Merge pull request #3176 from zeha/nombed

Allow building with OpenSSL in place of mbedtls

.travis.yml

@@ -154,6 +154,7 @@ script:
   - CFLAGS='-O1' CXXFLAGS='-O1' ./configure
     --with-dynmodules='bind gmysql geoip gpgsql gsqlite3 ldap lua mydns opendbx pipe random remote tinydns'
     --with-modules=''
+    --without-mbedtls
     --with-sqlite3
     --enable-libsodium
     --enable-experimental-pkcs11

build-scripts/dist-recursor

@@ -31,7 +31,7 @@ INCLUDES="iputils.hh arguments.hh base64.hh zoneparser-tng.hh \
 rcpgenerator.hh lock.hh dnswriter.hh  dnsrecords.hh dnsparser.hh utility.hh \
 recursor_cache.hh rec_channel.hh qtype.hh misc.hh dns.hh syncres.hh \
 sstuff.hh mtasker.hh mtasker.cc lwres.hh logger.hh pdnsexception.hh \
-mplexer.hh pubsuffix.hh mbedtlscompat.hh \
+mplexer.hh pubsuffix.hh opensslsigners.hh \
 dns_random.hh lua-recursor4.hh namespaces.hh \
 recpacketcache.hh base32.hh cachecleaner.hh json.hh version.hh \
 ws-recursor.hh ws-api.hh secpoll-recursor.hh \
@@ -50,7 +50,7 @@ devpollmplexer.cc recpacketcache.cc dns.cc reczones.cc base32.cc nsecrecords.cc
 dnslabeltext.cc json.cc ws-recursor.cc ws-api.cc version.cc dns_random.cc \
 responsestats.cc webserver.cc rec-carbon.cc secpoll-recursor.cc dnsname.cc \
 filterpo.cc rpzloader.cc ixfr.cc dnssecinfra.cc gss_context.cc resolver.cc \
-ednssubnet.cc validate.cc validate-recursor.cc mbedtlssigners.cc rec-lua-conf.cc \
+ednssubnet.cc validate.cc validate-recursor.cc opensslsigners.cc rec-lua-conf.cc \
 sortlist.cc"
 
 curl https://publicsuffix.org/list/public_suffix_list.dat > effective_tld_names.dat
@@ -68,16 +68,9 @@ cat >>$DIRNAME/config.h <<EOF
 #define VERSION "$VERSION"
 #define DIST_HOST "$DIST_HOST"
 #define HAVE_BOOST 1
-#define HAVE_MBEDTLS2 1
+#define HAVE_OPENSSL 1
 EOF
-mkdir -p $DIRNAME/ext/mbedtls/include/mbedtls
-cp -a ../ext/mbedtls/include/mbedtls/{config.h,check_config.h,aes.h,ripemd160.h,sha1.h,md.h,md5.h,sha256.h,sha512.h,ecp.h,ecdsa.h,md_internal.h} ../ext/mbedtls/include/mbedtls/base64.h ../ext/mbedtls/include/mbedtls/platform.h ../ext/mbedtls/include/mbedtls/version.h $DIRNAME/ext/mbedtls/include/mbedtls
-cp -a ../ext/mbedtls/include/mbedtls/{entropy.h,ctr_drbg.h,hmac_drbg.h,rsa.h,ecp.h,bignum.h,oid.h,asn1.h,asn1write.h,pk.h,ecdsa.h,cipher.h,x509.h} $DIRNAME/ext/mbedtls/include/mbedtls
-cp -a ../ext/mbedtls/include/mbedtls/{bn_mul.h,config.h,entropy_poll.h,timing.h} $DIRNAME/ext/mbedtls/include/mbedtls
-
-mkdir -p $DIRNAME/ext/mbedtls/library
-cp -a ../ext/mbedtls/library/{aes.c,base64.c,md.c,md_wrap.c,md5.c,sha1.c,sha256.c,sha512.c,ripemd160.c} $DIRNAME/ext/mbedtls/library
-cp -a ../ext/mbedtls/library/{rsa.c,bignum.c,oid.c,asn1parse.c,ctr_drbg.c,entropy.c,entropy_poll.c,timing.c,ecp.c,ecdsa.c,ecp_curves.c,hmac_drbg.c,asn1write.c} $DIRNAME/ext/mbedtls/library
+mkdir -p $DIRNAME/ext
 
 cp -a ../ext/yahttp/ $DIRNAME/ext/yahttp
 cp -a ../ext/json11/ $DIRNAME/ext/json11

m4/pdns_with_system_mbedtls.m4

@@ -1,63 +1,88 @@
 AC_DEFUN([PDNS_WITH_SYSTEM_MBEDTLS],[
+  AC_ARG_WITH([mbedtls],
+    [AS_HELP_STRING([--with-mbedtls], [use mbed TLS @<:@default=yes@:>@])]
+  )
   AC_ARG_WITH([system-mbedtls],
-    [AS_HELP_STRING([--with-system-mbedtls], [use system mbedt TLS @<:@default=no@:>@])],
+    [AS_HELP_STRING([--with-system-mbedtls], [use system mbed TLS @<:@default=no@:>@])],
     [],
     [with_system_mbedtls=no],
   )
 
-  MBEDTLS_SUBDIR=mbedtls
-  MBEDTLS_CFLAGS=-I\$\(top_srcdir\)/ext/$MBEDTLS_SUBDIR/include/
-  MBEDTLS_LIBS="-L\$(top_builddir)/ext/$MBEDTLS_SUBDIR/library/ -lmbedtls"
-
-  AS_IF([test "x$with_system_mbedtls" = "xyes"],[
-    OLD_LIBS=$LIBS
-    LIBS=""
-    AC_SEARCH_LIBS([mbedtls_sha1], [mbedcrypto],[
-      MBEDTLS_LIBS=$LIBS
-      have_system_mbedtls=yes
-      have_mbedtls_v2=yes
-    ],[
-      have_mbedtls_v2=no
-      AC_SEARCH_LIBS([sha1_hmac], [mbedtls polarssl],[
+  AC_MSG_CHECKING([if we should build with mbedtls])
+  AS_IF([test "x$with_mbedtls" != "xno"],[
+    AC_MSG_RESULT([yes])
+    have_mbedtls=yes
+    MBEDTLS_SUBDIR=mbedtls
+    MBEDTLS_CFLAGS=-I\$\(top_srcdir\)/ext/$MBEDTLS_SUBDIR/include/
+    MBEDTLS_LIBS="-L\$(top_builddir)/ext/$MBEDTLS_SUBDIR/library/ -lmbedtls"
+    AS_IF([test "x$with_system_mbedtls" = "xyes"],[
+      OLD_LIBS=$LIBS
+      LIBS=""
+      AC_SEARCH_LIBS([mbedtls_sha1], [mbedcrypto],[
         MBEDTLS_LIBS=$LIBS
-        AC_MSG_CHECKING([for mbed TLS/PolarSSL version >= 1.3.0])
-        AC_COMPILE_IFELSE([
-          AC_LANG_PROGRAM(
-            [[#include <polarssl/version.h>]],
-            [[
-              #if POLARSSL_VERSION_NUMBER < 0x01030000
-              #error invalid version
-              #endif
-            ]]
-          )],
-          [have_system_mbedtls=yes],
+        have_system_mbedtls=yes
+        have_mbedtls_v2=yes
+      ],[
+        have_mbedtls_v2=no
+        AC_SEARCH_LIBS([sha1_hmac], [mbedtls polarssl],[
+          MBEDTLS_LIBS=$LIBS
+          AC_MSG_CHECKING([for mbed TLS/PolarSSL version >= 1.3.0])
+          AC_COMPILE_IFELSE([
+            AC_LANG_PROGRAM(
+              [[#include <polarssl/version.h>]],
+              [[
+                #if POLARSSL_VERSION_NUMBER < 0x01030000
+                #error invalid version
+                #endif
+              ]]
+            )],
+            [have_system_mbedtls=yes],
+            [have_system_mbedtls=no]
+          )
+          AC_MSG_RESULT([$have_system_mbedtls])
+          ],
           [have_system_mbedtls=no]
         )
-        AC_MSG_RESULT([$have_system_mbedtls])
-        ],
-        [have_system_mbedtls=no]
-      )
+      ])
+      LIBS=$OLD_LIBS
+    ],[
+      have_system_mbedtls=no
+      have_mbedtls_v2=yes
+    ])
+
+    AS_IF([test "x$have_system_mbedtls" = "xyes"],[
+      MBEDTLS_CFLAGS=
+      MBEDTLS_SUBDIR=
+      AC_DEFINE([MBEDTLS_SYSTEM], [1], [Defined if system mbed TLS is used])
+    ],[
+      AS_IF([test "x$with_system_mbedtls" = "xyes"],[
+        AC_MSG_ERROR([use of system mbed TLS requested but not found])
+      ])
     ])
-    LIBS=$OLD_LIBS
   ],[
+    AC_MSG_RESULT([no])
     have_system_mbedtls=no
-    have_mbedtls_v2=yes
-  ])
-
-  AS_IF([test "x$have_system_mbedtls" = "xyes"],[
-    MBEDTLS_CFLAGS=
+    have_mbedtls_v2=no
+    have_mbedtls=no
     MBEDTLS_SUBDIR=
-    AC_DEFINE([MBEDTLS_SYSTEM], [1], [Defined if system mbed TLS is used])
-  ],[
+    MBEDTLS_CFLAGS=
+    MBEDTLS_LIBS=
     AS_IF([test "x$with_system_mbedtls" = "xyes"],[
-      AC_MSG_ERROR([use of system mbedtls requested but not found])]
-    )]
-  )
+      AC_MSG_ERROR([use of system mbed TLS requested but mbed TLS disabled])
+    ])
+  ])
 
   AS_IF([test "x$have_mbedtls_v2" = "xyes"],[
     AC_DEFINE([HAVE_MBEDTLS2], [1], [Defined if mbed TLS version 2.x.x is used])
   ])
 
+  AS_IF([test "x$have_mbedtls" = "xyes"],[
+    AC_DEFINE([HAVE_MBEDTLS], [1], [Defined if mbed TLS is used])
+	AM_CONDITIONAL([MBEDTLS], [true])
+  ],[
+	AM_CONDITIONAL([MBEDTLS], [false])
+  ])
+
   AC_SUBST(MBEDTLS_CFLAGS)
   AC_SUBST(MBEDTLS_LIBS)
   AC_SUBST(MBEDTLS_SUBDIR)

modules/remotebackend/Makefile.am

@@ -2,6 +2,7 @@ AM_CPPFLAGS += \
 	-I$(top_srcdir)/ext/rapidjson/include \
 	$(YAHTTP_CFLAGS) \
 	$(MBEDTLS_CFLAGS) \
+	$(OPENSSL_CFLAGS) \
 	$(LIBZMQ_CFLAGS)
 
 AM_LDFLAGS = $(THREADFLAGS)
@@ -129,6 +130,7 @@ libtestremotebackend_la_CPPFLAGS = $(AM_CPPFLAGS)
 libtestremotebackend_la_LIBADD = \
 	$(YAHTTP_LIBS) \
 	$(MBEDTLS_LIBS) \
+	$(OPENSSL_LIBS) \
 	$(BOOST_UNIT_TEST_FRAMEWORK_LIBS) \
 	$(BOOST_SERIALIZATION_LIBS) \
 	$(BOOST_PROGRAM_OPTIONS_LIBS) \

pdns/Makefile-recursor

@@ -4,8 +4,8 @@ BINDIR=/usr/bin/
 SYSCONFDIR=/etc/powerdns/
 LOCALSTATEDIR=/var/run/
 OPTFLAGS?=-O3
-CXXFLAGS:= $(CXXFLAGS) -I$(CURDIR)/ext/mbedtls/include -I$(CURDIR)/ext/json11 -Wall @CF_PIE@ @CF_FORTIFY@ @CF_STACK@ $(OPTFLAGS) $(PROFILEFLAGS) $(ARCHFLAGS) -pthread -Iext/yahttp -DHAVE_CONFIG_H
-CFLAGS:=$(CFLAGS) -Wall $(OPTFLAGS) @CF_PIE@ @CF_FORTIFY@ @CF_STACK@ $(PROFILEFLAGS) $(ARCHFLAGS) -I$(CURDIR)/ext/mbedtls/include -pthread -DHAVE_CONFIG_H
+CXXFLAGS:= $(CXXFLAGS) -I$(CURDIR)/ext/json11 -Wall @CF_PIE@ @CF_FORTIFY@ @CF_STACK@ $(OPTFLAGS) $(PROFILEFLAGS) $(ARCHFLAGS) -pthread -Iext/yahttp -DHAVE_CONFIG_H
+CFLAGS:=$(CFLAGS) -Wall $(OPTFLAGS) @CF_PIE@ @CF_FORTIFY@ @CF_STACK@ $(PROFILEFLAGS) $(ARCHFLAGS) -pthread -DHAVE_CONFIG_H
 LDFLAGS:=$(LDFLAGS) $(ARCHFLAGS) -pthread @LD_RELRO@ @CF_STACK@ @LD_PIE@
 STRIP_BINARIES?=1
 
@@ -20,22 +20,14 @@ PDNS_RECURSOR_OBJECTS=syncres.o misc.o unix_utility.o qtype.o logger.o \
 arguments.o lwres.o pdns_recursor.o recursor_cache.o dnsparser.o \
 dnswriter.o dnsrecords.o rcpgenerator.o base64.o zoneparser-tng.o \
 rec_channel.o rec_channel_rec.o selectmplexer.o sillyrecords.o \
-dns_random.o pubsuffix.o ext/mbedtls/library/aes.o ext/mbedtls/library/base64.o dnslabeltext.o \
-ext/mbedtls/library/md5.o ext/mbedtls/library/sha1.o ext/mbedtls/library/sha256.o  \
-ext/mbedtls/library/sha512.o ext/mbedtls/library/md.o ext/mbedtls/library/md_wrap.o \
-ext/mbedtls/library/ripemd160.o ext/mbedtls/library/rsa.o \
-ext/mbedtls/library/ecdsa.o ext/mbedtls/library/ecp.o ext/mbedtls/library/ecp_curves.o \
-ext/mbedtls/library/hmac_drbg.o ext/mbedtls/library/asn1write.o \
-ext/mbedtls/library/bignum.o ext/mbedtls/library/oid.o ext/mbedtls/library/asn1parse.o  \
-ext/mbedtls/library/ctr_drbg.o ext/mbedtls/library/entropy.o ext/mbedtls/library/entropy_poll.o\
-ext/mbedtls/library/timing.o \
+dns_random.o pubsuffix.o dnslabeltext.o \
 ext/json11/json11.o \
 lua-recursor4.o randomhelper.o recpacketcache.o dns.o \
 reczones.o base32.o nsecrecords.o json.o ws-recursor.o ws-api.o \
 version.o responsestats.o webserver.o ext/yahttp/yahttp/reqresp.o ext/yahttp/yahttp/router.o \
 rec-carbon.o secpoll-recursor.o iputils.o dnsname.o \
 rpzloader.o filterpo.o resolver.o ixfr.o dnssecinfra.o gss_context.o \
-ednssubnet.o validate.o validate-recursor.o mbedtlssigners.o \
+ednssubnet.o validate.o validate-recursor.o opensslsigners.o \
 rec-lua-conf.o sortlist.o
 
 REC_CONTROL_OBJECTS=rec_channel.o rec_control.o arguments.o misc.o \
@@ -74,6 +66,7 @@ endif
 
 
 LDFLAGS += $(PROFILEFLAGS) $(STATICFLAGS)
+LDFLAGS += -lcrypto
 
 CXXFLAGS += -DSYSCONFDIR='"$(SYSCONFDIR)"' -DLOCALSTATEDIR='"$(LOCALSTATEDIR)"'
 CFLAGS += -DSYSCONFDIR='"$(SYSCONFDIR)"' -DLOCALSTATEDIR='"$(LOCALSTATEDIR)"'