BIND 10 trac2406, updated. f58b7e55f9ce6f239d6396fc786939a1b3b2e41a [trac2406] save current (successful) Botan -> OpenSSL experiment
BIND 10 source code commits
bind10-changes at lists.isc.org
Thu Oct 25 21:36:13 UTC 2012
The branch, trac2406 has been updated
via f58b7e55f9ce6f239d6396fc786939a1b3b2e41a (commit)
from 296e119946e9fb8d6eebdabf6eb166f47c47fbd0 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit f58b7e55f9ce6f239d6396fc786939a1b3b2e41a
Author: Francis Dupont <fdupont at isc.org>
Date: Thu Oct 25 23:35:13 2012 +0200
[trac2406] save current (successful) Botan -> OpenSSL experiment
-----------------------------------------------------------------------
Summary of changes:
Makefile.am | 2 +-
configure.ac | 235 ++++++--------------------
dns++.pc.in | 2 +-
src/lib/cryptolink/Makefile.am | 6 +-
src/lib/cryptolink/crypto_hmac.cc | 181 +++++++-------------
src/lib/cryptolink/cryptolink.cc | 11 +-
src/lib/cryptolink/tests/Makefile.am | 4 +-
src/lib/cryptolink/tests/crypto_unittests.cc | 58 +++----
src/lib/dns/tests/Makefile.am | 8 +-
9 files changed, 148 insertions(+), 359 deletions(-)
-----------------------------------------------------------------------
diff --git a/Makefile.am b/Makefile.am
index 1ed0d63..2e599bc 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -66,7 +66,7 @@ report-cpp-coverage:
c++/4.4\*/ext/\* \
c++/4.4\*/\*-\*/bits/\* \
boost/\* \
- botan/\* \
+ openssl/\* \
ext/asio/\* \
ext/coroutine/\* \
gtest/\* \
diff --git a/configure.ac b/configure.ac
index 09de67f..9db04d8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -542,194 +542,64 @@ AC_DEFUN([ACX_CHECK_PROG_NONCACHE], [
IFS="$IFS_SAVED"
])
-# Botan helper test function
-# Tries to compile a botan program, given the output of the given
-# config tool
-# Arguments:
-# - name of tool (checked for path), must support --libs and --cflags
-# - fixed argument(s) for tool
-# - action if successful
-AC_DEFUN([ACX_TRY_BOTAN_TOOL], [
- TOOL=$1
- TOOL_ARG=$2
- BOTAN_TOOL=""
- ACX_CHECK_PROG_NONCACHE([BOTAN_TOOL], [${TOOL}])
- AC_MSG_CHECKING([usability of ${TOOL} ${TOOL_ARG}])
- if test "$BOTAN_TOOL" != "" ; then
- if test -x ${BOTAN_TOOL}; then
- BOTAN_LIBS=`$BOTAN_TOOL $TOOL_ARG --libs`
- LIBS_SAVED=${LIBS}
- LIBS="$LIBS $BOTAN_LIBS"
- BOTAN_INCLUDES=`$BOTAN_TOOL $TOOL_ARG --cflags`
- CPPFLAGS_SAVED=${CPPFLAGS}
- CPPFLAGS="$BOTAN_INCLUDES $CPPFLAGS"
- #AC_MSG_RESULT([found])
- AC_LINK_IFELSE(
- [AC_LANG_PROGRAM([#include <botan/botan.h>
- #include <botan/hash.h>
- ],
- [using namespace Botan;
- LibraryInitializer::initialize();
- HashFunction *h = get_hash("MD5");
- ])],
- [ AC_MSG_RESULT([ok])
- $3
- ],
- [ AC_MSG_RESULT([not usable]) ]
- )
- LIBS=${LIBS_SAVED}
- CPPFLAGS=${CPPFLAGS_SAVED}
- else
- AC_MSG_RESULT([not executable])
- fi
- else
- AC_MSG_RESULT([not found])
- fi
- BOTAN_TOOL=""
- AC_SUBST(BOTAN_TOOL)
- ]
-)
+# Check for OpenSSL
+# From bind 9
-# Check for Botan
-#
-# Unless --with-botan-config is given, we first try to find these config
-# scripts ourselves. Unfortunately, on some systems, these scripts do not
-# provide the correct implementation, so for each script found, we try
-# a compilation test (ACX_TRY_BOTAN_TOOL). If none are found, or none of
-# them work, we see if pkg-config is available. If so, we try the several
-# potential pkg-config .pc files. Again, on some systems, these can return
-# incorrect information as well, so the try-compile test is repeated for
-# each.
-#
-# If a working config script or pkgconfig file is found, we then munge its
-# output for use in our Makefiles, and to make sure it works, another header
-# and compilation test is done (this should also check whether we can compile
-# against botan should neither -config scripts nor pkgconfig data exist).
-#
-botan_config="yes"
-AC_ARG_WITH([botan-config],
- AC_HELP_STRING([--with-botan-config=PATH],
- [specify the path to the botan-config script]),
- [botan_config="$withval"])
-if test "${botan_config}" = "no" ; then
- AC_MSG_ERROR([Need botan for libcryptolink])
+AC_MSG_CHECKING(for OpenSSL library)
+AC_ARG_WITH([openssl],
+ [AS_HELP_STRING([--with-openssl=PATH], [OpenSSL location])],
+ [use_openssl="$withval"],
+ [use_openssl="auto"])
+
+if test "$use_openssl" = "yes"; then
+ use_openssl = "auto"
fi
-if test "${botan_config}" != "yes" ; then
- if test -x "${botan_config}" ; then
- if test -d "${botan_config}" ; then
- AC_MSG_ERROR([${botan_config} is a directory])
- else
- BOTAN_CONFIG="${botan_config}"
- fi
- else
- AC_MSG_ERROR([--with-botan-config should point to a botan-config program and not a directory (${botan_config})])
- fi
-else
- BOTAN_CONFIG=""
- # first try several possible names of the config script
- # (botan-config-1.8 is there just in case, the official name change
- # came later)
- BOTAN_CONFIG_VERSIONS="botan-config-1.10 botan-config-1.9 botan-config-1.8 botan-config"
- for botan_config in $BOTAN_CONFIG_VERSIONS; do
- ACX_TRY_BOTAN_TOOL([$botan_config],,
- [ BOTAN_CONFIG="$botan_config" ]
- )
- if test "$BOTAN_CONFIG" != "" ; then
- break
+if test "$use_openssl" = "auto"; then
+ for d in /usr /usr/local /usr/local/ssl /usr/pkg /usr/sfw; do
+ if test -f $d/include/openssl/opensslv.h; then
+ use_openssl=$d; break
fi
done
- if test "$BOTAN_CONFIG" = "" ; then
- AC_PATH_PROG([PKG_CONFIG], [pkg-config])
- if test "$PKG_CONFIG" != "" ; then
- # Ok so no script found, see if pkg-config knows of it.
- # Unfortunately, the botan.pc files also have their minor version
- # in their name, so we need to try them one by one
- BOTAN_VERSIONS="botan-1.10 botan-1.9 botan-1.8"
- for version in $BOTAN_VERSIONS; do
- ACX_TRY_BOTAN_TOOL([pkg-config], ["$version --silence-errors"],
- [ BOTAN_CONFIG="$PKG_CONFIG $version" ]
- )
- if test "$BOTAN_CONFIG" != "" ; then
- break
- fi
- done
- fi
- fi
fi
-
-if test "x${BOTAN_CONFIG}" != "x"
-then
- BOTAN_LIBS=`${BOTAN_CONFIG} --libs`
- BOTAN_INCLUDES=`${BOTAN_CONFIG} --cflags`
-
- # We expect botan-config --libs to contain -L<path_to_libbotan>, but
- # this is not always the case. As a heuristics workaround we add
- # -L`botan-config --prefix/lib` in this case (if not present already).
- # Same for BOTAN_INCLUDES (but using include instead of lib) below.
- if [ ${BOTAN_CONFIG} --prefix >/dev/null 2>&1 ] ; then
- echo ${BOTAN_LIBS} | grep -- -L > /dev/null || \
- BOTAN_LIBS="-L`${BOTAN_CONFIG} --prefix`/lib ${BOTAN_LIBS}"
- echo ${BOTAN_INCLUDES} | grep -- -I > /dev/null || \
- BOTAN_INCLUDES="-I`${BOTAN_CONFIG} --prefix`/include ${BOTAN_INCLUDES}"
- fi
+if test "$use_openssl" = "no"; then
+ AC_MSG_ERROR([OpenSSL is required])
fi
-# botan-config script (and the way we call pkg-config) returns -L and -l
-# as one string, but we need them in separate values
-BOTAN_LDFLAGS=
-BOTAN_NEWLIBS=
-for flag in ${BOTAN_LIBS}; do
- BOTAN_LDFLAGS="${BOTAN_LDFLAGS} `echo $flag | sed -ne '/^\(\-L\)/p'`"
- BOTAN_LIBS="${BOTAN_LIBS} `echo $flag | sed -ne '/^\(\-l\)/p'`"
-done
-
-# See python_rpath for some info on why we do this
-if test $rpath_flag != no; then
- BOTAN_RPATH=
- for flag in ${BOTAN_LIBS}; do
- BOTAN_RPATH="${BOTAN_RPATH} `echo $flag | sed -ne "s/^\(\-L\)/${rpath_flag}/p"`"
- done
-AC_SUBST(BOTAN_RPATH)
-
-# According to the libtool manual, it should be sufficient if we
-# specify the "-R libdir" in our wrapper library of botan (no other
-# programs will need libbotan directly); "libdir" should be added to
-# the program's binary image. But we've seen in our build environments
-# that (some versions of?) libtool doesn't propagate -R as documented,
-# and it caused a linker error at run time. To work around this, we
-# also add the rpath to the global LDFLAGS.
- LDFLAGS="$BOTAN_RPATH $LDFLAGS"
+if test "$use_openssl" = "auto"; then
+ AC_MSG_ERROR([OpenSSL auto detection failed])
fi
+if ! test -f "$use_openssl"/include/openssl/opensslv.h; then
+ AC_MSG_ERROR([OpenSSL not found at $use_openssl])
+fi
+if test "$use_openssl" = "/usr"; then
+ OPENSSL_INCLUDES=""
+ OPENSSL_LIBS="-lcrypto"
+else
+ OPENSSL_INCLUDES="-I$use_openssl/include"
+ case $host in
+ *-solaris*)
+ OPENSSL_LIBS="-L$use_openssl/lib -R$use_openssl/lib -lcrypto"
+ ;;
+ *-hp-hpux*)
+ OPENSSL_LIBS="-L$use_openssl/lib -Wl,+b: -lcrypto"
+ ;;
+ *-apple-darwin*)
+ if test -f "$use_openssl/lib/libcrypto.dylib"; then
+ OPENSSL_LIBS="-L$use_openssl/lib -lcrypto"
+ else
+ OPENSSL_LIBS="$use_openssl/lib/libcrypto.a"
+ fi
+ ;;
+ *)
+ OPENSSL_LIBS="-L$use_openssl/lib -lcrypto"
+ ;;
+ esac
+fi
+#OPENSSL_LDFLAGS="-ldl"
+OPENSSL_LDFLAGS=""
-AC_SUBST(BOTAN_LDFLAGS)
-AC_SUBST(BOTAN_LIBS)
-AC_SUBST(BOTAN_INCLUDES)
-
-# Even though chances are high we already performed a real compilation check
-# in the search for the right (pkg)config data, we try again here, to
-# be sure.
-CPPFLAGS_SAVED=$CPPFLAGS
-CPPFLAGS="$BOTAN_INCLUDES $CPPFLAGS"
-LIBS_SAVED="$LIBS"
-LIBS="$LIBS $BOTAN_LIBS"
-AC_CHECK_HEADERS([botan/botan.h],,AC_MSG_ERROR([Missing required header files.]))
-AC_LINK_IFELSE(
- [AC_LANG_PROGRAM([#include <botan/botan.h>
- #include <botan/hash.h>
- ],
- [using namespace Botan;
- LibraryInitializer::initialize();
- HashFunction *h = get_hash("MD5");
- ])],
- [AC_MSG_RESULT([checking for Botan library... yes])],
- [AC_MSG_RESULT([checking for Botan library... no])
- AC_MSG_ERROR([Needs Botan library 1.8 or higher. On some systems,
- the botan package has a few missing dependencies (libbz2 and
- libgmp), if libbotan has been installed and you see this error,
- try upgrading to a higher version of botan or installing libbz2
- and libgmp.])]
-)
-CPPFLAGS=$CPPFLAGS_SAVED
-LIBS=$LIBS_SAVED
+AC_MSG_RESULT([Using OpenSSL from $use_openssl/lib and $use_openssl/include])
+AC_SUBST(OPENSSL_INCLUDES)
+AC_SUBST(OPENSSL_LIBS)
# Check for log4cplus
log4cplus_path="yes"
@@ -1409,9 +1279,8 @@ dnl includes too
${PYTHON_LDFLAGS}
${PYTHON_LIB}
Boost: ${BOOST_INCLUDES}
- Botan: ${BOTAN_INCLUDES}
- ${BOTAN_LDFLAGS}
- ${BOTAN_LIBS}
+ OpenSSL: ${OPENSSL_INCLUDES}
+ ${OPENSSL_LIBS}
Log4cplus: ${LOG4CPLUS_INCLUDES}
${LOG4CPLUS_LIBS}
SQLite: $SQLITE_CFLAGS
diff --git a/dns++.pc.in b/dns++.pc.in
index 8d2725c..fecd329 100644
--- a/dns++.pc.in
+++ b/dns++.pc.in
@@ -6,6 +6,6 @@ includedir=@includedir@
Name: dns++
Description: BIND 10 DNS library
Version: @PACKAGE_VERSION@
-Requires: botan-1.8
+Requires: openssl-1.0.0
Cflags: -I${includedir}/@PACKAGE_NAME@
Libs: -L${libdir} -lb10-dns++ -lb10-cryptolink -lb10-util -lb10-exceptions -lm
diff --git a/src/lib/cryptolink/Makefile.am b/src/lib/cryptolink/Makefile.am
index 91825d8..1eacfe2 100644
--- a/src/lib/cryptolink/Makefile.am
+++ b/src/lib/cryptolink/Makefile.am
@@ -1,7 +1,7 @@
SUBDIRS = . tests
AM_CPPFLAGS = -I$(top_srcdir)/src/lib -I$(top_builddir)/src/lib
-AM_CPPFLAGS += $(BOOST_INCLUDES) $(BOTAN_INCLUDES)
+AM_CPPFLAGS += $(BOOST_INCLUDES) $(OPENSSL_INCLUDES)
AM_CXXFLAGS = $(B10_CXXFLAGS)
CLEANFILES = *.gcno *.gcda
@@ -11,5 +11,5 @@ lib_LTLIBRARIES = libb10-cryptolink.la
libb10_cryptolink_la_SOURCES = cryptolink.h cryptolink.cc
libb10_cryptolink_la_SOURCES += crypto_hmac.h crypto_hmac.cc
-libb10_cryptolink_la_LDFLAGS = ${BOTAN_LDFLAGS}
-libb10_cryptolink_la_LIBADD = ${BOTAN_LIBS} ${BOTAN_RPATH}
+libb10_cryptolink_la_LDFLAGS = ${OPENSSL_LDFLAGS}
+libb10_cryptolink_la_LIBADD = ${OPENSSL_LIBS}
diff --git a/src/lib/cryptolink/crypto_hmac.cc b/src/lib/cryptolink/crypto_hmac.cc
index c1bbfa8..7b37399 100644
--- a/src/lib/cryptolink/crypto_hmac.cc
+++ b/src/lib/cryptolink/crypto_hmac.cc
@@ -17,48 +17,43 @@
#include <boost/scoped_ptr.hpp>
-#include <botan/version.h>
-#include <botan/botan.h>
-#include <botan/hmac.h>
-#include <botan/hash.h>
-#include <botan/types.h>
+#include <openssl/hmac.h>
#include <cstring>
namespace {
-const char*
-getBotanHashAlgorithmName(isc::cryptolink::HashAlgorithm algorithm) {
+const EVP_MD*
+getOpenSSLHashAlgorithm(isc::cryptolink::HashAlgorithm algorithm) {
switch (algorithm) {
case isc::cryptolink::MD5:
- return ("MD5");
+ return (EVP_md5());
break;
case isc::cryptolink::SHA1:
- return ("SHA-1");
+ return (EVP_sha1());
break;
case isc::cryptolink::SHA256:
- return ("SHA-256");
+ return (EVP_sha256());
break;
case isc::cryptolink::SHA224:
- return ("SHA-224");
+ return (EVP_sha224());
break;
case isc::cryptolink::SHA384:
- return ("SHA-384");
+ return (EVP_sha384());
break;
case isc::cryptolink::SHA512:
- return ("SHA-512");
+ return (EVP_sha512());
break;
case isc::cryptolink::UNKNOWN_HASH:
- return ("Unknown");
+ return (0);
break;
}
// compiler should have prevented us to reach this, since we have
// no default. But we need a return value anyway
- return ("Unknown");
+ return (0);
}
} // local namespace
-
namespace isc {
namespace cryptolink {
@@ -66,145 +61,83 @@ class HMACImpl {
public:
explicit HMACImpl(const void* secret, size_t secret_len,
const HashAlgorithm hash_algorithm) {
- Botan::HashFunction* hash;
- try {
- hash = Botan::get_hash(
- getBotanHashAlgorithmName(hash_algorithm));
- } catch (const Botan::Algorithm_Not_Found&) {
- isc_throw(isc::cryptolink::UnsupportedAlgorithm,
+ const EVP_MD* algo = getOpenSSLHashAlgorithm(hash_algorithm);
+ if (algo == 0) {
+ isc_throw(UnsupportedAlgorithm,
"Unknown hash algorithm: " <<
static_cast<int>(hash_algorithm));
- } catch (const Botan::Exception& exc) {
- isc_throw(isc::cryptolink::LibraryError, exc.what());
+ }
+ if (secret_len == 0) {
+ isc_throw(BadKey, "Bad HMAC secret length: 0");
}
- hmac_.reset(new Botan::HMAC(hash));
+ md_.reset(new HMAC_CTX);
+ HMAC_CTX_init(md_.get());
- // If the key length is larger than the block size, we hash the
- // key itself first.
- try {
- // use a temp var so we don't have blocks spanning
- // preprocessor directives
-#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,0)
- size_t block_length = hash->hash_block_size();
-#elif BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,8,0)
- size_t block_length = hash->HASH_BLOCK_SIZE;
-#else
-#error "Unsupported Botan version (need 1.8 or higher)"
- // added to suppress irrelevant compiler errors
- size_t block_length = 0;
-#endif
- if (secret_len > block_length) {
- Botan::SecureVector<Botan::byte> hashed_key =
- hash->process(static_cast<const Botan::byte*>(secret),
- secret_len);
- hmac_->set_key(hashed_key.begin(), hashed_key.size());
- } else {
- // Botan 1.8 considers len 0 a bad key. 1.9 does not,
- // but we won't accept it anyway, and fail early
- if (secret_len == 0) {
- isc_throw(BadKey, "Bad HMAC secret length: 0");
- }
- hmac_->set_key(static_cast<const Botan::byte*>(secret),
- secret_len);
- }
- } catch (const Botan::Invalid_Key_Length& ikl) {
- isc_throw(BadKey, ikl.what());
- } catch (const Botan::Exception& exc) {
- isc_throw(isc::cryptolink::LibraryError, exc.what());
- }
+ HMAC_Init_ex(md_.get(), secret,
+ static_cast<int>(secret_len),
+ algo, NULL);
}
- ~HMACImpl() { }
+ ~HMACImpl() { if (md_) HMAC_CTX_cleanup(md_.get()); }
size_t getOutputLength() const {
-#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,0)
- return (hmac_->output_length());
-#elif BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,8,0)
- return (hmac_->OUTPUT_LENGTH);
-#else
-#error "Unsupported Botan version (need 1.8 or higher)"
- // added to suppress irrelevant compiler errors
- return 0;
-#endif
+ int size = HMAC_size(md_.get());
+ if (size < 0) {
+ isc_throw(isc::cryptolink::LibraryError, "EVP_MD_CTX_size");
+ }
+ return (static_cast<size_t>(size));
}
void update(const void* data, const size_t len) {
- try {
- hmac_->update(static_cast<const Botan::byte*>(data), len);
- } catch (const Botan::Exception& exc) {
- isc_throw(isc::cryptolink::LibraryError, exc.what());
- }
+ HMAC_Update(md_.get(), static_cast<const unsigned char*>(data), len);
}
void sign(isc::util::OutputBuffer& result, size_t len) {
- try {
- Botan::SecureVector<Botan::byte> b_result(hmac_->final());
-
- if (len == 0 || len > b_result.size()) {
- len = b_result.size();
- }
- result.writeData(b_result.begin(), len);
- } catch (const Botan::Exception& exc) {
- isc_throw(isc::cryptolink::LibraryError, exc.what());
+ size_t size = getOutputLength();
+ std::vector<unsigned char> digest(size);
+ HMAC_Final(md_.get(), &digest[0], NULL);
+ if (len == 0 || len > size) {
+ len = size;
}
+ result.writeData(&digest[0], len);
}
void sign(void* result, size_t len) {
- try {
- Botan::SecureVector<Botan::byte> b_result(hmac_->final());
- size_t output_size = getOutputLength();
- if (output_size > len) {
- output_size = len;
- }
- std::memcpy(result, b_result.begin(), output_size);
- } catch (const Botan::Exception& exc) {
- isc_throw(isc::cryptolink::LibraryError, exc.what());
+ size_t size = getOutputLength();
+ std::vector<unsigned char> digest(size);
+ HMAC_Final(md_.get(), &digest[0], NULL);
+ if (len > size) {
+ len = size;
}
+ std::memcpy(result, &digest[0], len);
}
std::vector<uint8_t> sign(size_t len) {
- try {
- Botan::SecureVector<Botan::byte> b_result(hmac_->final());
- if (len == 0 || len > b_result.size()) {
- return (std::vector<uint8_t>(b_result.begin(), b_result.end()));
- } else {
- return (std::vector<uint8_t>(b_result.begin(), &b_result[len]));
- }
- } catch (const Botan::Exception& exc) {
- isc_throw(isc::cryptolink::LibraryError, exc.what());
+ size_t size = getOutputLength();
+ std::vector<unsigned char> digest(size);
+ HMAC_Final(md_.get(), &digest[0], NULL);
+ if (len != 0 && len < size) {
+ digest.resize(len);
}
+ return (std::vector<uint8_t>(digest.begin(), digest.end()));
}
-
bool verify(const void* sig, size_t len) {
- // Botan's verify_mac checks if len matches the output_length,
- // which causes it to fail for truncated signatures, so we do
- // the check ourselves
- // SEE BELOW FOR TEMPORARY CHANGE
- try {
- Botan::SecureVector<Botan::byte> our_mac = hmac_->final();
- if (len < getOutputLength()) {
- // Currently we don't support truncated signature in TSIG (see
- // #920). To avoid validating too short signature accidently,
- // we enforce the standard signature size for the moment.
- // Once we support truncation correctly, this if-clause should
- // (and the capitalized comment above) be removed.
- return (false);
- }
- if (len == 0 || len > getOutputLength()) {
- len = getOutputLength();
- }
- return (Botan::same_mem(&our_mac[0],
- static_cast<const unsigned char*>(sig),
- len));
- } catch (const Botan::Exception& exc) {
- isc_throw(isc::cryptolink::LibraryError, exc.what());
+ size_t size = getOutputLength();
+ if (len != 0 && len < size / 2) {
+ return (false);
+ }
+ std::vector<unsigned char> digest(size);
+ HMAC_Final(md_.get(), &digest[0], NULL);
+ if (len == 0 || len > size) {
+ len = size;
}
+ return (std::memcmp(&digest[0], sig, len) == 0);
}
private:
- boost::scoped_ptr<Botan::HMAC> hmac_;
+ boost::scoped_ptr<HMAC_CTX> md_;
};
HMAC::HMAC(const void* secret, size_t secret_length,
diff --git a/src/lib/cryptolink/cryptolink.cc b/src/lib/cryptolink/cryptolink.cc
index d1c375d..6e4d217 100644
--- a/src/lib/cryptolink/cryptolink.cc
+++ b/src/lib/cryptolink/cryptolink.cc
@@ -15,15 +15,12 @@
#include <cryptolink/cryptolink.h>
#include <cryptolink/crypto_hmac.h>
-#include <botan/botan.h>
-
namespace isc {
namespace cryptolink {
-// For Botan, we use the CryptoLink class object in RAII style
+// For OpenSSL, we use the CryptoLink class object in RAII style
class CryptoLinkImpl {
-private:
- Botan::LibraryInitializer botan_init_;
+ // empty class
};
CryptoLink::~CryptoLink() {
@@ -51,8 +48,8 @@ CryptoLink::initialize() {
if (c.impl_ == NULL) {
try {
c.impl_ = new CryptoLinkImpl();
- } catch (const Botan::Exception& ex) {
- isc_throw(InitializationError, ex.what());
+ } catch (...) {
+ isc_throw(InitializationError, "");
}
}
}
diff --git a/src/lib/cryptolink/tests/Makefile.am b/src/lib/cryptolink/tests/Makefile.am
index 4659a82..37c007e 100644
--- a/src/lib/cryptolink/tests/Makefile.am
+++ b/src/lib/cryptolink/tests/Makefile.am
@@ -19,8 +19,8 @@ TESTS += run_unittests
run_unittests_SOURCES = run_unittests.cc
run_unittests_SOURCES += crypto_unittests.cc
run_unittests_CPPFLAGS = $(AM_CPPFLAGS) $(GTEST_INCLUDES)
-run_unittests_LDFLAGS = $(BOTAN_LDFLAGS) $(GTEST_LDFLAGS) $(AM_LDFLAGS)
-run_unittests_LDADD = $(GTEST_LDADD) $(BOTAN_LIBS)
+run_unittests_LDFLAGS = $(OPENSSL_LDFLAGS) $(GTEST_LDFLAGS) $(AM_LDFLAGS)
+run_unittests_LDADD = $(GTEST_LDADD) $(OPENSSL_LIBS)
run_unittests_LDADD += $(top_builddir)/src/lib/util/libb10-util.la
run_unittests_LDADD += $(top_builddir)/src/lib/cryptolink/libb10-cryptolink.la
run_unittests_LDADD += $(top_builddir)/src/lib/util/unittests/libutil_unittests.la
diff --git a/src/lib/cryptolink/tests/crypto_unittests.cc b/src/lib/cryptolink/tests/crypto_unittests.cc
index c8fe9c6..4b3b4bd 100644
--- a/src/lib/cryptolink/tests/crypto_unittests.cc
+++ b/src/lib/cryptolink/tests/crypto_unittests.cc
@@ -243,6 +243,18 @@ TEST(CryptoLinkTest, HMAC_MD5_RFC2202_SIGN) {
0x79 };
doHMACTest(data4, secret4, 25, MD5, hmac_expected4, 16);
+ const uint8_t secret5[] = { 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
+ 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
+ 0x0c, 0x0c, 0x0c, 0x0c };
+ const uint8_t hmac_expected5[] = { 0x56, 0x46, 0x1e, 0xf2, 0x34,
+ 0x2e, 0xdc, 0x00, 0xf9, 0xba,
+ 0xb9, 0x95, 0x69, 0x0e, 0xfd,
+ 0x4c };
+ doHMACTest("Test With Truncation", secret5, 16, MD5,
+ hmac_expected5, 16);
+ doHMACTest("Test With Truncation", secret5, 16, MD5,
+ hmac_expected5, 12);
+
const uint8_t hmac_expected6[] = { 0x6b, 0x1a, 0xb7, 0xfe, 0x4b,
0xd7, 0xbf, 0x8f, 0x0b, 0x62,
0xe6, 0xce, 0x61, 0xb9, 0xd0,
@@ -259,21 +271,6 @@ TEST(CryptoLinkTest, HMAC_MD5_RFC2202_SIGN) {
std::string(80, 0xaa).c_str(), 80, MD5, hmac_expected7, 16);
}
-// Temporarily disabled
-TEST(CryptoLinkTest, DISABLED_HMAC_MD5_RFC2202_SIGN_TRUNCATED) {
- const uint8_t secret5[] = { 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
- 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
- 0x0c, 0x0c, 0x0c, 0x0c };
- const uint8_t hmac_expected5[] = { 0x56, 0x46, 0x1e, 0xf2, 0x34,
- 0x2e, 0xdc, 0x00, 0xf9, 0xba,
- 0xb9, 0x95, 0x69, 0x0e, 0xfd,
- 0x4c };
- doHMACTest("Test With Truncation", secret5, 16, MD5,
- hmac_expected5, 16);
- doHMACTest("Test With Truncation", secret5, 16, MD5,
- hmac_expected5, 12);
-}
-
//
// Test values taken from RFC 2202
//
@@ -315,6 +312,19 @@ TEST(CryptoLinkTest, HMAC_SHA1_RFC2202_SIGN) {
0x6c, 0x2d, 0x72, 0x35, 0xda };
doHMACTest(std::string(50, 0xcd), secret4, 25, SHA1, hmac_expected4, 20);
+ const uint8_t secret5[] = { 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
+ 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
+ 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
+ 0x0c, 0x0c };
+ const uint8_t hmac_expected5[] = { 0x4c, 0x1a, 0x03, 0x42, 0x4b,
+ 0x55, 0xe0, 0x7f, 0xe7, 0xf2,
+ 0x7b, 0xe1, 0xd5, 0x8b, 0xb9,
+ 0x32, 0x4a, 0x9a, 0x5a, 0x04 };
+ doHMACTest("Test With Truncation", secret5, 20, SHA1,
+ hmac_expected5, 20);
+ doHMACTest("Test With Truncation", secret5, 20, SHA1,
+ hmac_expected5, 12);
+
const uint8_t hmac_expected6[] = { 0xaa, 0x4a, 0xe5, 0xe1, 0x52,
0x72, 0xd0, 0x0e, 0x95, 0x70,
0x56, 0x37, 0xce, 0x8a, 0x3b,
@@ -331,22 +341,6 @@ TEST(CryptoLinkTest, HMAC_SHA1_RFC2202_SIGN) {
std::string(80, 0xaa).c_str(), 80, SHA1, hmac_expected7, 20);
}
-// Temporarily disabled
-TEST(CryptoLinkTest, DISABLED_HMAC_SHA1_RFC2202_SIGN_TRUNCATED) {
- const uint8_t secret5[] = { 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
- 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
- 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
- 0x0c, 0x0c };
- const uint8_t hmac_expected5[] = { 0x4c, 0x1a, 0x03, 0x42, 0x4b,
- 0x55, 0xe0, 0x7f, 0xe7, 0xf2,
- 0x7b, 0xe1, 0xd5, 0x8b, 0xb9,
- 0x32, 0x4a, 0x9a, 0x5a, 0x04 };
- doHMACTest("Test With Truncation", secret5, 20, SHA1,
- hmac_expected5, 20);
- doHMACTest("Test With Truncation", secret5, 20, SHA1,
- hmac_expected5, 12);
-}
-
//
// Test values taken from RFC 4231
//
@@ -505,7 +499,7 @@ TEST(CryptoLinkTest, HMAC_SHA512_RFC4231_SIGN) {
doRFC4231Tests(SHA512, hmac_expected_list);
}
-TEST(CryptoLinkTest, DISABLED_HMAC_SHA256_RFC2202_SIGN_TRUNCATED) {
+TEST(CryptoLinkTest, HMAC_SHA256_RFC2202_SIGN_TRUNCATED) {
const uint8_t secret5[] = { 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
diff --git a/src/lib/dns/tests/Makefile.am b/src/lib/dns/tests/Makefile.am
index e8cbe10..d163f65 100644
--- a/src/lib/dns/tests/Makefile.am
+++ b/src/lib/dns/tests/Makefile.am
@@ -69,16 +69,12 @@ run_unittests_SOURCES += tsigrecord_unittest.cc
run_unittests_SOURCES += character_string_unittest.cc
run_unittests_SOURCES += run_unittests.cc
run_unittests_CPPFLAGS = $(AM_CPPFLAGS) $(GTEST_INCLUDES)
-# We shouldn't need to include BOTAN_LIBS here, but there
-# is one test system where the path for GTEST_LDFLAGS contains
-# an older version of botan, and somehow that version gets
-# linked if we don't
-run_unittests_LDFLAGS = $(BOTAN_LDFLAGS) $(GTEST_LDFLAGS) $(AM_LDFLAGS)
+run_unittests_LDFLAGS = $(OPENSSL_LDFLAGS) $(GTEST_LDFLAGS) $(AM_LDFLAGS)
run_unittests_LDADD = $(top_builddir)/src/lib/dns/libb10-dns++.la
run_unittests_LDADD += $(top_builddir)/src/lib/util/libb10-util.la
run_unittests_LDADD += $(top_builddir)/src/lib/util/unittests/libutil_unittests.la
run_unittests_LDADD += $(top_builddir)/src/lib/exceptions/libb10-exceptions.la
-run_unittests_LDADD += $(BOTAN_LIBS) $(GTEST_LDADD)
+run_unittests_LDADD += $(GTEST_LDADD)
endif
noinst_PROGRAMS = $(TESTS)
More information about the bind10-changes
mailing list