mirror of
https://github.com/warmcat/libwebsockets.git
synced 2025-03-09 00:00:04 +01:00
mbedtls: v3.1 reverts privacy of mbedtls_net_context fd
mbedtls seemed to realize that they went overboard with the privacy stuff on v3.0 and removed some of it. Introduce support for those members that are only private on exactly v3.0 and unprotected before and after.
This commit is contained in:
Andy Green
parent
15db074b70
commit
49af3742c6
5 changed files with 96 additions and 90 deletions
|
|
@ -291,11 +291,18 @@ typedef int suseconds_t;
|
|||
#include <mbedtls/ssl.h>
|
||||
#include <mbedtls/entropy.h>
|
||||
#include <mbedtls/ctr_drbg.h>
|
||||
#include <mbedtls/version.h>
|
||||
|
||||
#if !defined(MBEDTLS_PRIVATE)
|
||||
#define MBEDTLS_PRIVATE(_q) _q
|
||||
#endif
|
||||
|
||||
#if (MBEDTLS_VERSION_MAJOR == 3) && (MBEDTLS_VERSION_MINOR == 0)
|
||||
#define MBEDTLS_PRIVATE_V30_ONLY(_q) MBEDTLS_PRIVATE(_q)
|
||||
#else
|
||||
#define MBEDTLS_PRIVATE_V30_ONLY(_q) _q
|
||||
#endif
|
||||
|
||||
#endif
|
||||
#else
|
||||
#include <openssl/ssl.h>
|
||||
|
|
|
|||
|
|
@ -589,7 +589,7 @@ lws_plat_vhost_tls_client_ctx_init(struct lws_vhost *vhost)
|
|||
int
|
||||
lws_plat_mbedtls_net_send(void *ctx, const uint8_t *buf, size_t len)
|
||||
{
|
||||
int fd = ((mbedtls_net_context *) ctx)->MBEDTLS_PRIVATE(fd);
|
||||
int fd = ((mbedtls_net_context *) ctx)->MBEDTLS_PRIVATE_V30_ONLY(fd);
|
||||
int ret;
|
||||
|
||||
if (fd < 0)
|
||||
|
|
@ -614,7 +614,7 @@ lws_plat_mbedtls_net_send(void *ctx, const uint8_t *buf, size_t len)
|
|||
int
|
||||
lws_plat_mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len)
|
||||
{
|
||||
int fd = ((mbedtls_net_context *) ctx)->MBEDTLS_PRIVATE(fd);
|
||||
int fd = ((mbedtls_net_context *) ctx)->MBEDTLS_PRIVATE_V30_ONLY(fd);
|
||||
int ret;
|
||||
|
||||
if (fd < 0)
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
* libwebsockets - small server side websockets and web server implementation
|
||||
*
|
||||
* Copyright (C) 2010 - 2021 Andy Green <andy@warmcat.com>
|
||||
* Copyright (C) 2010 - 2022 Andy Green <andy@warmcat.com>
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to
|
||||
|
|
@ -104,8 +104,8 @@ static const oid_x509_ext_t oid_x509_ext[] = {
|
|||
(const mbedtls_oid_descriptor_t *) p; \
|
||||
if( p == NULL || oid == NULL ) return( NULL ); \
|
||||
while( cur->MBEDTLS_PRIVATE(asn1) != NULL ) { \
|
||||
if( cur->MBEDTLS_PRIVATE(asn1_len) == oid->MBEDTLS_PRIVATE(len) && \
|
||||
memcmp( cur->MBEDTLS_PRIVATE(asn1), oid->MBEDTLS_PRIVATE(p), oid->MBEDTLS_PRIVATE(len) ) == 0 ) { \
|
||||
if( cur->MBEDTLS_PRIVATE(asn1_len) == oid->MBEDTLS_PRIVATE_V30_ONLY(len) && \
|
||||
memcmp( cur->MBEDTLS_PRIVATE(asn1), oid->MBEDTLS_PRIVATE_V30_ONLY(p), oid->MBEDTLS_PRIVATE_V30_ONLY(len) ) == 0 ) { \
|
||||
return( p ); \
|
||||
} \
|
||||
p++; \
|
||||
|
|
@ -177,10 +177,10 @@ x509_get_skid(uint8_t **p, const uint8_t *end, mbedtls_x509_buf *skid)
|
|||
if (ret)
|
||||
return ret;
|
||||
|
||||
skid->MBEDTLS_PRIVATE(len) = len;
|
||||
skid->MBEDTLS_PRIVATE(tag) = MBEDTLS_ASN1_OCTET_STRING;
|
||||
skid->MBEDTLS_PRIVATE(p) = *p;
|
||||
*p += len;
|
||||
skid->MBEDTLS_PRIVATE_V30_ONLY(len) = len;
|
||||
skid->MBEDTLS_PRIVATE_V30_ONLY(tag) = MBEDTLS_ASN1_OCTET_STRING;
|
||||
skid->MBEDTLS_PRIVATE_V30_ONLY(p) = *p;
|
||||
*p += len;
|
||||
|
||||
return *p != end;
|
||||
}
|
||||
|
|
@ -204,10 +204,10 @@ lws_x509_clean_name(mbedtls_x509_name *name)
|
|||
if (!name)
|
||||
return;
|
||||
|
||||
n1 = name->MBEDTLS_PRIVATE(next);
|
||||
n1 = name->MBEDTLS_PRIVATE_V30_ONLY(next);
|
||||
|
||||
while (n1) {
|
||||
name = n1->MBEDTLS_PRIVATE(next);
|
||||
name = n1->MBEDTLS_PRIVATE_V30_ONLY(next);
|
||||
free(n1);
|
||||
n1 = name;
|
||||
}
|
||||
|
|
@ -222,7 +222,7 @@ lws_mbedtls_x509_parse_general_name(const mbedtls_x509_buf *name_buf,
|
|||
mbedtls_x509_name rfc822Name;
|
||||
int ret;
|
||||
|
||||
switch (name_buf->MBEDTLS_PRIVATE(tag) &
|
||||
switch (name_buf->MBEDTLS_PRIVATE_V30_ONLY(tag) &
|
||||
(LWS_MBEDTLS_ASN1_TAG_CLASS_MASK |
|
||||
LWS_MBEDTLS_ASN1_TAG_VALUE_MASK)) {
|
||||
|
||||
|
|
@ -239,17 +239,17 @@ lws_mbedtls_x509_parse_general_name(const mbedtls_x509_buf *name_buf,
|
|||
#endif
|
||||
case MBEDTLS_ASN1_SEQUENCE | LWS_MBEDTLS_X509_SAN_RFC822_NAME:
|
||||
|
||||
bufferPointer = name_buf->MBEDTLS_PRIVATE(p);
|
||||
bufferPointer = name_buf->MBEDTLS_PRIVATE_V30_ONLY(p);
|
||||
p = &bufferPointer;
|
||||
end = name_buf->MBEDTLS_PRIVATE(p) +
|
||||
name_buf->MBEDTLS_PRIVATE(len);
|
||||
end = name_buf->MBEDTLS_PRIVATE_V30_ONLY(p) +
|
||||
name_buf->MBEDTLS_PRIVATE_V30_ONLY(len);
|
||||
|
||||
/* The leading ASN1 tag and length has been processed.
|
||||
* Stepping back with 2 bytes, because mbedtls_x509_get_name
|
||||
* expects the beginning of the SET tag */
|
||||
*p = *p - 2;
|
||||
|
||||
rfc822Name.MBEDTLS_PRIVATE(next) = NULL;
|
||||
rfc822Name.MBEDTLS_PRIVATE_V30_ONLY(next) = NULL;
|
||||
ret = mbedtls_x509_get_name( p, end, &rfc822Name );
|
||||
if (ret) {
|
||||
lws_x509_clean_name(&rfc822Name);
|
||||
|
|
@ -318,51 +318,51 @@ lws_x509_get_general_names(uint8_t **p, const uint8_t *end,
|
|||
* Check that the name is structured correctly.
|
||||
*/
|
||||
r = lws_mbedtls_x509_parse_general_name(
|
||||
&cur->MBEDTLS_PRIVATE(buf), &dnb);
|
||||
&cur->MBEDTLS_PRIVATE_V30_ONLY(buf), &dnb);
|
||||
/*
|
||||
* In case the extension is malformed, return an error,
|
||||
* and clear the allocated sequences.
|
||||
*/
|
||||
if (r && r != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) {
|
||||
mbedtls_x509_sequence *seq_cur = name->MBEDTLS_PRIVATE(next);
|
||||
mbedtls_x509_sequence *seq_cur = name->MBEDTLS_PRIVATE_V30_ONLY(next);
|
||||
mbedtls_x509_sequence *seq_prv;
|
||||
|
||||
while( seq_cur != NULL ) {
|
||||
seq_prv = seq_cur;
|
||||
seq_cur = seq_cur->MBEDTLS_PRIVATE(next);
|
||||
seq_cur = seq_cur->MBEDTLS_PRIVATE_V30_ONLY(next);
|
||||
lws_explicit_bzero(seq_prv, sizeof(*seq_cur));
|
||||
lws_free(seq_prv);
|
||||
}
|
||||
|
||||
name->MBEDTLS_PRIVATE(next) = NULL;
|
||||
name->MBEDTLS_PRIVATE_V30_ONLY(next) = NULL;
|
||||
|
||||
return r;
|
||||
}
|
||||
|
||||
/* Allocate and assign next pointer */
|
||||
if (cur->MBEDTLS_PRIVATE(buf).MBEDTLS_PRIVATE(p)) {
|
||||
if (cur->MBEDTLS_PRIVATE(next))
|
||||
if (cur->MBEDTLS_PRIVATE_V30_ONLY(buf).MBEDTLS_PRIVATE_V30_ONLY(p)) {
|
||||
if (cur->MBEDTLS_PRIVATE_V30_ONLY(next))
|
||||
return 1;
|
||||
|
||||
cur->MBEDTLS_PRIVATE(next) =
|
||||
cur->MBEDTLS_PRIVATE_V30_ONLY(next) =
|
||||
lws_zalloc(sizeof(*cur), __func__);
|
||||
|
||||
if (!cur->MBEDTLS_PRIVATE(next))
|
||||
if (!cur->MBEDTLS_PRIVATE_V30_ONLY(next))
|
||||
return 1;
|
||||
|
||||
cur = cur->MBEDTLS_PRIVATE(next);
|
||||
cur = cur->MBEDTLS_PRIVATE_V30_ONLY(next);
|
||||
}
|
||||
|
||||
buf = &(cur->MBEDTLS_PRIVATE(buf));
|
||||
buf->MBEDTLS_PRIVATE(tag) = tag;
|
||||
buf->MBEDTLS_PRIVATE(p) = *p;
|
||||
buf->MBEDTLS_PRIVATE(len) = tag_len;
|
||||
buf = &(cur->MBEDTLS_PRIVATE_V30_ONLY(buf));
|
||||
buf->MBEDTLS_PRIVATE_V30_ONLY(tag) = tag;
|
||||
buf->MBEDTLS_PRIVATE_V30_ONLY(p) = *p;
|
||||
buf->MBEDTLS_PRIVATE_V30_ONLY(len) = tag_len;
|
||||
|
||||
*p += buf->MBEDTLS_PRIVATE(len);
|
||||
*p += buf->MBEDTLS_PRIVATE_V30_ONLY(len);
|
||||
}
|
||||
|
||||
/* Set final sequence entry's next pointer to NULL */
|
||||
cur->MBEDTLS_PRIVATE(next) = NULL;
|
||||
cur->MBEDTLS_PRIVATE_V30_ONLY(next) = NULL;
|
||||
|
||||
return *p != end;
|
||||
}
|
||||
|
|
@ -380,9 +380,9 @@ x509_get_akid(uint8_t **p, uint8_t *end, lws_mbedtls_x509_authority *akid)
|
|||
|
||||
r = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC);
|
||||
if (!r) {
|
||||
akid->keyIdentifier.MBEDTLS_PRIVATE(len) = len;
|
||||
akid->keyIdentifier.MBEDTLS_PRIVATE(p) = *p;
|
||||
akid->keyIdentifier.MBEDTLS_PRIVATE(tag) = MBEDTLS_ASN1_OCTET_STRING;
|
||||
akid->keyIdentifier.MBEDTLS_PRIVATE_V30_ONLY(len) = len;
|
||||
akid->keyIdentifier.MBEDTLS_PRIVATE_V30_ONLY(p) = *p;
|
||||
akid->keyIdentifier.MBEDTLS_PRIVATE_V30_ONLY(tag) = MBEDTLS_ASN1_OCTET_STRING;
|
||||
|
||||
*p += len;
|
||||
}
|
||||
|
|
@ -416,9 +416,9 @@ x509_get_akid(uint8_t **p, uint8_t *end, lws_mbedtls_x509_authority *akid)
|
