From b54ccdb3e80506d0ab36f7b2493518a3ba9d67ec Mon Sep 17 00:00:00 2001
From: Kees Monshouwer <mind04@monshouwer.org>
Date: Sat, 15 Aug 2015 00:00:40 +0200
Subject: [PATCH] restore mbed TSL 1.3.x compatibility

---
 build-scripts/dist-recursor  |   2 +-
 pdns/Makefile.am             |  21 ++++++-
 pdns/base64.cc               |   5 ++
 pdns/dns_random.cc           |   5 ++
 pdns/dnsdistdist/Makefile.am |   1 +
 pdns/dnssecinfra.cc          |   9 ++-
 pdns/mbedtlscompat.hh        | 103 +++++++++++++++++++++++++++++++++++
 pdns/mbedtlssigners.cc       |  14 ++++-
 pdns/md5.hh                  |   5 ++
 pdns/sha.hh                  |   7 +++
 pdns/version.cc              |   7 ++-
 11 files changed, 171 insertions(+), 8 deletions(-)
 create mode 100644 pdns/mbedtlscompat.hh

diff --git a/build-scripts/dist-recursor b/build-scripts/dist-recursor
index bedf8fddf..54d424b77 100755
--- a/build-scripts/dist-recursor
+++ b/build-scripts/dist-recursor
@@ -31,7 +31,7 @@ INCLUDES="iputils.hh arguments.hh base64.hh zoneparser-tng.hh \
 rcpgenerator.hh lock.hh dnswriter.hh  dnsrecords.hh dnsparser.hh utility.hh \
 recursor_cache.hh rec_channel.hh qtype.hh misc.hh dns.hh syncres.hh \
 sstuff.hh mtasker.hh mtasker.cc lwres.hh logger.hh pdnsexception.hh \
-mplexer.hh pubsuffix.hh \
+mplexer.hh pubsuffix.hh mbedtlscompat.hh \
 dns_random.hh lua-pdns.hh lua-recursor.hh namespaces.hh \
 recpacketcache.hh base32.hh cachecleaner.hh json.hh version.hh \
 ws-recursor.hh ws-api.hh secpoll-recursor.hh \
diff --git a/pdns/Makefile.am b/pdns/Makefile.am
index 07bb26932..b1f94e0ff 100644
--- a/pdns/Makefile.am
+++ b/pdns/Makefile.am
@@ -163,6 +163,7 @@ pdns_server_SOURCES = \
 	lua-auth.cc lua-auth.hh \
 	lua-pdns.cc lua-iputils.cc \
 	mastercommunicator.cc \
+	mbedtlscompat.hh \
 	md5.hh \
 	misc.cc misc.hh \
 	nameserver.cc nameserver.hh \
@@ -279,6 +280,7 @@ pdnssec_SOURCES = \
 	gss_context.cc gss_context.hh \
 	json.cc \
 	logger.cc \
+	mbedtlscompat.hh \
 	misc.cc misc.hh \
 	nsecrecords.cc \
 	packetcache.cc \
@@ -482,6 +484,7 @@ sdig_SOURCES = \
 	dnsrecords.cc \
 	dnswriter.cc dnswriter.hh \
 	logger.cc \
+	mbedtlscompat.hh \
 	misc.cc misc.hh \
 	nsecrecords.cc \
 	qtype.cc \
@@ -505,6 +508,7 @@ calidns_SOURCES = \
 	dnswriter.cc dnswriter.hh \
 	iputils.cc \
 	logger.cc \
+	mbedtlscompat.hh \
 	misc.cc misc.hh \
 	nsecrecords.cc \
 	qtype.cc \
@@ -540,6 +544,7 @@ saxfr_SOURCES = \
 	dnswriter.cc dnswriter.hh \
 	gss_context.cc gss_context.hh \
 	logger.cc \
+	mbedtlscompat.hh \
 	misc.cc misc.hh \
 	nsecrecords.cc \
 	qtype.cc \
@@ -571,6 +576,7 @@ dnstcpbench_SOURCES = \
 	dnstcpbench.cc \
 	dnswriter.cc dnswriter.hh \
 	logger.cc \
+	mbedtlscompat.hh \
 	misc.cc misc.hh \
 	nsecrecords.cc \
 	qtype.cc \
@@ -602,6 +608,7 @@ dnsdist_SOURCES = \
 	dolog.hh \
 	iputils.cc \
 	htmlfiles.h \
+	mbedtlscompat.hh \
 	misc.cc misc.hh \
 	qtype.cc \
 	sholder.hh \
@@ -628,8 +635,9 @@ nsec3dig_SOURCES = \
 	dnsrecords.cc \
 	dnssecinfra.cc \
 	dnswriter.cc dnswriter.hh \
-        gss_context.cc gss_context.hh \
+	gss_context.cc gss_context.hh \
 	logger.cc \
+	mbedtlscompat.hh \
 	misc.cc misc.hh \
 	nsec3dig.cc \
 	nsecrecords.cc \
@@ -662,6 +670,7 @@ toysdig_SOURCES = \
 	dnswriter.cc dnswriter.hh \
 	ednssubnet.cc ednssubnet.hh \
 	logger.cc \
+	mbedtlscompat.hh \
 	misc.cc misc.hh \
 	nsecrecords.cc \
 	qtype.cc \
@@ -689,6 +698,7 @@ tsig_tests_SOURCES = \
 	dnswriter.cc dnswriter.hh \
 	gss_context.cc gss_context.hh \
 	logger.cc \
+	mbedtlscompat.hh \
 	misc.cc misc.hh \
 	nsecrecords.cc \
 	qtype.cc \
@@ -720,6 +730,7 @@ speedtest_SOURCES = \
 	dnsrecords.cc \
 	dnswriter.cc dnswriter.hh \
 	logger.cc \
+	mbedtlscompat.hh \
 	misc.cc misc.hh \
 	nsecrecords.cc \
 	qtype.cc \
@@ -784,6 +795,7 @@ dnsscan_SOURCES = \
 	dnsscan.cc \
 	dnswriter.cc dnswriter.hh \
 	logger.cc \
+	mbedtlscompat.hh \
 	misc.cc \
 	nsecrecords.cc \
 	qtype.cc \
@@ -807,6 +819,7 @@ dnsreplay_SOURCES = \
 	dnsreplay.cc \
 	dnswriter.cc dnswriter.hh \
 	logger.cc \
+	mbedtlscompat.hh \
 	misc.cc \
 	nsecrecords.cc \
 	qtype.cc \
@@ -833,6 +846,7 @@ nproxy_SOURCES = \
 	dnsrecords.cc \
 	dnswriter.cc dnswriter.hh \
 	logger.cc \
+	mbedtlscompat.hh \
 	misc.cc \
 	mplexer.hh \
 	nproxy.cc \
@@ -863,6 +877,7 @@ notify_SOURCES = \
 	dnsrecords.cc \
 	dnswriter.cc dnswriter.hh \
 	logger.cc \
+	mbedtlscompat.hh \
 	misc.cc \
 	notify.cc \
 	nsecrecords.cc \
@@ -894,6 +909,7 @@ dnsscope_SOURCES = \
 	dnsscope.cc \
 	dnswriter.cc dnswriter.hh \
 	logger.cc \
+	mbedtlscompat.hh \
 	misc.cc \
 	nsecrecords.cc \
 	qtype.cc \
@@ -922,6 +938,7 @@ dnsgram_SOURCES = \
 	dnsrecords.cc \
 	dnswriter.cc dnswriter.hh \
 	logger.cc \
+	mbedtlscompat.hh \
 	misc.cc \
 	nsecrecords.cc \
 	qtype.cc \
@@ -944,6 +961,7 @@ dnsdemog_SOURCES = \
 	dnsrecords.cc \
 	dnswriter.cc dnswriter.hh \
 	logger.cc \
+	mbedtlscompat.hh \
 	misc.cc \
 	nsecrecords.cc \
 	qtype.cc \
@@ -1058,6 +1076,7 @@ pdns_recursor_SOURCES = \
 	lua-pdns.cc lua-pdns.hh lua-iputils.cc \
 	lua-recursor.cc lua-recursor.hh \
 	lwres.cc lwres.hh \
+	mbedtlscompat.hh \
 	misc.cc \
 	mtasker.hh \
 	nsecrecords.cc \
diff --git a/pdns/base64.cc b/pdns/base64.cc
index e901e9ab3..797b27790 100644
--- a/pdns/base64.cc
+++ b/pdns/base64.cc
@@ -3,7 +3,12 @@
 #endif
 #include "base64.hh"
 #include <boost/scoped_array.hpp>
+#ifdef HAVE_MBEDTLS2
 #include <mbedtls/base64.h>
+#else
+#include <polarssl/base64.h>
+#include "mbedtlscompat.hh"
+#endif
 
 int B64Decode(const std::string& src, std::string& dst)
 {
diff --git a/pdns/dns_random.cc b/pdns/dns_random.cc
index 8c0094949..b25b1a1c1 100644
--- a/pdns/dns_random.cc
+++ b/pdns/dns_random.cc
@@ -1,7 +1,12 @@
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
+#ifdef HAVE_MBEDTLS2
 #include <mbedtls/aes.h>
+#else
+#include <polarssl/aes.h>
+#include "mbedtlscompat.hh"
+#endif
 #include <iostream>
 #include <cstdlib>
 #include <cstring>
diff --git a/pdns/dnsdistdist/Makefile.am b/pdns/dnsdistdist/Makefile.am
index 4ac277eac..2b2ac8d33 100644
--- a/pdns/dnsdistdist/Makefile.am
+++ b/pdns/dnsdistdist/Makefile.am
@@ -39,6 +39,7 @@ dnsdist_SOURCES = \
 	dnswriter.cc dnswriter.hh \
 	dolog.hh \
 	iputils.cc iputils.hh \
+	mbedtlscompat.hh \
 	misc.cc misc.hh \
 	htmlfiles.h \
 	namespaces.hh \
diff --git a/pdns/dnssecinfra.cc b/pdns/dnssecinfra.cc
index 696a3788a..8246943f4 100644
--- a/pdns/dnssecinfra.cc
+++ b/pdns/dnssecinfra.cc
@@ -12,10 +12,15 @@
 #include <boost/algorithm/string.hpp>
 #include "dnssecinfra.hh" 
 #include "dnsseckeeper.hh"
-#include <mbedtls/md5.h>
-#include <mbedtls/sha1.h>
+#ifdef HAVE_MBEDTLS2
 #include <mbedtls/md_internal.h>
 #include <mbedtls/md.h>
+#else
+#include <polarssl/md5.h>
+#include <polarssl/sha1.h>
+#include <polarssl/md.h>
+#include "mbedtlscompat.hh"
+#endif
 #include <boost/assign/std/vector.hpp> // for 'operator+=()'
 #include <boost/assign/list_inserter.hpp>
 #include "base64.hh"
diff --git a/pdns/mbedtlscompat.hh b/pdns/mbedtlscompat.hh
new file mode 100644
index 000000000..9ed90327e
--- /dev/null
+++ b/pdns/mbedtlscompat.hh
@@ -0,0 +1,103 @@
+#define MBEDTLS_VERSION_STRING POLARSSL_VERSION_STRING
+
+#define MBEDTLS_MD_MAX_SIZE POLARSSL_MD_MAX_SIZE
+#define MBEDTLS_MD_MD5 POLARSSL_MD_MD5 
+#define MBEDTLS_MD_SHA1 POLARSSL_MD_SHA1
+#define MBEDTLS_MD_SHA224 POLARSSL_MD_SHA224 
+#define MBEDTLS_MD_SHA256 POLARSSL_MD_SHA256 
+#define MBEDTLS_MD_SHA384 POLARSSL_MD_SHA384 
+#define MBEDTLS_MD_SHA512 POLARSSL_MD_SHA512
+
+#define MBEDTLS_RSA_PKCS_V15 RSA_PKCS_V15
+#define MBEDTLS_RSA_PRIVATE RSA_PRIVATE
+#define MBEDTLS_RSA_PUBLIC RSA_PUBLIC
+
+
+// Types
+#define mbedtls_aes_context aes_context
+
+#define mbedtls_sha1_context sha1_context
+#define mbedtls_sha256_context sha256_context
+#define mbedtls_sha512_context sha512_context
+
+#ifdef POLARSSL_MD_H
+typedef md_info_t mbedtls_md_info_t;
+typedef md_type_t mbedtls_md_type_t;
+#endif
+
+#define mbedtls_entropy_context entropy_context
+
+#define mbedtls_ctr_drbg_context ctr_drbg_context
+
+#define mbedtls_rsa_context rsa_context
+
+#define mbedtls_mpi mpi
+
+
+// Functions macro
+#define mbedtls_aes_crypt_ctr aes_crypt_ctr
+#define mbedtls_aes_setkey_enc aes_setkey_enc
+
+#define mbedtls_sha1 sha1 
+#define mbedtls_sha1_starts sha1_starts
+#define mbedtls_sha1_update sha1_update
+#define mbedtls_sha1_finish sha1_finish 
+
+#define mbedtls_sha256 sha256
+#define mbedtls_sha256_starts sha256_starts
+#define mbedtls_sha256_update sha256_update
+#define mbedtls_sha256_finish sha256_finish 
+
+#define mbedtls_sha512 sha512
+#define mbedtls_sha512_starts sha512_starts
+#define mbedtls_sha512_update sha512_update
+#define mbedtls_sha512_finish sha512_finish 
+
+#define mbedtls_md_hmac md_hmac
+#define mbedtls_md_get_size md_get_size
+#define mbedtls_md_info_from_type md_info_from_type
+
+#define mbedtls_md5 md5
+
+#define mbedtls_mpi_init mpi_init
+#define mbedtls_mpi_size mpi_size
+#define mbedtls_mpi_free mpi_free
+
+#define mbedtls_entropy_init entropy_init
+#define mbedtls_entropy_func entropy_func
+
+#define mbedtls_ctr_drbg_init
+#define mbedtls_ctr_drbg_seed ctr_drbg_init
+#define mbedtls_ctr_drbg_random ctr_drbg_random
+
+#define mbedtls_rsa_init rsa_init
+#define mbedtls_rsa_gen_key rsa_gen_key
+#define mbedtls_rsa_pkcs1_sign rsa_pkcs1_sign
+#define mbedtls_rsa_pkcs1_verify rsa_pkcs1_verify
+
+#define mbedtls_mpi_copy mpi_copy
+#define mbedtls_mpi_cmp_mpi mpi_cmp_mpi
+#define mbedtls_mpi_bitlen mpi_msb
+#define mbedtls_mpi_write_binary mpi_write_binary
+#define mbedtls_mpi_read_binary mpi_read_binary
+
+
+// Functions
+#ifdef POLARSSL_BASE64_H
+#ifndef COMPAT_BASE64
+#define COMPAT_BASE64
+
+inline int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, const unsigned char *src, size_t slen ) {
+  int ret = base64_decode( dst, &dlen, src, slen );
+  *olen = dlen;
+  return ret;
+}
+
+inline int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen, const unsigned char *src, size_t slen ) {
+  int ret = base64_encode( dst, &dlen, src, slen );
+  *olen = dlen;
+  return ret;
+}
+
+#endif
+#endif
diff --git a/pdns/mbedtlssigners.cc b/pdns/mbedtlssigners.cc
index 84c9b9464..2dc101759 100644
--- a/pdns/mbedtlssigners.cc
+++ b/pdns/mbedtlssigners.cc
@@ -1,13 +1,21 @@
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
-#include <mbedtls/rsa.h>
-#include <mbedtls/base64.h>
-#include <sha.hh>
+#ifdef HAVE_MBEDTLS2
 #include <mbedtls/entropy.h>
 #include <mbedtls/ctr_drbg.h>
+#include <mbedtls/rsa.h>
+#include <mbedtls/base64.h>
+#else
+#include <polarssl/entropy.h>
+#include <polarssl/ctr_drbg.h>
+#include <polarssl/rsa.h>
+#include <polarssl/base64.h>
+#include "mbedtlscompat.hh"
+#endif
 #include <boost/assign/std/vector.hpp> // for 'operator+=()'
 #include <boost/foreach.hpp>
+#include "sha.hh"
 #include "dnssecinfra.hh"
 using namespace boost::assign;
 
diff --git a/pdns/md5.hh b/pdns/md5.hh
index aaad52f8b..a193a2a3f 100644
--- a/pdns/md5.hh
+++ b/pdns/md5.hh
@@ -3,7 +3,12 @@
 
 #include <string>
 #include <stdint.h>
+#ifdef HAVE_MBEDTLS2
 #include <mbedtls/md5.h>
+#else
+#include <polarssl/md5.h>
+#include "mbedtlscompat.hh"
+#endif
 
 inline std::string pdns_md5sum(const std::string& input)
 {
diff --git a/pdns/sha.hh b/pdns/sha.hh
index eff8e920a..0751f0cd9 100644
--- a/pdns/sha.hh
+++ b/pdns/sha.hh
@@ -3,9 +3,16 @@
 
 #include <string>
 #include <stdint.h>
+#ifdef HAVE_MBEDTLS2
 #include <mbedtls/sha1.h>
 #include <mbedtls/sha256.h>
 #include <mbedtls/sha512.h>
+#else
+#include <polarssl/sha1.h>
+#include <polarssl/sha256.h>
+#include <polarssl/sha512.h>
+#include "mbedtlscompat.hh"
+#endif
 
 class SHA1Summer
 {
diff --git a/pdns/version.cc b/pdns/version.cc
index eb8f2366d..2c0359da6 100644
--- a/pdns/version.cc
+++ b/pdns/version.cc
@@ -25,7 +25,12 @@
 #endif
 #include "logger.hh"
 #include "version.hh"
+#ifdef HAVE_MBEDTLS2
 #include <mbedtls/version.h>
+#else
+#include <polarssl/version.h>
+#include "mbedtlscompat.hh"
+#endif
 
 static ProductType productType;
 
@@ -115,7 +120,7 @@ void showBuildConfiguration()
   theL()<<Logger::Warning<<"Built-in modules: "<<PDNS_MODULES<<endl;
 #endif
 #ifndef MBEDTLS_SYSTEM
-  theL()<<Logger::Warning<<"Built-in mbed TLS: "<<POLARSSL_VERSION_STRING<<endl;
+  theL()<<Logger::Warning<<"Built-in mbed TLS: "<<MBEDTLS_VERSION_STRING<<endl;
 #endif
 #ifdef PDNS_CONFIG_ARGS
 #define double_escape(s) #s
-- 
2.40.0