diff --git a/common.c b/common.c index bf72127..2d4739e 100644 --- a/common.c +++ b/common.c @@ -54,17 +54,14 @@ #include #endif -#ifdef HAVE_LIBPOLARSSL -#include -#include -#include -#include -#include "polarssl/entropy.h" -#include "polarssl/ctr_drbg.h" - -#if POLARSSL_VERSION_NUMBER >= 0x01030000 -#include "polarssl/compat-1.2.h" -#endif +#ifdef HAVE_LIBMBEDTLS +#include +#include +#include +#include +#include "mbedtls/entropy.h" +#include "mbedtls/ctr_drbg.h" + #endif #include "common.h" @@ -126,16 +123,16 @@ void inform(char *format, ...) { daemon_log(LOG_INFO, "%s", s); } -#ifdef HAVE_LIBPOLARSSL +#ifdef HAVE_LIBMBEDTLS char *base64_enc(uint8_t *input, int length) { char *buf = NULL; size_t dlen = 0; - int rc = base64_encode(NULL, &dlen, input, length); - if (rc && (rc != POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL)) + int rc = mbedtls_base64_encode(NULL, 0, &dlen, input, length); + if (rc && (rc != MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL)) debug(1, "Error %d getting length of base64 encode.", rc); else { buf = (char *)malloc(dlen); - rc = base64_encode((unsigned char *)buf, &dlen, input, length); + rc = mbedtls_base64_encode((unsigned char *)buf, dlen, &dlen, input, length); if (rc != 0) debug(1, "Error %d encoding base64.", rc); } @@ -156,10 +153,10 @@ uint8_t *base64_dec(char *input, int *outlen) { else { strcpy(inbuf, input); strcat(inbuf, "==="); - // debug(1,"base64_dec called with string \"%s\", length %d, filled string: \"%s\", length - // %d.",input,strlen(input),inbuf,inbufsize); - int rc = base64_decode(buf, &dlen, (unsigned char *)inbuf, inbufsize); - if (rc && (rc != POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL)) + // debug(1,"base64_dec called with string \"%s\", length %d, filled string: \"%s\", length %d.", + // input,strlen(input),inbuf,inbufsize); + int rc = mbedtls_base64_decode(NULL, 0, &dlen, (unsigned char *)inbuf, inbufsize); + if (rc && (rc != MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL)) debug(1, "Error %d getting decode length, result is %d.", rc, dlen); else { // debug(1,"Decode size is %d.",dlen); @@ -167,7 +164,7 @@ uint8_t *base64_dec(char *input, int *outlen) { if (buf == 0) debug(1, "Can't allocate memory in base64_dec."); else { - rc = base64_decode(buf, &dlen, (unsigned char *)inbuf, inbufsize); + rc = mbedtls_base64_decode(buf, dlen, &dlen, (unsigned char *)inbuf, inbufsize); if (rc != 0) debug(1, "Error %d in base64_dec.", rc); } @@ -280,58 +277,59 @@ uint8_t *rsa_apply(uint8_t *input, int inlen, int *outlen, int mode) { } #endif -#ifdef HAVE_LIBPOLARSSL +#ifdef HAVE_LIBMBEDTLS uint8_t *rsa_apply(uint8_t *input, int inlen, int *outlen, int mode) { - rsa_context trsa; + mbedtls_pk_context pkctx; + mbedtls_rsa_context *trsa; const char *pers = "rsa_encrypt"; + size_t olen = *outlen; int rc; - entropy_context entropy; - ctr_drbg_context ctr_drbg; - entropy_init(&entropy); - if ((rc = ctr_drbg_init(&ctr_drbg, entropy_func, &entropy, (const unsigned char *)pers, - strlen(pers))) != 0) - debug(1, "ctr_drbg_init returned %d\n", rc); + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + + mbedtls_entropy_init(&entropy); + + mbedtls_ctr_drbg_init(&ctr_drbg); + mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, + (const unsigned char *)pers, strlen(pers)); - rsa_init(&trsa, RSA_PKCS_V21, POLARSSL_MD_SHA1); // padding