Project homepage Mailing List  Warmcat.com  API Docs  Github Mirror 
{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"en-US,en;q\u003d0.5", "gen_ut":1606540246, "reponame":"libwebsockets", "desc":"libwebsockets lightweight C networking library", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://libwebsockets.org/repo/libwebsockets", "f":3, "items": [ {"schema":"libjg2-1", "cid":"8b3521767cbfa2dfc0c86dae67253e97", "commit": {"type":"commit", "time": 1584801833, "time_ofs": 0, "oid_tree": { "oid": "3496ac3b09bb0b58ea9ffc18d4f7f9db94c77142", "alias": []}, "oid":{ "oid": "2a7a92f4d5cdebbcf26e5383c7a191e27e566b8d", "alias": []}, "msg": "mbedtls: support old 2.2-era version from xenial", "sig_commit": { "git_time": { "time": 1584801833, "offset": 0 }, "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" }, "sig_author": { "git_time": { "time": 1584786005, "offset": 0 }, "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" }}, "body": "mbedtls: support old 2.2-era version from xenial" , "diff": "diff --git a/CMakeLists.txt b/CMakeLists.txt\nindex 1daf7b8..11b0d58 100644\n--- a/CMakeLists.txt\n+++ b/CMakeLists.txt\n@@ -2222,7 +2222,9 @@ if (LWS_WITH_MBEDTLS)\n \tCHECK_FUNCTION_EXISTS(mbedtls_ssl_set_hs_own_cert LWS_HAVE_mbedtls_ssl_set_hs_own_cert)\n \tCHECK_FUNCTION_EXISTS(mbedtls_ssl_set_hs_authmode LWS_HAVE_mbedtls_ssl_set_hs_authmode)\n \tCHECK_FUNCTION_EXISTS(mbedtls_net_init LWS_HAVE_mbedtls_net_init)\n-\n+\tCHECK_FUNCTION_EXISTS(mbedtls_md_setup LWS_HAVE_mbedtls_md_setup) # not on xenial 2.2\n+\tCHECK_FUNCTION_EXISTS(mbedtls_rsa_complete LWS_HAVE_mbedtls_rsa_complete) # not on xenial 2.2\n+\tCHECK_FUNCTION_EXISTS(mbedtls_internal_aes_encrypt LWS_HAVE_mbedtls_internal_aes_encrypt) # not on xenial 2.2\n else()\n CHECK_FUNCTION_EXISTS(${VARIA}TLS_client_method LWS_HAVE_TLS_CLIENT_METHOD)\n CHECK_FUNCTION_EXISTS(${VARIA}TLSv1_2_client_method LWS_HAVE_TLSV1_2_CLIENT_METHOD)\ndiff --git a/cmake/lws_config.h.in b/cmake/lws_config.h.in\nindex ecfd8f4..1af2f02 100644\n--- a/cmake/lws_config.h.in\n+++ b/cmake/lws_config.h.in\n@@ -46,7 +46,10 @@\n #cmakedefine LWS_HAVE_MALLOC_H\n #cmakedefine LWS_HAVE_MALLOC_TRIM\n #cmakedefine LWS_HAVE_MALLOC_USABLE_SIZE\n+#cmakedefine LWS_HAVE_mbedtls_md_setup\n #cmakedefine LWS_HAVE_mbedtls_net_init\n+#cmakedefine LWS_HAVE_mbedtls_rsa_complete\n+#cmakedefine LWS_HAVE_mbedtls_internal_aes_encrypt\n #cmakedefine LWS_HAVE_mbedtls_ssl_conf_alpn_protocols\n #cmakedefine LWS_HAVE_mbedtls_ssl_get_alpn_protocol\n #cmakedefine LWS_HAVE_mbedtls_ssl_conf_sni\ndiff --git a/lib/tls/mbedtls/lws-genaes.c b/lib/tls/mbedtls/lws-genaes.c\nindex d776606..a74a169 100644\n--- a/lib/tls/mbedtls/lws-genaes.c\n+++ b/lib/tls/mbedtls/lws-genaes.c\n@@ -161,6 +161,7 @@ lws_genaes_destroy(struct lws_genaes_ctx *ctx, unsigned char *tag, size_t tlen)\n \treturn 0;\n }\n \n+#if defined(LWS_HAVE_mbedtls_internal_aes_encrypt)\n static int\n lws_genaes_rfc3394_wrap(int wrap, int cek_bits, const uint8_t *kek,\n \t\t\tint kek_bits, const uint8_t *in, uint8_t *out)\n@@ -271,6 +272,7 @@ bail:\n \n \treturn ret;\n }\n+#endif\n \n int\n lws_genaes_crypt(struct lws_genaes_ctx *ctx, const uint8_t *in, size_t len,\n@@ -282,6 +284,7 @@ lws_genaes_crypt(struct lws_genaes_ctx *ctx, const uint8_t *in, size_t len,\n \n \tswitch (ctx-\u003emode) {\n \tcase LWS_GAESM_KW:\n+#if defined(LWS_HAVE_mbedtls_internal_aes_encrypt)\n \t\t/* a key of length ctx-\u003ek-\u003elen is wrapped by a 128-bit KEK */\n \t\tn \u003d lws_genaes_rfc3394_wrap(ctx-\u003eop \u003d\u003d MBEDTLS_AES_ENCRYPT,\n \t\t\t\tctx-\u003eop \u003d\u003d MBEDTLS_AES_ENCRYPT ? len * 8 :\n@@ -289,6 +292,10 @@ lws_genaes_crypt(struct lws_genaes_ctx *ctx, const uint8_t *in, size_t len,\n \t\t\t\t\t\tctx-\u003ek-\u003elen * 8,\n \t\t\t\tin, out);\n \t\tbreak;\n+#else\n+\t\tlwsl_err(\u0022%s: your mbedtls is too old\u005cn\u0022, __func__);\n+\t\treturn -1;\n+#endif\n \tcase LWS_GAESM_CBC:\n \t\tmemcpy(iv, iv_or_nonce_ctr_or_data_unit_16, 16);\n \ndiff --git a/lib/tls/mbedtls/lws-genhash.c b/lib/tls/mbedtls/lws-genhash.c\nindex 396f8b1..a32d215 100644\n--- a/lib/tls/mbedtls/lws-genhash.c\n+++ b/lib/tls/mbedtls/lws-genhash.c\n@@ -148,8 +148,13 @@ lws_genhmac_init(struct lws_genhmac_ctx *ctx, enum lws_genhmac_types type,\n \tif (!ctx-\u003ehmac)\n \t\treturn -1;\n \n+#if !defined(LWS_HAVE_mbedtls_md_setup)\n \tif (mbedtls_md_init_ctx(\u0026ctx-\u003ectx, ctx-\u003ehmac))\n \t\treturn -1;\n+#else\n+\tif (mbedtls_md_setup(\u0026ctx-\u003ectx, ctx-\u003ehmac, 1))\n+\t\treturn -1;\n+#endif\n \n \tif (mbedtls_md_hmac_starts(\u0026ctx-\u003ectx, key, key_len)) {\n \t\tmbedtls_md_free(\u0026ctx-\u003ectx);\ndiff --git a/lib/tls/mbedtls/lws-genrsa.c b/lib/tls/mbedtls/lws-genrsa.c\nindex 5b3b234..5269d12 100644\n--- a/lib/tls/mbedtls/lws-genrsa.c\n+++ b/lib/tls/mbedtls/lws-genrsa.c\n@@ -85,8 +85,13 @@ lws_genrsa_create(struct lws_genrsa_ctx *ctx, struct lws_gencrypto_keyelem *el,\n \t\tif ( el[LWS_GENCRYPTO_RSA_KEYEL_D].len \u0026\u0026\n \t\t !el[LWS_GENCRYPTO_RSA_KEYEL_P].len \u0026\u0026\n \t\t !el[LWS_GENCRYPTO_RSA_KEYEL_Q].len) {\n+#if defined(LWS_HAVE_mbedtls_rsa_complete)\n \t\t\tif (mbedtls_rsa_complete(ctx-\u003ectx)) {\n \t\t\t\tlwsl_notice(\u0022mbedtls_rsa_complete failed\u005cn\u0022);\n+#else\n+\t\t\t{\n+\t\t\t\tlwsl_notice(\u0022%s: you have to provide P and Q\u005cn\u0022, __func__);\n+#endif\n \t\t\t\tlws_free_set_NULL(ctx-\u003ectx);\n \n \t\t\t\treturn -1;\n@@ -176,7 +181,9 @@ lws_genrsa_public_decrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in,\n \n \tctx-\u003ectx-\u003elen \u003d in_len;\n \n+#if defined(LWS_HAVE_mbedtls_rsa_complete)\n \tmbedtls_rsa_complete(ctx-\u003ectx);\n+#endif\n \n \tswitch(ctx-\u003emode) {\n \tcase LGRSAM_PKCS1_1_5:\n@@ -214,7 +221,9 @@ lws_genrsa_private_decrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in,\n \n \tctx-\u003ectx-\u003elen \u003d in_len;\n \n+#if defined(LWS_HAVE_mbedtls_rsa_complete)\n \tmbedtls_rsa_complete(ctx-\u003ectx);\n+#endif\n \n \tswitch(ctx-\u003emode) {\n \tcase LGRSAM_PKCS1_1_5:\n@@ -249,7 +258,9 @@ lws_genrsa_public_encrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in,\n {\n \tint n;\n \n+#if defined(LWS_HAVE_mbedtls_rsa_complete)\n \tmbedtls_rsa_complete(ctx-\u003ectx);\n+#endif\n \n \tswitch(ctx-\u003emode) {\n \tcase LGRSAM_PKCS1_1_5:\n@@ -284,7 +295,9 @@ lws_genrsa_private_encrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in,\n {\n \tint n;\n \n+#if defined(LWS_HAVE_mbedtls_rsa_complete)\n \tmbedtls_rsa_complete(ctx-\u003ectx);\n+#endif\n \n \tswitch(ctx-\u003emode) {\n \tcase LGRSAM_PKCS1_1_5:\n@@ -323,7 +336,9 @@ lws_genrsa_hash_sig_verify(struct lws_genrsa_ctx *ctx, const uint8_t *in,\n \tif (h \u003c 0)\n \t\treturn -1;\n \n+#if defined(LWS_HAVE_mbedtls_rsa_complete)\n \tmbedtls_rsa_complete(ctx-\u003ectx);\n+#endif\n \n \tswitch(ctx-\u003emode) {\n \tcase LGRSAM_PKCS1_1_5:\n@@ -358,7 +373,9 @@ lws_genrsa_hash_sign(struct lws_genrsa_ctx *ctx, const uint8_t *in,\n \tif (h \u003c 0)\n \t\treturn -1;\n \n+#if defined(LWS_HAVE_mbedtls_rsa_complete)\n \tmbedtls_rsa_complete(ctx-\u003ectx);\n+#endif\n \n \t/*\n \t * The \u0022sig\u0022 buffer must be as large as the size of ctx-\u003eN\n","s":{"c":1606540246,"u": 4550}} ],"g": 5135,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "0000"}