1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
From 120c5817c0fb89aeb1641d86322e5168ceaa08cc Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Fri, 19 Jul 2024 11:26:39 -0400
Subject: [PATCH] build with mbedtls 3.x
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
---
src/cups.c | 15 +++++++++------
src/tls.c | 8 ++++++--
src/tls.h | 6 +++++-
3 files changed, 20 insertions(+), 9 deletions(-)
--- a/src/cups.c
+++ b/src/cups.c
@@ -38,6 +38,9 @@
#include "mbedtls/sha512.h"
#include "mbedtls/bignum.h"
+#ifndef MBEDTLS_PRIVATE
+#define MBEDTLS_PRIVATE(x) x
+#endif
#define FAIL_CNT_THRES 6
#define SIGCRC_LEN 4
@@ -72,12 +75,12 @@ static int cups_verifySig (cups_sig_t* s
mbedtls_ecdsa_context ecdsa;
mbedtls_ecdsa_init(&ecdsa);
int ret;
- if ((ret = mbedtls_ecp_group_load (&k.grp, MBEDTLS_ECP_DP_SECP256R1) ) ||
- (ret = mbedtls_mpi_read_binary (&k.Q.X, (u1_t*)key.buf, 32) ) ||
- (ret = mbedtls_mpi_read_binary (&k.Q.Y, (u1_t*)key.buf+32, 32) ) ||
- (ret = mbedtls_mpi_lset (&k.Q.Z, 1) ) ||
- (ret = mbedtls_ecp_check_pubkey (&k.grp, &k.Q) ) ||
- (ret = mbedtls_ecdsa_from_keypair (&ecdsa, &k) ) ||
+ if ((ret = mbedtls_ecp_group_load (&k.MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_SECP256R1) ) ||
+ (ret = mbedtls_mpi_read_binary (&k.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), (u1_t*)key.buf, 32) ) ||
+ (ret = mbedtls_mpi_read_binary (&k.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), (u1_t*)key.buf+32, 32) ) ||
+ (ret = mbedtls_mpi_lset (&k.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 1) ) ||
+ (ret = mbedtls_ecp_check_pubkey (&k.MBEDTLS_PRIVATE(grp), &k.MBEDTLS_PRIVATE(Q)) ) ||
+ (ret = mbedtls_ecdsa_from_keypair (&ecdsa, &k) ) ||
(ret = mbedtls_ecdsa_read_signature (&ecdsa, sig->hash, sizeof(sig->hash), sig->signature, sig->len ))
) {
verified = 0;
--- a/src/tls.c
+++ b/src/tls.c
@@ -28,7 +28,6 @@
#include "mbedtls/net_sockets.h"
#include "mbedtls/ssl.h"
-#include "mbedtls/certs.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/error.h"
@@ -230,7 +229,12 @@ int tls_setMyCert (tlsconf_t* conf, cons
keyb = (u1_t*)dbuf.buf;
keyl = dbuf.bufsize+1;
}
- if( (ret = mbedtls_pk_parse_key(mykey, keyb, keyl, (const u1_t*)pwd, pwd?strlen(pwd):0)) != 0 ) {
+ ret = mbedtls_pk_parse_key(mykey, keyb, keyl, (const u1_t*)pwd, pwd?strlen(pwd):0
+#if MBEDTLS_VERSION_NUMBER >= 0x03000000 /* mbedtls 3.0.0 */
+ , mbedtls_ctr_drbg_random, assertDBRG()
+#endif
+ );
+ if( ret != 0 ) {
log_mbedError(ERROR, ret, "Parsing key");
goto errexit;
}
--- a/src/tls.h
+++ b/src/tls.h
@@ -30,7 +30,11 @@
#define _tls_h_
#include "mbedtls/ssl.h"
-#include "mbedtls/net.h"
+#if MBEDTLS_VERSION_NUMBER < 0x02040000L
+#include <mbedtls/net.h>
+#else
+#include "mbedtls/net_sockets.h"
+#endif
typedef struct tlsconf tlsconf_t;
typedef struct mbedtls_ssl_context* tlsctx_p;
|