and hash id get overwritten - // BTW, this seems to reset a lot of parameters in the rsa_context - rc = x509parse_key(&trsa, (unsigned char *)super_secret_key, strlen(super_secret_key), NULL, 0); + mbedtls_pk_init(&pkctx); + + rc = mbedtls_pk_parse_key(&pkctx, (unsigned char *)super_secret_key, sizeof(super_secret_key), NULL, 0); if (rc != 0) - debug(1, "Error %d reading the private key."); + debug(1, "Error %d reading the private key.", rc); - uint8_t *out = NULL; + uint8_t *outbuf = NULL; + trsa = mbedtls_pk_rsa(pkctx); switch (mode) { case RSA_MODE_AUTH: - trsa.padding = RSA_PKCS_V15; - trsa.hash_id = POLARSSL_MD_NONE; - debug(2, "rsa_apply encrypt"); - out = malloc(trsa.len); - rc = rsa_pkcs1_encrypt(&trsa, ctr_drbg_random, &ctr_drbg, RSA_PRIVATE, inlen, input, out); + mbedtls_rsa_set_padding(trsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE); + outbuf = malloc(trsa->len); + rc = mbedtls_rsa_pkcs1_encrypt(trsa, mbedtls_ctr_drbg_random, &ctr_drbg, MBEDTLS_RSA_PRIVATE, + inlen, input, outbuf); if (rc != 0) - debug(1, "rsa_pkcs1_encrypt error %d.", rc); - *outlen = trsa.len; + debug(1, "mbedtls_pk_encrypt error %d.", rc); + *outlen = trsa->len; break; case RSA_MODE_KEY: - debug(2, "rsa_apply decrypt"); - trsa.padding = RSA_PKCS_V21; - trsa.hash_id = POLARSSL_MD_SHA1; - out = malloc(trsa.len); -#if POLARSSL_VERSION_NUMBER >= 0x01020900 - rc = rsa_pkcs1_decrypt(&trsa, ctr_drbg_random, &ctr_drbg, RSA_PRIVATE, (size_t *)outlen, input, - out, trsa.len); -#else - rc = rsa_pkcs1_decrypt(&trsa, RSA_PRIVATE, outlen, input, out, trsa.len); -#endif + mbedtls_rsa_set_padding(trsa, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA1); + outbuf = malloc(trsa->len); + rc = mbedtls_rsa_pkcs1_decrypt(trsa, mbedtls_ctr_drbg_random, &ctr_drbg, MBEDTLS_RSA_PRIVATE, + &olen, input, outbuf, trsa->len); if (rc != 0) - debug(1, "decrypt error %d.", rc); + debug(1, "mbedtls_pk_decrypt error %d.", rc); + *outlen = olen; break; default: die("bad rsa mode"); } - rsa_free(&trsa); - debug(2, "rsa_apply exit"); - return out; + + mbedtls_ctr_drbg_free(&ctr_drbg); + mbedtls_entropy_free(&entropy); + mbedtls_pk_free(&pkctx); + return outbuf; } #endif @@ -517,7 +515,7 @@ ssize_t non_blocking_write(int fd, const void *buf, size_t count) { void *ibuf = (void *)buf; size_t bytes_remaining = count; int rc = 0; - struct pollfd ufds[1]; + struct pollfd ufds[1]; while ((bytes_remaining>0) && (rc==0)) { // check that we can do some writing ufds[0].fd = fd; diff --git a/configure.ac b/configure.ac index 8d82da4..a2d1e4f 100644 --- a/configure.ac +++ b/configure.ac @@ -108,11 +108,11 @@ AC_ARG_WITH(piddir, [ --with-piddir= Specify a pathname to a directory AM_CONDITIONAL([USE_CUSTOMPIDDIR], [test "x$HAS_CUSTOMPIDDIR" = "x1"]) # Check --with-ssl=argument -AC_ARG_WITH(ssl, [ choose --with-ssl=openssl or --with-ssl=polarssl for encryption services], [ +AC_ARG_WITH(ssl, [ choose --with-ssl=openssl or --with-ssl=mbedtls for encryption services], [ AC_MSG_CHECKING(encryption libraries chosen) if test "x${with_ssl}" = x -o "x${with_ssl}" = xyes ; then AC_MSG_RESULT(not found) - AC_MSG_ERROR(choose either "openssl" or "polarssl" encryption) + AC_MSG_ERROR(choose either "openssl" or "mbedtls" encryption) fi if test "x${with_ssl}" = xopenssl ; then if test "x${with_pkg_config}" = xyes ; then @@ -127,10 +127,15 @@ AC_ARG_WITH(ssl, [ choose --with-ssl=openssl or --with-ssl=polarssl for encrypti AC_DEFINE([HAVE_LIBCRYPTO],[1],[Define to 1 if you have libcrypto]) AC_DEFINE([HAVE_LIBSSL],[1],[Define to 1 if you have libssl]) fi - elif test "x${with_ssl}" = xpolarssl ; then - AC_CHECK_LIB([polarssl],[ssl_init], , AC_MSG_ERROR(PolarSSL selected but the library cannot be found!)) + elif test "x${with_ssl}" = xmbedtls ; then + AC_CHECK_LIB([mbedtls],[mbedtls_ssl_init],, + [AC_MSG_ERROR([Cannot find required libray: libmbedtls],1)]) + AC_CHECK_LIB([mbedcrypto], [mbedtls_entropy_func],, + [AC_MSG_ERROR([Cannot find required library: libmbedcrypto],1)]) + AC_CHECK_LIB([mbedx509], [mbedtls_pk_init],, + [AC_MSG_ERROR([Cannot find required library: libmbedx509],1)]) else - AC_MSG_ERROR(unknown option "${with_ssl}"." Please choose with "openssl" or "polarssl") + AC_MSG_ERROR(unknown option "${with_ssl}"." Please choose with "openssl" or "mbedtls") fi ], ) diff --git a/player.c b/player.c index 97eccfb..da2d735 100644 --- a/player.c +++ b/player.c @@ -47,9 +47,9 @@ #include "config.h" -#ifdef HAVE_LIBPOLARSSL -#include -#include +#ifdef HAVE_LIBMBEDTLS +#include +#include #endif #ifdef HAVE_LIBSSL @@ -82,8 +82,8 @@ static int max_frame_size_change = 1; // maximal resampling shift - conservative //#define OUTFRAME_BYTES(frame_size) (4 * (frame_size + 3)) -#ifdef HAVE_LIBPOLARSSL -static aes_context dctx; +#ifdef HAVE_LIBMBEDTLS +static mbedtls_aes_context dctx; #endif //static pthread_t player_thread = NULL; @@ -247,8 +247,8 @@ static int alac_decode(short *dest, int *destlen, uint8_t *buf, int len) { unsigned char iv[16]; int aeslen = len & ~0xf; memcpy(iv, aesiv, sizeof(iv)); -#ifdef HAVE_LIBPOLARSSL - aes_crypt_cbc(&dctx, AES_DECRYPT, aeslen, iv, buf, packet); +#ifdef HAVE_LIBMBEDTLS + mbedtls_aes_crypt_cbc(&dctx, MBEDTLS_AES_DECRYPT, aeslen, iv, buf, packet); #endif #ifdef HAVE_LIBSSL AES_cbc_encrypt(buf, packet, aeslen, &aes, iv, AES_DECRYPT); @@ -1685,9 +1685,9 @@ int player_play(stream_cfg *stream, pthread_t *player_thread) { die("specified buffer starting fill %d > buffer size %d", config.buffer_start_fill, BUFFER_FRAMES); if (encrypted) { -#ifdef HAVE_LIBPOLARSSL - memset(&dctx, 0, sizeof(aes_context)); - aes_setkey_dec(&dctx, stream->aeskey, 128); +#ifdef HAVE_LIBMBEDTLS + memset(&dctx, 0, sizeof(mbedtls_aes_context)); + mbedtls_aes_setkey_dec(&dctx, stream->aeskey, 128); #endif #ifdef HAVE_LIBSSL diff --git a/rtsp.c b/rtsp.c index 38b0745..8003803 100644 --- a/rtsp.c +++ b/rtsp.c @@ -50,8 +50,8 @@ #include #endif -#ifdef HAVE_LIBPOLARSSL -#include +#ifdef HAVE_LIBMBEDTLS +#include #endif #include "common.h" @@ -979,7 +979,7 @@ static void handle_set_parameter_parameter(rtsp_conn_info *conn, // more significant changes make it not malloc memory // needs to initialise the docoding table first -// add _so to end of name to avoid confusion with polarssl's implementation +// add _so to end of name to avoid confusion with SSL library implementation static char encoding_table[] = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', @@ -1651,21 +1651,21 @@ static int rtsp_auth(char **nonce, rtsp_message *req, rtsp_message *resp) { MD5_Final(digest_mu, &ctx); #endif -#ifdef HAVE_LIBPOLARSSL - md5_context tctx; - md5_starts(&tctx); - md5_update(&tctx, (const unsigned char *)username, strlen(username)); - md5_update(&tctx, (unsigned char *)":", 1); - md5_update(&tctx, (const unsigned char *)realm, strlen(realm)); - md5_update(&tctx, (unsigned char *)":", 1); - md5_update(&tctx, (const unsigned char *)config.password, +#ifdef HAVE_LIBMBEDTLS + mbedtls_md5_context tctx; + mbedtls_md5_starts(&tctx); + mbedtls_md5_update(&tctx, (const unsigned char *)username, strlen(username)); + mbedtls_md5_update(&tctx, (unsigned char *)":", 1); + mbedtls_md5_update(&tctx, (const unsigned char *)realm, strlen(realm)); + mbedtls_md5_update(&tctx, (unsigned char *)":", 1); + mbedtls_md5_update(&tctx, (const unsigned char *)config.password, strlen(config.password)); - md5_finish(&tctx, digest_urp); - md5_starts(&tctx); - md5_update(&tctx, (const unsigned char *)req->method, strlen(req->method)); - md5_update(&tctx, (unsigned char *)":", 1); - md5_update(&tctx, (const unsigned char *)uri, strlen(uri)); - md5_finish(&tctx, digest_mu); + mbedtls_md5_finish(&tctx, digest_urp); + mbedtls_md5_starts(&tctx); + mbedtls_md5_update(&tctx, (const unsigned char *)req->method, strlen(req->method)); + mbedtls_md5_update(&tctx, (unsigned char *)":", 1); + mbedtls_md5_update(&tctx, (const unsigned char *)uri, strlen(uri)); + mbedtls_md5_finish(&tctx, digest_mu); #endif int i; @@ -1685,16 +1685,16 @@ static int rtsp_auth(char **nonce, rtsp_message *req, rtsp_message *resp) { MD5_Final(digest_total, &ctx); #endif -#ifdef HAVE_LIBPOLARSSL - md5_starts(&tctx); - md5_update(&tctx, buf, 32); - md5_update(&tctx, (unsigned char *)":", 1); - md5_update(&tctx, (const unsigned char *)*nonce, strlen(*nonce)); - md5_update(&tctx, (unsigned char *)":", 1); +#ifdef HAVE_LIBMBEDTLS + mbedtls_md5_starts(&tctx); + mbedtls_md5_update(&tctx, buf, 32); + mbedtls_md5_update(&tctx, (unsigned char *)":", 1); + mbedtls_md5_update(&tctx, (const unsigned char *)*nonce, strlen(*nonce)); + mbedtls_md5_update(&tctx, (unsigned char *)":", 1); for (i = 0; i < 16; i++) sprintf((char *)buf + 2 * i, "%02x", digest_mu[i]); - md5_update(&tctx, buf, 32); - md5_finish(&tctx, digest_total); + mbedtls_md5_update(&tctx, buf, 32); + mbedtls_md5_finish(&tctx, digest_total); #endif for (i = 0; i < 16; i++) diff --git a/shairport.c b/shairport.c index f725d60..2349447 100644 --- a/shairport.c +++ b/shairport.c @@ -42,8 +42,8 @@ #include "config.h" -#ifdef HAVE_LIBPOLARSSL -#include +#ifdef HAVE_LIBMBEDTLS +#include #endif #ifdef HAVE_LIBSSL @@ -109,8 +109,8 @@ char* get_version_string() { char* version_string = malloc(200); if (version_string) { strcpy(version_string, PACKAGE_VERSION); - #ifdef HAVE_LIBPOLARSSL - strcat(version_string, "-PolarSSL"); + #ifdef HAVE_LIBMBEDTLS + strcat(version_string, "-mbedTLS"); #endif #ifdef HAVE_LIBSSL strcat(version_string, "-OpenSSL"); @@ -1046,11 +1046,11 @@ int main(int argc, char **argv) { MD5_Final(ap_md5, &ctx); #endif -#ifdef HAVE_LIBPOLARSSL - md5_context tctx; - md5_starts(&tctx); - md5_update(&tctx, (unsigned char *)config.service_name, strlen(config.service_name)); - md5_finish(&tctx, ap_md5); +#ifdef HAVE_LIBMBEDTLS + mbedtls_md5_context tctx; + mbedtls_md5_starts(&tctx); + mbedtls_md5_update(&tctx, (unsigned char *)config.service_name, strlen(config.service_name)); + mbedtls_md5_finish(&tctx, ap_md5); #endif memcpy(config.hw_addr, ap_md5, sizeof(config.hw_addr)); #ifdef CONFIG_METADATA