Replace openssl sha256 implementation with libsodium

Also completely remove the default OPENSSL_init_ssl() call; openssl has known how to call that itself since 2016.
2022-02-10 11:22:59 -04:00 · 2022-02-10 11:22:59 -04:00 · 83ac88e8ab
parent 82cb6460ac
commit 83ac88e8ab
4 changed files with 14 additions and 38 deletions
--- a/src/common/CMakeLists.txt
+++ b/src/common/CMakeLists.txt
@ -69,6 +69,5 @@ target_link_libraries(common
    fmt::fmt
  PRIVATE
    libunbound
-    OpenSSL::SSL
-    OpenSSL::Crypto
+    sodium
    extra)
--- a/src/common/sha256sum.cpp
+++ b/src/common/sha256sum.cpp
@ -3,22 +3,16 @@
 #include <fstream>
 #include "crypto/hash.h"
 #include "fs.h"
-
-extern "C" {
-#include <openssl/sha.h>
-}
+#include <sodium/crypto_hash_sha256.h>

 namespace tools {

  bool sha256sum_str(std::string_view data, crypto::hash &hash)
  {
-    SHA256_CTX ctx;
-    if (!SHA256_Init(&ctx))
-      return false;
-    if (!SHA256_Update(&ctx, data.data(), data.size()))
-      return false;
-    if (!SHA256_Final(reinterpret_cast<unsigned char*>(hash.data), &ctx))
-      return false;
+    crypto_hash_sha256(
+            reinterpret_cast<unsigned char*>(hash.data),
+            reinterpret_cast<const unsigned char*>(data.data()),
+            data.size());
    return true;
  }

@ -32,25 +26,23 @@ namespace tools {
    if (!f)
      return false;
    std::ifstream::pos_type file_size = f.tellg();
-    SHA256_CTX ctx;
-    if (!SHA256_Init(&ctx))
-      return false;
+    crypto_hash_sha256_state st;
+    crypto_hash_sha256_init(&st);
    size_t size_left = file_size;
    f.seekg(0, std::ios::beg);
+
+    std::array<unsigned char, 16384> buf;
    while (size_left)
    {
-      char buf[4096];
-      std::ifstream::pos_type read_size = size_left > sizeof(buf) ? sizeof(buf) : size_left;
-      f.read(buf, read_size);
+      auto read_size = std::min(size_left, buf.size());
+      f.read(reinterpret_cast<char*>(buf.data()), read_size);
      if (!f || !f.good())
        return false;
-      if (!SHA256_Update(&ctx, buf, read_size))
-        return false;
+      crypto_hash_sha256_update(&st, buf.data(), read_size);
      size_left -= read_size;
    }
    f.close();
-    if (!SHA256_Final((unsigned char*)hash.data, &ctx))
-      return false;
+    crypto_hash_sha256_final(&st, reinterpret_cast<unsigned char*>(hash.data));
    return true;
  }

--- a/src/common/sha256sum.h
+++ b/src/common/sha256sum.h
@ -8,13 +8,6 @@ namespace crypto { struct hash; }

 namespace tools {

-  // This used to be really dangerously overloaded with very different purposes:
-  //bool sha256sum(const uint8_t* data, size_t len, crypto::hash& hash);
-  //bool sha256sum(const fs::path& filename, crypto::hash& hash);
-  // which is incredibly dangerous if you happen to have a string you want to hash and see that
-  // there is both a pointer+size and std::string overload.  Renamed *both* of these to prevent any
-  // existing code from compiling.
-
  // Calculates sha256 checksum of the given data
  bool sha256sum_str(std::string_view str, crypto::hash& hash);

--- a/src/common/util.cpp
+++ b/src/common/util.cpp
@ -33,8 +33,6 @@
 #include <iomanip>
 #include <thread>

-#include <openssl/ssl.h>
-
 #include "unbound.h"

 #include "epee/string_tools.h"
@ -113,12 +111,6 @@ namespace tools
      MCLOG_RED(el::Level::Warning, "global", "Running with glibc " << ver << ", hangs may occur - change glibc version if possible");
 #endif

-#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_TEXT)
-    SSL_library_init();
-#else
-    OPENSSL_init_ssl(0, NULL);
-#endif
-
    if (!unbound_built_with_threads())
      MCLOG_RED(el::Level::Warning, "global", "libunbound was not built with threads enabled - crashes may occur");