|||
if (r)
|
||||
return r;
|
||||
|
||||
akid->authorityCertSerialNumber.MBEDTLS_PRIVATE(len) = len;
|
||||
akid->authorityCertSerialNumber.MBEDTLS_PRIVATE(p) = *p;
|
||||
akid->authorityCertSerialNumber.MBEDTLS_PRIVATE(tag) = MBEDTLS_ASN1_OCTET_STRING;
|
||||
akid->authorityCertSerialNumber.MBEDTLS_PRIVATE_V30_ONLY(len) = len;
|
||||
akid->authorityCertSerialNumber.MBEDTLS_PRIVATE_V30_ONLY(p) = *p;
|
||||
akid->authorityCertSerialNumber.MBEDTLS_PRIVATE_V30_ONLY(tag) = MBEDTLS_ASN1_OCTET_STRING;
|
||||
*p += len;
|
||||
}
|
||||
|
||||
|
|
@ -434,9 +434,9 @@ int
|
|||
lws_x509_get_crt_ext(mbedtls_x509_crt *crt, mbedtls_x509_buf *skid,
|
||||
lws_mbedtls_x509_authority *akid)
|
||||
{
|
||||
uint8_t *p = crt->MBEDTLS_PRIVATE(v3_ext).MBEDTLS_PRIVATE(p),
|
||||
uint8_t *p = crt->MBEDTLS_PRIVATE_V30_ONLY(v3_ext).MBEDTLS_PRIVATE_V30_ONLY(p),
|
||||
*end_ext_data, *end_ext_octet;
|
||||
const uint8_t *end = p + crt->MBEDTLS_PRIVATE(v3_ext).MBEDTLS_PRIVATE(len);
|
||||
const uint8_t *end = p + crt->MBEDTLS_PRIVATE_V30_ONLY(v3_ext).MBEDTLS_PRIVATE_V30_ONLY(len);
|
||||
size_t len;
|
||||
int r = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
|
||||
MBEDTLS_ASN1_SEQUENCE);
|
||||
|
|
@ -457,14 +457,14 @@ lws_x509_get_crt_ext(mbedtls_x509_crt *crt, mbedtls_x509_buf *skid,
|
|||
end_ext_data = p + len;
|
||||
|
||||
/* Get extension ID */
|
||||
r = mbedtls_asn1_get_tag(&p, end_ext_data, &extn_oid.MBEDTLS_PRIVATE(len),
|
||||
r = mbedtls_asn1_get_tag(&p, end_ext_data, &extn_oid.MBEDTLS_PRIVATE_V30_ONLY(len),
|
||||
MBEDTLS_ASN1_OID);
|
||||
if (r)
|
||||
return r;
|
||||
|
||||
extn_oid.MBEDTLS_PRIVATE(tag) = MBEDTLS_ASN1_OID;
|
||||
extn_oid.MBEDTLS_PRIVATE(p) = p;
|
||||
p += extn_oid.MBEDTLS_PRIVATE(len);
|
||||
extn_oid.MBEDTLS_PRIVATE_V30_ONLY(tag) = MBEDTLS_ASN1_OID;
|
||||
extn_oid.MBEDTLS_PRIVATE_V30_ONLY(p) = p;
|
||||
p += extn_oid.MBEDTLS_PRIVATE_V30_ONLY(len);
|
||||
|
||||
/* Get optional critical */
|
||||
r = mbedtls_asn1_get_bool(&p, end_ext_data, &is_critical);
|
||||
|
|
|
|||
|
|
@ -49,17 +49,17 @@ lws_tls_mbedtls_time_to_unix(mbedtls_x509_time *xtime)
|
|||
{
|
||||
struct tm t;
|
||||
|
||||
if (!xtime || !xtime->MBEDTLS_PRIVATE(year) || xtime->MBEDTLS_PRIVATE(year) < 0)
|
||||
if (!xtime || !xtime->MBEDTLS_PRIVATE_V30_ONLY(year) || xtime->MBEDTLS_PRIVATE_V30_ONLY(year) < 0)
|
||||
return (time_t)(long long)-1;
|
||||
|
||||
memset(&t, 0, sizeof(t));
|
||||
|
||||
t.tm_year = xtime->MBEDTLS_PRIVATE(year) - 1900;
|
||||
t.tm_mon = xtime->MBEDTLS_PRIVATE(mon) - 1; /* mbedtls months are 1+, tm are 0+ */
|
||||
t.tm_mday = xtime->MBEDTLS_PRIVATE(day) - 1; /* mbedtls days are 1+, tm are 0+ */
|
||||
t.tm_hour = xtime->MBEDTLS_PRIVATE(hour);
|
||||
t.tm_min = xtime->MBEDTLS_PRIVATE(min);
|
||||
t.tm_sec = xtime->MBEDTLS_PRIVATE(sec);
|
||||
t.tm_year = xtime->MBEDTLS_PRIVATE_V30_ONLY(year) - 1900;
|
||||
t.tm_mon = xtime->MBEDTLS_PRIVATE_V30_ONLY(mon) - 1; /* mbedtls months are 1+, tm are 0+ */
|
||||
t.tm_mday = xtime->MBEDTLS_PRIVATE_V30_ONLY(day) - 1; /* mbedtls days are 1+, tm are 0+ */
|
||||
t.tm_hour = xtime->MBEDTLS_PRIVATE_V30_ONLY(hour);
|
||||
t.tm_min = xtime->MBEDTLS_PRIVATE_V30_ONLY(min);
|
||||
t.tm_sec = xtime->MBEDTLS_PRIVATE_V30_ONLY(sec);
|
||||
t.tm_isdst = -1;
|
||||
|
||||
return mktime(&t);
|
||||
|
|
@ -81,13 +81,13 @@ lws_tls_mbedtls_get_x509_name(mbedtls_x509_name *name,
|
|||
}
|
||||
*/
|
||||
lws_strnncpy(&buf->ns.name[buf->ns.len],
|
||||
(const char *)name->MBEDTLS_PRIVATE(val).MBEDTLS_PRIVATE(p),
|
||||
name->MBEDTLS_PRIVATE(val).MBEDTLS_PRIVATE(len),
|
||||
(const char *)name->MBEDTLS_PRIVATE_V30_ONLY(val).MBEDTLS_PRIVATE_V30_ONLY(p),
|
||||
name->MBEDTLS_PRIVATE_V30_ONLY(val).MBEDTLS_PRIVATE_V30_ONLY(len),
|
||||
len - (size_t)buf->ns.len);
|
||||
buf->ns.len = (int)strlen(buf->ns.name);
|
||||
|
||||
r = 0;
|
||||
name = name->MBEDTLS_PRIVATE(next);
|
||||
name = name->MBEDTLS_PRIVATE_V30_ONLY(next);
|
||||
}
|
||||
|
||||
return r;
|
||||
|
|
@ -109,22 +109,22 @@ lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type,
|
|||
|
||||
switch (type) {
|
||||
case LWS_TLS_CERT_INFO_VALIDITY_FROM:
|
||||
buf->time = lws_tls_mbedtls_time_to_unix(&x509->MBEDTLS_PRIVATE(valid_from));
|
||||
buf->time = lws_tls_mbedtls_time_to_unix(&x509->MBEDTLS_PRIVATE_V30_ONLY(valid_from));
|
||||
if (buf->time == (time_t)(long long)-1)
|
||||
return -1;
|
||||
break;
|
||||
|
||||
case LWS_TLS_CERT_INFO_VALIDITY_TO:
|
||||
buf->time = lws_tls_mbedtls_time_to_unix(&x509->MBEDTLS_PRIVATE(valid_to));
|
||||
buf->time = lws_tls_mbedtls_time_to_unix(&x509->MBEDTLS_PRIVATE_V30_ONLY(valid_to));
|
||||
if (buf->time == (time_t)(long long)-1)
|
||||
return -1;
|
||||
break;
|
||||
|
||||
case LWS_TLS_CERT_INFO_COMMON_NAME:
|
||||
return lws_tls_mbedtls_get_x509_name(&x509->MBEDTLS_PRIVATE(subject), buf, len);
|
||||
return lws_tls_mbedtls_get_x509_name(&x509->MBEDTLS_PRIVATE_V30_ONLY(subject), buf, len);
|
||||
|
||||
case LWS_TLS_CERT_INFO_ISSUER_NAME:
|
||||
return lws_tls_mbedtls_get_x509_name(&x509->MBEDTLS_PRIVATE(issuer), buf, len);
|
||||
return lws_tls_mbedtls_get_x509_name(&x509->MBEDTLS_PRIVATE_V30_ONLY(issuer), buf, len);
|
||||
|
||||
case LWS_TLS_CERT_INFO_USAGE:
|
||||
buf->usage = x509->MBEDTLS_PRIVATE(key_usage);
|
||||
|
|
@ -135,10 +135,10 @@ lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type,
|
|||
char *p = buf->ns.name;
|
||||
size_t r = len, u;
|
||||
|
||||
switch (mbedtls_pk_get_type(&x509->MBEDTLS_PRIVATE(pk))) {
|
||||
switch (mbedtls_pk_get_type(&x509->MBEDTLS_PRIVATE_V30_ONLY(pk))) {
|
||||
case MBEDTLS_PK_RSA:
|
||||
{
|
||||
mbedtls_rsa_context *rsa = mbedtls_pk_rsa(x509->MBEDTLS_PRIVATE(pk));
|
||||
mbedtls_rsa_context *rsa = mbedtls_pk_rsa(x509->MBEDTLS_PRIVATE_V30_ONLY(pk));
|
||||
|
||||
if (mbedtls_mpi_write_string(&rsa->MBEDTLS_PRIVATE(N), 16, p, r, &u))
|
||||
return -1;
|
||||
|
|
@ -153,7 +153,7 @@ lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type,
|
|||
}
|
||||
case MBEDTLS_PK_ECKEY:
|
||||
{
|
||||
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(x509->MBEDTLS_PRIVATE(pk));
|
||||
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(x509->MBEDTLS_PRIVATE_V30_ONLY(pk));
|
||||
|
||||
if (mbedtls_mpi_write_string(&ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, p, r, &u))
|
||||
return -1;
|
||||
|
|
@ -172,7 +172,7 @@ lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type,
|
|||
default:
|
||||
lwsl_notice("%s: x509 has unsupported pubkey type %d\n",
|
||||
__func__,
|
||||
mbedtls_pk_get_type(&x509->MBEDTLS_PRIVATE(pk)));
|
||||
mbedtls_pk_get_type(&x509->MBEDTLS_PRIVATE_V30_ONLY(pk)));
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
|
@ -180,17 +180,17 @@ lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type,
|
|||
}
|
||||
case LWS_TLS_CERT_INFO_DER_RAW:
|
||||
|
||||
buf->ns.len = (int)x509->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(len);
|
||||
buf->ns.len = (int)x509->MBEDTLS_PRIVATE_V30_ONLY(raw).MBEDTLS_PRIVATE_V30_ONLY(len);
|
||||
|
||||
if (len < x509->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(len))
|
||||
if (len < x509->MBEDTLS_PRIVATE_V30_ONLY(raw).MBEDTLS_PRIVATE_V30_ONLY(len))
|
||||
/*
|
||||
* The buffer is too small and the attempt failed, but
|
||||
* the required object length is in buf->ns.len
|
||||
*/
|
||||
return -1;
|
||||
|
||||
memcpy(buf->ns.name, x509->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(p),
|
||||
x509->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(len));
|
||||
memcpy(buf->ns.name, x509->MBEDTLS_PRIVATE_V30_ONLY(raw).MBEDTLS_PRIVATE_V30_ONLY(p),
|
||||
x509->MBEDTLS_PRIVATE_V30_ONLY(raw).MBEDTLS_PRIVATE_V30_ONLY(len));
|
||||
break;
|
||||
|
||||
case LWS_TLS_CERT_INFO_AUTHORITY_KEY_ID:
|
||||
|
|
@ -199,13 +199,13 @@ lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type,
|
|||
memset(&skid, 0, sizeof(skid));
|
||||
|
||||
lws_x509_get_crt_ext(x509, &skid, &akid);
|
||||
if (akid.keyIdentifier.MBEDTLS_PRIVATE(tag) != MBEDTLS_ASN1_OCTET_STRING)
|
||||
if (akid.keyIdentifier.MBEDTLS_PRIVATE_V30_ONLY(tag) != MBEDTLS_ASN1_OCTET_STRING)
|
||||
return 1;
|
||||
buf->ns.len = (int)akid.keyIdentifier.MBEDTLS_PRIVATE(len);
|
||||
if (!akid.keyIdentifier.MBEDTLS_PRIVATE(p) ||
|
||||
buf->ns.len = (int)akid.keyIdentifier.MBEDTLS_PRIVATE_V30_ONLY(len);
|
||||
if (!akid.keyIdentifier.MBEDTLS_PRIVATE_V30_ONLY(p) ||
|
||||
len < (size_t)buf->ns.len)
|
||||
return -1;
|
||||
memcpy(buf->ns.name, akid.keyIdentifier.MBEDTLS_PRIVATE(p), (size_t)buf->ns.len);
|
||||
memcpy(buf->ns.name, akid.keyIdentifier.MBEDTLS_PRIVATE_V30_ONLY(p), (size_t)buf->ns.len);
|
||||
break;
|
||||
|
||||
case LWS_TLS_CERT_INFO_AUTHORITY_KEY_ID_ISSUER: {
|
||||
|
|
@ -221,17 +221,17 @@ lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type,
|
|||
buf->ns.len = 0;
|
||||
|
||||
while (ip) {
|
||||
if (akid.keyIdentifier.MBEDTLS_PRIVATE(tag) != MBEDTLS_ASN1_OCTET_STRING ||
|
||||
!ip->MBEDTLS_PRIVATE(buf).MBEDTLS_PRIVATE(p) ||
|
||||
ip->MBEDTLS_PRIVATE(buf).MBEDTLS_PRIVATE(len) < 9 ||
|
||||
len < (size_t)ip->MBEDTLS_PRIVATE(buf).MBEDTLS_PRIVATE(len) - 9u)
|
||||
if (akid.keyIdentifier.MBEDTLS_PRIVATE_V30_ONLY(tag) != MBEDTLS_ASN1_OCTET_STRING ||
|
||||
!ip->MBEDTLS_PRIVATE_V30_ONLY(buf).MBEDTLS_PRIVATE_V30_ONLY(p) ||
|
||||
ip->MBEDTLS_PRIVATE_V30_ONLY(buf).MBEDTLS_PRIVATE_V30_ONLY(len) < 9 ||
|
||||
len < (size_t)ip->MBEDTLS_PRIVATE_V30_ONLY(buf).MBEDTLS_PRIVATE_V30_ONLY(len) - 9u)
|
||||
break;
|
||||
|
||||
memcpy(buf->ns.name + buf->ns.len, ip->MBEDTLS_PRIVATE(buf).MBEDTLS_PRIVATE(p),
|
||||
(size_t)ip->MBEDTLS_PRIVATE(buf).MBEDTLS_PRIVATE(len) - 9);
|
||||
buf->ns.len = buf->ns.len + (int)ip->MBEDTLS_PRIVATE(buf).MBEDTLS_PRIVATE(len) - 9;
|
||||
memcpy(buf->ns.name + buf->ns.len, ip->MBEDTLS_PRIVATE_V30_ONLY(buf).MBEDTLS_PRIVATE_V30_ONLY(p),
|
||||
(size_t)ip->MBEDTLS_PRIVATE_V30_ONLY(buf).MBEDTLS_PRIVATE_V30_ONLY(len) - 9);
|
||||
buf->ns.len = buf->ns.len + (int)ip->MBEDTLS_PRIVATE_V30_ONLY(buf).MBEDTLS_PRIVATE_V30_ONLY(len) - 9;
|
||||
|
||||
ip = ip->MBEDTLS_PRIVATE(next);
|
||||
ip = ip->MBEDTLS_PRIVATE_V30_ONLY(next);
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
|
@ -242,14 +242,14 @@ lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type,
|
|||
|
||||
lws_x509_get_crt_ext(x509, &skid, &akid);
|
||||
|
||||
if (akid.authorityCertSerialNumber.MBEDTLS_PRIVATE(tag) != MBEDTLS_ASN1_OCTET_STRING)
|
||||
if (akid.authorityCertSerialNumber.MBEDTLS_PRIVATE_V30_ONLY(tag) != MBEDTLS_ASN1_OCTET_STRING)
|
||||
return 1;
|
||||
buf->ns.len = (int)akid.authorityCertSerialNumber.MBEDTLS_PRIVATE(len);
|
||||
if (!akid.authorityCertSerialNumber.MBEDTLS_PRIVATE(p) ||
|
||||
buf->ns.len = (int)akid.authorityCertSerialNumber.MBEDTLS_PRIVATE_V30_ONLY(len);
|
||||
if (!akid.authorityCertSerialNumber.MBEDTLS_PRIVATE_V30_ONLY(p) ||
|
||||
len < (size_t)buf->ns.len)
|
||||
return -1;
|
||||
memcpy(buf->ns.name, akid.authorityCertSerialNumber.
