mirror of
https://github.com/warmcat/libwebsockets.git
synced 2025-03-09 00:00:04 +01:00
mbedtls: support old 2.2-era version from xenial
This commit is contained in:
Andy Green
parent
47ea968e16
commit
2a7a92f4d5
5 changed files with 35 additions and 1 deletions
|
|
@ -2222,7 +2222,9 @@ if (LWS_WITH_MBEDTLS)
|
|||
CHECK_FUNCTION_EXISTS(mbedtls_ssl_set_hs_own_cert LWS_HAVE_mbedtls_ssl_set_hs_own_cert)
|
||||
CHECK_FUNCTION_EXISTS(mbedtls_ssl_set_hs_authmode LWS_HAVE_mbedtls_ssl_set_hs_authmode)
|
||||
CHECK_FUNCTION_EXISTS(mbedtls_net_init LWS_HAVE_mbedtls_net_init)
|
||||
|
||||
CHECK_FUNCTION_EXISTS(mbedtls_md_setup LWS_HAVE_mbedtls_md_setup) # not on xenial 2.2
|
||||
CHECK_FUNCTION_EXISTS(mbedtls_rsa_complete LWS_HAVE_mbedtls_rsa_complete) # not on xenial 2.2
|
||||
CHECK_FUNCTION_EXISTS(mbedtls_internal_aes_encrypt LWS_HAVE_mbedtls_internal_aes_encrypt) # not on xenial 2.2
|
||||
else()
|
||||
CHECK_FUNCTION_EXISTS(${VARIA}TLS_client_method LWS_HAVE_TLS_CLIENT_METHOD)
|
||||
CHECK_FUNCTION_EXISTS(${VARIA}TLSv1_2_client_method LWS_HAVE_TLSV1_2_CLIENT_METHOD)
|
||||
|
|
|
|||
|
|
@ -46,7 +46,10 @@
|
|||
#cmakedefine LWS_HAVE_MALLOC_H
|
||||
#cmakedefine LWS_HAVE_MALLOC_TRIM
|
||||
#cmakedefine LWS_HAVE_MALLOC_USABLE_SIZE
|
||||
#cmakedefine LWS_HAVE_mbedtls_md_setup
|
||||
#cmakedefine LWS_HAVE_mbedtls_net_init
|
||||
#cmakedefine LWS_HAVE_mbedtls_rsa_complete
|
||||
#cmakedefine LWS_HAVE_mbedtls_internal_aes_encrypt
|
||||
#cmakedefine LWS_HAVE_mbedtls_ssl_conf_alpn_protocols
|
||||
#cmakedefine LWS_HAVE_mbedtls_ssl_get_alpn_protocol
|
||||
#cmakedefine LWS_HAVE_mbedtls_ssl_conf_sni
|
||||
|
|
|
|||
|
|
@ -161,6 +161,7 @@ lws_genaes_destroy(struct lws_genaes_ctx *ctx, unsigned char *tag, size_t tlen)
|
|||
return 0;
|
||||
}
|
||||
|
||||
#if defined(LWS_HAVE_mbedtls_internal_aes_encrypt)
|
||||
static int
|
||||
lws_genaes_rfc3394_wrap(int wrap, int cek_bits, const uint8_t *kek,
|
||||
int kek_bits, const uint8_t *in, uint8_t *out)
|
||||
|
|
@ -271,6 +272,7 @@ bail:
|
|||
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
int
|
||||
lws_genaes_crypt(struct lws_genaes_ctx *ctx, const uint8_t *in, size_t len,
|
||||
|
|
@ -282,6 +284,7 @@ lws_genaes_crypt(struct lws_genaes_ctx *ctx, const uint8_t *in, size_t len,
|
|||
|
||||
switch (ctx->mode) {
|
||||
case LWS_GAESM_KW:
|
||||
#if defined(LWS_HAVE_mbedtls_internal_aes_encrypt)
|
||||
/* a key of length ctx->k->len is wrapped by a 128-bit KEK */
|
||||
n = lws_genaes_rfc3394_wrap(ctx->op == MBEDTLS_AES_ENCRYPT,
|
||||
ctx->op == MBEDTLS_AES_ENCRYPT ? len * 8 :
|
||||
|
|
@ -289,6 +292,10 @@ lws_genaes_crypt(struct lws_genaes_ctx *ctx, const uint8_t *in, size_t len,
|
|||
ctx->k->len * 8,
|
||||
in, out);
|
||||
break;
|
||||
#else
|
||||
lwsl_err("%s: your mbedtls is too old\n", __func__);
|
||||
return -1;
|
||||
#endif
|
||||
case LWS_GAESM_CBC:
|
||||
memcpy(iv, iv_or_nonce_ctr_or_data_unit_16, 16);
|
||||
|
||||
|
|
|
|||
|
|
