compile against mbed TLS 2.0.0

diff --git a/build-scripts/build-auth-rpm b/build-scripts/build-auth-rpm
index 861b325b0611f0f58aa318d5fcfce4571394ee16..b13e104b151702871b415de7968c41aa6bbd5544 100755 (executable)
--- a/build-scripts/build-auth-rpm
+++ b/build-scripts/build-auth-rpm
@@ -404,7 +404,7 @@ export CPPFLAGS="-DLDAP_DEPRECATED"
        --disable-dependency-tracking \
        --disable-silent-rules \
        --with-modules='' \
-       --with-system-polarssl \
+       --with-system-mbedtls \
        --with-lua \
        --with-dynmodules='%{backends}' \
        --enable-cryptopp \

diff --git a/build-scripts/debian-authoritative/rules b/build-scripts/debian-authoritative/rules
index abf935488951e28f5bd5e136b19b94272b055de1..74625af9801c7ac49702a8f4af20aa7531b98f97 100755 (executable)
--- a/build-scripts/debian-authoritative/rules
+++ b/build-scripts/debian-authoritative/rules
@@ -26,7 +26,7 @@ override_dh_auto_configure:
                --libexecdir='$${prefix}/lib' \
                --with-dynmodules="$(backends)" \
                --with-modules="" \
-               --with-system-polarssl \
+               --with-system-mbedtls \
                --with-pgsql-includes=`pg_config --includedir` \
                --enable-cryptopp \
                --enable-botan1.10 \

diff --git a/pdns/base64.cc b/pdns/base64.cc
index 68755733d50b8207732d2650fa73f2f0d03982ca..e901e9ab39e3b80a10ee97d79792ecda56d5e7b9 100644 (file)
--- a/pdns/base64.cc
+++ b/pdns/base64.cc
@@ -3,7 +3,7 @@
 #endif
 #include "base64.hh"
 #include <boost/scoped_array.hpp>
-#include <polarssl/base64.h>
+#include <mbedtls/base64.h>
 
 int B64Decode(const std::string& src, std::string& dst)
 {
@@ -12,9 +12,10 @@ int B64Decode(const std::string& src, std::string& dst)
     return 0;
   }
   size_t dlen = ( src.length() * 6 + 7 ) / 8 ;
+  size_t olen = 0;
   boost::scoped_array<unsigned char> d( new unsigned char[dlen] );
-  if ( base64_decode( d.get(), &dlen, (const unsigned char*) src.c_str(), src.length() ) == 0 ) {
-    dst = std::string( (const char*) d.get(), dlen );
+  if ( mbedtls_base64_decode( d.get(), dlen, &olen, (const unsigned char*) src.c_str(), src.length() ) == 0 ) {
+    dst = std::string( (const char*) d.get(), olen );
     return 0;
   }
   return -1;
@@ -24,9 +25,10 @@ std::string Base64Encode (const std::string& src)
 {
   if (!src.empty()) {
     size_t dlen = ( ( ( src.length() + 2 ) / 3 ) * 4 ) + 1;
+    size_t olen = 0;
     boost::scoped_array<unsigned char> dst( new unsigned char[dlen] );
-    if( base64_encode( dst.get(), &dlen, (const unsigned char*) src.c_str(), src.length() ) == 0 )
-      return std::string( (const char*) dst.get(), dlen );
+    if( mbedtls_base64_encode( dst.get(), dlen, &olen, (const unsigned char*) src.c_str(), src.length() ) == 0 )
+      return std::string( (const char*) dst.get(), olen );
   }
   return "";
 }

diff --git a/pdns/dns_random.cc b/pdns/dns_random.cc
index 34a043ef041dd03fa9565ed0a7ea0564b4c9690d..8c00949496e76e2196545ab5d694764e01a0af99 100644 (file)
--- a/pdns/dns_random.cc
+++ b/pdns/dns_random.cc
@@ -1,7 +1,7 @@
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
-#include <polarssl/aes.h>
+#include <mbedtls/aes.h>
 #include <iostream>
 #include <cstdlib>
 #include <cstring>
@@ -14,7 +14,7 @@
 
 using namespace std;
 
-static aes_context g_ctx;
+static mbedtls_aes_context g_ctx;
 static unsigned char g_counter[16], g_stream[16];
 static uint32_t g_in;
 static size_t g_offset;
@@ -24,7 +24,7 @@ static bool g_initialized;
 void dns_random_init(const char data[16])
 {
   g_offset = 0;
-  aes_setkey_enc(&g_ctx, (const unsigned char*)data, 128);
+  mbedtls_aes_setkey_enc(&g_ctx, (const unsigned char*)data, 128);
 
   struct timeval now;
   gettimeofday(&now, 0);
@@ -42,7 +42,7 @@ unsigned int dns_random(unsigned int n)
   if(!g_initialized)
     abort();
   uint32_t out;
-  aes_crypt_ctr(&g_ctx, sizeof(g_in), &g_offset, g_counter, (unsigned char*) &g_stream, (unsigned char*) &g_in, (unsigned char*) &out);
+  mbedtls_aes_crypt_ctr(&g_ctx, sizeof(g_in), &g_offset, g_counter, (unsigned char*) &g_stream, (unsigned char*) &g_in, (unsigned char*) &out);
   return out % n;
 }
 

diff --git a/pdns/dnssecinfra.cc b/pdns/dnssecinfra.cc
index 9547f7e3a489234fdd996df9a93d7691d28706cd..696a3788a7262d7df23e84d467c4f0cec15ac898 100644 (file)
--- a/pdns/dnssecinfra.cc
+++ b/pdns/dnssecinfra.cc
@@ -12,8 +12,10 @@
 #include <boost/algorithm/string.hpp>
 #include "dnssecinfra.hh" 
 #include "dnsseckeeper.hh"
-#include <polarssl/md5.h>
-#include <polarssl/sha1.h>
+#include <mbedtls/md5.h>
+#include <mbedtls/sha1.h>
+#include <mbedtls/md_internal.h>
+#include <mbedtls/md.h>
 #include <boost/assign/std/vector.hpp> // for 'operator+=()'
 #include <boost/assign/list_inserter.hpp>
 #include "base64.hh"
@@ -397,7 +399,7 @@ string hashQNameWithSalt(const NSEC3PARAMRecordContent& ns3prc, const DNSName& q
 
   for(;;) {
     toHash.append(ns3prc.d_salt);
-    sha1((unsigned char*)toHash.c_str(), toHash.length(), hash);
+    mbedtls_sha1((unsigned char*)toHash.c_str(), toHash.length(), hash);
     toHash.assign((char*)hash, sizeof(hash));
     if(!times--)
       break;
@@ -487,66 +489,41 @@ void decodeDERIntegerSequence(const std::string& input, vector<string>& output)
   }  
 }
 
-string calculateMD5HMAC(const std::string& key, const std::string& text)
-{
-  std::string res;
-  unsigned char hash[16];
-
-  md5_hmac(reinterpret_cast<const unsigned char*>(key.c_str()), key.size(), reinterpret_cast<const unsigned char*>(text.c_str()), text.size(), hash);
-  res.assign(reinterpret_cast<const char*>(hash), 16);
+string calculateHMAC(const std::string& key, const std::string& text, TSIGHashEnum hasher) {
 
-  return res;
-}
+  mbedtls_md_type_t md_type;
+  const mbedtls_md_info_t *md_info;
 
-string calculateSHAHMAC(const std::string& key, const std::string& text, TSIGHashEnum hasher)
-{
-  std::string res;
-  unsigned char hash[64];
+  unsigned char hash[MBEDTLS_MD_MAX_SIZE];
 
   switch(hasher) {
-  case TSIG_SHA1:
-  {
-      sha1_hmac(reinterpret_cast<const unsigned char*>(key.c_str()), key.size(), reinterpret_cast<const unsigned char*>(text.c_str()), text.size(), hash);
-      res.assign(reinterpret_cast<const char*>(hash), 20);
+    case TSIG_MD5:
+      md_type = MBEDTLS_MD_MD5;
       break;
-  };
-  case TSIG_SHA224:
-  {
-      sha256_hmac(reinterpret_cast<const unsigned char*>(key.c_str()), key.size(), reinterpret_cast<const unsigned char*>(text.c_str()), text.size(), hash, 1);
-      res.assign(reinterpret_cast<const char*>(hash), 28);
+    case TSIG_SHA1:
+      md_type = MBEDTLS_MD_SHA1;
       break;
-  };
-  case TSIG_SHA256:
-  {
-      sha256_hmac(reinterpret_cast<const unsigned char*>(key.c_str()), key.size(), reinterpret_cast<const unsigned char*>(text.c_str()), text.size(), hash, 0);
-      res.assign(reinterpret_cast<const char*>(hash), 32);
+    case TSIG_SHA224:
+      md_type = MBEDTLS_MD_SHA224;
       break;
-  };
-  case TSIG_SHA384:
-  {
-      sha512_hmac(reinterpret_cast<const unsigned char*>(key.c_str()), key.size(), reinterpret_cast<const unsigned char*>(text.c_str()), text.size(), hash, 1);
-      res.assign(reinterpret_cast<const char*>(hash), 48);
+    case TSIG_SHA256:
+      md_type = MBEDTLS_MD_SHA256;
       break;
-  };
-  case TSIG_SHA512:
-  {
-      sha512_hmac(reinterpret_cast<const unsigned char*>(key.c_str()), key.size(), reinterpret_cast<const unsigned char*>(text.c_str()), text.size(), hash, 0);
-      res.assign(reinterpret_cast<const char*>(hash), 64);
+    case TSIG_SHA384:
+      md_type = MBEDTLS_MD_SHA384;
       break;
-  };
-  default:
-    throw new PDNSException("Unknown hash algorithm requested for SHA");
-  };
-
-  return res;
-}
-
-string calculateHMAC(const std::string& key, const std::string& text, TSIGHashEnum hash) {
-  if (hash == TSIG_MD5) return calculateMD5HMAC(key, text);
+    case TSIG_SHA512:
+      md_type = MBEDTLS_MD_SHA512;
+      break;
+    default:
+      throw new PDNSException("Unknown hash algorithm requested from calculateHMAC()");
+  }
 
