Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for compiling against mbedtls 3.x. #648

Merged
merged 3 commits into from
Jan 31, 2024
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,6 @@ jobs:
brew list --cask | xargs brew uninstall --force --ignore-dependencies
brew update
brew bundle
brew link mbedtls@2 --force # needed for CMake
Simn marked this conversation as resolved.
Show resolved Hide resolved
;;

windows*)
Expand Down
2 changes: 1 addition & 1 deletion Brewfile
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ brew "sdl2"
brew "libogg"
brew "libvorbis"
brew "openal-soft"
brew "mbedtls@2"
brew "mbedtls"
brew "libuv"
brew "openssl"
brew "sqlite"
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ BREW_SDL2 := $(shell brew --prefix sdl2)
BREW_JPEGTURBO := $(shell brew --prefix jpeg-turbo)
BREW_VORBIS := $(shell brew --prefix libvorbis)
BREW_OPENAL := $(shell brew --prefix openal-soft)
BREW_MBEDTLS := $(shell brew --prefix mbedtls@2)
BREW_MBEDTLS := $(shell brew --prefix mbedtls)
BREW_LIBPNG := $(shell brew --prefix libpng)
BREW_LIBOGG := $(shell brew --prefix libogg)
BREW_LIBUV := $(shell brew --prefix libuv)
Expand Down
23 changes: 21 additions & 2 deletions libs/ssl/ssl.c
Original file line number Diff line number Diff line change
Expand Up @@ -460,7 +460,11 @@ HL_PRIM varray *HL_NAME(cert_get_altnames)(hl_ssl_cert *cert) {
varray *a = NULL;
vbyte **current = NULL;
mbedtls_x509_crt *crt = cert->c;
#if MBEDTLS_VERSION_MAJOR >= 3
if (mbedtls_x509_crt_has_ext_type(crt, MBEDTLS_X509_EXT_SUBJECT_ALT_NAME)) {
#else
if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) {
#endif
cur = &crt->subject_alt_names;
while (cur != NULL) {
if (pos == count) {
Expand Down Expand Up @@ -593,7 +597,11 @@ HL_PRIM hl_ssl_pkey *HL_NAME(key_from_der)(vbyte *data, int len, bool pub) {
if (pub)
r = mbedtls_pk_parse_public_key(pk, (const unsigned char*)data, len);
else
#if MBEDTLS_VERSION_MAJOR >= 3
r = mbedtls_pk_parse_key(pk, (const unsigned char*)data, len, NULL, 0, mbedtls_ctr_drbg_random, &ctr_drbg);
#else
r = mbedtls_pk_parse_key(pk, (const unsigned char*)data, len, NULL, 0);
#endif
if (r != 0) {
mbedtls_pk_free(pk);
free(pk);
Expand All @@ -618,10 +626,17 @@ HL_PRIM hl_ssl_pkey *HL_NAME(key_from_pem)(vbyte *data, bool pub, vbyte *pass) {
buf[len - 1] = '\0';
if (pub)
r = mbedtls_pk_parse_public_key(pk, buf, len);
#if MBEDTLS_VERSION_MAJOR >= 3
else if (pass == NULL)
r = mbedtls_pk_parse_key(pk, buf, len, NULL, 0, mbedtls_ctr_drbg_random, &ctr_drbg);
else
r = mbedtls_pk_parse_key(pk, buf, len, (const unsigned char*)pass, strlen((char*)pass), mbedtls_ctr_drbg_random, &ctr_drbg);
#else
else if (pass == NULL)
r = mbedtls_pk_parse_key(pk, buf, len, NULL, 0);
else
r = mbedtls_pk_parse_key(pk, buf, len, (const unsigned char*)pass, strlen((char*)pass));
#endif
free(buf);
if (r != 0) {
mbedtls_pk_free(pk);
Expand Down Expand Up @@ -676,9 +691,13 @@ HL_PRIM vbyte *HL_NAME(dgst_sign)(vbyte *data, int len, hl_ssl_pkey *key, vbyte
ssl_error(r);
return NULL;
}

#if MBEDTLS_VERSION_MAJOR >= 3
out = hl_gc_alloc_noptr(MBEDTLS_PK_SIGNATURE_MAX_SIZE);
if ((r = mbedtls_pk_sign(key->k, mbedtls_md_get_type(md), hash, mbedtls_md_get_size(md), out, MBEDTLS_PK_SIGNATURE_MAX_SIZE, (size ? &ssize : NULL), mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
Apprentice-Alchemist marked this conversation as resolved.
Show resolved Hide resolved
#else
out = hl_gc_alloc_noptr(MBEDTLS_MPI_MAX_SIZE);
if ((r = mbedtls_pk_sign(key->k, mbedtls_md_get_type(md), hash, 0, out, (size ? &ssize : NULL), mbedtls_ctr_drbg_random, &ctr_drbg)) != 0){
if ((r = mbedtls_pk_sign(key->k, mbedtls_md_get_type(md), hash, 0, out, (size ? &ssize : NULL), mbedtls_ctr_drbg_random, &ctr_drbg)) != 0){
#endif
ssl_error(r);
return NULL;
}
Expand Down