|
diff --git a/common.c b/common.c
|
|
index bf72127..2d4739e 100644
|
|
--- a/common.c
|
|
+++ b/common.c
|
|
@@ -54,17 +54,14 @@
|
|
#include <openssl/buffer.h>
|
|
#endif
|
|
|
|
-#ifdef HAVE_LIBPOLARSSL
|
|
-#include <polarssl/version.h>
|
|
-#include <polarssl/base64.h>
|
|
-#include <polarssl/x509.h>
|
|
-#include <polarssl/md.h>
|
|
-#include "polarssl/entropy.h"
|
|
-#include "polarssl/ctr_drbg.h"
|
|
-
|
|
-#if POLARSSL_VERSION_NUMBER >= 0x01030000
|
|
-#include "polarssl/compat-1.2.h"
|
|
-#endif
|
|
+#ifdef HAVE_LIBMBEDTLS
|
|
+#include <mbedtls/version.h>
|
|
+#include <mbedtls/base64.h>
|
|
+#include <mbedtls/x509.h>
|
|
+#include <mbedtls/md.h>
|
|
+#include "mbedtls/entropy.h"
|
|
+#include "mbedtls/ctr_drbg.h"
|
|
+
|
|
#endif
|
|
|
|
#include "common.h"
|
|
@@ -126,16 +123,16 @@ void inform(char *format, ...) {
|
|
daemon_log(LOG_INFO, "%s", s);
|
|
}
|
|
|
|
-#ifdef HAVE_LIBPOLARSSL
|
|
+#ifdef HAVE_LIBMBEDTLS
|
|
char *base64_enc(uint8_t *input, int length) {
|
|
char *buf = NULL;
|
|
size_t dlen = 0;
|
|
- int rc = base64_encode(NULL, &dlen, input, length);
|
|
- if (rc && (rc != POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL))
|
|
+ int rc = mbedtls_base64_encode(NULL, 0, &dlen, input, length);
|
|
+ if (rc && (rc != MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL))
|
|
debug(1, "Error %d getting length of base64 encode.", rc);
|
|
else {
|
|
buf = (char *)malloc(dlen);
|
|
- rc = base64_encode((unsigned char *)buf, &dlen, input, length);
|
|
+ rc = mbedtls_base64_encode((unsigned char *)buf, dlen, &dlen, input, length);
|
|
if (rc != 0)
|
|
debug(1, "Error %d encoding base64.", rc);
|
|
}
|
|
@@ -156,10 +153,10 @@ uint8_t *base64_dec(char *input, int *outlen) {
|
|
else {
|
|
strcpy(inbuf, input);
|
|
strcat(inbuf, "===");
|
|
- // debug(1,"base64_dec called with string \"%s\", length %d, filled string: \"%s\", length
|
|
- // %d.",input,strlen(input),inbuf,inbufsize);
|
|
- int rc = base64_decode(buf, &dlen, (unsigned char *)inbuf, inbufsize);
|
|
- if (rc && (rc != POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL))
|
|
+ // debug(1,"base64_dec called with string \"%s\", length %d, filled string: \"%s\", length %d.",
|
|
+ // input,strlen(input),inbuf,inbufsize);
|
|
+ int rc = mbedtls_base64_decode(NULL, 0, &dlen, (unsigned char *)inbuf, inbufsize);
|
|
+ if (rc && (rc != MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL))
|
|
debug(1, "Error %d getting decode length, result is %d.", rc, dlen);
|
|
else {
|
|
// debug(1,"Decode size is %d.",dlen);
|
|
@@ -167,7 +164,7 @@ uint8_t *base64_dec(char *input, int *outlen) {
|
|
if (buf == 0)
|
|
debug(1, "Can't allocate memory in base64_dec.");
|
|
else {
|
|
- rc = base64_decode(buf, &dlen, (unsigned char *)inbuf, inbufsize);
|
|
+ rc = mbedtls_base64_decode(buf, dlen, &dlen, (unsigned char *)inbuf, inbufsize);
|
|
if (rc != 0)
|
|
debug(1, "Error %d in base64_dec.", rc);
|
|
}
|
|
@@ -280,58 +277,59 @@ uint8_t *rsa_apply(uint8_t *input, int inlen, int *outlen, int mode) {
|
|
}
|
|
#endif
|
|
|
|
-#ifdef HAVE_LIBPOLARSSL
|
|
+#ifdef HAVE_LIBMBEDTLS
|
|
uint8_t *rsa_apply(uint8_t *input, int inlen, int *outlen, int mode) {
|
|
- rsa_context trsa;
|
|
+ mbedtls_pk_context pkctx;
|
|
+ mbedtls_rsa_context *trsa;
|
|
const char *pers = "rsa_encrypt";
|
|
+ size_t olen = *outlen;
|
|
int rc;
|
|
|
|
- entropy_context entropy;
|
|
- ctr_drbg_context ctr_drbg;
|
|
- entropy_init(&entropy);
|
|
- if ((rc = ctr_drbg_init(&ctr_drbg, entropy_func, &entropy, (const unsigned char *)pers,
|
|
- strlen(pers))) != 0)
|
|
- debug(1, "ctr_drbg_init returned %d\n", rc);
|
|
+ mbedtls_entropy_context entropy;
|
|
+ mbedtls_ctr_drbg_context ctr_drbg;
|
|
+
|
|
+ mbedtls_entropy_init(&entropy);
|
|
+
|
|
+ mbedtls_ctr_drbg_init(&ctr_drbg);
|
|
+ mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
|
|
+ (const unsigned char *)pers, strlen(pers));
|
|
|
|
- rsa_init(&trsa, RSA_PKCS_V21, POLARSSL_MD_SHA1); // padding and hash id get overwritten
|
|
- // BTW, this seems to reset a lot of parameters in the rsa_context
|
|
- rc = x509parse_key(&trsa, (unsigned char *)super_secret_key, strlen(super_secret_key), NULL, 0);
|
|
+ mbedtls_pk_init(&pkctx);
|
|
+
|
|
+ rc = mbedtls_pk_parse_key(&pkctx, (unsigned char *)super_secret_key, sizeof(super_secret_key), NULL, 0);
|
|
if (rc != 0)
|
|
- debug(1, "Error %d reading the private key.");
|
|
+ debug(1, "Error %d reading the private key.", rc);
|
|
|
|
- uint8_t *out = NULL;
|
|
+ uint8_t *outbuf = NULL;
|
|
+ trsa = mbedtls_pk_rsa(pkctx);
|
|
|
|
switch (mode) {
|
|
case RSA_MODE_AUTH:
|
|
- trsa.padding = RSA_PKCS_V15;
|
|
- trsa.hash_id = POLARSSL_MD_NONE;
|
|
- debug(2, "rsa_apply encrypt");
|
|
- out = malloc(trsa.len);
|
|
- rc = rsa_pkcs1_encrypt(&trsa, ctr_drbg_random, &ctr_drbg, RSA_PRIVATE, inlen, input, out);
|
|
+ mbedtls_rsa_set_padding(trsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE);
|
|
+ outbuf = malloc(trsa->len);
|
|
+ rc = mbedtls_rsa_pkcs1_encrypt(trsa, mbedtls_ctr_drbg_random, &ctr_drbg, MBEDTLS_RSA_PRIVATE,
|
|
+ inlen, input, outbuf);
|
|
if (rc != 0)
|
|
- debug(1, "rsa_pkcs1_encrypt error %d.", rc);
|
|
- *outlen = trsa.len;
|
|
+ debug(1, "mbedtls_pk_encrypt error %d.", rc);
|
|
+ *outlen = trsa->len;
|
|
break;
|
|
case RSA_MODE_KEY:
|
|
- debug(2, "rsa_apply decrypt");
|
|
- trsa.padding = RSA_PKCS_V21;
|
|
- trsa.hash_id = POLARSSL_MD_SHA1;
|
|
- out = malloc(trsa.len);
|
|
-#if POLARSSL_VERSION_NUMBER >= 0x01020900
|
|
- rc = rsa_pkcs1_decrypt(&trsa, ctr_drbg_random, &ctr_drbg, RSA_PRIVATE, (size_t *)outlen, input,
|
|
- out, trsa.len);
|
|
-#else
|
|
- rc = rsa_pkcs1_decrypt(&trsa, RSA_PRIVATE, outlen, input, out, trsa.len);
|
|
-#endif
|
|
+ mbedtls_rsa_set_padding(trsa, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA1);
|
|
+ outbuf = malloc(trsa->len);
|
|
+ rc = mbedtls_rsa_pkcs1_decrypt(trsa, mbedtls_ctr_drbg_random, &ctr_drbg, MBEDTLS_RSA_PRIVATE,
|
|
+ &olen, input, outbuf, trsa->len);
|
|
if (rc != 0)
|
|
- debug(1, "decrypt error %d.", rc);
|
|
+ debug(1, "mbedtls_pk_decrypt error %d.", rc);
|
|
+ *outlen = olen;
|
|
break;
|
|
default:
|
|
die("bad rsa mode");
|
|
}
|
|
- rsa_free(&trsa);
|
|
- debug(2, "rsa_apply exit");
|
|
- return out;
|
|
+
|
|
+ mbedtls_ctr_drbg_free(&ctr_drbg);
|
|
+ mbedtls_entropy_free(&entropy);
|
|
+ mbedtls_pk_free(&pkctx);
|
|
+ return outbuf;
|
|
}
|
|
#endif
|
|
|
|
@@ -517,7 +515,7 @@ ssize_t non_blocking_write(int fd, const void *buf, size_t count) {
|
|
void *ibuf = (void *)buf;
|
|
size_t bytes_remaining = count;
|
|
int rc = 0;
|
|
- struct pollfd ufds[1];
|
|
+ struct pollfd ufds[1];
|
|
while ((bytes_remaining>0) && (rc==0)) {
|
|
// check that we can do some writing
|
|
ufds[0].fd = fd;
|
|
diff --git a/configure.ac b/configure.ac
|
|
index 8d82da4..a2d1e4f 100644
|
|
--- a/configure.ac
|
|
+++ b/configure.ac
|
|
@@ -108,11 +108,11 @@ AC_ARG_WITH(piddir, [ --with-piddir=<pathname> Specify a pathname to a directory
|
|
AM_CONDITIONAL([USE_CUSTOMPIDDIR], [test "x$HAS_CUSTOMPIDDIR" = "x1"])
|
|
|
|
# Check --with-ssl=argument
|
|
-AC_ARG_WITH(ssl, [ choose --with-ssl=openssl or --with-ssl=polarssl for encryption services], [
|
|
+AC_ARG_WITH(ssl, [ choose --with-ssl=openssl or --with-ssl=mbedtls for encryption services], [
|
|
AC_MSG_CHECKING(encryption libraries chosen)
|
|
if test "x${with_ssl}" = x -o "x${with_ssl}" = xyes ; then
|
|
AC_MSG_RESULT(not found)
|
|
- AC_MSG_ERROR(choose either "openssl" or "polarssl" encryption)
|
|
+ AC_MSG_ERROR(choose either "openssl" or "mbedtls" encryption)
|
|
fi
|
|
if test "x${with_ssl}" = xopenssl ; then
|
|
if test "x${with_pkg_config}" = xyes ; then
|
|
@@ -127,10 +127,15 @@ AC_ARG_WITH(ssl, [ choose --with-ssl=openssl or --with-ssl=polarssl for encrypti
|
|
AC_DEFINE([HAVE_LIBCRYPTO],[1],[Define to 1 if you have libcrypto])
|
|
AC_DEFINE([HAVE_LIBSSL],[1],[Define to 1 if you have libssl])
|
|
fi
|
|
- elif test "x${with_ssl}" = xpolarssl ; then
|
|
- AC_CHECK_LIB([polarssl],[ssl_init], , AC_MSG_ERROR(PolarSSL selected but the library cannot be found!))
|
|
+ elif test "x${with_ssl}" = xmbedtls ; then
|
|
+ AC_CHECK_LIB([mbedtls],[mbedtls_ssl_init],,
|
|
+ [AC_MSG_ERROR([Cannot find required libray: libmbedtls],1)])
|
|
+ AC_CHECK_LIB([mbedcrypto], [mbedtls_entropy_func],,
|
|
+ [AC_MSG_ERROR([Cannot find required library: libmbedcrypto],1)])
|
|
+ AC_CHECK_LIB([mbedx509], [mbedtls_pk_init],,
|
|
+ [AC_MSG_ERROR([Cannot find required library: libmbedx509],1)])
|
|
else
|
|
- AC_MSG_ERROR(unknown option "${with_ssl}"." Please choose with "openssl" or "polarssl")
|
|
+ AC_MSG_ERROR(unknown option "${with_ssl}"." Please choose with "openssl" or "mbedtls")
|
|
fi
|
|
], )
|
|
|
|
diff --git a/player.c b/player.c
|
|
index 97eccfb..da2d735 100644
|
|
--- a/player.c
|
|
+++ b/player.c
|
|
@@ -47,9 +47,9 @@
|
|
|
|
#include "config.h"
|
|
|
|
-#ifdef HAVE_LIBPOLARSSL
|
|
-#include <polarssl/aes.h>
|
|
-#include <polarssl/havege.h>
|
|
+#ifdef HAVE_LIBMBEDTLS
|
|
+#include <mbedtls/aes.h>
|
|
+#include <mbedtls/havege.h>
|
|
#endif
|
|
|
|
#ifdef HAVE_LIBSSL
|
|
@@ -82,8 +82,8 @@ static int max_frame_size_change = 1;
|
|
// maximal resampling shift - conservative
|
|
//#define OUTFRAME_BYTES(frame_size) (4 * (frame_size + 3))
|
|
|
|
-#ifdef HAVE_LIBPOLARSSL
|
|
-static aes_context dctx;
|
|
+#ifdef HAVE_LIBMBEDTLS
|
|
+static mbedtls_aes_context dctx;
|
|
#endif
|
|
|
|
//static pthread_t player_thread = NULL;
|
|
@@ -247,8 +247,8 @@ static int alac_decode(short *dest, int *destlen, uint8_t *buf, int len) {
|
|
unsigned char iv[16];
|
|
int aeslen = len & ~0xf;
|
|
memcpy(iv, aesiv, sizeof(iv));
|
|
-#ifdef HAVE_LIBPOLARSSL
|
|
- aes_crypt_cbc(&dctx, AES_DECRYPT, aeslen, iv, buf, packet);
|
|
+#ifdef HAVE_LIBMBEDTLS
|
|
+ mbedtls_aes_crypt_cbc(&dctx, MBEDTLS_AES_DECRYPT, aeslen, iv, buf, packet);
|
|
#endif
|
|
#ifdef HAVE_LIBSSL
|
|
AES_cbc_encrypt(buf, packet, aeslen, &aes, iv, AES_DECRYPT);
|
|
@@ -1685,9 +1685,9 @@ int player_play(stream_cfg *stream, pthread_t *player_thread) {
|
|
die("specified buffer starting fill %d > buffer size %d", config.buffer_start_fill,
|
|
BUFFER_FRAMES);
|
|
if (encrypted) {
|
|
-#ifdef HAVE_LIBPOLARSSL
|
|
- memset(&dctx, 0, sizeof(aes_context));
|
|
- aes_setkey_dec(&dctx, stream->aeskey, 128);
|
|
+#ifdef HAVE_LIBMBEDTLS
|
|
+ memset(&dctx, 0, sizeof(mbedtls_aes_context));
|
|
+ mbedtls_aes_setkey_dec(&dctx, stream->aeskey, 128);
|
|
#endif
|
|
|
|
#ifdef HAVE_LIBSSL
|
|
diff --git a/rtsp.c b/rtsp.c
|
|
index 38b0745..8003803 100644
|
|
--- a/rtsp.c
|
|
+++ b/rtsp.c
|
|
@@ -50,8 +50,8 @@
|
|
#include <openssl/md5.h>
|
|
#endif
|
|
|
|
-#ifdef HAVE_LIBPOLARSSL
|
|
-#include <polarssl/md5.h>
|
|
+#ifdef HAVE_LIBMBEDTLS
|
|
+#include <mbedtls/md5.h>
|
|
#endif
|
|
|
|
#include "common.h"
|
|
@@ -979,7 +979,7 @@ static void handle_set_parameter_parameter(rtsp_conn_info *conn,
|
|
// more significant changes make it not malloc memory
|
|
// needs to initialise the docoding table first
|
|
|
|
-// add _so to end of name to avoid confusion with polarssl's implementation
|
|
+// add _so to end of name to avoid confusion with SSL library implementation
|
|
|
|
static char encoding_table[] = {
|
|
'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
|
|
@@ -1651,21 +1651,21 @@ static int rtsp_auth(char **nonce, rtsp_message *req, rtsp_message *resp) {
|
|
MD5_Final(digest_mu, &ctx);
|
|
#endif
|
|
|
|
-#ifdef HAVE_LIBPOLARSSL
|
|
- md5_context tctx;
|
|
- md5_starts(&tctx);
|
|
- md5_update(&tctx, (const unsigned char *)username, strlen(username));
|
|
- md5_update(&tctx, (unsigned char *)":", 1);
|
|
- md5_update(&tctx, (const unsigned char *)realm, strlen(realm));
|
|
- md5_update(&tctx, (unsigned char *)":", 1);
|
|
- md5_update(&tctx, (const unsigned char *)config.password,
|
|
+#ifdef HAVE_LIBMBEDTLS
|
|
+ mbedtls_md5_context tctx;
|
|
+ mbedtls_md5_starts(&tctx);
|
|
+ mbedtls_md5_update(&tctx, (const unsigned char *)username, strlen(username));
|
|
+ mbedtls_md5_update(&tctx, (unsigned char *)":", 1);
|
|
+ mbedtls_md5_update(&tctx, (const unsigned char *)realm, strlen(realm));
|
|
+ mbedtls_md5_update(&tctx, (unsigned char *)":", 1);
|
|
+ mbedtls_md5_update(&tctx, (const unsigned char *)config.password,
|
|
strlen(config.password));
|
|
- md5_finish(&tctx, digest_urp);
|
|
- md5_starts(&tctx);
|
|
- md5_update(&tctx, (const unsigned char *)req->method, strlen(req->method));
|
|
- md5_update(&tctx, (unsigned char *)":", 1);
|
|
- md5_update(&tctx, (const unsigned char *)uri, strlen(uri));
|
|
- md5_finish(&tctx, digest_mu);
|
|
+ mbedtls_md5_finish(&tctx, digest_urp);
|
|
+ mbedtls_md5_starts(&tctx);
|
|
+ mbedtls_md5_update(&tctx, (const unsigned char *)req->method, strlen(req->method));
|
|
+ mbedtls_md5_update(&tctx, (unsigned char *)":", 1);
|
|
+ mbedtls_md5_update(&tctx, (const unsigned char *)uri, strlen(uri));
|
|
+ mbedtls_md5_finish(&tctx, digest_mu);
|
|
#endif
|
|
|
|
int i;
|
|
@@ -1685,16 +1685,16 @@ static int rtsp_auth(char **nonce, rtsp_message *req, rtsp_message *resp) {
|
|
MD5_Final(digest_total, &ctx);
|
|
#endif
|
|
|
|
-#ifdef HAVE_LIBPOLARSSL
|
|
- md5_starts(&tctx);
|
|
- md5_update(&tctx, buf, 32);
|
|
- md5_update(&tctx, (unsigned char *)":", 1);
|
|
- md5_update(&tctx, (const unsigned char *)*nonce, strlen(*nonce));
|
|
- md5_update(&tctx, (unsigned char *)":", 1);
|
|
+#ifdef HAVE_LIBMBEDTLS
|
|
+ mbedtls_md5_starts(&tctx);
|
|
+ mbedtls_md5_update(&tctx, buf, 32);
|
|
+ mbedtls_md5_update(&tctx, (unsigned char *)":", 1);
|
|
+ mbedtls_md5_update(&tctx, (const unsigned char *)*nonce, strlen(*nonce));
|
|
+ mbedtls_md5_update(&tctx, (unsigned char *)":", 1);
|
|
for (i = 0; i < 16; i++)
|
|
sprintf((char *)buf + 2 * i, "%02x", digest_mu[i]);
|
|
- md5_update(&tctx, buf, 32);
|
|
- md5_finish(&tctx, digest_total);
|
|
+ mbedtls_md5_update(&tctx, buf, 32);
|
|
+ mbedtls_md5_finish(&tctx, digest_total);
|
|
#endif
|
|
|
|
for (i = 0; i < 16; i++)
|
|
diff --git a/shairport.c b/shairport.c
|
|
index f725d60..2349447 100644
|
|
--- a/shairport.c
|
|
+++ b/shairport.c
|
|
@@ -42,8 +42,8 @@
|
|
|
|
#include "config.h"
|
|
|
|
-#ifdef HAVE_LIBPOLARSSL
|
|
-#include <polarssl/md5.h>
|
|
+#ifdef HAVE_LIBMBEDTLS
|
|
+#include <mbedtls/md5.h>
|
|
#endif
|
|
|
|
#ifdef HAVE_LIBSSL
|
|
@@ -109,8 +109,8 @@ char* get_version_string() {
|
|
char* version_string = malloc(200);
|
|
if (version_string) {
|
|
strcpy(version_string, PACKAGE_VERSION);
|
|
- #ifdef HAVE_LIBPOLARSSL
|
|
- strcat(version_string, "-PolarSSL");
|
|
+ #ifdef HAVE_LIBMBEDTLS
|
|
+ strcat(version_string, "-mbedTLS");
|
|
#endif
|
|
#ifdef HAVE_LIBSSL
|
|
strcat(version_string, "-OpenSSL");
|
|
@@ -1046,11 +1046,11 @@ int main(int argc, char **argv) {
|
|
MD5_Final(ap_md5, &ctx);
|
|
#endif
|
|
|
|
-#ifdef HAVE_LIBPOLARSSL
|
|
- md5_context tctx;
|
|
- md5_starts(&tctx);
|
|
- md5_update(&tctx, (unsigned char *)config.service_name, strlen(config.service_name));
|
|
- md5_finish(&tctx, ap_md5);
|
|
+#ifdef HAVE_LIBMBEDTLS
|
|
+ mbedtls_md5_context tctx;
|
|
+ mbedtls_md5_starts(&tctx);
|
|
+ mbedtls_md5_update(&tctx, (unsigned char *)config.service_name, strlen(config.service_name));
|
|
+ mbedtls_md5_finish(&tctx, ap_md5);
|
|
#endif
|
|
memcpy(config.hw_addr, ap_md5, sizeof(config.hw_addr));
|
|
#ifdef CONFIG_METADATA
|