|
||||
MBEDTLS_PRIVATE(p), (size_t)buf->ns.len);
|
||||
MBEDTLS_PRIVATE_V30_ONLY(p), (size_t)buf->ns.len);
|
||||
break;
|
||||
|
||||
case LWS_TLS_CERT_INFO_SUBJECT_KEY_ID:
|
||||
|
|
@ -259,12 +259,12 @@ lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type,
|
|||
|
||||
lws_x509_get_crt_ext(x509, &skid, &akid);
|
||||
|
||||
if (skid.MBEDTLS_PRIVATE(tag) != MBEDTLS_ASN1_OCTET_STRING)
|
||||
if (skid.MBEDTLS_PRIVATE_V30_ONLY(tag) != MBEDTLS_ASN1_OCTET_STRING)
|
||||
return 1;
|
||||
buf->ns.len = (int)skid.MBEDTLS_PRIVATE(len);
|
||||
buf->ns.len = (int)skid.MBEDTLS_PRIVATE_V30_ONLY(len);
|
||||
if (len < (size_t)buf->ns.len)
|
||||
return -1;
|
||||
memcpy(buf->ns.name, skid.MBEDTLS_PRIVATE(p), (size_t)buf->ns.len);
|
||||
memcpy(buf->ns.name, skid.MBEDTLS_PRIVATE_V30_ONLY(p), (size_t)buf->ns.len);
|
||||
break;
|
||||
default:
|
||||
return -1;
|
||||
|
|
@ -379,7 +379,7 @@ int
|
|||
lws_x509_public_to_jwk(struct lws_jwk *jwk, struct lws_x509_cert *x509,
|
||||
const char *curves, int rsa_min_bits)
|
||||
{
|
||||
int kt = (int)mbedtls_pk_get_type(&x509->cert.MBEDTLS_PRIVATE(pk)),
|
||||
int kt = (int)mbedtls_pk_get_type(&x509->cert.MBEDTLS_PRIVATE_V30_ONLY(pk)),
|
||||
n, count = 0, ret = -1;
|
||||
mbedtls_rsa_context *rsactx;
|
||||
mbedtls_ecp_keypair *ecpctx;
|
||||
|
|
@ -391,7 +391,7 @@ lws_x509_public_to_jwk(struct lws_jwk *jwk, struct lws_x509_cert *x509,
|
|||
case MBEDTLS_PK_RSA:
|
||||
lwsl_notice("%s: RSA key\n", __func__);
|
||||
jwk->kty = LWS_GENCRYPTO_KTY_RSA;
|
||||
rsactx = mbedtls_pk_rsa(x509->cert.MBEDTLS_PRIVATE(pk));
|
||||
rsactx = mbedtls_pk_rsa(x509->cert.MBEDTLS_PRIVATE_V30_ONLY(pk));
|
||||
|
||||
mpi[LWS_GENCRYPTO_RSA_KEYEL_E] = &rsactx->MBEDTLS_PRIVATE(E);
|
||||
mpi[LWS_GENCRYPTO_RSA_KEYEL_N] = &rsactx->MBEDTLS_PRIVATE(N);
|
||||
|
|
@ -409,7 +409,7 @@ lws_x509_public_to_jwk(struct lws_jwk *jwk, struct lws_x509_cert *x509,
|
|||
case MBEDTLS_PK_ECKEY:
|
||||
lwsl_notice("%s: EC key\n", __func__);
|
||||
jwk->kty = LWS_GENCRYPTO_KTY_EC;
|
||||
ecpctx = mbedtls_pk_ec(x509->cert.MBEDTLS_PRIVATE(pk));
|
||||
ecpctx = mbedtls_pk_ec(x509->cert.MBEDTLS_PRIVATE_V30_ONLY(pk));
|
||||
mpi[LWS_GENCRYPTO_EC_KEYEL_X] = &ecpctx->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X);
|
||||
mpi[LWS_GENCRYPTO_EC_KEYEL_D] = &ecpctx->MBEDTLS_PRIVATE(d);
|
||||
mpi[LWS_GENCRYPTO_EC_KEYEL_Y] = &ecpctx->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y);
|
||||
|
|
|
|||
|
|
@ -499,14 +499,13 @@ void ssl_pm_set_fd(SSL *ssl, int fd, int mode)
|
|||
{
|
||||
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
|
||||
|
||||
ssl_pm->fd.MBEDTLS_PRIVATE(fd) = fd;
|
||||
ssl_pm->fd.MBEDTLS_PRIVATE_V30_ONLY(fd) = fd;
|
||||
}
|
||||
|
||||
int ssl_pm_get_fd(const SSL *ssl, int mode)
|
||||
{
|
||||
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
|
||||
|
||||
return ssl_pm->fd.MBEDTLS_PRIVATE(fd);
|
||||
return ssl_pm->fd.MBEDTLS_PRIVATE_V30_ONLY(fd);
|
||||
}
|
||||
|
||||
OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl)
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue