mirror of https://github.com/FreeRDP/FreeRDP
migrate to mbedtls 3.x with mbedtls 2.x backward compatibility
This commit is contained in:
Marc-André Moreau
akallabeth
parent
2079455eec
commit
6fbd447342
|
|
@ -684,7 +684,9 @@ if(OPENSSL_FOUND)
|
|||
add_definitions("-DWITH_OPENSSL")
|
||||
message(STATUS "Using OpenSSL Version: ${OPENSSL_VERSION}")
|
||||
include_directories(${OPENSSL_INCLUDE_DIR})
|
||||
elseif(MBEDTLS_FOUND)
|
||||
endif()
|
||||
|
||||
if(MBEDTLS_FOUND)
|
||||
add_definitions("-DWITH_MBEDTLS")
|
||||
endif()
|
||||
|
||||
|
|
|
|||
|
|
@ -62,12 +62,22 @@ if (WIN32 AND NOT UWP)
|
|||
set(NATIVE_SSPI ON)
|
||||
endif()
|
||||
|
||||
if(NOT ANDROID AND NOT IOS AND NOT UWP)
|
||||
if((NOT ANDROID AND NOT IOS AND NOT UWP) AND NOT WITH_MBEDTLS)
|
||||
set(TOOLS_DEFAULT ON)
|
||||
else()
|
||||
set(TOOLS_DEFAULT OFF)
|
||||
endif()
|
||||
|
||||
if(WITH_MBEDTLS)
|
||||
set(WITH_INTERNAL_RC4_DEFAULT ON)
|
||||
set(WITH_INTERNAL_MD4_DEFAULT ON)
|
||||
set(WITH_INTERNAL_MD5_DEFAULT OFF)
|
||||
else()
|
||||
set(WITH_INTERNAL_RC4_DEFAULT OFF)
|
||||
set(WITH_INTERNAL_MD4_DEFAULT OFF)
|
||||
set(WITH_INTERNAL_MD5_DEFAULT OFF)
|
||||
endif()
|
||||
|
||||
option(WITH_VERBOSE_WINPR_ASSERT "Compile with verbose WINPR_ASSERT." ON)
|
||||
option(WITH_WINPR_TOOLS "Build WinPR helper binaries" ${TOOLS_DEFAULT})
|
||||
option(WITH_WINPR_DEPRECATED "Build WinPR deprecated symbols" OFF)
|
||||
|
|
@ -77,9 +87,9 @@ option(WITH_DEBUG_SYMBOLS "Pack debug symbols to installer" OFF)
|
|||
option(WITH_NATIVE_SSPI "Use native SSPI modules" ${NATIVE_SSPI})
|
||||
option(WITH_SMARTCARD_INSPECT "Enable SmartCard API Inspector" OFF)
|
||||
option(WITH_DEBUG_MUTEX "Print mutex debug messages" ${DEFAULT_DEBUG_OPTION})
|
||||
option(WITH_INTERNAL_RC4 "Use compiled in rc4 functions instead of OpenSSL/MBedTLS" OFF)
|
||||
option(WITH_INTERNAL_MD4 "Use compiled in md4 hash functions instead of OpenSSL/MBedTLS" OFF)
|
||||
option(WITH_INTERNAL_MD5 "Use compiled in md5 hash functions instead of OpenSSL/MBedTLS" OFF)
|
||||
option(WITH_INTERNAL_RC4 "Use compiled in rc4 functions instead of OpenSSL/MBedTLS" ${WITH_INTERNAL_RC4_DEFAULT})
|
||||
option(WITH_INTERNAL_MD4 "Use compiled in md4 hash functions instead of OpenSSL/MBedTLS" ${WITH_INTERNAL_MD4_DEFAULT})
|
||||
option(WITH_INTERNAL_MD5 "Use compiled in md5 hash functions instead of OpenSSL/MBedTLS" ${WITH_INTERNAL_MD5_DEFAULT})
|
||||
option(WITH_UNICODE_BUILTIN "Use built-in Unicode conversion (don't use system-provided libraries)" OFF)
|
||||
|
||||
# This option MUST be off to avoid symbol conflicts when loading an external SSPI module library
|
||||
|
|
@ -270,18 +280,18 @@ set(OPENSSL_FEATURE_TYPE "RECOMMENDED")
|
|||
find_feature(OpenSSL ${OPENSSL_FEATURE_TYPE} ${OPENSSL_FEATURE_PURPOSE} ${OPENSSL_FEATURE_DESCRIPTION})
|
||||
find_feature(MbedTLS ${MBEDTLS_FEATURE_TYPE} ${MBEDTLS_FEATURE_PURPOSE} ${MBEDTLS_FEATURE_DESCRIPTION})
|
||||
|
||||
if(OPENSSL_FOUND)
|
||||
if (NOT OPENSSL_FOUND AND NOT MBEDTLS_FOUND)
|
||||
message(FATAL_ERROR "OpenSSL or MBedTLS are required, none enabled/found")
|
||||
endif()
|
||||
|
||||
if(WITH_OPENSSL AND OPENSSL_FOUND)
|
||||
add_definitions("-DWITH_OPENSSL")
|
||||
endif()
|
||||
|
||||
if(MBEDTLS_FOUND)
|
||||
if(WITH_MBEDTLS AND MBEDTLS_FOUND)
|
||||
add_definitions("-DWITH_MBEDTLS")
|
||||
endif()
|
||||
|
||||
if (NOT OPENSSL_FOUND AND NOT MBEDTLS_FOUND)
|
||||
message(FATAL_ERROR "OpenSSL or MBedTLS are required, none enabled/found")
|
||||
endif()
|
||||
|
||||
enable_testing()
|
||||
|
||||
if(MSVC)
|
||||
|
|
|
|||
|
|
@ -39,9 +39,12 @@
|
|||
#ifdef WITH_MBEDTLS
|
||||
#include <mbedtls/md.h>
|
||||
#include <mbedtls/aes.h>
|
||||
#include <mbedtls/arc4.h>
|
||||
#include <mbedtls/des.h>
|
||||
#include <mbedtls/cipher.h>
|
||||
#if MBEDTLS_VERSION_MAJOR < 3
|
||||
#define mbedtls_cipher_info_get_iv_size(_info) (_info->iv_size)
|
||||
#define mbedtls_cipher_info_get_key_bitlen(_info) (_info->key_bitlen)
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/**
|
||||
|
|
@ -56,9 +59,6 @@ struct winpr_rc4_ctx_private_st
|
|||
#if defined(WITH_OPENSSL)
|
||||
EVP_CIPHER_CTX* ctx;
|
||||
#endif
|
||||
#if defined(WITH_MBEDTLS) && defined(MBEDTLS_ARC4_C)
|
||||
mbedtls_arc4_context* mctx;
|
||||
#endif
|
||||
#endif
|
||||
};
|
||||
|
||||
|
|
@ -107,15 +107,6 @@ static WINPR_RC4_CTX* winpr_RC4_New_Internal(const BYTE* key, size_t keylen, BOO
|
|||
EVP_CIPHER_CTX_set_key_length(ctx->ctx, (int)keylen);
|
||||
if (EVP_EncryptInit_ex(ctx->ctx, NULL, NULL, key, NULL) != 1)
|
||||
goto fail;
|
||||
|
||||
#elif defined(WITH_MBEDTLS) && defined(MBEDTLS_ARC4_C)
|
||||
|
||||
ctx->mctx = calloc(1, sizeof(mbedtls_arc4_context));
|
||||
if (!ctx->mctx)
|
||||
goto fail;
|
||||
|
||||
mbedtls_arc4_init(ctx->mctx);
|
||||
mbedtls_arc4_setup(ctx->mctx, key, (unsigned int)keylen);
|
||||
#endif
|
||||
return ctx;
|
||||
|
||||
|
|
@ -150,12 +141,6 @@ BOOL winpr_RC4_Update(WINPR_RC4_CTX* ctx, size_t length, const void* input, void
|
|||
if (EVP_CipherUpdate(ctx->ctx, output, &outputLength, input, (int)length) != 1)
|
||||
return FALSE;
|
||||
return TRUE;
|
||||
#elif defined(WITH_MBEDTLS) && defined(MBEDTLS_ARC4_C)
|
||||
|
||||
WINPR_ASSERT(ctx->mctx);
|
||||
if (mbedtls_arc4_crypt(ctx->mctx, length, input, output) == 0)
|
||||
return TRUE;
|
||||
|
||||
#endif
|
||||
return FALSE;
|
||||
}
|
||||
|
|
@ -169,8 +154,6 @@ void winpr_RC4_Free(WINPR_RC4_CTX* ctx)
|
|||
winpr_int_rc4_free(ctx->ictx);
|
||||
#elif defined(WITH_OPENSSL)
|
||||
EVP_CIPHER_CTX_free(ctx->ctx);
|
||||
#elif defined(WITH_MBEDTLS) && defined(MBEDTLS_ARC4_C)
|
||||
mbedtls_arc4_free(ctx->mctx);
|
||||
#endif
|
||||
free(ctx);
|
||||
}
|
||||
|
|
@ -465,110 +448,6 @@ mbedtls_cipher_type_t winpr_mbedtls_get_cipher_type(int cipher)
|
|||
type = MBEDTLS_CIPHER_AES_256_GCM;
|
||||
break;
|
||||
|
||||
case WINPR_CIPHER_CAMELLIA_128_ECB:
|
||||
type = MBEDTLS_CIPHER_CAMELLIA_128_ECB;
|
||||
break;
|
||||
|
||||
case WINPR_CIPHER_CAMELLIA_192_ECB:
|
||||
type = MBEDTLS_CIPHER_CAMELLIA_192_ECB;
|
||||
break;
|
||||
|
||||
case WINPR_CIPHER_CAMELLIA_256_ECB:
|
||||
type = MBEDTLS_CIPHER_CAMELLIA_256_ECB;
|
||||
break;
|
||||
|
||||
case WINPR_CIPHER_CAMELLIA_128_CBC:
|
||||
type = MBEDTLS_CIPHER_CAMELLIA_128_CBC;
|
||||
break;
|
||||
|
||||
case WINPR_CIPHER_CAMELLIA_192_CBC:
|
||||
type = MBEDTLS_CIPHER_CAMELLIA_192_CBC;
|
||||
break;
|
||||
|
||||
case WINPR_CIPHER_CAMELLIA_256_CBC:
|
||||
type = MBEDTLS_CIPHER_CAMELLIA_256_CBC;
|
||||
break;
|
||||
|
||||
case WINPR_CIPHER_CAMELLIA_128_CFB128:
|
||||
type = MBEDTLS_CIPHER_CAMELLIA_128_CFB128;
|
||||
break;
|
||||
|
||||
case WINPR_CIPHER_CAMELLIA_192_CFB128:
|
||||
type = MBEDTLS_CIPHER_CAMELLIA_192_CFB128;
|
||||
break;
|
||||
|
||||
case WINPR_CIPHER_CAMELLIA_256_CFB128:
|
||||
type = MBEDTLS_CIPHER_CAMELLIA_256_CFB128;
|
||||
break;
|
||||
|
||||
case WINPR_CIPHER_CAMELLIA_128_CTR:
|
||||
type = MBEDTLS_CIPHER_CAMELLIA_128_CTR;
|
||||
break;
|
||||
|
||||
case WINPR_CIPHER_CAMELLIA_192_CTR:
|
||||
type = MBEDTLS_CIPHER_CAMELLIA_192_CTR;
|
||||
break;
|
||||
|
||||
case WINPR_CIPHER_CAMELLIA_256_CTR:
|
||||
type = MBEDTLS_CIPHER_CAMELLIA_256_CTR;
|
||||
break;
|
||||
|
||||
case WINPR_CIPHER_CAMELLIA_128_GCM:
|
||||
type = MBEDTLS_CIPHER_CAMELLIA_128_GCM;
|
||||
break;
|
||||
|
||||
case WINPR_CIPHER_CAMELLIA_192_GCM:
|
||||
type = MBEDTLS_CIPHER_CAMELLIA_192_GCM;
|
||||
break;
|
||||
|
||||
case WINPR_CIPHER_CAMELLIA_256_GCM:
|
||||
type = MBEDTLS_CIPHER_CAMELLIA_256_GCM;
|
||||
break;
|
||||
|
||||
case WINPR_CIPHER_DES_ECB:
|
||||
type = MBEDTLS_CIPHER_DES_ECB;
|
||||
break;
|
||||
|
||||
case WINPR_CIPHER_DES_CBC:
|
||||
type = MBEDTLS_CIPHER_DES_CBC;
|
||||
break;
|
||||
|
||||
case WINPR_CIPHER_DES_EDE_ECB:
|
||||
type = MBEDTLS_CIPHER_DES_EDE_ECB;
|
||||
break;
|
||||
|
||||
case WINPR_CIPHER_DES_EDE_CBC:
|
||||
type = MBEDTLS_CIPHER_DES_EDE_CBC;
|
||||
break;
|
||||
|
||||
case WINPR_CIPHER_DES_EDE3_ECB:
|
||||
type = MBEDTLS_CIPHER_DES_EDE3_ECB;
|
||||
break;
|
||||
|
||||
case WINPR_CIPHER_DES_EDE3_CBC:
|
||||
type = MBEDTLS_CIPHER_DES_EDE3_CBC;
|
||||
break;
|
||||
|
||||
case WINPR_CIPHER_BLOWFISH_ECB:
|
||||
type = MBEDTLS_CIPHER_BLOWFISH_ECB;
|
||||
break;
|
||||
|
||||
case WINPR_CIPHER_BLOWFISH_CBC:
|
||||
type = MBEDTLS_CIPHER_BLOWFISH_CBC;
|
||||
break;
|
||||
|
||||
case WINPR_CIPHER_BLOWFISH_CFB64:
|
||||
type = MBEDTLS_CIPHER_BLOWFISH_CFB64;
|
||||
break;
|
||||
|
||||
case WINPR_CIPHER_BLOWFISH_CTR:
|
||||
type = MBEDTLS_CIPHER_BLOWFISH_CTR;
|
||||
break;
|
||||
|
||||
case WINPR_CIPHER_ARC4_128:
|
||||
type = MBEDTLS_CIPHER_ARC4_128;
|
||||
break;
|
||||
|
||||
case WINPR_CIPHER_AES_128_CCM:
|
||||
type = MBEDTLS_CIPHER_AES_128_CCM;
|
||||
break;
|
||||
|
|
@ -580,18 +459,6 @@ mbedtls_cipher_type_t winpr_mbedtls_get_cipher_type(int cipher)
|
|||
case WINPR_CIPHER_AES_256_CCM:
|
||||
type = MBEDTLS_CIPHER_AES_256_CCM;
|
||||
break;
|
||||
|
||||
case WINPR_CIPHER_CAMELLIA_128_CCM:
|
||||
type = MBEDTLS_CIPHER_CAMELLIA_128_CCM;
|
||||
break;
|
||||
|
||||
case WINPR_CIPHER_CAMELLIA_192_CCM:
|
||||
type = MBEDTLS_CIPHER_CAMELLIA_192_CCM;
|
||||
break;
|
||||
|
||||
case WINPR_CIPHER_CAMELLIA_256_CCM:
|
||||
type = MBEDTLS_CIPHER_CAMELLIA_256_CCM;
|
||||
break;
|
||||
}
|
||||
|
||||
return type;
|
||||
|
|
@ -673,7 +540,7 @@ BOOL winpr_Cipher_SetPadding(WINPR_CIPHER_CTX* ctx, BOOL enabled)
|
|||
EVP_CIPHER_CTX_set_padding((EVP_CIPHER_CTX*)ctx, enabled);
|
||||
#elif defined(WITH_MBEDTLS)
|
||||
mbedtls_cipher_padding_t option = enabled ? MBEDTLS_PADDING_PKCS7 : MBEDTLS_PADDING_NONE;
|
||||
if (mbedtls_cipher_set_padding_mode(ctx, option) != 0)
|
||||
if (mbedtls_cipher_set_padding_mode((mbedtls_cipher_context_t*)ctx, option) != 0)
|
||||
return FALSE;
|
||||
#else
|
||||
return FALSE;
|
||||
|
|
@ -774,8 +641,8 @@ int winpr_Cipher_BytesToKey(int cipher, WINPR_MD_TYPE md, const void* salt, cons
|
|||
md_info = mbedtls_md_info_from_type(md_type);
|
||||
cipher_type = winpr_mbedtls_get_cipher_type(cipher);
|
||||
cipher_info = mbedtls_cipher_info_from_type(cipher_type);
|
||||
nkey = cipher_info->key_bitlen / 8;
|
||||
niv = cipher_info->iv_size;
|
||||
nkey = mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8;
|
||||
niv = mbedtls_cipher_info_get_iv_size(cipher_info);
|
||||
|
||||
if ((nkey > 64) || (niv > 64))
|
||||
return 0;
|
||||
|
|
@ -867,7 +734,7 @@ int winpr_Cipher_BytesToKey(int cipher, WINPR_MD_TYPE md, const void* salt, cons
|
|||
break;
|
||||
}
|
||||
|
||||
rv = cipher_info->key_bitlen / 8;
|
||||
rv = mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8;
|
||||
err:
|
||||
mbedtls_md_free(&ctx);
|
||||
SecureZeroMemory(md_buf, 64);
|
||||
|
|
|
|||
|
|
@ -34,10 +34,14 @@
|
|||
#endif
|
||||
|
||||
#ifdef WITH_MBEDTLS
|
||||
#include <mbedtls/md4.h>
|
||||
#ifdef MBEDTLS_MD5_C
|
||||
#include <mbedtls/md5.h>
|
||||
#endif
|
||||
#include <mbedtls/sha1.h>
|
||||
#include <mbedtls/md.h>
|
||||
#if MBEDTLS_VERSION_MAJOR < 3
|
||||
#define mbedtls_md_info_from_ctx(_ctx) (_ctx->md_info)
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(WITH_INTERNAL_MD4)
|
||||
|
|
@ -77,14 +81,6 @@ mbedtls_md_type_t winpr_mbedtls_get_md_type(int md)
|
|||
|
||||
switch (md)
|
||||
{
|
||||
case WINPR_MD_MD2:
|
||||
type = MBEDTLS_MD_MD2;
|
||||
break;
|
||||
|
||||
case WINPR_MD_MD4:
|
||||
type = MBEDTLS_MD_MD4;
|
||||
break;
|
||||
|
||||
case WINPR_MD_MD5:
|
||||
type = MBEDTLS_MD_MD5;
|
||||
break;
|
||||
|
|
@ -108,10 +104,6 @@ mbedtls_md_type_t winpr_mbedtls_get_md_type(int md)
|
|||
case WINPR_MD_SHA512:
|
||||
type = MBEDTLS_MD_SHA512;
|
||||
break;
|
||||
|
||||
case WINPR_MD_RIPEMD160:
|
||||
type = MBEDTLS_MD_RIPEMD160;
|
||||
break;
|
||||
}
|
||||
|
||||
return type;
|
||||
|
|
@ -274,7 +266,7 @@ BOOL winpr_HMAC_Init(WINPR_HMAC_CTX* ctx, WINPR_MD_TYPE md, const void* key, siz
|
|||
if (!md_info || !hmac)
|
||||
return FALSE;
|
||||
|
||||
if (hmac->md_info != md_info)
|
||||
if (mbedtls_md_info_from_ctx(hmac) != md_info)
|
||||
{
|
||||
mbedtls_md_free(hmac); /* can be called at any time after mbedtls_md_init */
|
||||
|
||||
|
|
@ -514,7 +506,7 @@ static BOOL winpr_Digest_Init_Internal(WINPR_DIGEST_CTX* ctx, WINPR_MD_TYPE md)
|
|||
if (!md_info)
|
||||
return FALSE;
|
||||
|
||||
if (mdctx->md_info != md_info)
|
||||
if (mbedtls_md_info_from_ctx(mdctx) != md_info)
|
||||
{
|
||||
mbedtls_md_free(mdctx); /* can be called at any time after mbedtls_md_init */
|
||||
|
||||
|
|
|
|||
|
|
@ -30,7 +30,9 @@
|
|||
#ifdef WITH_MBEDTLS
|
||||
#include <mbedtls/md.h>
|
||||
#include <mbedtls/entropy.h>
|
||||
#ifdef MBEDTLS_HAVEGE_C
|
||||
#include <mbedtls/havege.h>
|
||||
#endif
|
||||
#include <mbedtls/hmac_drbg.h>
|
||||
#endif
|
||||
|
||||
|
|
@ -41,7 +43,8 @@ int winpr_RAND(void* output, size_t len)
|
|||
return -1;
|
||||
if (RAND_bytes(output, (int)len) != 1)
|
||||
return -1;
|
||||
#elif defined(WITH_MBEDTLS) && defined(MBEDTLS_HAVEGE_C)
|
||||
#elif defined(WITH_MBEDTLS)
|
||||
#if defined(MBEDTLS_HAVEGE_C)
|
||||
mbedtls_havege_state hs;
|
||||
mbedtls_havege_init(&hs);
|
||||
|
||||
|
|
@ -49,6 +52,27 @@ int winpr_RAND(void* output, size_t len)
|
|||
return -1;
|
||||
|
||||
mbedtls_havege_free(&hs);
|
||||
#else
|
||||
int status;
|
||||
mbedtls_entropy_context entropy;
|
||||
mbedtls_hmac_drbg_context hmac_drbg;
|
||||
const mbedtls_md_info_t* md_info;
|
||||
|
||||
mbedtls_entropy_init(&entropy);
|
||||
mbedtls_hmac_drbg_init(&hmac_drbg);
|
||||
|
||||
md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
|
||||
if ((status = mbedtls_hmac_drbg_seed(&hmac_drbg, md_info, mbedtls_entropy_func, &entropy, NULL,
|
||||
0)) != 0)
|
||||
return -1;
|
||||
|
||||
status = mbedtls_hmac_drbg_random(&hmac_drbg, output, len);
|
||||
mbedtls_hmac_drbg_free(&hmac_drbg);
|
||||
mbedtls_entropy_free(&entropy);
|
||||
|
||||
if (status != 0)
|
||||
return -1;
|
||||
#endif
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue