100-replace_polarssl_with_mbedtls.patch 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395
  1. diff --git a/common.c b/common.c
  2. index bf72127..2d4739e 100644
  3. --- a/common.c
  4. +++ b/common.c
  5. @@ -54,17 +54,14 @@
  6. #include <openssl/buffer.h>
  7. #endif
  8. -#ifdef HAVE_LIBPOLARSSL
  9. -#include <polarssl/version.h>
  10. -#include <polarssl/base64.h>
  11. -#include <polarssl/x509.h>
  12. -#include <polarssl/md.h>
  13. -#include "polarssl/entropy.h"
  14. -#include "polarssl/ctr_drbg.h"
  15. -
  16. -#if POLARSSL_VERSION_NUMBER >= 0x01030000
  17. -#include "polarssl/compat-1.2.h"
  18. -#endif
  19. +#ifdef HAVE_LIBMBEDTLS
  20. +#include <mbedtls/version.h>
  21. +#include <mbedtls/base64.h>
  22. +#include <mbedtls/x509.h>
  23. +#include <mbedtls/md.h>
  24. +#include "mbedtls/entropy.h"
  25. +#include "mbedtls/ctr_drbg.h"
  26. +
  27. #endif
  28. #include "common.h"
  29. @@ -126,16 +123,16 @@ void inform(char *format, ...) {
  30. daemon_log(LOG_INFO, "%s", s);
  31. }
  32. -#ifdef HAVE_LIBPOLARSSL
  33. +#ifdef HAVE_LIBMBEDTLS
  34. char *base64_enc(uint8_t *input, int length) {
  35. char *buf = NULL;
  36. size_t dlen = 0;
  37. - int rc = base64_encode(NULL, &dlen, input, length);
  38. - if (rc && (rc != POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL))
  39. + int rc = mbedtls_base64_encode(NULL, 0, &dlen, input, length);
  40. + if (rc && (rc != MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL))
  41. debug(1, "Error %d getting length of base64 encode.", rc);
  42. else {
  43. buf = (char *)malloc(dlen);
  44. - rc = base64_encode((unsigned char *)buf, &dlen, input, length);
  45. + rc = mbedtls_base64_encode((unsigned char *)buf, dlen, &dlen, input, length);
  46. if (rc != 0)
  47. debug(1, "Error %d encoding base64.", rc);
  48. }
  49. @@ -156,10 +153,10 @@ uint8_t *base64_dec(char *input, int *outlen) {
  50. else {
  51. strcpy(inbuf, input);
  52. strcat(inbuf, "===");
  53. - // debug(1,"base64_dec called with string \"%s\", length %d, filled string: \"%s\", length
  54. - // %d.",input,strlen(input),inbuf,inbufsize);
  55. - int rc = base64_decode(buf, &dlen, (unsigned char *)inbuf, inbufsize);
  56. - if (rc && (rc != POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL))
  57. + // debug(1,"base64_dec called with string \"%s\", length %d, filled string: \"%s\", length %d.",
  58. + // input,strlen(input),inbuf,inbufsize);
  59. + int rc = mbedtls_base64_decode(NULL, 0, &dlen, (unsigned char *)inbuf, inbufsize);
  60. + if (rc && (rc != MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL))
  61. debug(1, "Error %d getting decode length, result is %d.", rc, dlen);
  62. else {
  63. // debug(1,"Decode size is %d.",dlen);
  64. @@ -167,7 +164,7 @@ uint8_t *base64_dec(char *input, int *outlen) {
  65. if (buf == 0)
  66. debug(1, "Can't allocate memory in base64_dec.");
  67. else {
  68. - rc = base64_decode(buf, &dlen, (unsigned char *)inbuf, inbufsize);
  69. + rc = mbedtls_base64_decode(buf, dlen, &dlen, (unsigned char *)inbuf, inbufsize);
  70. if (rc != 0)
  71. debug(1, "Error %d in base64_dec.", rc);
  72. }
  73. @@ -280,58 +277,59 @@ uint8_t *rsa_apply(uint8_t *input, int inlen, int *outlen, int mode) {
  74. }
  75. #endif
  76. -#ifdef HAVE_LIBPOLARSSL
  77. +#ifdef HAVE_LIBMBEDTLS
  78. uint8_t *rsa_apply(uint8_t *input, int inlen, int *outlen, int mode) {
  79. - rsa_context trsa;
  80. + mbedtls_pk_context pkctx;
  81. + mbedtls_rsa_context *trsa;
  82. const char *pers = "rsa_encrypt";
  83. + size_t olen = *outlen;
  84. int rc;
  85. - entropy_context entropy;
  86. - ctr_drbg_context ctr_drbg;
  87. - entropy_init(&entropy);
  88. - if ((rc = ctr_drbg_init(&ctr_drbg, entropy_func, &entropy, (const unsigned char *)pers,
  89. - strlen(pers))) != 0)
  90. - debug(1, "ctr_drbg_init returned %d\n", rc);
  91. + mbedtls_entropy_context entropy;
  92. + mbedtls_ctr_drbg_context ctr_drbg;
  93. +
  94. + mbedtls_entropy_init(&entropy);
  95. +
  96. + mbedtls_ctr_drbg_init(&ctr_drbg);
  97. + mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
  98. + (const unsigned char *)pers, strlen(pers));
  99. - rsa_init(&trsa, RSA_PKCS_V21, POLARSSL_MD_SHA1); // padding and hash id get overwritten
  100. - // BTW, this seems to reset a lot of parameters in the rsa_context
  101. - rc = x509parse_key(&trsa, (unsigned char *)super_secret_key, strlen(super_secret_key), NULL, 0);
  102. + mbedtls_pk_init(&pkctx);
  103. +
  104. + rc = mbedtls_pk_parse_key(&pkctx, (unsigned char *)super_secret_key, sizeof(super_secret_key), NULL, 0);
  105. if (rc != 0)
  106. - debug(1, "Error %d reading the private key.");
  107. + debug(1, "Error %d reading the private key.", rc);
  108. - uint8_t *out = NULL;
  109. + uint8_t *outbuf = NULL;
  110. + trsa = mbedtls_pk_rsa(pkctx);
  111. switch (mode) {
  112. case RSA_MODE_AUTH:
  113. - trsa.padding = RSA_PKCS_V15;
  114. - trsa.hash_id = POLARSSL_MD_NONE;
  115. - debug(2, "rsa_apply encrypt");
  116. - out = malloc(trsa.len);
  117. - rc = rsa_pkcs1_encrypt(&trsa, ctr_drbg_random, &ctr_drbg, RSA_PRIVATE, inlen, input, out);
  118. + mbedtls_rsa_set_padding(trsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE);
  119. + outbuf = malloc(trsa->len);
  120. + rc = mbedtls_rsa_pkcs1_encrypt(trsa, mbedtls_ctr_drbg_random, &ctr_drbg, MBEDTLS_RSA_PRIVATE,
  121. + inlen, input, outbuf);
  122. if (rc != 0)
  123. - debug(1, "rsa_pkcs1_encrypt error %d.", rc);
  124. - *outlen = trsa.len;
  125. + debug(1, "mbedtls_pk_encrypt error %d.", rc);
  126. + *outlen = trsa->len;
  127. break;
  128. case RSA_MODE_KEY:
  129. - debug(2, "rsa_apply decrypt");
  130. - trsa.padding = RSA_PKCS_V21;
  131. - trsa.hash_id = POLARSSL_MD_SHA1;
  132. - out = malloc(trsa.len);
  133. -#if POLARSSL_VERSION_NUMBER >= 0x01020900
  134. - rc = rsa_pkcs1_decrypt(&trsa, ctr_drbg_random, &ctr_drbg, RSA_PRIVATE, (size_t *)outlen, input,
  135. - out, trsa.len);
  136. -#else
  137. - rc = rsa_pkcs1_decrypt(&trsa, RSA_PRIVATE, outlen, input, out, trsa.len);
  138. -#endif
  139. + mbedtls_rsa_set_padding(trsa, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA1);
  140. + outbuf = malloc(trsa->len);
  141. + rc = mbedtls_rsa_pkcs1_decrypt(trsa, mbedtls_ctr_drbg_random, &ctr_drbg, MBEDTLS_RSA_PRIVATE,
  142. + &olen, input, outbuf, trsa->len);
  143. if (rc != 0)
  144. - debug(1, "decrypt error %d.", rc);
  145. + debug(1, "mbedtls_pk_decrypt error %d.", rc);
  146. + *outlen = olen;
  147. break;
  148. default:
  149. die("bad rsa mode");
  150. }
  151. - rsa_free(&trsa);
  152. - debug(2, "rsa_apply exit");
  153. - return out;
  154. +
  155. + mbedtls_ctr_drbg_free(&ctr_drbg);
  156. + mbedtls_entropy_free(&entropy);
  157. + mbedtls_pk_free(&pkctx);
  158. + return outbuf;
  159. }
  160. #endif
  161. @@ -517,7 +515,7 @@ ssize_t non_blocking_write(int fd, const void *buf, size_t count) {
  162. void *ibuf = (void *)buf;
  163. size_t bytes_remaining = count;
  164. int rc = 0;
  165. - struct pollfd ufds[1];
  166. + struct pollfd ufds[1];
  167. while ((bytes_remaining>0) && (rc==0)) {
  168. // check that we can do some writing
  169. ufds[0].fd = fd;
  170. diff --git a/configure.ac b/configure.ac
  171. index 8d82da4..a2d1e4f 100644
  172. --- a/configure.ac
  173. +++ b/configure.ac
  174. @@ -108,11 +108,11 @@ AC_ARG_WITH(piddir, [ --with-piddir=<pathname> Specify a pathname to a directory
  175. AM_CONDITIONAL([USE_CUSTOMPIDDIR], [test "x$HAS_CUSTOMPIDDIR" = "x1"])
  176. # Check --with-ssl=argument
  177. -AC_ARG_WITH(ssl, [ choose --with-ssl=openssl or --with-ssl=polarssl for encryption services], [
  178. +AC_ARG_WITH(ssl, [ choose --with-ssl=openssl or --with-ssl=mbedtls for encryption services], [
  179. AC_MSG_CHECKING(encryption libraries chosen)
  180. if test "x${with_ssl}" = x -o "x${with_ssl}" = xyes ; then
  181. AC_MSG_RESULT(not found)
  182. - AC_MSG_ERROR(choose either "openssl" or "polarssl" encryption)
  183. + AC_MSG_ERROR(choose either "openssl" or "mbedtls" encryption)
  184. fi
  185. if test "x${with_ssl}" = xopenssl ; then
  186. if test "x${with_pkg_config}" = xyes ; then
  187. @@ -127,10 +127,15 @@ AC_ARG_WITH(ssl, [ choose --with-ssl=openssl or --with-ssl=polarssl for encrypti
  188. AC_DEFINE([HAVE_LIBCRYPTO],[1],[Define to 1 if you have libcrypto])
  189. AC_DEFINE([HAVE_LIBSSL],[1],[Define to 1 if you have libssl])
  190. fi
  191. - elif test "x${with_ssl}" = xpolarssl ; then
  192. - AC_CHECK_LIB([polarssl],[ssl_init], , AC_MSG_ERROR(PolarSSL selected but the library cannot be found!))
  193. + elif test "x${with_ssl}" = xmbedtls ; then
  194. + AC_CHECK_LIB([mbedtls],[mbedtls_ssl_init],,
  195. + [AC_MSG_ERROR([Cannot find required libray: libmbedtls],1)])
  196. + AC_CHECK_LIB([mbedcrypto], [mbedtls_entropy_func],,
  197. + [AC_MSG_ERROR([Cannot find required library: libmbedcrypto],1)])
  198. + AC_CHECK_LIB([mbedx509], [mbedtls_pk_init],,
  199. + [AC_MSG_ERROR([Cannot find required library: libmbedx509],1)])
  200. else
  201. - AC_MSG_ERROR(unknown option "${with_ssl}"." Please choose with "openssl" or "polarssl")
  202. + AC_MSG_ERROR(unknown option "${with_ssl}"." Please choose with "openssl" or "mbedtls")
  203. fi
  204. ], )
  205. diff --git a/player.c b/player.c
  206. index 97eccfb..da2d735 100644
  207. --- a/player.c
  208. +++ b/player.c
  209. @@ -47,9 +47,9 @@
  210. #include "config.h"
  211. -#ifdef HAVE_LIBPOLARSSL
  212. -#include <polarssl/aes.h>
  213. -#include <polarssl/havege.h>
  214. +#ifdef HAVE_LIBMBEDTLS
  215. +#include <mbedtls/aes.h>
  216. +#include <mbedtls/havege.h>
  217. #endif
  218. #ifdef HAVE_LIBSSL
  219. @@ -82,8 +82,8 @@ static int max_frame_size_change = 1;
  220. // maximal resampling shift - conservative
  221. //#define OUTFRAME_BYTES(frame_size) (4 * (frame_size + 3))
  222. -#ifdef HAVE_LIBPOLARSSL
  223. -static aes_context dctx;
  224. +#ifdef HAVE_LIBMBEDTLS
  225. +static mbedtls_aes_context dctx;
  226. #endif
  227. //static pthread_t player_thread = NULL;
  228. @@ -247,8 +247,8 @@ static int alac_decode(short *dest, int *destlen, uint8_t *buf, int len) {
  229. unsigned char iv[16];
  230. int aeslen = len & ~0xf;
  231. memcpy(iv, aesiv, sizeof(iv));
  232. -#ifdef HAVE_LIBPOLARSSL
  233. - aes_crypt_cbc(&dctx, AES_DECRYPT, aeslen, iv, buf, packet);
  234. +#ifdef HAVE_LIBMBEDTLS
  235. + mbedtls_aes_crypt_cbc(&dctx, MBEDTLS_AES_DECRYPT, aeslen, iv, buf, packet);
  236. #endif
  237. #ifdef HAVE_LIBSSL
  238. AES_cbc_encrypt(buf, packet, aeslen, &aes, iv, AES_DECRYPT);
  239. @@ -1685,9 +1685,9 @@ int player_play(stream_cfg *stream, pthread_t *player_thread) {
  240. die("specified buffer starting fill %d > buffer size %d", config.buffer_start_fill,
  241. BUFFER_FRAMES);
  242. if (encrypted) {
  243. -#ifdef HAVE_LIBPOLARSSL
  244. - memset(&dctx, 0, sizeof(aes_context));
  245. - aes_setkey_dec(&dctx, stream->aeskey, 128);
  246. +#ifdef HAVE_LIBMBEDTLS
  247. + memset(&dctx, 0, sizeof(mbedtls_aes_context));
  248. + mbedtls_aes_setkey_dec(&dctx, stream->aeskey, 128);
  249. #endif
  250. #ifdef HAVE_LIBSSL
  251. diff --git a/rtsp.c b/rtsp.c
  252. index 38b0745..8003803 100644
  253. --- a/rtsp.c
  254. +++ b/rtsp.c
  255. @@ -50,8 +50,8 @@
  256. #include <openssl/md5.h>
  257. #endif
  258. -#ifdef HAVE_LIBPOLARSSL
  259. -#include <polarssl/md5.h>
  260. +#ifdef HAVE_LIBMBEDTLS
  261. +#include <mbedtls/md5.h>
  262. #endif
  263. #include "common.h"
  264. @@ -979,7 +979,7 @@ static void handle_set_parameter_parameter(rtsp_conn_info *conn,
  265. // more significant changes make it not malloc memory
  266. // needs to initialise the docoding table first
  267. -// add _so to end of name to avoid confusion with polarssl's implementation
  268. +// add _so to end of name to avoid confusion with SSL library implementation
  269. static char encoding_table[] = {
  270. 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
  271. @@ -1651,21 +1651,21 @@ static int rtsp_auth(char **nonce, rtsp_message *req, rtsp_message *resp) {
  272. MD5_Final(digest_mu, &ctx);
  273. #endif
  274. -#ifdef HAVE_LIBPOLARSSL
  275. - md5_context tctx;
  276. - md5_starts(&tctx);
  277. - md5_update(&tctx, (const unsigned char *)username, strlen(username));
  278. - md5_update(&tctx, (unsigned char *)":", 1);
  279. - md5_update(&tctx, (const unsigned char *)realm, strlen(realm));
  280. - md5_update(&tctx, (unsigned char *)":", 1);
  281. - md5_update(&tctx, (const unsigned char *)config.password,
  282. +#ifdef HAVE_LIBMBEDTLS
  283. + mbedtls_md5_context tctx;
  284. + mbedtls_md5_starts(&tctx);
  285. + mbedtls_md5_update(&tctx, (const unsigned char *)username, strlen(username));
  286. + mbedtls_md5_update(&tctx, (unsigned char *)":", 1);
  287. + mbedtls_md5_update(&tctx, (const unsigned char *)realm, strlen(realm));
  288. + mbedtls_md5_update(&tctx, (unsigned char *)":", 1);
  289. + mbedtls_md5_update(&tctx, (const unsigned char *)config.password,
  290. strlen(config.password));
  291. - md5_finish(&tctx, digest_urp);
  292. - md5_starts(&tctx);
  293. - md5_update(&tctx, (const unsigned char *)req->method, strlen(req->method));
  294. - md5_update(&tctx, (unsigned char *)":", 1);
  295. - md5_update(&tctx, (const unsigned char *)uri, strlen(uri));
  296. - md5_finish(&tctx, digest_mu);
  297. + mbedtls_md5_finish(&tctx, digest_urp);
  298. + mbedtls_md5_starts(&tctx);
  299. + mbedtls_md5_update(&tctx, (const unsigned char *)req->method, strlen(req->method));
  300. + mbedtls_md5_update(&tctx, (unsigned char *)":", 1);
  301. + mbedtls_md5_update(&tctx, (const unsigned char *)uri, strlen(uri));
  302. + mbedtls_md5_finish(&tctx, digest_mu);
  303. #endif
  304. int i;
  305. @@ -1685,16 +1685,16 @@ static int rtsp_auth(char **nonce, rtsp_message *req, rtsp_message *resp) {
  306. MD5_Final(digest_total, &ctx);
  307. #endif
  308. -#ifdef HAVE_LIBPOLARSSL
  309. - md5_starts(&tctx);
  310. - md5_update(&tctx, buf, 32);
  311. - md5_update(&tctx, (unsigned char *)":", 1);
  312. - md5_update(&tctx, (const unsigned char *)*nonce, strlen(*nonce));
  313. - md5_update(&tctx, (unsigned char *)":", 1);
  314. +#ifdef HAVE_LIBMBEDTLS
  315. + mbedtls_md5_starts(&tctx);
  316. + mbedtls_md5_update(&tctx, buf, 32);
  317. + mbedtls_md5_update(&tctx, (unsigned char *)":", 1);
  318. + mbedtls_md5_update(&tctx, (const unsigned char *)*nonce, strlen(*nonce));
  319. + mbedtls_md5_update(&tctx, (unsigned char *)":", 1);
  320. for (i = 0; i < 16; i++)
  321. sprintf((char *)buf + 2 * i, "%02x", digest_mu[i]);
  322. - md5_update(&tctx, buf, 32);
  323. - md5_finish(&tctx, digest_total);
  324. + mbedtls_md5_update(&tctx, buf, 32);
  325. + mbedtls_md5_finish(&tctx, digest_total);
  326. #endif
  327. for (i = 0; i < 16; i++)
  328. diff --git a/shairport.c b/shairport.c
  329. index f725d60..2349447 100644
  330. --- a/shairport.c
  331. +++ b/shairport.c
  332. @@ -42,8 +42,8 @@
  333. #include "config.h"
  334. -#ifdef HAVE_LIBPOLARSSL
  335. -#include <polarssl/md5.h>
  336. +#ifdef HAVE_LIBMBEDTLS
  337. +#include <mbedtls/md5.h>
  338. #endif
  339. #ifdef HAVE_LIBSSL
  340. @@ -109,8 +109,8 @@ char* get_version_string() {
  341. char* version_string = malloc(200);
  342. if (version_string) {
  343. strcpy(version_string, PACKAGE_VERSION);
  344. - #ifdef HAVE_LIBPOLARSSL
  345. - strcat(version_string, "-PolarSSL");
  346. + #ifdef HAVE_LIBMBEDTLS
  347. + strcat(version_string, "-mbedTLS");
  348. #endif
  349. #ifdef HAVE_LIBSSL
  350. strcat(version_string, "-OpenSSL");
  351. @@ -1046,11 +1046,11 @@ int main(int argc, char **argv) {
  352. MD5_Final(ap_md5, &ctx);
  353. #endif
  354. -#ifdef HAVE_LIBPOLARSSL
  355. - md5_context tctx;
  356. - md5_starts(&tctx);
  357. - md5_update(&tctx, (unsigned char *)config.service_name, strlen(config.service_name));
  358. - md5_finish(&tctx, ap_md5);
  359. +#ifdef HAVE_LIBMBEDTLS
  360. + mbedtls_md5_context tctx;
  361. + mbedtls_md5_starts(&tctx);
  362. + mbedtls_md5_update(&tctx, (unsigned char *)config.service_name, strlen(config.service_name));
  363. + mbedtls_md5_finish(&tctx, ap_md5);
  364. #endif
  365. memcpy(config.hw_addr, ap_md5, sizeof(config.hw_addr));
  366. #ifdef CONFIG_METADATA