From d9680df510a4f85cd411fe6f9c8094bb7b8f0084 Mon Sep 17 00:00:00 2001 From: Sergey Lyubka Date: Tue, 13 Jul 2021 17:28:07 +0100 Subject: [PATCH] Support mbedtls 3.x.x --- Makefile | 12 ++++-------- mongoose.c | 34 ++++++++++++++++++++++++---------- src/tls.c | 21 +++++++++++++++++---- src/util.c | 13 +++++++------ 4 files changed, 52 insertions(+), 28 deletions(-) diff --git a/Makefile b/Makefile index 855ce608..9d4f7fde 100644 --- a/Makefile +++ b/Makefile @@ -23,17 +23,13 @@ SOVERSION = 7.2 .PHONY: ex test ifeq "$(SSL)" "MBEDTLS" -MBEDTLS_DIR ?= $(shell brew --cellar mbedtls) -MBEDTLS_VER ?= $(shell brew info mbedtls --json | jq -j .[0].installed[0].version) -MBEDTLS ?= $(MBEDTLS_DIR)/$(MBEDTLS_VER) -CFLAGS += -DMG_ENABLE_MBEDTLS=1 -I$(MBEDTLS)/include -I/usr/include +MBEDTLS ?= /usr +CFLAGS += -DMG_ENABLE_MBEDTLS=1 -I$(MBEDTLS)/include -I/usr/include LDFLAGS ?= -L$(MBEDTLS)/lib -lmbedtls -lmbedcrypto -lmbedx509 endif ifeq "$(SSL)" "OPENSSL" -OPENSSL_DIR ?= $(shell brew --cellar openssl) -OPENSSL_VER ?= $(shell brew info openssl --json | jq -j .[0].installed[0].version) -OPENSSL ?= $(OPENSSL_DIR)/$(OPENSSL_VER) -CFLAGS += -DMG_ENABLE_OPENSSL=1 -I$(OPENSSL)/include +OPENSSL ?= /usr +CFLAGS += -DMG_ENABLE_OPENSSL=1 -I$(OPENSSL)/include LDFLAGS ?= -L$(OPENSSL)/lib -lssl -lcrypto endif diff --git a/mongoose.c b/mongoose.c index 961fcebc..76809171 100644 --- a/mongoose.c +++ b/mongoose.c @@ -3430,6 +3430,12 @@ void mg_timer_poll(unsigned long now_ms) { #endif #endif +#if MBEDTLS_VERSION_NUMBER >= 0x03000000 +#define RNG , rng_get, NULL +#else +#define RNG +#endif + // Different versions have those in different files, so declare here EXTERN_C int mbedtls_net_recv(void *, unsigned char *, size_t); EXTERN_C int mbedtls_net_send(void *, const unsigned char *, size_t); @@ -3474,6 +3480,14 @@ static void debug_cb(void *c, int lev, const char *s, int n, const char *s2) { (void) lev; } +#if MBEDTLS_VERSION_NUMBER >= 0x03000000 +static int rng_get(void *p_rng, unsigned char *buf, size_t len) { + (void) p_rng; + mg_random(buf, len); + return 0; +} +#endif + void mg_tls_init(struct mg_connection *c, struct mg_tls_opts *opts) { struct mg_tls *tls = (struct mg_tls *) calloc(1, sizeof(*tls)); int rc = 0; @@ -3553,10 +3567,9 @@ void mg_tls_init(struct mg_connection *c, struct mg_tls_opts *opts) { mg_error(c, "parse(%s) err %#x", cert, -rc); goto fail; } - rc = key[0] == '-' - ? mbedtls_pk_parse_key(&tls->pk, (uint8_t *) key, - strlen(key) + 1, NULL, 0) - : mbedtls_pk_parse_keyfile(&tls->pk, key, NULL); + rc = key[0] == '-' ? mbedtls_pk_parse_key(&tls->pk, (uint8_t *) key, + strlen(key) + 1, NULL, 0 RNG) + : mbedtls_pk_parse_keyfile(&tls->pk, key, NULL RNG); if (rc != 0) { mg_error(c, "tls key(%s) %#x", certkey, -rc); goto fail; @@ -3967,19 +3980,20 @@ bool mg_file_printf(const char *path, const char *fmt, ...) { void mg_random(void *buf, size_t len) { bool done = false; -#if MG_ENABLE_FS + unsigned char *p = buf; +#if MG_ARCH == MG_ARCH_ESP32 + while (len--) *p++ = (unsigned char) (esp_random() & 255); +#elif MG_ARCH == MG_ARCH_WIN32 +#elif MG_ARCH_UNIX && MG_ENABLE_FS FILE *fp = mg_fopen("/dev/urandom", "rb"); if (fp != NULL) { if (fread(buf, 1, len, fp) == len) done = true; fclose(fp); } #endif - if (!done) { // Fallback to a pseudo random gen - size_t i; - for (i = 0; i < len; i++) { - ((unsigned char *) buf)[i] = (unsigned char) (rand() % 0xff); - } + if (!done) { + while (len--) *p++ = (unsigned char) (rand() & 255); } } diff --git a/src/tls.c b/src/tls.c index b471e04a..0043ef81 100644 --- a/src/tls.c +++ b/src/tls.c @@ -16,6 +16,12 @@ #endif #endif +#if MBEDTLS_VERSION_NUMBER >= 0x03000000 +#define RNG , rng_get, NULL +#else +#define RNG +#endif + // Different versions have those in different files, so declare here EXTERN_C int mbedtls_net_recv(void *, unsigned char *, size_t); EXTERN_C int mbedtls_net_send(void *, const unsigned char *, size_t); @@ -60,6 +66,14 @@ static void debug_cb(void *c, int lev, const char *s, int n, const char *s2) { (void) lev; } +#if MBEDTLS_VERSION_NUMBER >= 0x03000000 +static int rng_get(void *p_rng, unsigned char *buf, size_t len) { + (void) p_rng; + mg_random(buf, len); + return 0; +} +#endif + void mg_tls_init(struct mg_connection *c, struct mg_tls_opts *opts) { struct mg_tls *tls = (struct mg_tls *) calloc(1, sizeof(*tls)); int rc = 0; @@ -139,10 +153,9 @@ void mg_tls_init(struct mg_connection *c, struct mg_tls_opts *opts) { mg_error(c, "parse(%s) err %#x", cert, -rc); goto fail; } - rc = key[0] == '-' - ? mbedtls_pk_parse_key(&tls->pk, (uint8_t *) key, - strlen(key) + 1, NULL, 0) - : mbedtls_pk_parse_keyfile(&tls->pk, key, NULL); + rc = key[0] == '-' ? mbedtls_pk_parse_key(&tls->pk, (uint8_t *) key, + strlen(key) + 1, NULL, 0 RNG) + : mbedtls_pk_parse_keyfile(&tls->pk, key, NULL RNG); if (rc != 0) { mg_error(c, "tls key(%s) %#x", certkey, -rc); goto fail; diff --git a/src/util.c b/src/util.c index addbaf98..99258c4f 100644 --- a/src/util.c +++ b/src/util.c @@ -89,19 +89,20 @@ bool mg_file_printf(const char *path, const char *fmt, ...) { void mg_random(void *buf, size_t len) { bool done = false; -#if MG_ENABLE_FS + unsigned char *p = buf; +#if MG_ARCH == MG_ARCH_ESP32 + while (len--) *p++ = (unsigned char) (esp_random() & 255); +#elif MG_ARCH == MG_ARCH_WIN32 +#elif MG_ARCH_UNIX && MG_ENABLE_FS FILE *fp = mg_fopen("/dev/urandom", "rb"); if (fp != NULL) { if (fread(buf, 1, len, fp) == len) done = true; fclose(fp); } #endif - if (!done) { // Fallback to a pseudo random gen - size_t i; - for (i = 0; i < len; i++) { - ((unsigned char *) buf)[i] = (unsigned char) (rand() % 0xff); - } + if (!done) { + while (len--) *p++ = (unsigned char) (rand() & 255); } }