@ -148,8 +148,13 @@ lws_genhmac_init(struct lws_genhmac_ctx *ctx, enum lws_genhmac_types type,
|
|||
if (!ctx->hmac)
|
||||
return -1;
|
||||
|
||||
#if !defined(LWS_HAVE_mbedtls_md_setup)
|
||||
if (mbedtls_md_init_ctx(&ctx->ctx, ctx->hmac))
|
||||
return -1;
|
||||
#else
|
||||
if (mbedtls_md_setup(&ctx->ctx, ctx->hmac, 1))
|
||||
return -1;
|
||||
#endif
|
||||
|
||||
if (mbedtls_md_hmac_starts(&ctx->ctx, key, key_len)) {
|
||||
mbedtls_md_free(&ctx->ctx);
|
||||
|
|
|
|||
|
|
@ -85,8 +85,13 @@ lws_genrsa_create(struct lws_genrsa_ctx *ctx, struct lws_gencrypto_keyelem *el,
|
|||
if ( el[LWS_GENCRYPTO_RSA_KEYEL_D].len &&
|
||||
!el[LWS_GENCRYPTO_RSA_KEYEL_P].len &&
|
||||
!el[LWS_GENCRYPTO_RSA_KEYEL_Q].len) {
|
||||
#if defined(LWS_HAVE_mbedtls_rsa_complete)
|
||||
if (mbedtls_rsa_complete(ctx->ctx)) {
|
||||
lwsl_notice("mbedtls_rsa_complete failed\n");
|
||||
#else
|
||||
{
|
||||
lwsl_notice("%s: you have to provide P and Q\n", __func__);
|
||||
#endif
|
||||
lws_free_set_NULL(ctx->ctx);
|
||||
|
||||
return -1;
|
||||
|
|
@ -176,7 +181,9 @@ lws_genrsa_public_decrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in,
|
|||
|
||||
ctx->ctx->len = in_len;
|
||||
|
||||
#if defined(LWS_HAVE_mbedtls_rsa_complete)
|
||||
mbedtls_rsa_complete(ctx->ctx);
|
||||
#endif
|
||||
|
||||
switch(ctx->mode) {
|
||||
case LGRSAM_PKCS1_1_5:
|
||||
|
|
@ -214,7 +221,9 @@ lws_genrsa_private_decrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in,
|
|||
|
||||
ctx->ctx->len = in_len;
|
||||
|
||||
#if defined(LWS_HAVE_mbedtls_rsa_complete)
|
||||
mbedtls_rsa_complete(ctx->ctx);
|
||||
#endif
|
||||
|
||||
switch(ctx->mode) {
|
||||
case LGRSAM_PKCS1_1_5:
|
||||
|
|
@ -249,7 +258,9 @@ lws_genrsa_public_encrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in,
|
|||
{
|
||||
int n;
|
||||
|
||||
#if defined(LWS_HAVE_mbedtls_rsa_complete)
|
||||
mbedtls_rsa_complete(ctx->ctx);
|
||||
#endif
|
||||
|
||||
switch(ctx->mode) {
|
||||
case LGRSAM_PKCS1_1_5:
|
||||
|
|
@ -284,7 +295,9 @@ lws_genrsa_private_encrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in,
|
|||
{
|
||||
int n;
|
||||
|
||||
#if defined(LWS_HAVE_mbedtls_rsa_complete)
|
||||
mbedtls_rsa_complete(ctx->ctx);
|
||||
#endif
|
||||
|
||||
switch(ctx->mode) {
|
||||
case LGRSAM_PKCS1_1_5:
|
||||
|
|
@ -323,7 +336,9 @@ lws_genrsa_hash_sig_verify(struct lws_genrsa_ctx *ctx, const uint8_t *in,
|
|||
if (h < 0)
|
||||
return -1;
|
||||
|
||||
#if defined(LWS_HAVE_mbedtls_rsa_complete)
|
||||
mbedtls_rsa_complete(ctx->ctx);
|
||||
#endif
|
||||
|
||||
switch(ctx->mode) {
|
||||
case LGRSAM_PKCS1_1_5:
|
||||
|
|
@ -358,7 +373,9 @@ lws_genrsa_hash_sign(struct lws_genrsa_ctx *ctx, const uint8_t *in,
|
|||
if (h < 0)
|
||||
return -1;
|
||||
|
||||
#if defined(LWS_HAVE_mbedtls_rsa_complete)
|
||||
mbedtls_rsa_complete(ctx->ctx);
|
||||
#endif
|
||||
|
||||
/*
|
||||
* The "sig" buffer must be as large as the size of ctx->N
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue