Copyright: 2011 Milo Yip
License: Expat
-Files: pdns/ext/polarssl*
+Files: pdns/ext/mbedtls/*
Copyright (C) 2006-2014, ARM Limited
License: GPL-2+
Copyright: 2011 Milo Yip
License: Expat
-Files: pdns/ext/polarssl*
+Files: pdns/ext/mbedtls/*
Copyright (C) 2006-2014, ARM Limited
License: GPL-2+
AC_SUBST([DYNLINKFLAGS], [-export-dynamic])
PDNS_ENABLE_VERBOSE_LOGGING
-PDNS_WITH_SYSTEM_POLARSSL
+PDNS_WITH_SYSTEM_MBEDTLS
PDNS_ENABLE_BOTAN
PDNS_ENABLE_PKCS11
PDNS_WITH_CRYPTOPP
PowerDNS does not itself implement any cryptographic algorithms but relies on third party implementations of AES, RSA, ECDSA, GOST, MD5 and various SHA-based hashing algorithms.
-Furthermore, RSA, MD5 and the SHA-based algorithms are supplied as a copy of [PolarSSL](http://www.polarssl.org/).
+Furthermore, RSA, MD5 and the SHA-based algorithms are supplied as a copy of [mbed TLS](https://tls.mbed.org/).
Optionally, PowerDNS can link in a copy of the open source [Botan](http://botan.randombits.org/) cryptographic library.
Optionally, PowerDNS can link in a copy of the open source [Crypto++](http://www.cryptopp.com/) library.
+Optionally, PowerDNS can link in a copy of the open source [Sodium](https://libsodium.org/) library.
+
## Specific United States Export Control Notes
PowerDNS is not "US Origin" software. For re-export, like most open source,
SUBDIRS = \
- $(POLARSSL_SUBDIR) \
+ $(MBEDTLS_SUBDIR) \
yahttp \
rapidjson \
json11
--- /dev/null
+AC_DEFUN([PDNS_WITH_SYSTEM_MBEDTLS],[
+ AC_ARG_WITH([system-mbedtls],
+ [AS_HELP_STRING([--with-system-mbedtls], [use system mbedt TLS @<:@default=no@:>@])],
+ [],
+ [with_system_mbedtls=no],
+ )
+
+ MBEDTLS_SUBDIR=mbedtls
+ MBEDTLS_CFLAGS=-I\$\(top_srcdir\)/ext/$MBEDTLS_SUBDIR/include/
+ MBEDTLS_LIBS="-L\$(top_builddir)/ext/$MBEDTLS_SUBDIR/library/ -lpolarssl"
+
+ AS_IF([test "x$with_system_mbedtls" = "xyes"],[
+ OLD_LIBS=$LIBS
+ LIBS=""
+ AC_SEARCH_LIBS([sha1_hmac], [mbedtls polarssl],[
+ MBEDTLS_LIBS=$LIBS
+ AC_MSG_CHECKING([for mbed TLS/PolarSSL version >= 1.3])
+ AC_COMPILE_IFELSE([
+ AC_LANG_PROGRAM(
+ [[#include <polarssl/version.h>]],
+ [[
+ #if POLARSSL_VERSION_NUMBER < 0x01030000
+ #error invalid version
+ #endif
+ ]]
+ )],
+ [have_system_mbedtls=yes],
+ [have_system_mbedtls=no]
+ )
+ AC_MSG_RESULT([$have_system_mbedtls])
+ ],
+ [have_system_mbedtls=no]
+ )
+ LIBS=$OLD_LIBS
+ ],
+ [have_system_mbedtls=no]
+ )
+
+ AS_IF([test "x$have_system_mbedtls" = "xyes"],[
+ MBEDTLS_CFLAGS=
+ MBEDTLS_SUBDIR=
+ AC_DEFINE([POLARSSL_SYSTEM], [1], [Defined if system mbed TLS is used])
+ ],[
+ AS_IF([test "x$with_system_mbedtls" = "xyes"],[
+ AC_MSG_ERROR([use of system mbedtls requested but not found])]
+ )]
+ )
+
+ AC_SUBST(MBEDTLS_CFLAGS)
+ AC_SUBST(MBEDTLS_LIBS)
+ AC_SUBST(MBEDTLS_SUBDIR)
+]
+)
+
+++ /dev/null
-AC_DEFUN([PDNS_WITH_SYSTEM_POLARSSL],[
- AC_ARG_WITH([system-polarssl],
- [AS_HELP_STRING([--with-system-polarssl], [use system PolarSSL @<:@default=no@:>@])],
- [],
- [with_system_polarssl=no],
- )
-
- POLARSSL_SUBDIR=mbedtls
- POLARSSL_CFLAGS=-I\$\(top_srcdir\)/ext/$POLARSSL_SUBDIR/include/
- POLARSSL_LIBS="-L\$(top_builddir)/ext/$POLARSSL_SUBDIR/library/ -lpolarssl"
-
- AS_IF([test "x$with_system_polarssl" = "xyes"],[
- OLD_LIBS=$LIBS
- LIBS=""
- AC_SEARCH_LIBS([sha1_hmac], [mbedtls polarssl],[
- POLARSSL_LIBS=$LIBS
- AC_MSG_CHECKING([for PolarSSL version >= 1.3])
- AC_COMPILE_IFELSE([
- AC_LANG_PROGRAM(
- [[#include <polarssl/version.h>]],
- [[
- #if POLARSSL_VERSION_NUMBER < 0x01030000
- #error invalid version
- #endif
- ]]
- )],
- [have_system_polarssl=yes],
- [have_system_polarssl=no]
- )
- AC_MSG_RESULT([$have_system_polarssl])
- ],
- [have_system_polarssl=no]
- )
- LIBS=$OLD_LIBS
- ],
- [have_system_polarssl=no]
- )
-
- AS_IF([test "x$have_system_polarssl" = "xyes"],[
- POLARSSL_CFLAGS=
- POLARSSL_SUBDIR=
- AC_DEFINE([POLARSSL_SYSTEM], [1], [Defined if system PolarSSL is used])
- ],[
- AS_IF([test "x$with_system_polarssl" = "xyes"],[
- AC_MSG_ERROR([use of system polarssl requested but not found])]
- )]
- )
-
- AC_SUBST(POLARSSL_CFLAGS)
- AC_SUBST(POLARSSL_LIBS)
- AC_SUBST(POLARSSL_SUBDIR)
-]
-)
-
pkglib_LTLIBRARIES = libbindbackend.la
-AM_CPPFLAGS += -I../../pdns $(POLARSSL_CFLAGS)
+AM_CPPFLAGS += -I../../pdns $(MBEDTLS_CFLAGS)
AM_LFLAGS = -i
AM_YFLAGS = -d --verbose --debug
-AM_CPPFLAGS += $(ORACLE_CFLAGS) $(POLARSSL_CFLAGS)
+AM_CPPFLAGS += $(ORACLE_CFLAGS) $(MBEDTLS_CFLAGS)
pkglib_LTLIBRARIES = libgoraclebackend.la
AM_CPPFLAGS += \
-I$(top_srcdir)/ext/rapidjson/include \
$(YAHTTP_CFLAGS) \
- $(POLARSSL_CFLAGS) \
+ $(MBEDTLS_CFLAGS) \
$(LIBZMQ_CFLAGS)
AM_LDFLAGS = $(THREADFLAGS)
libtestremotebackend_la_LIBADD = \
$(YAHTTP_LIBS) \
- $(POLARSSL_LIBS) \
+ $(MBEDTLS_LIBS) \
$(BOOST_UNIT_TEST_FRAMEWORK_LIBS) \
$(BOOST_SERIALIZATION_LIBS) \
$(BOOST_PROGRAM_OPTIONS_LIBS) \
-I$(top_srcdir)/ext/json11 \
-I$(top_srcdir)/ext/rapidjson/include \
$(YAHTTP_CFLAGS) \
- $(POLARSSL_CFLAGS)
+ $(MBEDTLS_CFLAGS)
AM_CXXFLAGS = \
-DSYSCONFDIR=\"$(sysconfdir)\" \
packetcache.cc packetcache.hh \
packethandler.cc packethandler.hh \
pdnsexception.hh \
- polarrsakeyinfra.cc \
+ mbedtlssigners.cc \
qtype.cc qtype.hh \
randomhelper.cc \
rcpgenerator.cc \
@moduleobjects@ \
@modulelibs@ \
$(LIBDL) \
- $(POLARSSL_LIBS) \
+ $(MBEDTLS_LIBS) \
$(BOOST_SERIALIZATION_LIBS) \
$(YAHTTP_LIBS)
nsecrecords.cc \
packetcache.cc \
pdnssec.cc \
- polarrsakeyinfra.cc \
+ mbedtlssigners.cc \
qtype.cc \
randomhelper.cc \
rcpgenerator.cc rcpgenerator.hh \
@moduleobjects@ \
@modulelibs@ \
$(LIBDL) \
- $(POLARSSL_LIBS) \
+ $(MBEDTLS_LIBS) \
$(BOOST_PROGRAM_OPTIONS_LIBS) \
$(BOOST_SERIALIZATION_LIBS) \
$(YAHTTP_LIBS)
zone2sql.cc \
zoneparser-tng.cc
-zone2sql_LDADD = $(POLARSSL_LIBS)
+zone2sql_LDADD = $(MBEDTLS_LIBS)
zone2json_SOURCES = \
arguments.cc \
zone2json.cc \
zoneparser-tng.cc
-zone2json_LDADD = $(POLARSSL_LIBS) -L$(top_srcdir)/ext/json11 -ljson11
+zone2json_LDADD = $(MBEDTLS_LIBS) -L$(top_srcdir)/ext/json11 -ljson11
# pkglib_LTLIBRARIES = iputils.la
# iputils_la_SOURCES = lua-iputils.cc
zone2ldap.cc \
zoneparser-tng.cc
-zone2ldap_LDADD = $(POLARSSL_LIBS)
+zone2ldap_LDADD = $(MBEDTLS_LIBS)
if LMDB
bin_PROGRAMS += zone2lmdb
zoneparser-tng.cc
zone2lmdb_LDADD = \
- $(POLARSSL_LIBS) \
+ $(MBEDTLS_LIBS) \
$(LMDB_LIBS)
endif
statbag.cc \
unix_utility.cc
-sdig_LDADD = $(POLARSSL_LIBS)
+sdig_LDADD = $(MBEDTLS_LIBS)
calidns_SOURCES = \
base32.cc \
statbag.cc \
unix_utility.cc
-calidns_LDADD = $(POLARSSL_LIBS)
+calidns_LDADD = $(MBEDTLS_LIBS)
calidns_LDFLAGS=$(THREADFLAGS)
dumresp_SOURCES = \
statbag.cc \
unix_utility.cc
-saxfr_LDADD = $(POLARSSL_LIBS)
+saxfr_LDADD = $(MBEDTLS_LIBS)
if PKCS11
saxfr_SOURCES += pkcs11signers.cc pkcs11signers.hh
$(BOOST_PROGRAM_OPTIONS_LDFLAGS)
dnstcpbench_LDADD = \
- $(POLARSSL_LIBS) \
+ $(MBEDTLS_LIBS) \
$(BOOST_PROGRAM_OPTIONS_LIBS)
dnsdist_SOURCES = \
statbag.cc \
unix_utility.cc
-nsec3dig_LDADD = $(POLARSSL_LIBS)
+nsec3dig_LDADD = $(MBEDTLS_LIBS)
if PKCS11
nsec3dig_SOURCES += pkcs11signers.cc pkcs11signers.hh
toysdig.cc \
unix_utility.cc
-toysdig_LDADD = $(POLARSSL_LIBS)
+toysdig_LDADD = $(MBEDTLS_LIBS)
tsig_tests_SOURCES = \
arguments.cc \
tsig-tests.cc \
unix_utility.cc
-tsig_tests_LDADD = $(POLARSSL_LIBS)
+tsig_tests_LDADD = $(MBEDTLS_LIBS)
if PKCS11
tsig_tests_SOURCES += pkcs11signers.cc pkcs11signers.hh
statbag.cc \
unix_utility.cc
-speedtest_LDADD = $(POLARSSL_LIBS) \
+speedtest_LDADD = $(MBEDTLS_LIBS) \
$(RT_LIBS)
dnswasher_SOURCES = \
$(BOOST_PROGRAM_OPTIONS_LDFLAGS)
dnsbulktest_LDADD = \
- $(POLARSSL_LIBS) \
+ $(MBEDTLS_LIBS) \
$(BOOST_PROGRAM_OPTIONS_LIBS)
dnsscan_SOURCES = \
unix_utility.cc \
utility.hh
-dnsscan_LDADD = $(POLARSSL_LIBS)
+dnsscan_LDADD = $(MBEDTLS_LIBS)
dnsreplay_SOURCES = \
anadns.hh \
$(BOOST_PROGRAM_OPTIONS_LDFLAGS)
dnsreplay_LDADD = \
- $(POLARSSL_LIBS) \
+ $(MBEDTLS_LIBS) \
$(BOOST_PROGRAM_OPTIONS_LIBS)
nproxy_SOURCES = \
$(BOOST_PROGRAM_OPTIONS_LDFLAGS)
nproxy_LDADD = \
- $(POLARSSL_LIBS) \
+ $(MBEDTLS_LIBS) \
$(BOOST_PROGRAM_OPTIONS_LIBS)
notify_SOURCES = \
$(BOOST_PROGRAM_OPTIONS_LDFLAGS)
notify_LDADD = \
- $(POLARSSL_LIBS) \
+ $(MBEDTLS_LIBS) \
$(BOOST_PROGRAM_OPTIONS_LIBS)
dnsscope_SOURCES = \
$(BOOST_PROGRAM_OPTIONS_LDFLAGS)
dnsscope_LDADD = \
- $(POLARSSL_LIBS) \
+ $(MBEDTLS_LIBS) \
$(BOOST_PROGRAM_OPTIONS_LIBS)
dnsgram_SOURCES = \
unix_utility.cc \
utility.hh
-dnsgram_LDADD = $(POLARSSL_LIBS)
+dnsgram_LDADD = $(MBEDTLS_LIBS)
dnsdemog_SOURCES = \
base32.cc \
unix_utility.cc \
utility.hh
-dnsdemog_LDADD = $(POLARSSL_LIBS)
+dnsdemog_LDADD = $(MBEDTLS_LIBS)
rec_control_SOURCES = \
arguments.cc arguments.hh \
$(BOOST_SERIALIZATION_LDFLAGS)
testrunner_LDADD = \
- $(POLARSSL_LIBS) \
+ $(MBEDTLS_LIBS) \
$(BOOST_UNIT_TEST_FRAMEWORK_LIBS) \
$(BOOST_SERIALIZATION_LIBS) \
$(RT_LIBS) \
zoneparser-tng.cc zoneparser-tng.hh
pdns_recursor_LDADD = \
- $(POLARSSL_LIBS) \
+ $(MBEDTLS_LIBS) \
$(YAHTTP_LIBS)
if LUA
class RSADNSCryptoKeyEngine : public DNSCryptoKeyEngine
{
public:
- string getName() const { return "PolarSSL RSA"; }
+ string getName() const { return "mbedTLS RSA"; }
explicit RSADNSCryptoKeyEngine(unsigned int algorithm) : DNSCryptoKeyEngine(algorithm)
{
RSADNSCryptoKeyEngine(const RSADNSCryptoKeyEngine& orig) : DNSCryptoKeyEngine(orig.d_algorithm)
{
- // this part is a little bit scary.. we make a 'deep copy' of an RSA state, and polarssl isn't helping us so we delve into thr struct
+ // this part is a little bit scary.. we make a 'deep copy' of an RSA state, and mbedtls isn't helping us so we delve into thr struct
d_context.ver = orig.d_context.ver;
d_context.len = orig.d_context.len;
sha512((unsigned char*)toHash.c_str(), toHash.length(), hash, 0);
return string((char*)hash, sizeof(hash));
}
- throw runtime_error("PolarSSL hashing method can't hash algorithm "+lexical_cast<string>(d_algorithm));
+ throw runtime_error("mbed TLS hashing method can't hash algorithm "+lexical_cast<string>(d_algorithm));
}
DNSCryptoKeyEngine::report(8, &RSADNSCryptoKeyEngine::maker, true);
DNSCryptoKeyEngine::report(10, &RSADNSCryptoKeyEngine::maker, true);
}
-} loaderPolar;
+} loaderMbed;
}
// Auth only
theL()<<Logger::Warning<<"Built-in modules: "<<PDNS_MODULES<<endl;
#endif
-#ifndef POLARSSL_SYSTEM
- theL()<<Logger::Warning<<"Built-in PolarSSL: "<<POLARSSL_VERSION_STRING<<endl;
+#ifndef MBEDTLS_SYSTEM
+ theL()<<Logger::Warning<<"Built-in mbed TLS: "<<POLARSSL_VERSION_STRING<<endl;
#endif
#ifdef PDNS_CONFIG_ARGS
#define double_escape(s) #s