diff --git a/include/libwebsockets.h b/include/libwebsockets.h index 4409ee278..8fb98c344 100644 --- a/include/libwebsockets.h +++ b/include/libwebsockets.h @@ -291,11 +291,18 @@ typedef int suseconds_t; #include #include #include +#include #if !defined(MBEDTLS_PRIVATE) #define MBEDTLS_PRIVATE(_q) _q #endif +#if (MBEDTLS_VERSION_MAJOR == 3) && (MBEDTLS_VERSION_MINOR == 0) +#define MBEDTLS_PRIVATE_V30_ONLY(_q) MBEDTLS_PRIVATE(_q) +#else +#define MBEDTLS_PRIVATE_V30_ONLY(_q) _q +#endif + #endif #else #include diff --git a/lib/plat/unix/unix-sockets.c b/lib/plat/unix/unix-sockets.c index 07df994cc..0f5bf4b93 100644 --- a/lib/plat/unix/unix-sockets.c +++ b/lib/plat/unix/unix-sockets.c @@ -589,7 +589,7 @@ lws_plat_vhost_tls_client_ctx_init(struct lws_vhost *vhost) int lws_plat_mbedtls_net_send(void *ctx, const uint8_t *buf, size_t len) { - int fd = ((mbedtls_net_context *) ctx)->MBEDTLS_PRIVATE(fd); + int fd = ((mbedtls_net_context *) ctx)->MBEDTLS_PRIVATE_V30_ONLY(fd); int ret; if (fd < 0) @@ -614,7 +614,7 @@ lws_plat_mbedtls_net_send(void *ctx, const uint8_t *buf, size_t len) int lws_plat_mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len) { - int fd = ((mbedtls_net_context *) ctx)->MBEDTLS_PRIVATE(fd); + int fd = ((mbedtls_net_context *) ctx)->MBEDTLS_PRIVATE_V30_ONLY(fd); int ret; if (fd < 0) diff --git a/lib/tls/mbedtls/mbedtls-extensions.c b/lib/tls/mbedtls/mbedtls-extensions.c index dc406e826..bf275eefe 100644 --- a/lib/tls/mbedtls/mbedtls-extensions.c +++ b/lib/tls/mbedtls/mbedtls-extensions.c @@ -1,7 +1,7 @@ /* * libwebsockets - small server side websockets and web server implementation * - * Copyright (C) 2010 - 2021 Andy Green + * Copyright (C) 2010 - 2022 Andy Green * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to @@ -104,8 +104,8 @@ static const oid_x509_ext_t oid_x509_ext[] = { (const mbedtls_oid_descriptor_t *) p; \ if( p == NULL || oid == NULL ) return( NULL ); \ while( cur->MBEDTLS_PRIVATE(asn1) != NULL ) { \ - if( cur->MBEDTLS_PRIVATE(asn1_len) == oid->MBEDTLS_PRIVATE(len) && \ - memcmp( cur->MBEDTLS_PRIVATE(asn1), oid->MBEDTLS_PRIVATE(p), oid->MBEDTLS_PRIVATE(len) ) == 0 ) { \ + if( cur->MBEDTLS_PRIVATE(asn1_len) == oid->MBEDTLS_PRIVATE_V30_ONLY(len) && \ + memcmp( cur->MBEDTLS_PRIVATE(asn1), oid->MBEDTLS_PRIVATE_V30_ONLY(p), oid->MBEDTLS_PRIVATE_V30_ONLY(len) ) == 0 ) { \ return( p ); \ } \ p++; \ @@ -177,10 +177,10 @@ x509_get_skid(uint8_t **p, const uint8_t *end, mbedtls_x509_buf *skid) if (ret) return ret; - skid->MBEDTLS_PRIVATE(len) = len; - skid->MBEDTLS_PRIVATE(tag) = MBEDTLS_ASN1_OCTET_STRING; - skid->MBEDTLS_PRIVATE(p) = *p; - *p += len; + skid->MBEDTLS_PRIVATE_V30_ONLY(len) = len; + skid->MBEDTLS_PRIVATE_V30_ONLY(tag) = MBEDTLS_ASN1_OCTET_STRING; + skid->MBEDTLS_PRIVATE_V30_ONLY(p) = *p; + *p += len; return *p != end; } @@ -204,10 +204,10 @@ lws_x509_clean_name(mbedtls_x509_name *name) if (!name) return; - n1 = name->MBEDTLS_PRIVATE(next); + n1 = name->MBEDTLS_PRIVATE_V30_ONLY(next); while (n1) { - name = n1->MBEDTLS_PRIVATE(next); + name = n1->MBEDTLS_PRIVATE_V30_ONLY(next); free(n1); n1 = name; } @@ -222,7 +222,7 @@ lws_mbedtls_x509_parse_general_name(const mbedtls_x509_buf *name_buf, mbedtls_x509_name rfc822Name; int ret; - switch (name_buf->MBEDTLS_PRIVATE(tag) & + switch (name_buf->MBEDTLS_PRIVATE_V30_ONLY(tag) & (LWS_MBEDTLS_ASN1_TAG_CLASS_MASK | LWS_MBEDTLS_ASN1_TAG_VALUE_MASK)) { @@ -239,17 +239,17 @@ lws_mbedtls_x509_parse_general_name(const mbedtls_x509_buf *name_buf, #endif case MBEDTLS_ASN1_SEQUENCE | LWS_MBEDTLS_X509_SAN_RFC822_NAME: - bufferPointer = name_buf->MBEDTLS_PRIVATE(p); + bufferPointer = name_buf->MBEDTLS_PRIVATE_V30_ONLY(p); p = &bufferPointer; - end = name_buf->MBEDTLS_PRIVATE(p) + - name_buf->MBEDTLS_PRIVATE(len); + end = name_buf->MBEDTLS_PRIVATE_V30_ONLY(p) + + name_buf->MBEDTLS_PRIVATE_V30_ONLY(len); /* The leading ASN1 tag and length has been processed. * Stepping back with 2 bytes, because mbedtls_x509_get_name * expects the beginning of the SET tag */ *p = *p - 2; - rfc822Name.MBEDTLS_PRIVATE(next) = NULL; + rfc822Name.MBEDTLS_PRIVATE_V30_ONLY(next) = NULL; ret = mbedtls_x509_get_name( p, end, &rfc822Name ); if (ret) { lws_x509_clean_name(&rfc822Name); @@ -318,51 +318,51 @@ lws_x509_get_general_names(uint8_t **p, const uint8_t *end, * Check that the name is structured correctly. */ r = lws_mbedtls_x509_parse_general_name( - &cur->MBEDTLS_PRIVATE(buf), &dnb); + &cur->MBEDTLS_PRIVATE_V30_ONLY(buf), &dnb); /* * In case the extension is malformed, return an error, * and clear the allocated sequences. */ if (r && r != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) { - mbedtls_x509_sequence *seq_cur = name->MBEDTLS_PRIVATE(next); + mbedtls_x509_sequence *seq_cur = name->MBEDTLS_PRIVATE_V30_ONLY(next); mbedtls_x509_sequence *seq_prv; while( seq_cur != NULL ) { seq_prv = seq_cur; - seq_cur = seq_cur->MBEDTLS_PRIVATE(next); + seq_cur = seq_cur->MBEDTLS_PRIVATE_V30_ONLY(next); lws_explicit_bzero(seq_prv, sizeof(*seq_cur)); lws_free(seq_prv); } - name->MBEDTLS_PRIVATE(next) = NULL; + name->MBEDTLS_PRIVATE_V30_ONLY(next) = NULL; return r; } /* Allocate and assign next pointer */ - if (cur->MBEDTLS_PRIVATE(buf).MBEDTLS_PRIVATE(p)) { - if (cur->MBEDTLS_PRIVATE(next)) + if (cur->MBEDTLS_PRIVATE_V30_ONLY(buf).MBEDTLS_PRIVATE_V30_ONLY(p)) { + if (cur->MBEDTLS_PRIVATE_V30_ONLY(next)) return 1; - cur->MBEDTLS_PRIVATE(next) = + cur->MBEDTLS_PRIVATE_V30_ONLY(next) = lws_zalloc(sizeof(*cur), __func__); - if (!cur->MBEDTLS_PRIVATE(next)) + if (!cur->MBEDTLS_PRIVATE_V30_ONLY(next)) return 1; - cur = cur->MBEDTLS_PRIVATE(next); + cur = cur->MBEDTLS_PRIVATE_V30_ONLY(next); } - buf = &(cur->MBEDTLS_PRIVATE(buf)); - buf->MBEDTLS_PRIVATE(tag) = tag; - buf->MBEDTLS_PRIVATE(p) = *p; - buf->MBEDTLS_PRIVATE(len) = tag_len; + buf = &(cur->MBEDTLS_PRIVATE_V30_ONLY(buf)); + buf->MBEDTLS_PRIVATE_V30_ONLY(tag) = tag; + buf->MBEDTLS_PRIVATE_V30_ONLY(p) = *p; + buf->MBEDTLS_PRIVATE_V30_ONLY(len) = tag_len; - *p += buf->MBEDTLS_PRIVATE(len); + *p += buf->MBEDTLS_PRIVATE_V30_ONLY(len); } /* Set final sequence entry's next pointer to NULL */ - cur->MBEDTLS_PRIVATE(next) = NULL; + cur->MBEDTLS_PRIVATE_V30_ONLY(next) = NULL; return *p != end; } @@ -380,9 +380,9 @@ x509_get_akid(uint8_t **p, uint8_t *end, lws_mbedtls_x509_authority *akid) r = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC); if (!r) { - akid->keyIdentifier.MBEDTLS_PRIVATE(len) = len; - akid->keyIdentifier.MBEDTLS_PRIVATE(p) = *p; - akid->keyIdentifier.MBEDTLS_PRIVATE(tag) = MBEDTLS_ASN1_OCTET_STRING; + akid->keyIdentifier.MBEDTLS_PRIVATE_V30_ONLY(len) = len; + akid->keyIdentifier.MBEDTLS_PRIVATE_V30_ONLY(p) = *p; + akid->keyIdentifier.MBEDTLS_PRIVATE_V30_ONLY(tag) = MBEDTLS_ASN1_OCTET_STRING; *p += len; } @@ -416,9 +416,9 @@ x509_get_akid(uint8_t **p, uint8_t *end, lws_mbedtls_x509_authority *akid) if (r) return r; - akid->authorityCertSerialNumber.MBEDTLS_PRIVATE(len) = len; - akid->authorityCertSerialNumber.MBEDTLS_PRIVATE(p) = *p; - akid->authorityCertSerialNumber.MBEDTLS_PRIVATE(tag) = MBEDTLS_ASN1_OCTET_STRING; + akid->authorityCertSerialNumber.MBEDTLS_PRIVATE_V30_ONLY(len) = len; + akid->authorityCertSerialNumber.MBEDTLS_PRIVATE_V30_ONLY(p) = *p; + akid->authorityCertSerialNumber.MBEDTLS_PRIVATE_V30_ONLY(tag) = MBEDTLS_ASN1_OCTET_STRING; *p += len; } @@ -434,9 +434,9 @@ int lws_x509_get_crt_ext(mbedtls_x509_crt *crt, mbedtls_x509_buf *skid, lws_mbedtls_x509_authority *akid) { - uint8_t *p = crt->MBEDTLS_PRIVATE(v3_ext).MBEDTLS_PRIVATE(p), + uint8_t *p = crt->MBEDTLS_PRIVATE_V30_ONLY(v3_ext).MBEDTLS_PRIVATE_V30_ONLY(p), *end_ext_data, *end_ext_octet; - const uint8_t *end = p + crt->MBEDTLS_PRIVATE(v3_ext).MBEDTLS_PRIVATE(len); + const uint8_t *end = p + crt->MBEDTLS_PRIVATE_V30_ONLY(v3_ext).MBEDTLS_PRIVATE_V30_ONLY(len); size_t len; int r = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); @@ -457,14 +457,14 @@ lws_x509_get_crt_ext(mbedtls_x509_crt *crt, mbedtls_x509_buf *skid, end_ext_data = p + len; /* Get extension ID */ - r = mbedtls_asn1_get_tag(&p, end_ext_data, &extn_oid.MBEDTLS_PRIVATE(len), + r = mbedtls_asn1_get_tag(&p, end_ext_data, &extn_oid.MBEDTLS_PRIVATE_V30_ONLY(len), MBEDTLS_ASN1_OID); if (r) return r; - extn_oid.MBEDTLS_PRIVATE(tag) = MBEDTLS_ASN1_OID; - extn_oid.MBEDTLS_PRIVATE(p) = p; - p += extn_oid.MBEDTLS_PRIVATE(len); + extn_oid.MBEDTLS_PRIVATE_V30_ONLY(tag) = MBEDTLS_ASN1_OID; + extn_oid.MBEDTLS_PRIVATE_V30_ONLY(p) = p; + p += extn_oid.MBEDTLS_PRIVATE_V30_ONLY(len); /* Get optional critical */ r = mbedtls_asn1_get_bool(&p, end_ext_data, &is_critical); diff --git a/lib/tls/mbedtls/mbedtls-x509.c b/lib/tls/mbedtls/mbedtls-x509.c index 2dad865d6..8b0ccd3f1 100644 --- a/lib/tls/mbedtls/mbedtls-x509.c +++ b/lib/tls/mbedtls/mbedtls-x509.c @@ -49,17 +49,17 @@ lws_tls_mbedtls_time_to_unix(mbedtls_x509_time *xtime) { struct tm t; - if (!xtime || !xtime->MBEDTLS_PRIVATE(year) || xtime->MBEDTLS_PRIVATE(year) < 0) + if (!xtime || !xtime->MBEDTLS_PRIVATE_V30_ONLY(year) || xtime->MBEDTLS_PRIVATE_V30_ONLY(year) < 0) return (time_t)(long long)-1; memset(&t, 0, sizeof(t)); - t.tm_year = xtime->MBEDTLS_PRIVATE(year) - 1900; - t.tm_mon = xtime->MBEDTLS_PRIVATE(mon) - 1; /* mbedtls months are 1+, tm are 0+ */ - t.tm_mday = xtime->MBEDTLS_PRIVATE(day) - 1; /* mbedtls days are 1+, tm are 0+ */ - t.tm_hour = xtime->MBEDTLS_PRIVATE(hour); - t.tm_min = xtime->MBEDTLS_PRIVATE(min); - t.tm_sec = xtime->MBEDTLS_PRIVATE(sec); + t.tm_year = xtime->MBEDTLS_PRIVATE_V30_ONLY(year) - 1900; + t.tm_mon = xtime->MBEDTLS_PRIVATE_V30_ONLY(mon) - 1; /* mbedtls months are 1+, tm are 0+ */ + t.tm_mday = xtime->MBEDTLS_PRIVATE_V30_ONLY(day) - 1; /* mbedtls days are 1+, tm are 0+ */ + t.tm_hour = xtime->MBEDTLS_PRIVATE_V30_ONLY(hour); + t.tm_min = xtime->MBEDTLS_PRIVATE_V30_ONLY(min); + t.tm_sec = xtime->MBEDTLS_PRIVATE_V30_ONLY(sec); t.tm_isdst = -1; return mktime(&t); @@ -81,13 +81,13 @@ lws_tls_mbedtls_get_x509_name(mbedtls_x509_name *name, } */ lws_strnncpy(&buf->ns.name[buf->ns.len], - (const char *)name->MBEDTLS_PRIVATE(val).MBEDTLS_PRIVATE(p), - name->MBEDTLS_PRIVATE(val).MBEDTLS_PRIVATE(len), + (const char *)name->MBEDTLS_PRIVATE_V30_ONLY(val).MBEDTLS_PRIVATE_V30_ONLY(p), + name->MBEDTLS_PRIVATE_V30_ONLY(val).MBEDTLS_PRIVATE_V30_ONLY(len), len - (size_t)buf->ns.len); buf->ns.len = (int)strlen(buf->ns.name); r = 0; - name = name->MBEDTLS_PRIVATE(next); + name = name->MBEDTLS_PRIVATE_V30_ONLY(next); } return r; @@ -109,22 +109,22 @@ lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type, switch (type) { case LWS_TLS_CERT_INFO_VALIDITY_FROM: - buf->time = lws_tls_mbedtls_time_to_unix(&x509->MBEDTLS_PRIVATE(valid_from)); + buf->time = lws_tls_mbedtls_time_to_unix(&x509->MBEDTLS_PRIVATE_V30_ONLY(valid_from)); if (buf->time == (time_t)(long long)-1) return -1; break; case LWS_TLS_CERT_INFO_VALIDITY_TO: - buf->time = lws_tls_mbedtls_time_to_unix(&x509->MBEDTLS_PRIVATE(valid_to)); + buf->time = lws_tls_mbedtls_time_to_unix(&x509->MBEDTLS_PRIVATE_V30_ONLY(valid_to)); if (buf->time == (time_t)(long long)-1) return -1; break; case LWS_TLS_CERT_INFO_COMMON_NAME: - return lws_tls_mbedtls_get_x509_name(&x509->MBEDTLS_PRIVATE(subject), buf, len); + return lws_tls_mbedtls_get_x509_name(&x509->MBEDTLS_PRIVATE_V30_ONLY(subject), buf, len); case LWS_TLS_CERT_INFO_ISSUER_NAME: - return lws_tls_mbedtls_get_x509_name(&x509->MBEDTLS_PRIVATE(issuer), buf, len); + return lws_tls_mbedtls_get_x509_name(&x509->MBEDTLS_PRIVATE_V30_ONLY(issuer), buf, len); case LWS_TLS_CERT_INFO_USAGE: buf->usage = x509->MBEDTLS_PRIVATE(key_usage); @@ -135,10 +135,10 @@ lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type, char *p = buf->ns.name; size_t r = len, u; - switch (mbedtls_pk_get_type(&x509->MBEDTLS_PRIVATE(pk))) { + switch (mbedtls_pk_get_type(&x509->MBEDTLS_PRIVATE_V30_ONLY(pk))) { case MBEDTLS_PK_RSA: { - mbedtls_rsa_context *rsa = mbedtls_pk_rsa(x509->MBEDTLS_PRIVATE(pk)); + mbedtls_rsa_context *rsa = mbedtls_pk_rsa(x509->MBEDTLS_PRIVATE_V30_ONLY(pk)); if (mbedtls_mpi_write_string(&rsa->MBEDTLS_PRIVATE(N), 16, p, r, &u)) return -1; @@ -153,7 +153,7 @@ lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type, } case MBEDTLS_PK_ECKEY: { - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(x509->MBEDTLS_PRIVATE(pk)); + mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(x509->MBEDTLS_PRIVATE_V30_ONLY(pk)); if (mbedtls_mpi_write_string(&ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, p, r, &u)) return -1; @@ -172,7 +172,7 @@ lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type, default: lwsl_notice("%s: x509 has unsupported pubkey type %d\n", __func__, - mbedtls_pk_get_type(&x509->MBEDTLS_PRIVATE(pk))); + mbedtls_pk_get_type(&x509->MBEDTLS_PRIVATE_V30_ONLY(pk))); return -1; } @@ -180,17 +180,17 @@ lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type, } case LWS_TLS_CERT_INFO_DER_RAW: - buf->ns.len = (int)x509->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(len); + buf->ns.len = (int)x509->MBEDTLS_PRIVATE_V30_ONLY(raw).MBEDTLS_PRIVATE_V30_ONLY(len); - if (len < x509->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(len)) + if (len < x509->MBEDTLS_PRIVATE_V30_ONLY(raw).MBEDTLS_PRIVATE_V30_ONLY(len)) /* * The buffer is too small and the attempt failed, but * the required object length is in buf->ns.len */ return -1; - memcpy(buf->ns.name, x509->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(p), - x509->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(len)); + memcpy(buf->ns.name, x509->MBEDTLS_PRIVATE_V30_ONLY(raw).MBEDTLS_PRIVATE_V30_ONLY(p), + x509->MBEDTLS_PRIVATE_V30_ONLY(raw).MBEDTLS_PRIVATE_V30_ONLY(len)); break; case LWS_TLS_CERT_INFO_AUTHORITY_KEY_ID: @@ -199,13 +199,13 @@ lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type, memset(&skid, 0, sizeof(skid)); lws_x509_get_crt_ext(x509, &skid, &akid); - if (akid.keyIdentifier.MBEDTLS_PRIVATE(tag) != MBEDTLS_ASN1_OCTET_STRING) + if (akid.keyIdentifier.MBEDTLS_PRIVATE_V30_ONLY(tag) != MBEDTLS_ASN1_OCTET_STRING) return 1; - buf->ns.len = (int)akid.keyIdentifier.MBEDTLS_PRIVATE(len); - if (!akid.keyIdentifier.MBEDTLS_PRIVATE(p) || + buf->ns.len = (int)akid.keyIdentifier.MBEDTLS_PRIVATE_V30_ONLY(len); + if (!akid.keyIdentifier.MBEDTLS_PRIVATE_V30_ONLY(p) || len < (size_t)buf->ns.len) return -1; - memcpy(buf->ns.name, akid.keyIdentifier.MBEDTLS_PRIVATE(p), (size_t)buf->ns.len); + memcpy(buf->ns.name, akid.keyIdentifier.MBEDTLS_PRIVATE_V30_ONLY(p), (size_t)buf->ns.len); break; case LWS_TLS_CERT_INFO_AUTHORITY_KEY_ID_ISSUER: { @@ -221,17 +221,17 @@ lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type, buf->ns.len = 0; while (ip) { - if (akid.keyIdentifier.MBEDTLS_PRIVATE(tag) != MBEDTLS_ASN1_OCTET_STRING || - !ip->MBEDTLS_PRIVATE(buf).MBEDTLS_PRIVATE(p) || - ip->MBEDTLS_PRIVATE(buf).MBEDTLS_PRIVATE(len) < 9 || - len < (size_t)ip->MBEDTLS_PRIVATE(buf).MBEDTLS_PRIVATE(len) - 9u) + if (akid.keyIdentifier.MBEDTLS_PRIVATE_V30_ONLY(tag) != MBEDTLS_ASN1_OCTET_STRING || + !ip->MBEDTLS_PRIVATE_V30_ONLY(buf).MBEDTLS_PRIVATE_V30_ONLY(p) || + ip->MBEDTLS_PRIVATE_V30_ONLY(buf).MBEDTLS_PRIVATE_V30_ONLY(len) < 9 || + len < (size_t)ip->MBEDTLS_PRIVATE_V30_ONLY(buf).MBEDTLS_PRIVATE_V30_ONLY(len) - 9u) break; - memcpy(buf->ns.name + buf->ns.len, ip->MBEDTLS_PRIVATE(buf).MBEDTLS_PRIVATE(p), - (size_t)ip->MBEDTLS_PRIVATE(buf).MBEDTLS_PRIVATE(len) - 9); - buf->ns.len = buf->ns.len + (int)ip->MBEDTLS_PRIVATE(buf).MBEDTLS_PRIVATE(len) - 9; + memcpy(buf->ns.name + buf->ns.len, ip->MBEDTLS_PRIVATE_V30_ONLY(buf).MBEDTLS_PRIVATE_V30_ONLY(p), + (size_t)ip->MBEDTLS_PRIVATE_V30_ONLY(buf).MBEDTLS_PRIVATE_V30_ONLY(len) - 9); + buf->ns.len = buf->ns.len + (int)ip->MBEDTLS_PRIVATE_V30_ONLY(buf).MBEDTLS_PRIVATE_V30_ONLY(len) - 9; - ip = ip->MBEDTLS_PRIVATE(next); + ip = ip->MBEDTLS_PRIVATE_V30_ONLY(next); } break; } @@ -242,14 +242,14 @@ lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type, lws_x509_get_crt_ext(x509, &skid, &akid); - if (akid.authorityCertSerialNumber.MBEDTLS_PRIVATE(tag) != MBEDTLS_ASN1_OCTET_STRING) + if (akid.authorityCertSerialNumber.MBEDTLS_PRIVATE_V30_ONLY(tag) != MBEDTLS_ASN1_OCTET_STRING) return 1; - buf->ns.len = (int)akid.authorityCertSerialNumber.MBEDTLS_PRIVATE(len); - if (!akid.authorityCertSerialNumber.MBEDTLS_PRIVATE(p) || + buf->ns.len = (int)akid.authorityCertSerialNumber.MBEDTLS_PRIVATE_V30_ONLY(len); + if (!akid.authorityCertSerialNumber.MBEDTLS_PRIVATE_V30_ONLY(p) || len < (size_t)buf->ns.len) return -1; memcpy(buf->ns.name, akid.authorityCertSerialNumber. - MBEDTLS_PRIVATE(p), (size_t)buf->ns.len); + MBEDTLS_PRIVATE_V30_ONLY(p), (size_t)buf->ns.len); break; case LWS_TLS_CERT_INFO_SUBJECT_KEY_ID: @@ -259,12 +259,12 @@ lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type, lws_x509_get_crt_ext(x509, &skid, &akid); - if (skid.MBEDTLS_PRIVATE(tag) != MBEDTLS_ASN1_OCTET_STRING) + if (skid.MBEDTLS_PRIVATE_V30_ONLY(tag) != MBEDTLS_ASN1_OCTET_STRING) return 1; - buf->ns.len = (int)skid.MBEDTLS_PRIVATE(len); + buf->ns.len = (int)skid.MBEDTLS_PRIVATE_V30_ONLY(len); if (len < (size_t)buf->ns.len) return -1; - memcpy(buf->ns.name, skid.MBEDTLS_PRIVATE(p), (size_t)buf->ns.len); + memcpy(buf->ns.name, skid.MBEDTLS_PRIVATE_V30_ONLY(p), (size_t)buf->ns.len); break; default: return -1; @@ -379,7 +379,7 @@ int lws_x509_public_to_jwk(struct lws_jwk *jwk, struct lws_x509_cert *x509, const char *curves, int rsa_min_bits) { - int kt = (int)mbedtls_pk_get_type(&x509->cert.MBEDTLS_PRIVATE(pk)), + int kt = (int)mbedtls_pk_get_type(&x509->cert.MBEDTLS_PRIVATE_V30_ONLY(pk)), n, count = 0, ret = -1; mbedtls_rsa_context *rsactx; mbedtls_ecp_keypair *ecpctx; @@ -391,7 +391,7 @@ lws_x509_public_to_jwk(struct lws_jwk *jwk, struct lws_x509_cert *x509, case MBEDTLS_PK_RSA: lwsl_notice("%s: RSA key\n", __func__); jwk->kty = LWS_GENCRYPTO_KTY_RSA; - rsactx = mbedtls_pk_rsa(x509->cert.MBEDTLS_PRIVATE(pk)); + rsactx = mbedtls_pk_rsa(x509->cert.MBEDTLS_PRIVATE_V30_ONLY(pk)); mpi[LWS_GENCRYPTO_RSA_KEYEL_E] = &rsactx->MBEDTLS_PRIVATE(E); mpi[LWS_GENCRYPTO_RSA_KEYEL_N] = &rsactx->MBEDTLS_PRIVATE(N); @@ -409,7 +409,7 @@ lws_x509_public_to_jwk(struct lws_jwk *jwk, struct lws_x509_cert *x509, case MBEDTLS_PK_ECKEY: lwsl_notice("%s: EC key\n", __func__); jwk->kty = LWS_GENCRYPTO_KTY_EC; - ecpctx = mbedtls_pk_ec(x509->cert.MBEDTLS_PRIVATE(pk)); + ecpctx = mbedtls_pk_ec(x509->cert.MBEDTLS_PRIVATE_V30_ONLY(pk)); mpi[LWS_GENCRYPTO_EC_KEYEL_X] = &ecpctx->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X); mpi[LWS_GENCRYPTO_EC_KEYEL_D] = &ecpctx->MBEDTLS_PRIVATE(d); mpi[LWS_GENCRYPTO_EC_KEYEL_Y] = &ecpctx->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y); diff --git a/lib/tls/mbedtls/wrapper/platform/ssl_pm.c b/lib/tls/mbedtls/wrapper/platform/ssl_pm.c index 0faf0d713..db63d0958 100755 --- a/lib/tls/mbedtls/wrapper/platform/ssl_pm.c +++ b/lib/tls/mbedtls/wrapper/platform/ssl_pm.c @@ -499,14 +499,13 @@ void ssl_pm_set_fd(SSL *ssl, int fd, int mode) { struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; - ssl_pm->fd.MBEDTLS_PRIVATE(fd) = fd; + ssl_pm->fd.MBEDTLS_PRIVATE_V30_ONLY(fd) = fd; } int ssl_pm_get_fd(const SSL *ssl, int mode) { struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; - - return ssl_pm->fd.MBEDTLS_PRIVATE(fd); + return ssl_pm->fd.MBEDTLS_PRIVATE_V30_ONLY(fd); } OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl)