tls: mbedtls-3

Adapt mbedtls support for compatibility with v3, while maintaining
compatibility with v2.

Notice v3 has removed the ability to encrypt with pubkey and
decrypt with privkey.  Openssl still has it, atm with v3 these
fall back to encrypt with privkey and decrypt with pubkey.

> The RSA module no longer supports private-key operations with the
> public key or vice versa. As a consequence, RSA operation functions
> no longer have a mode parameter. If you were calling RSA operations
> with the normal mode (public key for verification or encryption,
> private key for signature or decryption), remove the
> MBEDTLS_MODE_PUBLIC or MBEDTLS_MODE_PRIVATE argument. If you were
> calling RSA operations with the wrong mode, which rarely makes sense
>from a security perspective, this is no longer supported.

include/libwebsockets.h

@@ -287,6 +287,11 @@ typedef int suseconds_t;
 #include <mbedtls/ssl.h>
 #include <mbedtls/entropy.h>
 #include <mbedtls/ctr_drbg.h>
+
+#if !defined(MBEDTLS_PRIVATE)
+#define MBEDTLS_PRIVATE(_q) _q
+#endif
+
 #endif
 #else
 #include <openssl/ssl.h>

include/libwebsockets/lws-x509.h

@@ -148,6 +148,7 @@ lws_x509_public_to_jwk(struct lws_jwk *jwk, struct lws_x509_cert *x509,
  * lws_x509_jwk_privkey_pem() - Copy a private key PEM into a jwk that has the
  *				public part already
  *
+ * \param cx: lws_context (for random)
  * \param jwk: pointer to the jwk to initialize and set to the public key
  * \param pem: pointer to PEM private key in memory
  * \param len: length of PEM private key in memory
@@ -163,8 +164,8 @@ lws_x509_public_to_jwk(struct lws_jwk *jwk, struct lws_x509_cert *x509,
  * The caller should take care to zero down passphrase if used.
  */
 LWS_VISIBLE LWS_EXTERN int
-lws_x509_jwk_privkey_pem(struct lws_jwk *jwk, void *pem, size_t len,
-			 const char *passphrase);
+lws_x509_jwk_privkey_pem(struct lws_context *cx, struct lws_jwk *jwk,
+			 void *pem, size_t len, const char *passphrase);
 
 /**
  * lws_x509_destroy() - Destroy a previously allocated lws_x509_cert object

lib/core/private-lib-core.h

@@ -617,7 +617,7 @@ struct lws_context {
 	const char *username, *groupname;
 #endif
 
-#if defined(LWS_AMAZON_RTOS) && defined(LWS_WITH_MBEDTLS)
+#if defined(LWS_WITH_MBEDTLS)
 	mbedtls_entropy_context mec;
 	mbedtls_ctr_drbg_context mcdc;
 #endif

lib/plat/unix/unix-init.c

@@ -136,6 +136,33 @@ lws_plat_init(struct lws_context *context,
 		return 1;
 	}
 
+#if defined(LWS_WITH_MBEDTLS)
+	{
+		int n;
+
+		/* initialize platform random through mbedtls */
+		mbedtls_entropy_init(&context->mec);
+		mbedtls_ctr_drbg_init(&context->mcdc);
+
+		n = mbedtls_ctr_drbg_seed(&context->mcdc, mbedtls_entropy_func,
+					  &context->mec, NULL, 0);
+		if (n)
+			lwsl_err("%s: mbedtls_ctr_drbg_seed() returned 0x%x\n",
+				 __func__, n);
+#if 0
+		else {
+			uint8_t rtest[16];
+			lwsl_notice("%s: started drbg\n", __func__);
+			if (mbedtls_ctr_drbg_random(&context->mcdc, rtest,
+							sizeof(rtest)))
+				lwsl_err("%s: get random failed\n", __func__);
+			else
+				lwsl_hexdump_notice(rtest, sizeof(rtest));
+		}
+#endif
+	}
+#endif
+
 	lwsl_cx_info(context, " mem: platform fd map: %5lu B",
 		    (unsigned long)(sizeof(struct lws *) * context->max_fds));
 #endif

lib/plat/unix/unix-sockets.c

@@ -557,7 +557,7 @@ lws_plat_vhost_tls_client_ctx_init(struct lws_vhost *vhost)
 int
 lws_plat_mbedtls_net_send(void *ctx, const uint8_t *buf, size_t len)
 {
-	int fd = ((mbedtls_net_context *) ctx)->fd;
+	int fd = ((mbedtls_net_context *) ctx)->MBEDTLS_PRIVATE(fd);
 	int ret;
 
 	if (fd < 0)
@@ -582,7 +582,7 @@ lws_plat_mbedtls_net_send(void *ctx, const uint8_t *buf, size_t len)
 int
 lws_plat_mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len)
 {
-	int fd = ((mbedtls_net_context *) ctx)->fd;
+	int fd = ((mbedtls_net_context *) ctx)->MBEDTLS_PRIVATE(fd);
 	int ret;
 
 	if (fd < 0)

lib/plat/windows/windows-init.c

@@ -77,6 +77,33 @@ lws_plat_init(struct lws_context *context,
 	struct lws_context_per_thread *pt = &context->pt[0];
 	int i, n = context->count_threads;
 
+#if defined(LWS_WITH_MBEDTLS)
+	{
+		int n;
+
+		/* initialize platform random through mbedtls */
+		mbedtls_entropy_init(&context->mec);
+		mbedtls_ctr_drbg_init(&context->mcdc);
+
+		n = mbedtls_ctr_drbg_seed(&context->mcdc, mbedtls_entropy_func,
+					  &context->mec, NULL, 0);
+		if (n)
+			lwsl_err("%s: mbedtls_ctr_drbg_seed() returned 0x%x\n",
+				 __func__, n);
+#if 0
+		else {
+			uint8_t rtest[16];
+			lwsl_notice("%s: started drbg\n", __func__);
+			if (mbedtls_ctr_drbg_random(&context->mcdc, rtest,
+							sizeof(rtest)))
+				lwsl_err("%s: get random failed\n", __func__);
+			else
+				lwsl_hexdump_notice(rtest, sizeof(rtest));
+		}
+#endif
+	}
+#endif
+
 	for (i = 0; i < FD_HASHTABLE_MODULUS; i++) {
 		context->fd_hashtable[i].wsi =
 			lws_zalloc(sizeof(struct lws*) * context->max_fds,

lib/tls/mbedtls/lws-genaes.c

@@ -131,10 +131,20 @@ lws_genaes_create(struct lws_genaes_ctx *ctx, enum enum_aes_operation op,
 int
 lws_genaes_destroy(struct lws_genaes_ctx *ctx, unsigned char *tag, size_t tlen)
 {
+#if defined(MBEDTLS_VERSION_NUMBER) && MBEDTLS_VERSION_NUMBER >= 0x03000000
+	size_t last_len = 0;
+	uint8_t last[16];
+#endif
 	int n;
 
 	if (ctx->mode == LWS_GAESM_GCM) {
+#if defined(MBEDTLS_VERSION_NUMBER) && MBEDTLS_VERSION_NUMBER >= 0x03000000
+		n = mbedtls_gcm_finish(&ctx->u.ctx_gcm, last, sizeof(last),
+					&last_len, tag, tlen);
+#else
 		n = mbedtls_gcm_finish(&ctx->u.ctx_gcm, tag, tlen);
+#endif
+
 		if (n)
 			lwsl_notice("%s: mbedtls_gcm_finish: -0x%x\n",
 				    __func__, -n);
@@ -388,9 +398,18 @@ lws_genaes_crypt(struct lws_genaes_ctx *ctx, const uint8_t *in, size_t len,
 			 * additional data len:  len
 			 */
 
+#if defined(MBEDTLS_VERSION_NUMBER) && MBEDTLS_VERSION_NUMBER >= 0x03000000
+			n = mbedtls_gcm_starts(&ctx->u.ctx_gcm, (int)ctx->op,
+					       iv_or_nonce_ctr_or_data_unit_16,
+					       *nc_or_iv_off);
+			if (!n)
+				n = mbedtls_gcm_update_ad(&ctx->u.ctx_gcm,
+							  in, len);
+#else
 			n = mbedtls_gcm_starts(&ctx->u.ctx_gcm, (int)ctx->op,
 					       iv_or_nonce_ctr_or_data_unit_16,
 					       *nc_or_iv_off, in, len);
+#endif
 			if (n) {
 				lwsl_notice("%s: mbedtls_gcm_starts: -0x%x\n",
 					    __func__, -n);
@@ -400,7 +419,15 @@ lws_genaes_crypt(struct lws_genaes_ctx *ctx, const uint8_t *in, size_t len,
 			break;
 		}
 
+#if defined(MBEDTLS_VERSION_NUMBER) && MBEDTLS_VERSION_NUMBER >= 0x03000000
+		{
+			size_t al;
+
+			n = mbedtls_gcm_update(&ctx->u.ctx_gcm, in, len, out, len, &al);
+		}
+#else
 		n = mbedtls_gcm_update(&ctx->u.ctx_gcm, len, in, out);
+#endif
 		if (n) {
 			lwsl_notice("%s: mbedtls_gcm_update: -0x%x\n",
 				    __func__, -n);

lib/tls/mbedtls/lws-genec.c

@@ -27,6 +27,15 @@
 #include "private-lib-core.h"
 #include "private-lib-tls-mbedtls.h"
 
+#if defined(MBEDTLS_VERSION_NUMBER) && MBEDTLS_VERSION_NUMBER >= 0x03000000
+#define ECDHCTX(_c, _ins) _c->u.ctx_ecdh->MBEDTLS_PRIVATE(ctx).\
+			MBEDTLS_PRIVATE(mbed_ecdh).MBEDTLS_PRIVATE(_ins)
+#define ECDSACTX(_c, _ins) _c->u.ctx_ecdsa->MBEDTLS_PRIVATE(_ins)
+#else
+#define ECDHCTX(_c, _ins) _c->u.ctx_ecdh->_ins
+#define ECDSACTX(_c, _ins) _c->u.ctx_ecdsa->_ins
+#endif
+
 const struct lws_ec_curves lws_ec_curves[] = {
 	/*
 	 * These are the curves we are willing to use by default...
@@ -76,7 +85,8 @@ lws_genec_keypair_import(struct lws_genec_ctx *ctx, enum enum_lws_dh_side side,
 		return -23;
 
 	mbedtls_ecp_keypair_init(&kp);
-	if (mbedtls_ecp_group_load(&kp.grp, (mbedtls_ecp_group_id)curve->tls_lib_nid))
+	if (mbedtls_ecp_group_load(&kp.MBEDTLS_PRIVATE(grp),
+				   (mbedtls_ecp_group_id)curve->tls_lib_nid))
 		goto bail1;
 
 	ctx->has_private = !!el[LWS_GENCRYPTO_EC_KEYEL_D].len;
@@ -84,21 +94,24 @@ lws_genec_keypair_import(struct lws_genec_ctx *ctx, enum enum_lws_dh_side side,
 	/* d (the private key) is directly an mpi */
 
 	if (ctx->has_private &&
-	    mbedtls_mpi_read_binary(&kp.d, el[LWS_GENCRYPTO_EC_KEYEL_D].buf,
+	    mbedtls_mpi_read_binary(&kp.MBEDTLS_PRIVATE(d),
+				    el[LWS_GENCRYPTO_EC_KEYEL_D].buf,
 				    el[LWS_GENCRYPTO_EC_KEYEL_D].len))
 		goto bail1;
 
-	mbedtls_ecp_set_zero(&kp.Q);
+	mbedtls_ecp_set_zero(&kp.MBEDTLS_PRIVATE(Q));
 
-	if (mbedtls_mpi_read_binary(&kp.Q.X, el[LWS_GENCRYPTO_EC_KEYEL_X].buf,
+	if (mbedtls_mpi_read_binary(&kp.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X),
+				    el[LWS_GENCRYPTO_EC_KEYEL_X].buf,
 				    el[LWS_GENCRYPTO_EC_KEYEL_X].len))
 		goto bail1;
 
-	if (mbedtls_mpi_read_binary(&kp.Q.Y, el[LWS_GENCRYPTO_EC_KEYEL_Y].buf,
+	if (mbedtls_mpi_read_binary(&kp.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y),
+				    el[LWS_GENCRYPTO_EC_KEYEL_Y].buf,
 				    el[LWS_GENCRYPTO_EC_KEYEL_Y].len))
 		goto bail1;
 
-	mbedtls_mpi_lset(&kp.Q.Z, 1);
+	mbedtls_mpi_lset(&kp.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 1);
 
 	switch (ctx->genec_alg) {
 	case LEGENEC_ECDH:
@@ -107,11 +120,11 @@ lws_genec_keypair_import(struct lws_genec_ctx *ctx, enum enum_lws_dh_side side,
 			goto bail1;
 		/* verify the key is consistent with the claimed curve */
 		if (ctx->has_private &&
-		    mbedtls_ecp_check_privkey(&ctx->u.ctx_ecdh->grp,
-					      &ctx->u.ctx_ecdh->d))
+		    mbedtls_ecp_check_privkey(&ECDHCTX(ctx, grp),
+					      &ECDHCTX(ctx, d)))
 			goto bail1;
-		if (mbedtls_ecp_check_pubkey(&ctx->u.ctx_ecdh->grp,
-					     &ctx->u.ctx_ecdh->Q))
+		if (mbedtls_ecp_check_pubkey(&ECDHCTX(ctx, grp),
+					     &ECDHCTX(ctx, Q)))
 			goto bail1;
 		break;
 	case LEGENEC_ECDSA:
@@ -119,11 +132,11 @@ lws_genec_keypair_import(struct lws_genec_ctx *ctx, enum enum_lws_dh_side side,
 			goto bail1;
 		/* verify the key is consistent with the claimed curve */
 		if (ctx->has_private &&
-		    mbedtls_ecp_check_privkey(&ctx->u.ctx_ecdsa->grp,
-					      &ctx->u.ctx_ecdsa->d))
+		    mbedtls_ecp_check_privkey(&ECDSACTX(ctx, grp),
+					      &ECDSACTX(ctx, d)))
 			goto bail1;
-		if (mbedtls_ecp_check_pubkey(&ctx->u.ctx_ecdsa->grp,
-					     &ctx->u.ctx_ecdsa->Q))
+		if (mbedtls_ecp_check_pubkey(&ECDSACTX(ctx, grp),
+					     &ECDSACTX(ctx, Q)))
 			goto bail1;
 		break;
 	default:
@@ -265,9 +278,9 @@ lws_genecdh_new_keypair(struct lws_genec_ctx *ctx, enum enum_lws_dh_side side,
 	 * lws_gencrypto_keyelem, so they can be serialized, used in jwk etc
 	 */
 
-	mpi[0] = &kp->Q.X;
-	mpi[1] = &kp->d;
-	mpi[2] = &kp->Q.Y;
+	mpi[0] = &kp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X);
+	mpi[1] = &kp->MBEDTLS_PRIVATE(d);
+	mpi[2] = &kp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y);
 
 	el[LWS_GENCRYPTO_EC_KEYEL_CRV].len = (uint32_t)strlen(curve_name) + 1;
 	el[LWS_GENCRYPTO_EC_KEYEL_CRV].buf =
@@ -339,9 +352,9 @@ lws_genecdsa_new_keypair(struct lws_genec_ctx *ctx, const char *curve_name,
 
 	kp = (mbedtls_ecp_keypair *)ctx->u.ctx_ecdsa;
 
-	mpi[0] = &kp->Q.X;
-	mpi[1] = &kp->d;
-	mpi[2] = &kp->Q.Y;
+	mpi[0] = &kp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X);
+	mpi[1] = &kp->MBEDTLS_PRIVATE(d);
+	mpi[2] = &kp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y);
 
 	el[LWS_GENCRYPTO_EC_KEYEL_CRV].len = (uint32_t)strlen(curve_name) + 1;
 	el[LWS_GENCRYPTO_EC_KEYEL_CRV].buf =
@@ -412,8 +425,8 @@ lws_genecdsa_hash_sign_jws(struct lws_genec_ctx *ctx, const uint8_t *in,
 	mbedtls_mpi_init(&mpi_r);
 	mbedtls_mpi_init(&mpi_s);
 
-	n = mbedtls_ecdsa_sign(&ctx->u.ctx_ecdsa->grp, &mpi_r, &mpi_s,
-			       &ctx->u.ctx_ecdsa->d, in, hlen,
+	n = mbedtls_ecdsa_sign(&ECDSACTX(ctx, grp), &mpi_r, &mpi_s,
+			       &ECDSACTX(ctx, d), in, hlen,
 			lws_gencrypto_mbedtls_rngf, ctx->context);
 	if (n) {
 		lwsl_err("%s: mbedtls_ecdsa_sign failed: -0x%x\n",
@@ -476,8 +489,8 @@ lws_genecdsa_hash_sig_verify_jws(struct lws_genec_ctx *ctx, const uint8_t *in,
 	if (mbedtls_mpi_read_binary(&mpi_s, sig + keybytes, (unsigned int)keybytes))
 		goto bail1;
 
-	n = mbedtls_ecdsa_verify(&ctx->u.ctx_ecdsa->grp, in, hlen,
-				 &ctx->u.ctx_ecdsa->Q, &mpi_r, &mpi_s);
+	n = mbedtls_ecdsa_verify(&ECDSACTX(ctx, grp), in, hlen,
+				 &ECDSACTX(ctx, Q), &mpi_r, &mpi_s);
 
 	mbedtls_mpi_free(&mpi_s);
 	mbedtls_mpi_free(&mpi_r);
@@ -504,8 +517,8 @@ lws_genecdh_compute_shared_secret(struct lws_genec_ctx *ctx, uint8_t *ss,
 {
 	int n;
 	size_t st;
-	if (mbedtls_ecp_check_pubkey(&ctx->u.ctx_ecdh->grp, &ctx->u.ctx_ecdh->Q) ||
-	    mbedtls_ecp_check_pubkey(&ctx->u.ctx_ecdh->grp, &ctx->u.ctx_ecdh->Qp)) {
+	if (mbedtls_ecp_check_pubkey(&ECDHCTX(ctx, grp), &ECDHCTX(ctx, Q)) ||
+	    mbedtls_ecp_check_pubkey(&ECDHCTX(ctx, grp), &ECDHCTX(ctx, Qp))) {
 		lwsl_err("%s: both sides must be set up\n", __func__);
 
 		return -1;

lib/tls/mbedtls/lws-genhash.c

@@ -27,7 +27,22 @@
 #include "libwebsockets.h"
 #include <mbedtls/version.h>
 
-#if (MBEDTLS_VERSION_NUMBER >= 0x02070000)
+#if defined(MBEDTLS_VERSION_NUMBER) && (MBEDTLS_VERSION_NUMBER >= 0x03000000)
+#define mbedtls_md5_starts_ret mbedtls_md5_starts
+#define mbedtls_md5_update_ret mbedtls_md5_update
+#define mbedtls_md5_finish_ret mbedtls_md5_finish
+#define mbedtls_sha1_finish_ret mbedtls_sha1_finish
+#define mbedtls_sha1_update_ret mbedtls_sha1_update
+#define mbedtls_sha1_starts_ret mbedtls_sha1_starts
+#define mbedtls_sha256_starts_ret mbedtls_sha256_starts
+#define mbedtls_sha256_update_ret mbedtls_sha256_update
+#define mbedtls_sha256_finish_ret mbedtls_sha256_finish
+#define mbedtls_sha512_starts_ret mbedtls_sha512_starts
+#define mbedtls_sha512_update_ret mbedtls_sha512_update
+#define mbedtls_sha512_finish_ret mbedtls_sha512_finish
+#endif
+
+#if defined(MBEDTLS_VERSION_NUMBER) && (MBEDTLS_VERSION_NUMBER >= 0x02070000)
 
 /*
  * We have the _ret variants available, check the return codes on everything

lib/tls/mbedtls/lws-genrsa.c

@@ -56,18 +56,29 @@ lws_genrsa_create(struct lws_genrsa_ctx *ctx, struct lws_gencrypto_keyelem *el,
 	if (mode >= LGRSAM_COUNT)
 		return -1;
 
+#if !defined(MBEDTLS_VERSION_NUMBER) || MBEDTLS_VERSION_NUMBER < 0x03000000
 	mbedtls_rsa_init(ctx->ctx, mode_map[mode], 0);
+#else
+	mbedtls_rsa_init(ctx->ctx);
+	mbedtls_rsa_set_padding(ctx->ctx, mode_map[mode], 0);
+#endif
 
-	ctx->ctx->padding = mode_map[mode];
-	ctx->ctx->hash_id = (int)lws_gencrypto_mbedtls_hash_to_MD_TYPE(oaep_hashid);
+	ctx->ctx->MBEDTLS_PRIVATE(padding) = mode_map[mode];
+	ctx->ctx->MBEDTLS_PRIVATE(hash_id) =
+			(int)lws_gencrypto_mbedtls_hash_to_MD_TYPE(oaep_hashid);
 
 	{
 		int n;
 
 		mbedtls_mpi *mpi[LWS_GENCRYPTO_RSA_KEYEL_COUNT] = {
-			&ctx->ctx->E, &ctx->ctx->N, &ctx->ctx->D, &ctx->ctx->P,
-			&ctx->ctx->Q, &ctx->ctx->DP, &ctx->ctx->DQ,
-			&ctx->ctx->QP,
+			&ctx->ctx->MBEDTLS_PRIVATE(E),
+			&ctx->ctx->MBEDTLS_PRIVATE(N),
+			&ctx->ctx->MBEDTLS_PRIVATE(D),
+			&ctx->ctx->MBEDTLS_PRIVATE(P),
+			&ctx->ctx->MBEDTLS_PRIVATE(Q),
+			&ctx->ctx->MBEDTLS_PRIVATE(DP),
+			&ctx->ctx->MBEDTLS_PRIVATE(DQ),
+			&ctx->ctx->MBEDTLS_PRIVATE(QP),
 		};
 
 		for (n = 0; n < LWS_GENCRYPTO_RSA_KEYEL_COUNT; n++)
@@ -100,7 +111,7 @@ lws_genrsa_create(struct lws_genrsa_ctx *ctx, struct lws_gencrypto_keyelem *el,
 		}
 	}
 
-	ctx->ctx->len = el[LWS_GENCRYPTO_RSA_KEYEL_N].len;
+	ctx->ctx->MBEDTLS_PRIVATE(len) = el[LWS_GENCRYPTO_RSA_KEYEL_N].len;
 
 	return 0;
 }
@@ -132,7 +143,12 @@ lws_genrsa_new_keypair(struct lws_context *context, struct lws_genrsa_ctx *ctx,
 	if (mode >= LGRSAM_COUNT)
 		return -1;
 
+#if !defined(MBEDTLS_VERSION_NUMBER) || MBEDTLS_VERSION_NUMBER < 0x03000000
 	mbedtls_rsa_init(ctx->ctx, mode_map[mode], 0);
+#else
+	mbedtls_rsa_init(ctx->ctx);
+	mbedtls_rsa_set_padding(ctx->ctx, mode_map[mode], 0);
+#endif
 
 	n = mbedtls_rsa_gen_key(ctx->ctx, _rngf, context, (unsigned int)bits, 65537);
 	if (n) {
@@ -142,9 +158,14 @@ lws_genrsa_new_keypair(struct lws_context *context, struct lws_genrsa_ctx *ctx,
 
 	{
 		mbedtls_mpi *mpi[LWS_GENCRYPTO_RSA_KEYEL_COUNT] = {
-			&ctx->ctx->E, &ctx->ctx->N, &ctx->ctx->D, &ctx->ctx->P,
-			&ctx->ctx->Q, &ctx->ctx->DP, &ctx->ctx->DQ,
-			&ctx->ctx->QP,
+			&ctx->ctx->MBEDTLS_PRIVATE(E),
+			&ctx->ctx->MBEDTLS_PRIVATE(N),
+			&ctx->ctx->MBEDTLS_PRIVATE(D),
+			&ctx->ctx->MBEDTLS_PRIVATE(P),
+			&ctx->ctx->MBEDTLS_PRIVATE(Q),
+			&ctx->ctx->MBEDTLS_PRIVATE(DP),
+			&ctx->ctx->MBEDTLS_PRIVATE(DQ),
+			&ctx->ctx->MBEDTLS_PRIVATE(QP),
 		};
 
 		for (n = 0; n < LWS_GENCRYPTO_RSA_KEYEL_COUNT; n++)
@@ -179,7 +200,7 @@ lws_genrsa_public_decrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in,
 	size_t olen = 0;
 	int n;
 
-	ctx->ctx->len = in_len;
+	ctx->ctx->MBEDTLS_PRIVATE(len) = in_len;
 
 #if defined(LWS_HAVE_mbedtls_rsa_complete)
 	mbedtls_rsa_complete(ctx->ctx);
@@ -189,14 +210,18 @@ lws_genrsa_public_decrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in,
 	case LGRSAM_PKCS1_1_5:
 		n = mbedtls_rsa_rsaes_pkcs1_v15_decrypt(ctx->ctx, _rngf,
 							ctx->context,
+#if !defined(MBEDTLS_VERSION_NUMBER) || MBEDTLS_VERSION_NUMBER < 0x03000000
 							MBEDTLS_RSA_PUBLIC,
+#endif
 							&olen, in, out,
 							out_max);
 		break;
 	case LGRSAM_PKCS1_OAEP_PSS:
 		n = mbedtls_rsa_rsaes_oaep_decrypt(ctx->ctx, _rngf,
 						   ctx->context,
-						   MBEDTLS_RSA_PUBLIC,
+#if !defined(MBEDTLS_VERSION_NUMBER) || MBEDTLS_VERSION_NUMBER < 0x03000000
+							MBEDTLS_RSA_PUBLIC,
+#endif
 						   NULL, 0,
 						   &olen, in, out, out_max);
 		break;
@@ -219,7 +244,7 @@ lws_genrsa_private_decrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in,
 	size_t olen = 0;
 	int n;
 
-	ctx->ctx->len = in_len;
+	ctx->ctx->MBEDTLS_PRIVATE(len) = in_len;
 
 #if defined(LWS_HAVE_mbedtls_rsa_complete)
 	mbedtls_rsa_complete(ctx->ctx);
@@ -229,14 +254,18 @@ lws_genrsa_private_decrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in,
 	case LGRSAM_PKCS1_1_5:
 		n = mbedtls_rsa_rsaes_pkcs1_v15_decrypt(ctx->ctx, _rngf,
 							ctx->context,
+#if !defined(MBEDTLS_VERSION_NUMBER) || MBEDTLS_VERSION_NUMBER < 0x03000000
 							MBEDTLS_RSA_PRIVATE,
+#endif
 							&olen, in, out,
 							out_max);
 		break;
 	case LGRSAM_PKCS1_OAEP_PSS:
 		n = mbedtls_rsa_rsaes_oaep_decrypt(ctx->ctx, _rngf,
 						   ctx->context,
+#if !defined(MBEDTLS_VERSION_NUMBER) || MBEDTLS_VERSION_NUMBER < 0x03000000
 						   MBEDTLS_RSA_PRIVATE,
+#endif
 						   NULL, 0,
 						   &olen, in, out, out_max);
 		break;
@@ -266,13 +295,17 @@ lws_genrsa_public_encrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in,
 	case LGRSAM_PKCS1_1_5:
 		n = mbedtls_rsa_rsaes_pkcs1_v15_encrypt(ctx->ctx, _rngf,
 							ctx->context,
+#if !defined(MBEDTLS_VERSION_NUMBER) || MBEDTLS_VERSION_NUMBER < 0x03000000
 							MBEDTLS_RSA_PUBLIC,
+#endif
 							in_len, in, out);
 		break;
 	case LGRSAM_PKCS1_OAEP_PSS:
 		n = mbedtls_rsa_rsaes_oaep_encrypt(ctx->ctx, _rngf,
 						   ctx->context,
+#if !defined(MBEDTLS_VERSION_NUMBER) || MBEDTLS_VERSION_NUMBER < 0x03000000
 						   MBEDTLS_RSA_PUBLIC,
+#endif
 						   NULL, 0,
 						   in_len, in, out);
 		break;
@@ -286,7 +319,7 @@ lws_genrsa_public_encrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in,
 		return -1;
 	}
 
-	return (int)mbedtls_mpi_size(&ctx->ctx->N);
+	return (int)mbedtls_mpi_size(&ctx->ctx->MBEDTLS_PRIVATE(N));
 }
 
 int
@@ -303,13 +336,17 @@ lws_genrsa_private_encrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in,
 	case LGRSAM_PKCS1_1_5:
 		n = mbedtls_rsa_rsaes_pkcs1_v15_encrypt(ctx->ctx, _rngf,
 							ctx->context,
+#if !defined(MBEDTLS_VERSION_NUMBER) || MBEDTLS_VERSION_NUMBER < 0x03000000
 							MBEDTLS_RSA_PRIVATE,
+#endif
 							in_len, in, out);
 		break;
 	case LGRSAM_PKCS1_OAEP_PSS:
 		n = mbedtls_rsa_rsaes_oaep_encrypt(ctx->ctx, _rngf,
 						   ctx->context,
+#if !defined(MBEDTLS_VERSION_NUMBER) || MBEDTLS_VERSION_NUMBER < 0x03000000
 						   MBEDTLS_RSA_PRIVATE,
+#endif
 						   NULL, 0,
 						   in_len, in, out);
 		break;
@@ -323,7 +360,7 @@ lws_genrsa_private_encrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in,
 		return -1;
 	}
 
-	return (int)mbedtls_mpi_size(&ctx->ctx->N);
+	return (int)mbedtls_mpi_size(&ctx->ctx->MBEDTLS_PRIVATE(N));
 }
 
 int
@@ -342,20 +379,30 @@ lws_genrsa_hash_sig_verify(struct lws_genrsa_ctx *ctx, const uint8_t *in,
 
 	switch(ctx->mode) {
 	case LGRSAM_PKCS1_1_5:
-		n = mbedtls_rsa_rsassa_pkcs1_v15_verify(ctx->ctx, NULL, NULL,
+		n = mbedtls_rsa_rsassa_pkcs1_v15_verify(ctx->ctx,
+#if !defined(MBEDTLS_VERSION_NUMBER) || MBEDTLS_VERSION_NUMBER < 0x03000000
+							NULL, NULL,
 							MBEDTLS_RSA_PUBLIC,
-							(mbedtls_md_type_t)h, 0, in, sig);
+#endif
+							(mbedtls_md_type_t)h,
+							(unsigned int)lws_genhash_size(hash_type),
+							in, sig);
 		break;
 	case LGRSAM_PKCS1_OAEP_PSS:
-		n = mbedtls_rsa_rsassa_pss_verify(ctx->ctx, NULL, NULL,
+		n = mbedtls_rsa_rsassa_pss_verify(ctx->ctx,
+#if !defined(MBEDTLS_VERSION_NUMBER) || MBEDTLS_VERSION_NUMBER < 0x03000000
+						  NULL, NULL,
 						  MBEDTLS_RSA_PUBLIC,
-						  (mbedtls_md_type_t)h, 0, in, sig);
+#endif
+						  (mbedtls_md_type_t)h,
+						  (unsigned int)lws_genhash_size(hash_type),
+						  in, sig);
 		break;
 	default:
 		return -1;
 	}
 	if (n < 0) {
-		lwsl_notice("%s: -0x%x\n", __func__, -n);
+		lwsl_notice("%s: (mode %d) -0x%x\n", __func__, ctx->mode, -n);
 
 		return -1;
 	}
@@ -381,19 +428,31 @@ lws_genrsa_hash_sign(struct lws_genrsa_ctx *ctx, const uint8_t *in,
 	 * The "sig" buffer must be as large as the size of ctx->N
 	 * (eg. 128 bytes if RSA-1024 is used).
 	 */
-	if (sig_len < ctx->ctx->len)
+	if (sig_len < ctx->ctx->MBEDTLS_PRIVATE(len))
 		return -1;
 
 	switch(ctx->mode) {
 	case LGRSAM_PKCS1_1_5:
-		n = mbedtls_rsa_rsassa_pkcs1_v15_sign(ctx->ctx, NULL, NULL,
+		n = mbedtls_rsa_rsassa_pkcs1_v15_sign(ctx->ctx,
+						      mbedtls_ctr_drbg_random,
+						      &ctx->context->mcdc,
+#if !defined(MBEDTLS_VERSION_NUMBER) || MBEDTLS_VERSION_NUMBER < 0x03000000
 						      MBEDTLS_RSA_PRIVATE,
-						      (mbedtls_md_type_t)h, 0, in, sig);
+#endif
+						      (mbedtls_md_type_t)h,
+						      (unsigned int)lws_genhash_size(hash_type),
+						      in, sig);
 		break;
 	case LGRSAM_PKCS1_OAEP_PSS:
-		n = mbedtls_rsa_rsassa_pss_sign(ctx->ctx, NULL, NULL,
+		n = mbedtls_rsa_rsassa_pss_sign(ctx->ctx,
+						mbedtls_ctr_drbg_random,
+						&ctx->context->mcdc,
+#if !defined(MBEDTLS_VERSION_NUMBER) || MBEDTLS_VERSION_NUMBER < 0x03000000
 						MBEDTLS_RSA_PRIVATE,
-						(mbedtls_md_type_t)h, 0, in, sig);
+#endif
+						(mbedtls_md_type_t)h,
+						(unsigned int)lws_genhash_size(hash_type),
+						in, sig);
 		break;
 	default:
 		return -1;
@@ -405,7 +464,7 @@ lws_genrsa_hash_sign(struct lws_genrsa_ctx *ctx, const uint8_t *in,
 		return -1;
 	}
 
-	return (int)ctx->ctx->len;
+	return (int)ctx->ctx->MBEDTLS_PRIVATE(len);
 }
 
 int
@@ -414,9 +473,14 @@ lws_genrsa_render_pkey_asn1(struct lws_genrsa_ctx *ctx, int _private,
 {
 	uint8_t *p = pkey_asn1, *totlen, *end = pkey_asn1 + pkey_asn1_len - 1;
 	mbedtls_mpi *mpi[LWS_GENCRYPTO_RSA_KEYEL_COUNT] = {
-		&ctx->ctx->N, &ctx->ctx->E, &ctx->ctx->D, &ctx->ctx->P,
-		&ctx->ctx->Q, &ctx->ctx->DP, &ctx->ctx->DQ,
-		&ctx->ctx->QP,
+		&ctx->ctx->MBEDTLS_PRIVATE(N),
+		&ctx->ctx->MBEDTLS_PRIVATE(E),
+		&ctx->ctx->MBEDTLS_PRIVATE(D),
+		&ctx->ctx->MBEDTLS_PRIVATE(P),
+		&ctx->ctx->MBEDTLS_PRIVATE(Q),
+		&ctx->ctx->MBEDTLS_PRIVATE(DP),
+		&ctx->ctx->MBEDTLS_PRIVATE(DQ),
+		&ctx->ctx->MBEDTLS_PRIVATE(QP),
 	};
 	int n;
 

lib/tls/mbedtls/mbedtls-client.c

@@ -382,7 +382,7 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh,
 		return 1;
 	}
 	/* create context */
-	vh->tls.ssl_client_ctx = SSL_CTX_new(method);
+	vh->tls.ssl_client_ctx = SSL_CTX_new(method, &vh->context->mcdc);
 	if (!vh->tls.ssl_client_ctx) {
 		error = (unsigned long)ERR_get_error();
 		lwsl_err("problem creating ssl context %lu: %s\n",

lib/tls/mbedtls/mbedtls-extensions.c

@@ -103,9 +103,9 @@ static const oid_x509_ext_t oid_x509_ext[] = {
         const mbedtls_oid_descriptor_t *cur =                           \
             (const mbedtls_oid_descriptor_t *) p;                       \
         if( p == NULL || oid == NULL ) return( NULL );                  \
-        while( cur->asn1 != NULL ) {                                    \
-            if( cur->asn1_len == oid->len &&                            \
-                memcmp( cur->asn1, oid->p, oid->len ) == 0 ) {          \
+        while( cur->MBEDTLS_PRIVATE(asn1) != NULL ) {                          \
+            if( cur->MBEDTLS_PRIVATE(asn1_len) == oid->MBEDTLS_PRIVATE(len) && \
+                memcmp( cur->MBEDTLS_PRIVATE(asn1), oid->MBEDTLS_PRIVATE(p), oid->MBEDTLS_PRIVATE(len) ) == 0 ) {          \
                 return( p );                                            \
             }                                                           \
             p++;                                                        \
@@ -177,9 +177,9 @@ x509_get_skid(uint8_t **p, const uint8_t *end, mbedtls_x509_buf *skid)
 	if (ret)
 		return ret;
 
-	skid->len	= len;
-	skid->tag	= MBEDTLS_ASN1_OCTET_STRING;
-	skid->p		= *p;
+	skid->MBEDTLS_PRIVATE(len)	= len;
+	skid->MBEDTLS_PRIVATE(tag)	= MBEDTLS_ASN1_OCTET_STRING;
+	skid->MBEDTLS_PRIVATE(p)	= *p;
 	*p		+= len;
 
 	return *p != end;
@@ -194,7 +194,8 @@ lws_mbedtls_x509_parse_general_name(const mbedtls_x509_buf *name_buf,
 	mbedtls_x509_name rfc822Name;
 	int ret;
 
-	switch (name_buf->tag & (LWS_MBEDTLS_ASN1_TAG_CLASS_MASK |
+	switch (name_buf->MBEDTLS_PRIVATE(tag) &
+				(LWS_MBEDTLS_ASN1_TAG_CLASS_MASK |
 				 LWS_MBEDTLS_ASN1_TAG_VALUE_MASK)) {
 
 #if 0
@@ -210,9 +211,10 @@ lws_mbedtls_x509_parse_general_name(const mbedtls_x509_buf *name_buf,
 #endif
 	case MBEDTLS_ASN1_SEQUENCE | LWS_MBEDTLS_X509_SAN_RFC822_NAME:
 
-		bufferPointer = name_buf->p;
+		bufferPointer = name_buf->MBEDTLS_PRIVATE(p);
 		p = &bufferPointer;
-		end = name_buf->p + name_buf->len;
+		end = name_buf->MBEDTLS_PRIVATE(p) +
+		      name_buf->MBEDTLS_PRIVATE(len);
 
 		/* The leading ASN1 tag and length has been processed.
 		 * Stepping back with 2 bytes, because mbedtls_x509_get_name
@@ -284,50 +286,52 @@ lws_x509_get_general_names(uint8_t **p, const uint8_t *end,
 		/*
 		 * Check that the name is structured correctly.
 		 */
-		r = lws_mbedtls_x509_parse_general_name(&cur->buf, &dnb);
+		r = lws_mbedtls_x509_parse_general_name(
+					&cur->MBEDTLS_PRIVATE(buf), &dnb);
 		/*
 		 * In case the extension is malformed, return an error,
 		 * and clear the allocated sequences.
 		 */
 		if (r && r != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) {
-		    mbedtls_x509_sequence *seq_cur = name->next;
+		    mbedtls_x509_sequence *seq_cur = name->MBEDTLS_PRIVATE(next);
 		    mbedtls_x509_sequence *seq_prv;
 
 			while( seq_cur != NULL ) {
 				seq_prv = seq_cur;
-				seq_cur = seq_cur->next;
+				seq_cur = seq_cur->MBEDTLS_PRIVATE(next);
 				lws_explicit_bzero(seq_prv, sizeof(*seq_cur));
 				lws_free(seq_prv);
 			}
 
-			name->next = NULL;
+			name->MBEDTLS_PRIVATE(next) = NULL;
 
 			return r;
 		}
 
 		/* Allocate and assign next pointer */
-		if (cur->buf.p) {
-			if (cur->next)
+		if (cur->MBEDTLS_PRIVATE(buf).MBEDTLS_PRIVATE(p)) {
+			if (cur->MBEDTLS_PRIVATE(next))
 				return 1;
 
-			cur->next = lws_zalloc(sizeof(*cur), __func__);
+			cur->MBEDTLS_PRIVATE(next) =
+					lws_zalloc(sizeof(*cur), __func__);
 
-			if (!cur->next)
+			if (!cur->MBEDTLS_PRIVATE(next))
 				return 1;
 
-			cur = cur->next;
+			cur = cur->MBEDTLS_PRIVATE(next);
 		}
 
-		buf = &(cur->buf);
-		buf->tag = tag;
-		buf->p = *p;
-		buf->len = tag_len;
+		buf = &(cur->MBEDTLS_PRIVATE(buf));
+		buf->MBEDTLS_PRIVATE(tag) = tag;
+		buf->MBEDTLS_PRIVATE(p) = *p;
+		buf->MBEDTLS_PRIVATE(len) = tag_len;
 
-		*p += buf->len;
+		*p += buf->MBEDTLS_PRIVATE(len);
 	}
 
 	/* Set final sequence entry's next pointer to NULL */
-	cur->next = NULL;
+	cur->MBEDTLS_PRIVATE(next) = NULL;
 
 	return *p != end;
 }
@@ -345,9 +349,9 @@ x509_get_akid(uint8_t **p, uint8_t *end, lws_mbedtls_x509_authority *akid)
 
 	r = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC);
 	if (!r) {
-		akid->keyIdentifier.len = len;
-		akid->keyIdentifier.p = *p;
-		akid->keyIdentifier.tag = MBEDTLS_ASN1_OCTET_STRING;
+		akid->keyIdentifier.MBEDTLS_PRIVATE(len) = len;
+		akid->keyIdentifier.MBEDTLS_PRIVATE(p) = *p;
+		akid->keyIdentifier.MBEDTLS_PRIVATE(tag) = MBEDTLS_ASN1_OCTET_STRING;
 
 		*p += len;
 	}
@@ -381,9 +385,9 @@ x509_get_akid(uint8_t **p, uint8_t *end, lws_mbedtls_x509_authority *akid)
 		if (r)
 			return r;
 
-		akid->authorityCertSerialNumber.len = len;
-		akid->authorityCertSerialNumber.p = *p;
-		akid->authorityCertSerialNumber.tag = MBEDTLS_ASN1_OCTET_STRING;
+		akid->authorityCertSerialNumber.MBEDTLS_PRIVATE(len) = len;
+		akid->authorityCertSerialNumber.MBEDTLS_PRIVATE(p) = *p;
+		akid->authorityCertSerialNumber.MBEDTLS_PRIVATE(tag) = MBEDTLS_ASN1_OCTET_STRING;
 		*p += len;
 	}
 
@@ -399,8 +403,9 @@ int
 lws_x509_get_crt_ext(mbedtls_x509_crt *crt, mbedtls_x509_buf *skid,
 		     lws_mbedtls_x509_authority *akid)
 {
-	uint8_t *p = crt->v3_ext.p, *end_ext_data, *end_ext_octet;
-	const uint8_t *end = p + crt->v3_ext.len;
+	uint8_t *p = crt->MBEDTLS_PRIVATE(v3_ext).MBEDTLS_PRIVATE(p),
+					*end_ext_data, *end_ext_octet;
+	const uint8_t *end = p + crt->MBEDTLS_PRIVATE(v3_ext).MBEDTLS_PRIVATE(len);
 	size_t len;
 	int r = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
 						      MBEDTLS_ASN1_SEQUENCE);
@@ -421,14 +426,14 @@ lws_x509_get_crt_ext(mbedtls_x509_crt *crt, mbedtls_x509_buf *skid,
 		end_ext_data = p + len;
 
 		/* Get extension ID */
-		r = mbedtls_asn1_get_tag(&p, end_ext_data, &extn_oid.len,
+		r = mbedtls_asn1_get_tag(&p, end_ext_data, &extn_oid.MBEDTLS_PRIVATE(len),
 					   MBEDTLS_ASN1_OID);
 		if (r)
 			return r;
 
-		extn_oid.tag = MBEDTLS_ASN1_OID;
-		extn_oid.p = p;
-		p += extn_oid.len;
+		extn_oid.MBEDTLS_PRIVATE(tag) = MBEDTLS_ASN1_OID;
+		extn_oid.MBEDTLS_PRIVATE(p) = p;
+		p += extn_oid.MBEDTLS_PRIVATE(len);
 
 		/* Get optional critical */
 		r = mbedtls_asn1_get_bool(&p, end_ext_data, &is_critical);

lib/tls/mbedtls/mbedtls-server.c

@@ -190,7 +190,7 @@ lws_tls_server_vhost_backend_init(const struct lws_context_creation_info *info,
 	lws_filepos_t flen;
 	int n;
 
-	vhost->tls.ssl_ctx = SSL_CTX_new(method);	/* create context */
+	vhost->tls.ssl_ctx = SSL_CTX_new(method, &vhost->context->mcdc);	/* create context */
 	if (!vhost->tls.ssl_ctx) {
 		lwsl_err("problem creating ssl context\n");
 		return 1;

lib/tls/mbedtls/mbedtls-x509.c

@@ -49,17 +49,17 @@ lws_tls_mbedtls_time_to_unix(mbedtls_x509_time *xtime)
 {
 	struct tm t;
 
-	if (!xtime || !xtime->year || xtime->year < 0)
+	if (!xtime || !xtime->MBEDTLS_PRIVATE(year) || xtime->MBEDTLS_PRIVATE(year) < 0)
 		return (time_t)(long long)-1;
 
 	memset(&t, 0, sizeof(t));
 
-	t.tm_year = xtime->year - 1900;
-	t.tm_mon = xtime->mon - 1; /* mbedtls months are 1+, tm are 0+ */
-	t.tm_mday = xtime->day - 1; /* mbedtls days are 1+, tm are 0+ */
-	t.tm_hour = xtime->hour;
-	t.tm_min = xtime->min;
-	t.tm_sec = xtime->sec;
+	t.tm_year = xtime->MBEDTLS_PRIVATE(year) - 1900;
+	t.tm_mon = xtime->MBEDTLS_PRIVATE(mon) - 1; /* mbedtls months are 1+, tm are 0+ */
+	t.tm_mday = xtime->MBEDTLS_PRIVATE(day) - 1; /* mbedtls days are 1+, tm are 0+ */
+	t.tm_hour = xtime->MBEDTLS_PRIVATE(hour);
+	t.tm_min = xtime->MBEDTLS_PRIVATE(min);
+	t.tm_sec = xtime->MBEDTLS_PRIVATE(sec);
 	t.tm_isdst = -1;
 
 	return mktime(&t);
@@ -81,12 +81,13 @@ lws_tls_mbedtls_get_x509_name(mbedtls_x509_name *name,
 		}
 */
 		lws_strnncpy(&buf->ns.name[buf->ns.len],
-			     (const char *)name->val.p,
-			     name->val.len, len - (size_t)buf->ns.len);
+			     (const char *)name->MBEDTLS_PRIVATE(val).MBEDTLS_PRIVATE(p),
+			     name->MBEDTLS_PRIVATE(val).MBEDTLS_PRIVATE(len),
+			     len - (size_t)buf->ns.len);
 		buf->ns.len = (int)strlen(buf->ns.name);
 
 		r = 0;
-		name = name->next;
+		name = name->MBEDTLS_PRIVATE(next);
 	}
 
 	return r;
@@ -108,25 +109,25 @@ lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type,
 
 	switch (type) {
 	case LWS_TLS_CERT_INFO_VALIDITY_FROM:
-		buf->time = lws_tls_mbedtls_time_to_unix(&x509->valid_from);
+		buf->time = lws_tls_mbedtls_time_to_unix(&x509->MBEDTLS_PRIVATE(valid_from));
 		if (buf->time == (time_t)(long long)-1)
 			return -1;
 		break;
 
 	case LWS_TLS_CERT_INFO_VALIDITY_TO:
-		buf->time = lws_tls_mbedtls_time_to_unix(&x509->valid_to);
+		buf->time = lws_tls_mbedtls_time_to_unix(&x509->MBEDTLS_PRIVATE(valid_to));
 		if (buf->time == (time_t)(long long)-1)
 			return -1;
 		break;
 
 	case LWS_TLS_CERT_INFO_COMMON_NAME:
-		return lws_tls_mbedtls_get_x509_name(&x509->subject, buf, len);
+		return lws_tls_mbedtls_get_x509_name(&x509->MBEDTLS_PRIVATE(subject), buf, len);
 
 	case LWS_TLS_CERT_INFO_ISSUER_NAME:
-		return lws_tls_mbedtls_get_x509_name(&x509->issuer, buf, len);
+		return lws_tls_mbedtls_get_x509_name(&x509->MBEDTLS_PRIVATE(issuer), buf, len);
 
 	case LWS_TLS_CERT_INFO_USAGE:
-		buf->usage = x509->key_usage;
+		buf->usage = x509->MBEDTLS_PRIVATE(key_usage);
 		break;
 
 	case LWS_TLS_CERT_INFO_OPAQUE_PUBLIC_KEY:
@@ -134,16 +135,16 @@ lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type,
 		char *p = buf->ns.name;
 		size_t r = len, u;
 
-		switch (mbedtls_pk_get_type(&x509->pk)) {
+		switch (mbedtls_pk_get_type(&x509->MBEDTLS_PRIVATE(pk))) {
 		case MBEDTLS_PK_RSA:
 		{
-			mbedtls_rsa_context *rsa = mbedtls_pk_rsa(x509->pk);
+			mbedtls_rsa_context *rsa = mbedtls_pk_rsa(x509->MBEDTLS_PRIVATE(pk));
 
-			if (mbedtls_mpi_write_string(&rsa->N, 16, p, r, &u))
+			if (mbedtls_mpi_write_string(&rsa->MBEDTLS_PRIVATE(N), 16, p, r, &u))
 				return -1;
 			r -= u;
 			p += u;
-			if (mbedtls_mpi_write_string(&rsa->E, 16, p, r, &u))
+			if (mbedtls_mpi_write_string(&rsa->MBEDTLS_PRIVATE(E), 16, p, r, &u))
 				return -1;
 
 			p += u;
@@ -152,17 +153,17 @@ lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type,
 		}
 		case MBEDTLS_PK_ECKEY:
 		{
-			mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(x509->pk);
+			mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(x509->MBEDTLS_PRIVATE(pk));
 
-			if (mbedtls_mpi_write_string(&ecp->Q.X, 16, p, r, &u))
+			if (mbedtls_mpi_write_string(&ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, p, r, &u))
 				 return -1;
 			r -= u;
 			p += u;
-			if (mbedtls_mpi_write_string(&ecp->Q.Y, 16, p, r, &u))
+			if (mbedtls_mpi_write_string(&ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, p, r, &u))
 				 return -1;
 			r -= u;
 			p += u;
-			if (mbedtls_mpi_write_string(&ecp->Q.Z, 16, p, r, &u))
+			if (mbedtls_mpi_write_string(&ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, p, r, &u))
 				 return -1;
 			p += u;
 			buf->ns.len = lws_ptr_diff(p, buf->ns.name);
@@ -171,7 +172,7 @@ lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type,
 		default:
 			lwsl_notice("%s: x509 has unsupported pubkey type %d\n",
 				    __func__,
-				    mbedtls_pk_get_type(&x509->pk));
+				    mbedtls_pk_get_type(&x509->MBEDTLS_PRIVATE(pk)));
 
 			return -1;
 		}
@@ -179,16 +180,17 @@ lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type,
 	}
 	case LWS_TLS_CERT_INFO_DER_RAW:
 
-		buf->ns.len = (int)x509->raw.len;
+		buf->ns.len = (int)x509->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(len);
 
-		if (len < x509->raw.len)
+		if (len < x509->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(len))
 			/*
 			 * The buffer is too small and the attempt failed, but
 			 * the required object length is in buf->ns.len
 			 */
 			return -1;
 
-		memcpy(buf->ns.name, x509->raw.p, x509->raw.len);
+		memcpy(buf->ns.name, x509->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(p),
+				x509->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(len));
 		break;
 
 	case LWS_TLS_CERT_INFO_AUTHORITY_KEY_ID:
@@ -197,12 +199,12 @@ lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type,
 		memset(&skid, 0, sizeof(skid));
 
 		lws_x509_get_crt_ext(x509, &skid, &akid);
-		if (akid.keyIdentifier.tag != MBEDTLS_ASN1_OCTET_STRING)
+		if (akid.keyIdentifier.MBEDTLS_PRIVATE(tag) != MBEDTLS_ASN1_OCTET_STRING)
 			return 1;
-		buf->ns.len = (int)akid.keyIdentifier.len;
+		buf->ns.len = (int)akid.keyIdentifier.MBEDTLS_PRIVATE(len);
 		if (len < (size_t)buf->ns.len)
 			return -1;
-		memcpy(buf->ns.name, akid.keyIdentifier.p, (size_t)buf->ns.len);
+		memcpy(buf->ns.name, akid.keyIdentifier.MBEDTLS_PRIVATE(p), (size_t)buf->ns.len);
 		break;
 
 	case LWS_TLS_CERT_INFO_AUTHORITY_KEY_ID_ISSUER: {
@@ -221,15 +223,16 @@ lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type,
 			return 1;
 
 		while (ip) {
-			if (akid.keyIdentifier.tag != MBEDTLS_ASN1_OCTET_STRING ||
-			    ip->buf.len < 9 || len < (size_t)ip->buf.len - 9u)
+			if (akid.keyIdentifier.MBEDTLS_PRIVATE(tag) != MBEDTLS_ASN1_OCTET_STRING ||
+			    ip->MBEDTLS_PRIVATE(buf).MBEDTLS_PRIVATE(len) < 9 ||
+			    len < (size_t)ip->MBEDTLS_PRIVATE(buf).MBEDTLS_PRIVATE(len) - 9u)
 			break;
 
-			memcpy(buf->ns.name + buf->ns.len, ip->buf.p,
-					(size_t)ip->buf.len - 9);
-			buf->ns.len = buf->ns.len + (int)ip->buf.len - 9;
+			memcpy(buf->ns.name + buf->ns.len, ip->MBEDTLS_PRIVATE(buf).MBEDTLS_PRIVATE(p),
+					(size_t)ip->MBEDTLS_PRIVATE(buf).MBEDTLS_PRIVATE(len) - 9);
+			buf->ns.len = buf->ns.len + (int)ip->MBEDTLS_PRIVATE(buf).MBEDTLS_PRIVATE(len) - 9;
 
-			ip = ip->next;
+			ip = ip->MBEDTLS_PRIVATE(next);
 		}
 		break;
 	}
@@ -240,12 +243,13 @@ lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type,
 
 		lws_x509_get_crt_ext(x509, &skid, &akid);
 
-		if (akid.authorityCertSerialNumber.tag != MBEDTLS_ASN1_OCTET_STRING)
+		if (akid.authorityCertSerialNumber.MBEDTLS_PRIVATE(tag) != MBEDTLS_ASN1_OCTET_STRING)
 			return 1;
-		buf->ns.len = (int)akid.authorityCertSerialNumber.len;
+		buf->ns.len = (int)akid.authorityCertSerialNumber.MBEDTLS_PRIVATE(len);
 		if (len < (size_t)buf->ns.len)
 			return -1;
-		memcpy(buf->ns.name, akid.authorityCertSerialNumber.p, (size_t)buf->ns.len);
+		memcpy(buf->ns.name, akid.authorityCertSerialNumber.
+					MBEDTLS_PRIVATE(p), (size_t)buf->ns.len);
 		break;
 
 	case LWS_TLS_CERT_INFO_SUBJECT_KEY_ID:
@@ -255,12 +259,12 @@ lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type,
 
 		lws_x509_get_crt_ext(x509, &skid, &akid);
 
-		if (skid.tag != MBEDTLS_ASN1_OCTET_STRING)
-			return 1;;
-		buf->ns.len = (int)skid.len;
+		if (skid.MBEDTLS_PRIVATE(tag) != MBEDTLS_ASN1_OCTET_STRING)
+			return 1;
+		buf->ns.len = (int)skid.MBEDTLS_PRIVATE(len);
 		if (len < (size_t)buf->ns.len)
 			return -1;
-		memcpy(buf->ns.name, skid.p, (size_t)buf->ns.len);
+		memcpy(buf->ns.name, skid.MBEDTLS_PRIVATE(p), (size_t)buf->ns.len);
 		break;
 	default:
 		return -1;
@@ -375,7 +379,8 @@ int
 lws_x509_public_to_jwk(struct lws_jwk *jwk, struct lws_x509_cert *x509,
 		       const char *curves, int rsa_min_bits)
 {
-	int kt = (int)mbedtls_pk_get_type(&x509->cert.pk), n, count = 0, ret = -1;
+	int kt = (int)mbedtls_pk_get_type(&x509->cert.MBEDTLS_PRIVATE(pk)),
+			n, count = 0, ret = -1;
 	mbedtls_rsa_context *rsactx;
 	mbedtls_ecp_keypair *ecpctx;
 	mbedtls_mpi *mpi[LWS_GENCRYPTO_RSA_KEYEL_COUNT];
@@ -386,16 +391,16 @@ lws_x509_public_to_jwk(struct lws_jwk *jwk, struct lws_x509_cert *x509,
 	case MBEDTLS_PK_RSA:
 		lwsl_notice("%s: RSA key\n", __func__);
 		jwk->kty = LWS_GENCRYPTO_KTY_RSA;
-		rsactx = mbedtls_pk_rsa(x509->cert.pk);
+		rsactx = mbedtls_pk_rsa(x509->cert.MBEDTLS_PRIVATE(pk));
 
-		mpi[LWS_GENCRYPTO_RSA_KEYEL_E] = &rsactx->E;
-		mpi[LWS_GENCRYPTO_RSA_KEYEL_N] = &rsactx->N;
-		mpi[LWS_GENCRYPTO_RSA_KEYEL_D] = &rsactx->D;
-		mpi[LWS_GENCRYPTO_RSA_KEYEL_P] = &rsactx->P;
-		mpi[LWS_GENCRYPTO_RSA_KEYEL_Q] = &rsactx->Q;
-		mpi[LWS_GENCRYPTO_RSA_KEYEL_DP] = &rsactx->DP;
-		mpi[LWS_GENCRYPTO_RSA_KEYEL_DQ] = &rsactx->DQ;
-		mpi[LWS_GENCRYPTO_RSA_KEYEL_QI] = &rsactx->QP;
+		mpi[LWS_GENCRYPTO_RSA_KEYEL_E] = &rsactx->MBEDTLS_PRIVATE(E);
+		mpi[LWS_GENCRYPTO_RSA_KEYEL_N] = &rsactx->MBEDTLS_PRIVATE(N);
+		mpi[LWS_GENCRYPTO_RSA_KEYEL_D] = &rsactx->MBEDTLS_PRIVATE(D);
+		mpi[LWS_GENCRYPTO_RSA_KEYEL_P] = &rsactx->MBEDTLS_PRIVATE(P);
+		mpi[LWS_GENCRYPTO_RSA_KEYEL_Q] = &rsactx->MBEDTLS_PRIVATE(Q);
+		mpi[LWS_GENCRYPTO_RSA_KEYEL_DP] = &rsactx->MBEDTLS_PRIVATE(DP);
+		mpi[LWS_GENCRYPTO_RSA_KEYEL_DQ] = &rsactx->MBEDTLS_PRIVATE(DQ);
+		mpi[LWS_GENCRYPTO_RSA_KEYEL_QI] = &rsactx->MBEDTLS_PRIVATE(QP);
 
 		count = LWS_GENCRYPTO_RSA_KEYEL_COUNT;
 		n = LWS_GENCRYPTO_RSA_KEYEL_E;
@@ -404,13 +409,13 @@ lws_x509_public_to_jwk(struct lws_jwk *jwk, struct lws_x509_cert *x509,
 	case MBEDTLS_PK_ECKEY:
 		lwsl_notice("%s: EC key\n", __func__);
 		jwk->kty = LWS_GENCRYPTO_KTY_EC;
-		ecpctx = mbedtls_pk_ec(x509->cert.pk);
-		mpi[LWS_GENCRYPTO_EC_KEYEL_X] = &ecpctx->Q.X;
-		mpi[LWS_GENCRYPTO_EC_KEYEL_D] = &ecpctx->d;
-		mpi[LWS_GENCRYPTO_EC_KEYEL_Y] = &ecpctx->Q.Y;
+		ecpctx = mbedtls_pk_ec(x509->cert.MBEDTLS_PRIVATE(pk));
+		mpi[LWS_GENCRYPTO_EC_KEYEL_X] = &ecpctx->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X);
+		mpi[LWS_GENCRYPTO_EC_KEYEL_D] = &ecpctx->MBEDTLS_PRIVATE(d);
+		mpi[LWS_GENCRYPTO_EC_KEYEL_Y] = &ecpctx->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y);
 
 		if (lws_genec_confirm_curve_allowed_by_tls_id(curves,
-				(int)ecpctx->grp.id, jwk))
+				(int)ecpctx->MBEDTLS_PRIVATE(grp).id, jwk))
 			/* already logged */
 			goto bail;
 
@@ -445,8 +450,8 @@ bail:
 }
 
 int
-lws_x509_jwk_privkey_pem(struct lws_jwk *jwk, void *pem, size_t len,
-			 const char *passphrase)
+lws_x509_jwk_privkey_pem(struct lws_context *cx, struct lws_jwk *jwk,
+			 void *pem, size_t len, const char *passphrase)
 {
 	mbedtls_rsa_context *rsactx;
 	mbedtls_ecp_keypair *ecpctx;
@@ -459,7 +464,11 @@ lws_x509_jwk_privkey_pem(struct lws_jwk *jwk, void *pem, size_t len,
 	n = 0;
 	if (passphrase)
 		n = (int)strlen(passphrase);
-	n = mbedtls_pk_parse_key(&pk, pem, len, (uint8_t *)passphrase, (unsigned int)n);
+	n = mbedtls_pk_parse_key(&pk, pem, len, (uint8_t *)passphrase, (unsigned int)n
+#if defined(MBEDTLS_VERSION_NUMBER) && MBEDTLS_VERSION_NUMBER >= 0x03000000
+					, mbedtls_ctr_drbg_random, &cx->mcdc
+#endif
+			);
 	if (n) {
 		lwsl_err("%s: parse PEM key failed: -0x%x\n", __func__, -n);
 
@@ -474,9 +483,9 @@ lws_x509_jwk_privkey_pem(struct lws_jwk *jwk, void *pem, size_t len,
 			goto bail;
 		}
 		rsactx = mbedtls_pk_rsa(pk);
-		mpi[LWS_GENCRYPTO_RSA_KEYEL_D] = &rsactx->D;
-		mpi[LWS_GENCRYPTO_RSA_KEYEL_P] = &rsactx->P;
-		mpi[LWS_GENCRYPTO_RSA_KEYEL_Q] = &rsactx->Q;
+		mpi[LWS_GENCRYPTO_RSA_KEYEL_D] = &rsactx->MBEDTLS_PRIVATE(D);
+		mpi[LWS_GENCRYPTO_RSA_KEYEL_P] = &rsactx->MBEDTLS_PRIVATE(P);
+		mpi[LWS_GENCRYPTO_RSA_KEYEL_Q] = &rsactx->MBEDTLS_PRIVATE(Q);
 		n = LWS_GENCRYPTO_RSA_KEYEL_D;
 		count = LWS_GENCRYPTO_RSA_KEYEL_Q + 1;
 		break;
@@ -486,7 +495,7 @@ lws_x509_jwk_privkey_pem(struct lws_jwk *jwk, void *pem, size_t len,
 			goto bail;
 		}
 		ecpctx = mbedtls_pk_ec(pk);
-		mpi[LWS_GENCRYPTO_EC_KEYEL_D] = &ecpctx->d;
+		mpi[LWS_GENCRYPTO_EC_KEYEL_D] = &ecpctx->MBEDTLS_PRIVATE(d);
 		n = LWS_GENCRYPTO_EC_KEYEL_D;
 		count = n + 1;
 		break;

lib/tls/mbedtls/wrapper/include/internal/ssl_cert.h

@@ -28,7 +28,7 @@
  *
  * @return certification object point
  */
-CERT *__ssl_cert_new(CERT *ic);
+CERT *__ssl_cert_new(CERT *ic, void *rngctx);
 
 /**
  * @brief create a certification object include private key object
@@ -37,7 +37,7 @@ CERT *__ssl_cert_new(CERT *ic);
  *
  * @return certification object point
  */
-CERT* ssl_cert_new(void);
+CERT* ssl_cert_new(void *rngctx);
 
 /**
  * @brief free a certification object

lib/tls/mbedtls/wrapper/include/internal/ssl_pkey.h

@@ -28,7 +28,7 @@
  *
  * @return new private key object point
  */
-EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk);
+EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk, void *rngctx);
 
 /**
  * @brief create a private key object
@@ -37,7 +37,7 @@ EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk);
  *
  * @return private key object point
  */
-EVP_PKEY* EVP_PKEY_new(void);
+EVP_PKEY* EVP_PKEY_new(void *rngctx);
 
 /**
  * @brief load a character key context into system context. If '*a' is pointed to the
@@ -53,7 +53,7 @@ EVP_PKEY* EVP_PKEY_new(void);
 EVP_PKEY* d2i_PrivateKey(int type,
                          EVP_PKEY **a,
                          const unsigned char **pp,
-                         long length);
+                         long length, void *rngctx);
 
 /**
  * @brief free a private key object

lib/tls/mbedtls/wrapper/include/internal/ssl_types.h

@@ -196,6 +196,8 @@ struct ssl_ctx_st
     int read_buffer_len;
 
     X509_VERIFY_PARAM param;
+
+    void *rngctx;
 };
 
 struct ssl_st
@@ -300,7 +302,7 @@ struct x509_method_st {
 
 struct pkey_method_st {
 
-    int (*pkey_new)(EVP_PKEY *pkey, EVP_PKEY *m_pkey);
+    int (*pkey_new)(EVP_PKEY *pkey, EVP_PKEY *m_pkey, void *rngctx);
 
     void (*pkey_free)(EVP_PKEY *pkey);
 

lib/tls/mbedtls/wrapper/include/openssl/ssl.h

@@ -60,7 +60,7 @@
  *
  * @return the context point
  */
-SSL_CTX* SSL_CTX_new(const SSL_METHOD *method);
+SSL_CTX* SSL_CTX_new(const SSL_METHOD *method, void *rngctx);
 
 /**
  * @brief free a SSL context

lib/tls/mbedtls/wrapper/include/platform/ssl_pm.h

@@ -48,7 +48,7 @@ int x509_pm_new(X509 *x, X509 *m_x);
 void x509_pm_free(X509 *x);
 int x509_pm_load(X509 *x, const unsigned char *buffer, int len);
 
-int pkey_pm_new(EVP_PKEY *pk, EVP_PKEY *m_pk);
+int pkey_pm_new(EVP_PKEY *pk, EVP_PKEY *m_pk, void *rngctx);
 void pkey_pm_free(EVP_PKEY *pk);
 int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len);
 

lib/tls/mbedtls/wrapper/library/ssl_cert.c

@@ -23,7 +23,7 @@
 /**
  * @brief create a certification object according to input certification
  */
-CERT *__ssl_cert_new(CERT *ic)
+CERT *__ssl_cert_new(CERT *ic, void *rngctx)
 {
     CERT *cert;
 
@@ -44,7 +44,7 @@ CERT *__ssl_cert_new(CERT *ic)
         ix = NULL;
     }
 
-    cert->pkey = __EVP_PKEY_new(ipk);
+    cert->pkey = __EVP_PKEY_new(ipk, rngctx);
     if (!cert->pkey) {
         SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "__EVP_PKEY_new() return NULL");
         goto pkey_err;
@@ -69,9 +69,9 @@ no_mem:
 /**
  * @brief create a certification object include private key object
  */
-CERT *ssl_cert_new(void)
+CERT *ssl_cert_new(void *rngctx)
 {
-    return __ssl_cert_new(NULL);
+    return __ssl_cert_new(NULL, rngctx);
 }
 
 /**

lib/tls/mbedtls/wrapper/library/ssl_lib.c

@@ -185,7 +185,7 @@ const char *mbedtls_client_preload_filepath;
 /**
  * @brief create a SSL context
  */
-SSL_CTX* SSL_CTX_new(const SSL_METHOD *method)
+SSL_CTX* SSL_CTX_new(const SSL_METHOD *method, void *rngctx)
 {
     SSL_CTX *ctx;
     CERT *cert;
@@ -205,7 +205,7 @@ SSL_CTX* SSL_CTX_new(const SSL_METHOD *method)
         goto failed1;
     }
 
-    cert = ssl_cert_new();
+    cert = ssl_cert_new(rngctx);
     if (!cert) {
         SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "ssl_cert_new() return NULL");
         goto failed2;
@@ -220,6 +220,7 @@ SSL_CTX* SSL_CTX_new(const SSL_METHOD *method)
     ctx->method = method;
     ctx->client_CA = client_ca;
     ctx->cert = cert;
+    ctx->rngctx = rngctx;
 
     ctx->version = method->version;
 
@@ -316,7 +317,7 @@ SSL *SSL_new(SSL_CTX *ctx)
         goto failed2;
     }
 
-    ssl->cert = __ssl_cert_new(ctx->cert);
+    ssl->cert = __ssl_cert_new(ctx->cert, ctx->rngctx);
     if (!ssl->cert) {
         SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "__ssl_cert_new() return NULL");
         goto failed3;

lib/tls/mbedtls/wrapper/library/ssl_pkey.c

@@ -22,7 +22,7 @@
 /**
  * @brief create a private key object according to input private key
  */
-EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk)
+EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk, void *rngctx)
 {
     int ret;
     EVP_PKEY *pkey;
@@ -39,7 +39,7 @@ EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk)
         pkey->method = EVP_PKEY_method();
     }
 
-    ret = EVP_PKEY_METHOD_CALL(new, pkey, ipk);
+    ret = EVP_PKEY_METHOD_CALL(new, pkey, ipk, rngctx);
     if (ret) {
         SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_METHOD_CALL(new) return %d", ret);
         goto failed;
@@ -56,9 +56,9 @@ no_mem:
 /**
  * @brief create a private key object
  */
-EVP_PKEY* EVP_PKEY_new(void)
+EVP_PKEY* EVP_PKEY_new(void *rngctx)
 {
-    return __EVP_PKEY_new(NULL);
+    return __EVP_PKEY_new(NULL, rngctx);
 }
 
 /**
@@ -80,7 +80,7 @@ void EVP_PKEY_free(EVP_PKEY *pkey)
 EVP_PKEY *d2i_PrivateKey(int type,
                          EVP_PKEY **a,
                          const unsigned char **pp,
-                         long length)
+                         long length, void *rngctx)
 {
     int m = 0;
     int ret;
@@ -93,7 +93,7 @@ EVP_PKEY *d2i_PrivateKey(int type,
     if (a && *a) {
         pkey = *a;
     } else {
-        pkey = EVP_PKEY_new();;
+        pkey = EVP_PKEY_new(rngctx);
         if (!pkey) {
             SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_new() return NULL");
             goto failed1;
@@ -167,7 +167,7 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
     int ret;
     EVP_PKEY *pk;
 
-    pk = d2i_PrivateKey(0, NULL, &d, len);
+    pk = d2i_PrivateKey(0, NULL, &d, len, ctx->rngctx);
     if (!pk) {
         SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_PrivateKey() return NULL");
         goto failed1;
@@ -196,7 +196,7 @@ int SSL_use_PrivateKey_ASN1(int type, SSL *ssl,
     int ret;
     EVP_PKEY *pk;
 
-    pk = d2i_PrivateKey(0, NULL, &d, len);
+    pk = d2i_PrivateKey(0, NULL, &d, len, ssl->ctx->rngctx);
     if (!pk) {
         SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_PrivateKey() return NULL");
         goto failed1;

lib/tls/mbedtls/wrapper/platform/ssl_pm.c

@@ -63,6 +63,8 @@ struct pkey_pm
     mbedtls_pk_context *pkey;
 
     mbedtls_pk_context *ex_pkey;
+
+    void *rngctx;
 };
 
 unsigned int max_content_len;
@@ -173,15 +175,15 @@ int ssl_pm_new(SSL *ssl)
         if (TLS1_2_VERSION == ssl->version)
             version = MBEDTLS_SSL_MINOR_VERSION_3;
         else if (TLS1_1_VERSION == ssl->version)
-            version = MBEDTLS_SSL_MINOR_VERSION_2;
+            version = 2;
         else
-            version = MBEDTLS_SSL_MINOR_VERSION_1;
+            version = 1;
 
         mbedtls_ssl_conf_max_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, version);
         mbedtls_ssl_conf_min_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, version);
     } else {
         mbedtls_ssl_conf_max_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3);
-        mbedtls_ssl_conf_min_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1);
+        mbedtls_ssl_conf_min_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, 1);
     }
 
     mbedtls_ssl_conf_rng(&ssl_pm->conf, mbedtls_ctr_drbg_random, &ssl_pm->ctr_drbg);
@@ -289,10 +291,10 @@ static int mbedtls_handshake( mbedtls_ssl_context *ssl )
 {
     int ret = 0;
 
-    while (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) {
+    while (ssl->MBEDTLS_PRIVATE(state) != MBEDTLS_SSL_HANDSHAKE_OVER) {
         ret = mbedtls_ssl_handshake_step(ssl);
 
-        lwsl_info("%s: ssl ret -%x state %d\n", __func__, -ret, ssl->state);
+        lwsl_info("%s: ssl ret -%x state %d\n", __func__, -ret, ssl->MBEDTLS_PRIVATE(state));
 
         if (ret != 0)
             break;
@@ -319,7 +321,7 @@ int ssl_pm_handshake(SSL *ssl)
         return 0;
     }
 
-    if (ssl_pm->ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER) {
+    if (ssl_pm->ssl.MBEDTLS_PRIVATE(state) != MBEDTLS_SSL_HANDSHAKE_OVER) {
 	    ssl_speed_up_enter();
 
 	   /* mbedtls return codes
@@ -425,7 +427,11 @@ int ssl_pm_read(SSL *ssl, void *buffer, int len)
 	 //   lwsl_notice("%s: mbedtls_ssl_read says -0x%x\n", __func__, -ret);
         SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_read() return -0x%x", -ret);
         if (ret == MBEDTLS_ERR_NET_CONN_RESET ||
+#if defined(MBEDTLS_VERSION_NUMBER) && MBEDTLS_VERSION_NUMBER >= 0x03000000
+	    ret <= MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE) /* fatal errors */
+#else
             ret <= MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE) /* fatal errors */
+#endif
 		ssl->err = SSL_ERROR_SYSCALL;
         ret = -1;
     }
@@ -496,14 +502,14 @@ void ssl_pm_set_fd(SSL *ssl, int fd, int mode)
 {
     struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
 
-    ssl_pm->fd.fd = fd;
+    ssl_pm->fd.MBEDTLS_PRIVATE(fd) = fd;
 }
 
 int ssl_pm_get_fd(const SSL *ssl, int mode)
 {
     struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
 
-    return ssl_pm->fd.fd;
+    return ssl_pm->fd.MBEDTLS_PRIVATE(fd);
 }
 
 OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl)
@@ -512,7 +518,7 @@ OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl)
 
     struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
 
-    switch (ssl_pm->ssl.state)
+    switch (ssl_pm->ssl.MBEDTLS_PRIVATE(state))
     {
         case MBEDTLS_SSL_CLIENT_HELLO:
             state = TLS_ST_CW_CLNT_HELLO;
@@ -695,7 +701,7 @@ no_mem:
     return -1;
 }
 
-int pkey_pm_new(EVP_PKEY *pk, EVP_PKEY *m_pkey)
+int pkey_pm_new(EVP_PKEY *pk, EVP_PKEY *m_pkey, void *rngctx)
 {
     struct pkey_pm *pkey_pm;
 
@@ -704,6 +710,7 @@ int pkey_pm_new(EVP_PKEY *pk, EVP_PKEY *m_pkey)
         return -1;
 
     pk->pkey_pm = pkey_pm;
+    pkey_pm->rngctx = rngctx;
 
     if (m_pkey) {
         struct pkey_pm *m_pkey_pm = (struct pkey_pm *)m_pkey->pkey_pm;
@@ -757,7 +764,12 @@ int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len)
 
     mbedtls_pk_init(pkey_pm->pkey);
 
+#if defined(MBEDTLS_VERSION_NUMBER) && MBEDTLS_VERSION_NUMBER >= 0x03000000
+    ret = mbedtls_pk_parse_key(pkey_pm->pkey, load_buf, (unsigned int)len + 1, NULL, 0,
+		    mbedtls_ctr_drbg_random, pkey_pm->rngctx);
+#else
     ret = mbedtls_pk_parse_key(pkey_pm->pkey, load_buf, (unsigned int)len + 1, NULL, 0);
+#endif
     ssl_mem_free(load_buf);
 
     if (ret) {
@@ -949,7 +961,7 @@ void SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
 	if (ssl->cert)
 		ssl_cert_free(ssl->cert);
 	ssl->ctx = ctx;
-	ssl->cert = __ssl_cert_new(ctx->cert);
+	ssl->cert = __ssl_cert_new(ctx->cert, ctx->rngctx);
 
 #if defined(LWS_HAVE_mbedtls_ssl_set_hs_authmode)
 

lib/tls/openssl/openssl-x509.c

@@ -663,8 +663,8 @@ lws_x509_jwk_privkey_pem_pp_cb(char *buf, int size, int rwflag, void *u)
 }
 
 int
-lws_x509_jwk_privkey_pem(struct lws_jwk *jwk, void *pem, size_t len,
-			 const char *passphrase)
+lws_x509_jwk_privkey_pem(struct lws_context *cx, struct lws_jwk *jwk,
+			 void *pem, size_t len, const char *passphrase)
 {
 	BIO* bio = BIO_new(BIO_s_mem());
 	BIGNUM *mpi, *dummy[6];

minimal-examples/api-tests/api-test-jose/jws.c

@@ -853,7 +853,7 @@ test_jwt_RS256(struct lws_context *context)
 		goto bail;
 	}
 
-	if (lws_x509_jwk_privkey_pem(&jwk, (char *)rsa_key,
+	if (lws_x509_jwk_privkey_pem(context, &jwk, (char *)rsa_key,
 				     LWS_ARRAY_SIZE(rsa_key), NULL)) {
 		lwsl_err("%s: failed to copy private key to jwk\n", __func__);
 		goto bail;

minimal-examples/crypto/minimal-crypto-x509/main.c

@@ -166,7 +166,8 @@ int main(int argc, const char **argv)
 
 			goto bail3;
 		}
-		if (lws_x509_jwk_privkey_pem(&jwk, pembuf, (unsigned int)n, NULL)) {
+		if (lws_x509_jwk_privkey_pem(context, &jwk, pembuf,
+						(unsigned int)n, NULL)) {
 			lwsl_err("%s: unable to parse privkey %s\n",
 					__func__, p);
 

minimal-examples/http-client/minimal-http-client-jit-trust/minimal-http-client.c

@@ -340,10 +340,9 @@ static const struct lws_protocols protocols[] = {
 	{
 		"http",
 		callback_http,
-		0,
-		0,
+		0, 0, 0, NULL, 0
 	},
-	{ NULL, NULL, 0, 0 }
+	LWS_PROTOCOL_LIST_TERM
 };
 
 static void