diff --git a/m4/mbedtls.m4 b/m4/mbedtls.m4 index 2c478b960..a795790ca 100644 --- a/m4/mbedtls.m4 +++ b/m4/mbedtls.m4 @@ -31,7 +31,12 @@ AC_DEFUN([ss_MBEDTLS], AC_COMPILE_IFELSE( [AC_LANG_PROGRAM( [[ +#include +#if MBEDTLS_VERSION_NUMBER >= 0x03000000 +#include +#else #include +#endif ]], [[ #ifndef MBEDTLS_CIPHER_MODE_CFB @@ -48,7 +53,12 @@ AC_DEFUN([ss_MBEDTLS], AC_COMPILE_IFELSE( [AC_LANG_PROGRAM( [[ +#include +#if MBEDTLS_VERSION_NUMBER >= 0x03000000 +#include +#else #include +#endif ]], [[ #ifndef MBEDTLS_ARC4_C @@ -64,7 +74,12 @@ AC_DEFUN([ss_MBEDTLS], AC_COMPILE_IFELSE( [AC_LANG_PROGRAM( [[ +#include +#if MBEDTLS_VERSION_NUMBER >= 0x03000000 +#include +#else #include +#endif ]], [[ #ifndef MBEDTLS_BLOWFISH_C @@ -80,7 +95,12 @@ AC_DEFUN([ss_MBEDTLS], AC_COMPILE_IFELSE( [AC_LANG_PROGRAM( [[ +#include +#if MBEDTLS_VERSION_NUMBER >= 0x03000000 +#include +#else #include +#endif ]], [[ #ifndef MBEDTLS_CAMELLIA_C diff --git a/src/aead.c b/src/aead.c index 358ec9381..73349da64 100644 --- a/src/aead.c +++ b/src/aead.c @@ -177,9 +177,13 @@ aead_cipher_encrypt(cipher_ctx_t *cipher_ctx, // Otherwise, just use the mbedTLS one with crappy AES-NI. case AES192GCM: case AES128GCM: - +#if MBEDTLS_VERSION_NUMBER < 0x03000000 err = mbedtls_cipher_auth_encrypt(cipher_ctx->evp, n, nlen, ad, adlen, m, mlen, c, clen, c + mlen, tlen); +#else + err = mbedtls_cipher_auth_encrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen, + m, mlen, c, mlen + tlen, clen, tlen); +#endif *clen += tlen; break; case CHACHA20POLY1305IETF: @@ -226,8 +230,13 @@ aead_cipher_decrypt(cipher_ctx_t *cipher_ctx, // Otherwise, just use the mbedTLS one with crappy AES-NI. case AES192GCM: case AES128GCM: +#if MBEDTLS_VERSION_NUMBER < 0x03000000 err = mbedtls_cipher_auth_decrypt(cipher_ctx->evp, n, nlen, ad, adlen, m, mlen - tlen, p, plen, m + mlen - tlen, tlen); +#else + err = mbedtls_cipher_auth_decrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen, + m, mlen, p, mlen - tlen, plen, tlen); +#endif break; case CHACHA20POLY1305IETF: err = crypto_aead_chacha20poly1305_ietf_decrypt(p, &long_plen, NULL, m, mlen, @@ -721,17 +730,7 @@ aead_key_init(int method, const char *pass, const char *key) cipher_t *cipher = (cipher_t *)ss_malloc(sizeof(cipher_t)); memset(cipher, 0, sizeof(cipher_t)); - if (method >= CHACHA20POLY1305IETF) { - cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t)); - cipher->info = cipher_info; - cipher->info->base = NULL; - cipher->info->key_bitlen = supported_aead_ciphers_key_size[method] * 8; - cipher->info->iv_size = supported_aead_ciphers_nonce_size[method]; - } else { - cipher->info = (cipher_kt_t *)aead_get_cipher_type(method); - } - - if (cipher->info == NULL && cipher->key_len == 0) { + if (method < CHACHA20POLY1305IETF && aead_get_cipher_type(method) == NULL) { LOGE("Cipher %s not found in crypto library", supported_aead_ciphers[method]); FATAL("Cannot initialize cipher"); } diff --git a/src/crypto.c b/src/crypto.c index b44d8674c..76c426b53 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -103,7 +103,7 @@ crypto_md5(const unsigned char *d, size_t n, unsigned char *md) if (md == NULL) { md = m; } -#if MBEDTLS_VERSION_NUMBER >= 0x02070000 +#if MBEDTLS_VERSION_NUMBER < 0x03000000 && MBEDTLS_VERSION_NUMBER >= 0x02070000 if (mbedtls_md5_ret(d, n, md) != 0) FATAL("Failed to calculate MD5"); #else diff --git a/src/crypto.h b/src/crypto.h index 1791551ff..70707932b 100644 --- a/src/crypto.h +++ b/src/crypto.h @@ -97,7 +97,6 @@ typedef struct buffer { typedef struct { int method; int skey; - cipher_kt_t *info; size_t nonce_len; size_t key_len; size_t tag_len; diff --git a/src/stream.c b/src/stream.c index 35d9050b3..b2e2cea82 100644 --- a/src/stream.c +++ b/src/stream.c @@ -168,33 +168,6 @@ crypto_stream_xor_ic(uint8_t *c, const uint8_t *m, uint64_t mlen, return 0; } -int -cipher_nonce_size(const cipher_t *cipher) -{ - if (cipher == NULL) { - return 0; - } - return cipher->info->iv_size; -} - -int -cipher_key_size(const cipher_t *cipher) -{ - /* - * Semi-API changes (technically public, morally prnonceate) - * Renamed a few headers to include _internal in the name. Those headers are - * not supposed to be included by users. - * Changed md_info_t into an opaque structure (use md_get_xxx() accessors). - * Changed pk_info_t into an opaque structure. - * Changed cipher_base_t into an opaque structure. - */ - if (cipher == NULL) { - return 0; - } - /* From Version 1.2.7 released 2013-04-13 Default Blowfish keysize is now 128-bits */ - return cipher->info->key_bitlen / 8; -} - const cipher_kt_t * stream_get_cipher_type(int method) { @@ -642,34 +615,22 @@ stream_key_init(int method, const char *pass, const char *key) cipher_t *cipher = (cipher_t *)ss_malloc(sizeof(cipher_t)); memset(cipher, 0, sizeof(cipher_t)); - if (method == SALSA20 || method == CHACHA20 || method == CHACHA20IETF) { - cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t)); - cipher->info = cipher_info; - cipher->info->base = NULL; - cipher->info->key_bitlen = supported_stream_ciphers_key_size[method] * 8; - cipher->info->iv_size = supported_stream_ciphers_nonce_size[method]; - } else { - cipher->info = (cipher_kt_t *)stream_get_cipher_type(method); - } - - if (cipher->info == NULL && cipher->key_len == 0) { + if (method < SALSA20 && stream_get_cipher_type(method) == NULL) { LOGE("Cipher %s not found in crypto library", supported_stream_ciphers[method]); FATAL("Cannot initialize cipher"); } if (key != NULL) - cipher->key_len = crypto_parse_key(key, cipher->key, cipher_key_size(cipher)); + cipher->key_len = crypto_parse_key(key, cipher->key, + supported_stream_ciphers_key_size[method]); else - cipher->key_len = crypto_derive_key(pass, cipher->key, cipher_key_size(cipher)); + cipher->key_len = crypto_derive_key(pass, cipher->key, + supported_stream_ciphers_key_size[method]); if (cipher->key_len == 0) { FATAL("Cannot generate key and NONCE"); } - if (method == RC4_MD5) { - cipher->nonce_len = 16; - } else { - cipher->nonce_len = cipher_nonce_size(cipher); - } + cipher->nonce_len = supported_stream_ciphers_nonce_size[method]; cipher->method = method; return cipher;