Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix build with mbedtls3.6 #2999

Merged
merged 1 commit into from
Jan 20, 2025
Merged

Fix build with mbedtls3.6 #2999

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions m4/mbedtls.m4
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,12 @@ AC_DEFUN([ss_MBEDTLS],
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[
#include <mbedtls/version.h>
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
#include <mbedtls/mbedtls_config.h>
#else
#include <mbedtls/config.h>
#endif
]],
[[
#ifndef MBEDTLS_CIPHER_MODE_CFB
Expand All @@ -48,7 +53,12 @@ AC_DEFUN([ss_MBEDTLS],
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[
#include <mbedtls/version.h>
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
#include <mbedtls/mbedtls_config.h>
#else
#include <mbedtls/config.h>
#endif
]],
[[
#ifndef MBEDTLS_ARC4_C
Expand All @@ -64,7 +74,12 @@ AC_DEFUN([ss_MBEDTLS],
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[
#include <mbedtls/version.h>
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
#include <mbedtls/mbedtls_config.h>
#else
#include <mbedtls/config.h>
#endif
]],
[[
#ifndef MBEDTLS_BLOWFISH_C
Expand All @@ -80,7 +95,12 @@ AC_DEFUN([ss_MBEDTLS],
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[
#include <mbedtls/version.h>
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
#include <mbedtls/mbedtls_config.h>
#else
#include <mbedtls/config.h>
#endif
]],
[[
#ifndef MBEDTLS_CAMELLIA_C
Expand Down
23 changes: 11 additions & 12 deletions src/aead.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -177,9 +177,13 @@ aead_cipher_encrypt(cipher_ctx_t *cipher_ctx,
// Otherwise, just use the mbedTLS one with crappy AES-NI.
case AES192GCM:
case AES128GCM:

#if MBEDTLS_VERSION_NUMBER < 0x03000000
err = mbedtls_cipher_auth_encrypt(cipher_ctx->evp, n, nlen, ad, adlen,
m, mlen, c, clen, c + mlen, tlen);
#else
err = mbedtls_cipher_auth_encrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
m, mlen, c, mlen + tlen, clen, tlen);
#endif
*clen += tlen;
break;
case CHACHA20POLY1305IETF:
Expand Down Expand Up @@ -226,8 +230,13 @@ aead_cipher_decrypt(cipher_ctx_t *cipher_ctx,
// Otherwise, just use the mbedTLS one with crappy AES-NI.
case AES192GCM:
case AES128GCM:
#if MBEDTLS_VERSION_NUMBER < 0x03000000
err = mbedtls_cipher_auth_decrypt(cipher_ctx->evp, n, nlen, ad, adlen,
m, mlen - tlen, p, plen, m + mlen - tlen, tlen);
#else
err = mbedtls_cipher_auth_decrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
m, mlen, p, mlen - tlen, plen, tlen);
#endif
break;
case CHACHA20POLY1305IETF:
err = crypto_aead_chacha20poly1305_ietf_decrypt(p, &long_plen, NULL, m, mlen,
Expand Down Expand Up @@ -721,17 +730,7 @@ aead_key_init(int method, const char *pass, const char *key)
cipher_t *cipher = (cipher_t *)ss_malloc(sizeof(cipher_t));
memset(cipher, 0, sizeof(cipher_t));

if (method >= CHACHA20POLY1305IETF) {
cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
cipher->info = cipher_info;
cipher->info->base = NULL;
cipher->info->key_bitlen = supported_aead_ciphers_key_size[method] * 8;
cipher->info->iv_size = supported_aead_ciphers_nonce_size[method];
} else {
cipher->info = (cipher_kt_t *)aead_get_cipher_type(method);
}

if (cipher->info == NULL && cipher->key_len == 0) {
if (method < CHACHA20POLY1305IETF && aead_get_cipher_type(method) == NULL) {
LOGE("Cipher %s not found in crypto library", supported_aead_ciphers[method]);
FATAL("Cannot initialize cipher");
}
Expand Down
2 changes: 1 addition & 1 deletion src/crypto.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ crypto_md5(const unsigned char *d, size_t n, unsigned char *md)
if (md == NULL) {
md = m;
}
#if MBEDTLS_VERSION_NUMBER >= 0x02070000
#if MBEDTLS_VERSION_NUMBER < 0x03000000 && MBEDTLS_VERSION_NUMBER >= 0x02070000
if (mbedtls_md5_ret(d, n, md) != 0)
FATAL("Failed to calculate MD5");
#else
Expand Down
1 change: 0 additions & 1 deletion src/crypto.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,6 @@ typedef struct buffer {
typedef struct {
int method;
int skey;
cipher_kt_t *info;
size_t nonce_len;
size_t key_len;
size_t tag_len;
Expand Down
51 changes: 6 additions & 45 deletions src/stream.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -168,33 +168,6 @@ crypto_stream_xor_ic(uint8_t *c, const uint8_t *m, uint64_t mlen,
return 0;
}

int
cipher_nonce_size(const cipher_t *cipher)
{
if (cipher == NULL) {
return 0;
}
return cipher->info->iv_size;
}

int
cipher_key_size(const cipher_t *cipher)
{
/*
* Semi-API changes (technically public, morally prnonceate)
* Renamed a few headers to include _internal in the name. Those headers are
* not supposed to be included by users.
* Changed md_info_t into an opaque structure (use md_get_xxx() accessors).
* Changed pk_info_t into an opaque structure.
* Changed cipher_base_t into an opaque structure.
*/
if (cipher == NULL) {
return 0;
}
/* From Version 1.2.7 released 2013-04-13 Default Blowfish keysize is now 128-bits */
return cipher->info->key_bitlen / 8;
}

const cipher_kt_t *
stream_get_cipher_type(int method)
{
Expand Down Expand Up @@ -642,34 +615,22 @@ stream_key_init(int method, const char *pass, const char *key)
cipher_t *cipher = (cipher_t *)ss_malloc(sizeof(cipher_t));
memset(cipher, 0, sizeof(cipher_t));

if (method == SALSA20 || method == CHACHA20 || method == CHACHA20IETF) {
cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
cipher->info = cipher_info;
cipher->info->base = NULL;
cipher->info->key_bitlen = supported_stream_ciphers_key_size[method] * 8;
cipher->info->iv_size = supported_stream_ciphers_nonce_size[method];
} else {
cipher->info = (cipher_kt_t *)stream_get_cipher_type(method);
}

if (cipher->info == NULL && cipher->key_len == 0) {
if (method < SALSA20 && stream_get_cipher_type(method) == NULL) {
LOGE("Cipher %s not found in crypto library", supported_stream_ciphers[method]);
FATAL("Cannot initialize cipher");
}

if (key != NULL)
cipher->key_len = crypto_parse_key(key, cipher->key, cipher_key_size(cipher));
cipher->key_len = crypto_parse_key(key, cipher->key,
supported_stream_ciphers_key_size[method]);
else
cipher->key_len = crypto_derive_key(pass, cipher->key, cipher_key_size(cipher));
cipher->key_len = crypto_derive_key(pass, cipher->key,
supported_stream_ciphers_key_size[method]);

if (cipher->key_len == 0) {
FATAL("Cannot generate key and NONCE");
}
if (method == RC4_MD5) {
cipher->nonce_len = 16;
} else {
cipher->nonce_len = cipher_nonce_size(cipher);
}
cipher->nonce_len = supported_stream_ciphers_nonce_size[method];
cipher->method = method;

return cipher;
Expand Down