-  // add other algorithms here
+  md_info = mbedtls_md_info_from_type( md_type );
+  if( mbedtls_md_hmac( md_info, reinterpret_cast<const unsigned char*>(key.c_str()), key.size(), reinterpret_cast<const unsigned char*>(text.c_str()), text.size(), hash ) == 0 )
+    return string( (char*) hash, mbedtls_md_get_size( md_info ) );
 
-  return calculateSHAHMAC(key, text, hash);
+  return "";
 }
 
 string makeTSIGMessageFromTSIGPacket(const string& opacket, unsigned int tsigOffset, const DNSName& keyname, const TSIGRecordContent& trc, const string& previous, bool timersonly, unsigned int dnsHeaderOffset)

diff --git a/pdns/dnssecinfra.hh b/pdns/dnssecinfra.hh
index 31ff2936e25aafebcf77cc6f236682a75fac8520..5a31e3d22cd2893e9e530d717c8742217731900d 100644 (file)
--- a/pdns/dnssecinfra.hh
+++ b/pdns/dnssecinfra.hh
@@ -129,9 +129,6 @@ void decodeDERIntegerSequence(const std::string& input, vector<string>& output);
 class DNSPacket;
 void addRRSigs(DNSSECKeeper& dk, UeberBackend& db, const std::set<DNSName>& authMap, vector<DNSResourceRecord>& rrs);
 
-
-string calculateMD5HMAC(const std::string& key, const std::string& text);
-string calculateSHAHMAC(const std::string& key, const std::string& text, TSIGHashEnum hash);
 string calculateHMAC(const std::string& key, const std::string& text, TSIGHashEnum hash);
 
 string makeTSIGMessageFromTSIGPacket(const string& opacket, unsigned int tsigoffset, const DNSName& keyname, const TSIGRecordContent& trc, const string& previous, bool timersonly, unsigned int dnsHeaderOffset=0);

diff --git a/pdns/mbedtlssigners.cc b/pdns/mbedtlssigners.cc
index d40d81ec922e846565a0043f4b8841ffc02caaaf..84c9b9464e4c8caf2c6a0353b2a19b4623379476 100644 (file)
--- a/pdns/mbedtlssigners.cc
+++ b/pdns/mbedtlssigners.cc
@@ -1,19 +1,19 @@
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
-#include <polarssl/rsa.h>
-#include <polarssl/base64.h>
+#include <mbedtls/rsa.h>
+#include <mbedtls/base64.h>
 #include <sha.hh>
-#include <polarssl/entropy.h>
-#include <polarssl/ctr_drbg.h>
+#include <mbedtls/entropy.h>
+#include <mbedtls/ctr_drbg.h>
 #include <boost/assign/std/vector.hpp> // for 'operator+=()'
 #include <boost/foreach.hpp>
 #include "dnssecinfra.hh"
 using namespace boost::assign;
 
-#define PDNSSEC_MI(x) mpi_init(&d_context.x)
-#define PDNSSEC_MC(x) PDNSSEC_MI(x); mpi_copy(&d_context.x, const_cast<mpi*>(&orig.d_context.x))
-#define PDNSSEC_MF(x) mpi_free(&d_context.x)
+#define PDNSSEC_MI(x) mbedtls_mpi_init(&d_context.x)
+#define PDNSSEC_MC(x) PDNSSEC_MI(x); mbedtls_mpi_copy(&d_context.x, const_cast<mbedtls_mpi*>(&orig.d_context.x))
+#define PDNSSEC_MF(x) mbedtls_mpi_free(&d_context.x)
 
 class RSADNSCryptoKeyEngine : public DNSCryptoKeyEngine
 {
@@ -58,12 +58,12 @@ public:
     return *this;
   }
 
-  const rsa_context& getConstContext() const
+  const mbedtls_rsa_context& getConstContext() const
   {
     return d_context;
   }
 
-  rsa_context& getContext() 
+  mbedtls_rsa_context& getContext() 
   {
     return d_context;
   }
@@ -77,7 +77,7 @@ public:
   std::string getPublicKeyString() const;
   int getBits() const
   {
-    return mpi_size(&d_context.N)*8;
+    return mbedtls_mpi_size(&d_context.N)*8;
   }
   void fromISCMap(DNSKEYRecordContent& drc, std::map<std::string, std::string>& stormap);
   void fromPEMString(DNSKEYRecordContent& drc, const std::string& raw);
@@ -88,7 +88,7 @@ public:
   }
 
 private:
-  rsa_context d_context;
+  mbedtls_rsa_context d_context;
 };
 
 // see above
@@ -97,23 +97,24 @@ private:
 #undef PDNSSEC_MF
 
 
-inline bool operator<(const mpi& a, const mpi& b)
+inline bool operator<(const mbedtls_mpi& a, const mbedtls_mpi& b)
 {
-  return mpi_cmp_mpi(&a, &b) < 0;
+  return mbedtls_mpi_cmp_mpi(&a, &b) < 0;
 }
 
 
 void RSADNSCryptoKeyEngine::create(unsigned int bits)
 {
-  entropy_context entropy;
-  ctr_drbg_context ctr_drbg;
+  mbedtls_entropy_context entropy;
+  mbedtls_ctr_drbg_context ctr_drbg;
   
-  entropy_init( &entropy );
-  int ret=ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, (unsigned char *) "PowerDNS", 8);
+  mbedtls_entropy_init( &entropy );
+  mbedtls_ctr_drbg_init( &ctr_drbg );
+  int ret=mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (unsigned char *) "PowerDNS", 8);
   if(ret < 0) 
     throw runtime_error("Entropy gathering for key generation failed");
-  rsa_init(&d_context, RSA_PKCS_V15, 0); // FIXME this leaks memory (it does?)
-  ret=rsa_gen_key(&d_context, ctr_drbg_random, &ctr_drbg, bits, 65537);
+  mbedtls_rsa_init(&d_context, MBEDTLS_RSA_PKCS_V15, 0); // FIXME this leaks memory (it does?)
+  ret=mbedtls_rsa_gen_key(&d_context, mbedtls_ctr_drbg_random, &ctr_drbg, bits, 65537);
   if(ret < 0) 
     throw runtime_error("Key generation failed");
 }
@@ -121,33 +122,33 @@ void RSADNSCryptoKeyEngine::create(unsigned int bits)
 std::string RSADNSCryptoKeyEngine::getPubKeyHash() const
 {
   unsigned char hash[20];
-  unsigned char N[mpi_size(&d_context.N)];
-  mpi_write_binary(&d_context.N, N, sizeof(N));
-  unsigned char E[mpi_size(&d_context.E)];
-  mpi_write_binary(&d_context.E, E, sizeof(E));
+  unsigned char N[mbedtls_mpi_size(&d_context.N)];
+  mbedtls_mpi_write_binary(&d_context.N, N, sizeof(N));
+  unsigned char E[mbedtls_mpi_size(&d_context.E)];
+  mbedtls_mpi_write_binary(&d_context.E, E, sizeof(E));
   
-  sha1_context ctx;
-  sha1_starts(&ctx);
-  sha1_update(&ctx, N, sizeof(N));
-  sha1_update(&ctx, E, sizeof(E));
-  sha1_finish(&ctx, hash);
+  mbedtls_sha1_context ctx;
+  mbedtls_sha1_starts(&ctx);
+  mbedtls_sha1_update(&ctx, N, sizeof(N));
+  mbedtls_sha1_update(&ctx, E, sizeof(E));
+  mbedtls_sha1_finish(&ctx, hash);
   return string((char*)hash, sizeof(hash));
 }
 
 std::string RSADNSCryptoKeyEngine::sign(const std::string& msg) const
 {
   string hash = this->hash(msg);
-  unsigned char signature[mpi_size(&d_context.N)];
-  md_type_t hashKind;
+  unsigned char signature[mbedtls_mpi_size(&d_context.N)];
+  mbedtls_md_type_t hashKind;
 
   if(hash.size()==20)
-    hashKind= POLARSSL_MD_SHA1;
+    hashKind= MBEDTLS_MD_SHA1;
   else if(hash.size()==32) 
-    hashKind= POLARSSL_MD_SHA256;
+    hashKind= MBEDTLS_MD_SHA256;
   else
-    hashKind = POLARSSL_MD_SHA512;
+    hashKind = MBEDTLS_MD_SHA512;
   
-  int ret=rsa_pkcs1_sign(const_cast<rsa_context*>(&d_context), NULL, NULL, RSA_PRIVATE, 
+  int ret=mbedtls_rsa_pkcs1_sign(const_cast<mbedtls_rsa_context*>(&d_context), NULL, NULL, MBEDTLS_RSA_PRIVATE,
     hashKind,
     hash.size(),
     (const unsigned char*) hash.c_str(), signature);
@@ -161,18 +162,18 @@ std::string RSADNSCryptoKeyEngine::sign(const std::string& msg) const
 
 bool RSADNSCryptoKeyEngine::verify(const std::string& msg, const std::string& signature) const
 {
-  md_type_t hashKind;
+  mbedtls_md_type_t hashKind;
   string hash=this->hash(msg);
   if(hash.size()==20)
-    hashKind= POLARSSL_MD_SHA1;
+    hashKind= MBEDTLS_MD_SHA1;
   else if(hash.size()==32) 
-    hashKind= POLARSSL_MD_SHA256;
+    hashKind= MBEDTLS_MD_SHA256;
   else
-    hashKind = POLARSSL_MD_SHA512;
+    hashKind = MBEDTLS_MD_SHA512;
   
-  int ret=rsa_pkcs1_verify(const_cast<rsa_context*>(&d_context),
+  int ret=mbedtls_rsa_pkcs1_verify(const_cast<mbedtls_rsa_context*>(&d_context),
     NULL, NULL,
-    RSA_PUBLIC,
+    MBEDTLS_RSA_PUBLIC,
     hashKind,
     hash.size(),
     (const unsigned char*) hash.c_str(), (unsigned char*) signature.c_str());
@@ -184,17 +185,17 @@ std::string RSADNSCryptoKeyEngine::hash(const std::string& toHash) const
 {
   if(d_algorithm <= 7 ) {  // RSASHA1
     unsigned char hash[20];
-    sha1((unsigned char*)toHash.c_str(), toHash.length(), hash);
+    mbedtls_sha1((unsigned char*)toHash.c_str(), toHash.length(), hash);
     return string((char*)hash, sizeof(hash));
   } 
   else if(d_algorithm == 8) { // RSASHA256
     unsigned char hash[32];
-    sha256((unsigned char*)toHash.c_str(), toHash.length(), hash, 0);
+    mbedtls_sha256((unsigned char*)toHash.c_str(), toHash.length(), hash, 0);
     return string((char*)hash, sizeof(hash));
   } 
   else if(d_algorithm == 10) { // RSASHA512
     unsigned char hash[64];
-    sha512((unsigned char*)toHash.c_str(), toHash.length(), hash, 0);
+    mbedtls_sha512((unsigned char*)toHash.c_str(), toHash.length(), hash, 0);
     return string((char*)hash, sizeof(hash));
   }
   throw runtime_error("mbed TLS hashing method can't hash algorithm "+lexical_cast<string>(d_algorithm));
@@ -204,7 +205,7 @@ std::string RSADNSCryptoKeyEngine::hash(const std::string& toHash) const
 DNSCryptoKeyEngine::storvector_t RSADNSCryptoKeyEngine::convertToISCVector() const
 {
   storvector_t storvect;
-  typedef vector<pair<string, const mpi*> > outputs_t;
+  typedef vector<pair<string, const mbedtls_mpi*> > outputs_t;
   outputs_t outputs;
   push_back(outputs)("Modulus", &d_context.N)("PublicExponent",&d_context.E)
     ("PrivateExponent",&d_context.D)
@@ -227,8 +228,8 @@ DNSCryptoKeyEngine::storvector_t RSADNSCryptoKeyEngine::convertToISCVector() con
   storvect.push_back(make_pair("Algorithm", algorithm));
 
   BOOST_FOREACH(outputs_t::value_type value, outputs) {
-    unsigned char tmp[mpi_size(value.second)];
-    mpi_write_binary(value.second, tmp, sizeof(tmp));
+    unsigned char tmp[mbedtls_mpi_size(value.second)];
+    mbedtls_mpi_write_binary(value.second, tmp, sizeof(tmp));
     storvect.push_back(make_pair(value.first, string((char*)tmp, sizeof(tmp))));
   }
   return storvect;
@@ -239,10 +240,10 @@ void RSADNSCryptoKeyEngine::fromISCMap(DNSKEYRecordContent& drc,  std::map<std::
 {
   string sline;
   string key,value;
-  typedef map<string, mpi*> places_t;
+  typedef map<string, mbedtls_mpi*> places_t;
   places_t places;
   
-  rsa_init(&d_context, RSA_PKCS_V15, 0);
+  mbedtls_rsa_init(&d_context, MBEDTLS_RSA_PKCS_V15, 0);
 
   places["Modulus"]=&d_context.N;
   places["PublicExponent"]=&d_context.E;
@@ -258,10 +259,10 @@ void RSADNSCryptoKeyEngine::fromISCMap(DNSKEYRecordContent& drc,  std::map<std::
   string raw;
   BOOST_FOREACH(const places_t::value_type& val, places) {
     raw=stormap[toLower(val.first)];
-    mpi_read_binary(val.second, (unsigned char*) raw.c_str(), raw.length());
+    mbedtls_mpi_read_binary(val.second, (unsigned char*) raw.c_str(), raw.length());
   }
 
-  d_context.len = ( mpi_msb( &d_context.N ) + 7 ) >> 3; // no clue what this does
+  d_context.len = ( mbedtls_mpi_bitlen( &d_context.N ) + 7 ) >> 3; // no clue what this does
   drc.d_key = this->getPublicKeyString();
   drc.d_protocol=3;
 }
@@ -271,9 +272,9 @@ void RSADNSCryptoKeyEngine::fromPEMString(DNSKEYRecordContent& drc, const std::s
   vector<string> integers;
   decodeDERIntegerSequence(raw, integers);
   cerr<<"Got "<<integers.size()<<" integers"<<endl; 
-  map<int, mpi*> places;
+  map<int, mbedtls_mpi*> places;
   
-  rsa_init(&d_context, RSA_PKCS_V15, 0);
+  mbedtls_rsa_init(&d_context, MBEDTLS_RSA_PKCS_V15, 0);
 
   places[1]=&d_context.N;
   places[2]=&d_context.E;
@@ -289,7 +290,7 @@ void RSADNSCryptoKeyEngine::fromPEMString(DNSKEYRecordContent& drc, const std::s
   for(int n = 0; n < 9 ; ++n) {
     if(places.count(n)) {
       if(places[n]) {
-        mpi_read_binary(places[n], (const unsigned char*)integers[n].c_str(), integers[n].length());
+        mbedtls_mpi_read_binary(places[n], (const unsigned char*)integers[n].c_str(), integers[n].length());
         if(n==1)
           modulus=integers[n];
         if(n==2)
@@ -297,7 +298,7 @@ void RSADNSCryptoKeyEngine::fromPEMString(DNSKEYRecordContent& drc, const std::s
       }
     }
   }
-  d_context.len = ( mpi_msb( &d_context.N ) + 7 ) >> 3; // no clue what this does
+  d_context.len = ( mbedtls_mpi_bitlen( &d_context.N ) + 7 ) >> 3; // no clue what this does
 
   if(exponent.length() < 255) 
     drc.d_key.assign(1, (char) (unsigned int) exponent.length());
@@ -313,7 +314,7 @@ void RSADNSCryptoKeyEngine::fromPEMString(DNSKEYRecordContent& drc, const std::s
 
 void RSADNSCryptoKeyEngine::fromPublicKeyString(const std::string& rawString)
 {
-  rsa_init(&d_context, RSA_PKCS_V15, 0);
+  mbedtls_rsa_init(&d_context, MBEDTLS_RSA_PKCS_V15, 0);
   string exponent, modulus;
   const unsigned char* raw = (const unsigned char*)rawString.c_str();
   
@@ -324,21 +325,21 @@ void RSADNSCryptoKeyEngine::fromPublicKeyString(const std::string& rawString)
     exponent=rawString.substr(3, raw[1]*0xff + raw[2]);
     modulus = rawString.substr(3+ raw[1]*0xff + raw[2]);
   }
-  mpi_read_binary(&d_context.E, (unsigned char*)exponent.c_str(), exponent.length());   
-  mpi_read_binary(&d_context.N, (unsigned char*)modulus.c_str(), modulus.length());    
-  d_context.len = ( mpi_msb( &d_context.N ) + 7 ) >> 3; // no clue what this does
+  mbedtls_mpi_read_binary(&d_context.E, (unsigned char*)exponent.c_str(), exponent.length());   
+  mbedtls_mpi_read_binary(&d_context.N, (unsigned char*)modulus.c_str(), modulus.length());    
+  d_context.len = ( mbedtls_mpi_bitlen( &d_context.N ) + 7 ) >> 3; // no clue what this does
 }
 
 string RSADNSCryptoKeyEngine::getPublicKeyString()  const
 {
   string keystring;
-  char tmp[std::max(mpi_size(&d_context.E), mpi_size(&d_context.N))];
+  char tmp[std::max(mbedtls_mpi_size(&d_context.E), mbedtls_mpi_size(&d_context.N))];
 
-  mpi_write_binary(&d_context.E, (unsigned char*)tmp, mpi_size(&d_context.E) );
-  string exponent((char*)tmp, mpi_size(&d_context.E));
+  mbedtls_mpi_write_binary(&d_context.E, (unsigned char*)tmp, mbedtls_mpi_size(&d_context.E) );
+  string exponent((char*)tmp, mbedtls_mpi_size(&d_context.E));
 
-  mpi_write_binary(&d_context.N, (unsigned char*)tmp, mpi_size(&d_context.N) );
-  string modulus((char*)tmp, mpi_size(&d_context.N));
+  mbedtls_mpi_write_binary(&d_context.N, (unsigned char*)tmp, mbedtls_mpi_size(&d_context.N) );
+  string modulus((char*)tmp, mbedtls_mpi_size(&d_context.N));
 
   if(exponent.length() < 255) 
     keystring.assign(1, (char) (unsigned int) exponent.length());

diff --git a/pdns/md5.hh b/pdns/md5.hh
index 6dd6683dd5293f6b94f075931848395c126e02b4..aaad52f8bcf6acad4668545609eb1d833477c5e0 100644 (file)
--- a/pdns/md5.hh
+++ b/pdns/md5.hh
@@ -3,12 +3,12 @@
 
 #include <string>
 #include <stdint.h>
-#include <polarssl/md5.h>
+#include <mbedtls/md5.h>
 
 inline std::string pdns_md5sum(const std::string& input)
 {
   unsigned char result[16] = {0};
-  md5(reinterpret_cast<const unsigned char*>(input.c_str()), input.length(), result);
+  mbedtls_md5(reinterpret_cast<const unsigned char*>(input.c_str()), input.length(), result);
   return std::string(result, result + sizeof result);
 }
 

diff --git a/pdns/pkcs11signers.cc b/pdns/pkcs11signers.cc
index e16c2739773ad481f7048423832b27d1074a618b..1b2e853bf277fd13154a6a3b77378fd54149fa33 100644 (file)
--- a/pdns/pkcs11signers.cc
+++ b/pdns/pkcs11signers.cc
@@ -1,10 +1,6 @@
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
-#include <polarssl/rsa.h>
-#include <polarssl/base64.h>
-#include <polarssl/entropy.h>
-#include <polarssl/ctr_drbg.h>
 #include <boost/assign/std/vector.hpp> // for 'operator+=()'
 #include <boost/assign/list_of.hpp>
 #include <boost/make_shared.hpp>

diff --git a/pdns/sha.hh b/pdns/sha.hh
index 1b0fcf73dfba00563967089966b77393837c28b6..eff8e920a7b6f76b86fa3cc3878a6386911fdf58 100644 (file)
--- a/pdns/sha.hh
+++ b/pdns/sha.hh
@@ -3,84 +3,84 @@
 
 #include <string>
 #include <stdint.h>
-#include <polarssl/sha1.h>
-#include <polarssl/sha256.h>
-#include <polarssl/sha512.h>
+#include <mbedtls/sha1.h>
+#include <mbedtls/sha256.h>
+#include <mbedtls/sha512.h>
 
 class SHA1Summer
 {
 public:
-   SHA1Summer() { sha1_starts(&d_context); };
+   SHA1Summer() { mbedtls_sha1_starts(&d_context); };
    void feed(const std::string &str) { feed(str.c_str(), str.length()); };
-   void feed(const char *ptr, size_t len) { sha1_update(&d_context, reinterpret_cast<const unsigned char*>(ptr), len); };
+   void feed(const char *ptr, size_t len) { mbedtls_sha1_update(&d_context, reinterpret_cast<const unsigned char*>(ptr), len); };
    const std::string get() const { 
-     sha1_context ctx2;
+     mbedtls_sha1_context ctx2;
      unsigned char result[20] = {0};
      ctx2=d_context;
-     sha1_finish(&ctx2, result);
+     mbedtls_sha1_finish(&ctx2, result);
      return std::string(result, result + sizeof result);
    };
 private:
    SHA1Summer(const SHA1Summer&);
    SHA1Summer& operator=(const SHA1Summer&);
-   sha1_context d_context;
+   mbedtls_sha1_context d_context;
 };
 
 class SHA256Summer
 {
 public:
-   SHA256Summer() { sha256_starts(&d_context, 0); };
+   SHA256Summer() { mbedtls_sha256_starts(&d_context, 0); };
    void feed(const std::string &str) { feed(str.c_str(), str.length()); };
-   void feed(const char *ptr, size_t len) { sha256_update(&d_context, reinterpret_cast<const unsigned char*>(ptr), len); };
+   void feed(const char *ptr, size_t len) { mbedtls_sha256_update(&d_context, reinterpret_cast<const unsigned char*>(ptr), len); };
    const std::string get() const {
-     sha256_context ctx2;
+     mbedtls_sha256_context ctx2;
      unsigned char result[32] = {0};
      ctx2=d_context;
-     sha256_finish(&ctx2, result);
+     mbedtls_sha256_finish(&ctx2, result);
      return std::string(result, result + 32);
    };
 private:
    SHA256Summer(const SHA1Summer&);
    SHA256Summer& operator=(const SHA1Summer&);
-   sha256_context d_context;
+   mbedtls_sha256_context d_context;
 };
 
 class SHA384Summer
 {
 public:
-   SHA384Summer() { sha512_starts(&d_context, 1); };
+   SHA384Summer() { mbedtls_sha512_starts(&d_context, 1); };
    void feed(const std::string &str) { feed(str.c_str(), str.length()); };
-   void feed(const char *ptr, size_t len) { sha512_update(&d_context, reinterpret_cast<const unsigned char*>(ptr), len); };
+   void feed(const char *ptr, size_t len) { mbedtls_sha512_update(&d_context, reinterpret_cast<const unsigned char*>(ptr), len); };
    const std::string get() const {
-     sha512_context ctx2;
+     mbedtls_sha512_context ctx2;
      unsigned char result[64] = {0};
      ctx2 = d_context;
-     sha512_finish(&ctx2, result);
+     mbedtls_sha512_finish(&ctx2, result);
      return std::string(result, result + 48);
    };
 private:
    SHA384Summer(const SHA1Summer&);
    SHA384Summer& operator=(const SHA1Summer&);
-   sha512_context d_context;
+   mbedtls_sha512_context d_context;
 };
 
 class SHA512Summer
 {
 public:
-   SHA512Summer() { sha512_starts(&d_context, 0); };
+   SHA512Summer() { mbedtls_sha512_starts(&d_context, 0); };
    void feed(const std::string &str) { feed(str.c_str(), str.length()); };
-   void feed(const char *ptr, size_t len) { sha512_update(&d_context, reinterpret_cast<const unsigned char*>(ptr), len); };
+   void feed(const char *ptr, size_t len) { mbedtls_sha512_update(&d_context, reinterpret_cast<const unsigned char*>(ptr), len); };
    const std::string get() const {
-     sha512_context ctx2;
+     mbedtls_sha512_context ctx2;
      unsigned char result[64] = {0};
      ctx2=d_context;
-     sha512_finish(&ctx2, result);
+     mbedtls_sha512_finish(&ctx2, result);
      return std::string(result, result + sizeof result);
    };
 private:
    SHA512Summer(const SHA1Summer&);
    SHA512Summer& operator=(const SHA1Summer&);
-   sha512_context d_context;
+   mbedtls_sha512_context d_context;
 };
 
 #endif /* sha.hh */

diff --git a/pdns/version.cc b/pdns/version.cc
index d3a5ef356eb18a9f637268feb31542b97bc1be33..eb8f2366d14494d9741000647acfedd0994eca94 100644 (file)
--- a/pdns/version.cc
+++ b/pdns/version.cc
@@ -25,7 +25,7 @@
 #endif
 #include "logger.hh"
 #include "version.hh"
-#include <polarssl/version.h>
+#include <mbedtls/version.h>
 
 static ProductType productType;