e033b93301 100644 --- a/src/lib/cryptolink/botan_hash.cc +++ b/src/lib/cryptolink/botan_hash.cc @@ -22,9 +22,13 @@ #include #include +#include + #include -namespace { +namespace isc { +namespace cryptolink { + /// @brief Decode the HashAlgorithm enum into a name usable by Botan /// /// @param algorithm algorithm to be converted @@ -52,12 +56,6 @@ getBotanHashAlgorithmName(isc::cryptolink::HashAlgorithm algorithm) { return ("Unknown"); } -} // local namespace - - -namespace isc { -namespace cryptolink { - /// @brief Botan implementation of Hash. Each method is the counterpart /// of the Hash corresponding method. class HashImpl { diff --git a/src/lib/cryptolink/botan_hmac.cc b/src/lib/cryptolink/botan_hmac.cc index 5346bdec18..174985ccfe 100644 --- a/src/lib/cryptolink/botan_hmac.cc +++ b/src/lib/cryptolink/botan_hmac.cc @@ -23,40 +23,10 @@ #include #include +#include + #include -namespace { - -/// @brief Decode the HashAlgorithm enum into a name usable by Botan -/// -/// @param algorithm algorithm to be converted -/// @return text representation of the algorithm name -const char* -getBotanHashAlgorithmName(isc::cryptolink::HashAlgorithm algorithm) { - switch (algorithm) { - case isc::cryptolink::MD5: - return ("MD5"); - case isc::cryptolink::SHA1: - return ("SHA-1"); - case isc::cryptolink::SHA256: - return ("SHA-256"); - case isc::cryptolink::SHA224: - return ("SHA-224"); - case isc::cryptolink::SHA384: - return ("SHA-384"); - case isc::cryptolink::SHA512: - return ("SHA-512"); - case isc::cryptolink::UNKNOWN_HASH: - return ("Unknown"); - } - // compiler should have prevented us to reach this, since we have - // no default. But we need a return value anyway - return ("Unknown"); -} - -} // local namespace - - namespace isc { namespace cryptolink { diff --git a/src/lib/cryptolink/openssl_common.h b/src/lib/cryptolink/openssl_common.h new file mode 100644 index 0000000000..fb6ed4b40d --- /dev/null +++ b/src/lib/cryptolink/openssl_common.h @@ -0,0 +1,27 @@ +// Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC") +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +// AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +// PERFORMANCE OF THIS SOFTWARE. + +namespace isc { +namespace cryptolink { + +/// @brief Decode the HashAlgorithm enum into an EVP_MD pointer (or 0) +/// +/// EVP_MD pointer is a OpenSSL's way of identifying hash algorithms +/// @param algorithm algorithm to be converted +/// @return pointer to a static EVP_MD which identifies the algorithm +const EVP_MD* +getOpenSSLHashAlgorithm(isc::cryptolink::HashAlgorithm algorithm); + +} // namespace cryptolink +} // namespace isc diff --git a/src/lib/cryptolink/openssl_hash.cc b/src/lib/cryptolink/openssl_hash.cc index b0ebe73c66..dfc870c400 100644 --- a/src/lib/cryptolink/openssl_hash.cc +++ b/src/lib/cryptolink/openssl_hash.cc @@ -19,9 +19,12 @@ #include +#include + #include -namespace { +namespace isc { +namespace cryptolink { /// @brief Decode the HashAlgorithm enum into an EVP_MD pointer (or 0) /// @@ -51,12 +54,6 @@ getOpenSSLHashAlgorithm(isc::cryptolink::HashAlgorithm algorithm) { return (0); } -} // local namespace - - -namespace isc { -namespace cryptolink { - /// \brief OpenSSL implementation of Hash. Each method is the counterpart /// of the Hash corresponding method. class HashImpl { diff --git a/src/lib/cryptolink/openssl_hmac.cc b/src/lib/cryptolink/openssl_hmac.cc index 34940d349e..81ba92386b 100644 --- a/src/lib/cryptolink/openssl_hmac.cc +++ b/src/lib/cryptolink/openssl_hmac.cc @@ -19,38 +19,12 @@ #include +#include + #include namespace { -/// @brief Decode the HashAlgorithm enum into an EVP_MD pointer (or 0) -/// -/// EVP_MD pointer is a OpenSSL's way of identifying hash algorithms -/// @param algorithm algorithm to be converted -/// @return pointer to EVP_MD which identifies the algorithm -const EVP_MD* -getOpenSSLHashAlgorithm(isc::cryptolink::HashAlgorithm algorithm) { - switch (algorithm) { - case isc::cryptolink::MD5: - return (EVP_md5()); - case isc::cryptolink::SHA1: - return (EVP_sha1()); - case isc::cryptolink::SHA256: - return (EVP_sha256()); - case isc::cryptolink::SHA224: - return (EVP_sha224()); - case isc::cryptolink::SHA384: - return (EVP_sha384()); - case isc::cryptolink::SHA512: - return (EVP_sha512()); - case isc::cryptolink::UNKNOWN_HASH: - return (0); - } - // compiler should have prevented us to reach this, since we have - // no default. But we need a return value anyway - return (0); -} - /// Secure Buffers which are wiped out when released. template struct SecBuf {