* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
+
+/* Mbed-TLS 3.x does not currently expose a function to retrieve
+ the bio parameters from the SSL object. When the above issue has been
+ fixed, remove the MBEDTLS_ALLOW_PRIVATE_ACCESS define and use the
+ appropriate getter function in bufferevent_mbedtls_socket_new rather than
+ accessing the struct fields directly. */
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include "mbedtls-compat.h"
-#include <mbedtls/config.h>
+#include <mbedtls/version.h>
#include <mbedtls/ssl.h>
#include <mbedtls/error.h>
${_EXTRA_FIND_ARGS})
# based on https://github.com/ARMmbed/mbedtls/issues/298
-if(MBEDTLS_INCLUDE_DIR AND EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h")
- file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h" VERSION_STRING_LINE REGEX "^#define MBEDTLS_VERSION_STRING[ \\t\\n\\r]+\"[^\"]*\"$")
- file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h" VERSION_MAJOR_LINE REGEX "^#define MBEDTLS_VERSION_MAJOR[ \\t\\n\\r]+[0-9]+$")
- file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h" VERSION_MINOR_LINE REGEX "^#define MBEDTLS_VERSION_MINOR[ \\t\\n\\r]+[0-9]+$")
- file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h" VERSION_PATCH_LINE REGEX "^#define MBEDTLS_VERSION_PATCH[ \\t\\n\\r]+[0-9]+$")
+function(mbedtls_get_version_numbers FILE)
+ file(STRINGS "${MBEDTLS_INCLUDE_DIR}/${FILE}" VERSION_STRING_LINE REGEX "^#define MBEDTLS_VERSION_STRING[ \\t\\n\\r]+\"[^\"]*\"$")
+ file(STRINGS "${MBEDTLS_INCLUDE_DIR}/${FILE}" VERSION_MAJOR_LINE REGEX "^#define MBEDTLS_VERSION_MAJOR[ \\t\\n\\r]+[0-9]+$")
+ file(STRINGS "${MBEDTLS_INCLUDE_DIR}/${FILE}" VERSION_MINOR_LINE REGEX "^#define MBEDTLS_VERSION_MINOR[ \\t\\n\\r]+[0-9]+$")
+ file(STRINGS "${MBEDTLS_INCLUDE_DIR}/${FILE}" VERSION_PATCH_LINE REGEX "^#define MBEDTLS_VERSION_PATCH[ \\t\\n\\r]+[0-9]+$")
string(REGEX REPLACE "^#define MBEDTLS_VERSION_STRING[ \\t\\n\\r]+\"([^\"]*)\"$" "\\1" MBEDTLS_VERSION "${VERSION_STRING_LINE}")
string(REGEX REPLACE "^#define MBEDTLS_VERSION_MAJOR[ \\t\\n\\r]+([0-9]+)$" "\\1" MBEDTLS_VERSION_MAJOR "${VERSION_MAJOR_LINE}")
string(REGEX REPLACE "^#define MBEDTLS_VERSION_MINOR[ \\t\\n\\r]+([0-9]+)$" "\\1" MBEDTLS_VERSION_MINOR "${VERSION_MINOR_LINE}")
string(REGEX REPLACE "^#define MBEDTLS_VERSION_PATCH[ \\t\\n\\r]+([0-9]+)$" "\\1" MBEDTLS_VERSION_PATCH "${VERSION_PATCH_LINE}")
+
+ set(MBEDTLS_VERSION "${MBEDTLS_VERSION}" PARENT_SCOPE)
+ set(MBEDTLS_VERSION_MAJOR "${MBEDTLS_VERSION_MAJOR}" PARENT_SCOPE)
+ set(MBEDTLS_VERSION_MINOR "${MBEDTLS_VERSION_MINOR}" PARENT_SCOPE)
+ set(MBEDTLS_VERSION_PATCH "${MBEDTLS_VERSION_PATCH}" PARENT_SCOPE)
+endfunction()
+
+if(MBEDTLS_INCLUDE_DIR AND EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h")
+ mbedtls_get_version_numbers("mbedtls/version.h")
+
+ if ("${MBEDTLS_VERSION}" STREQUAL "")
+ mbedtls_get_version_numbers("mbedtls/build_info.h")
+ endif()
endif()
#define MBEDTLS_COMPAT_H
#include <mbedtls/version.h>
+
+#if MBEDTLS_VERSION_MAJOR >= 3
+# if defined(__clang__)
+# pragma clang diagnostic push
+# pragma clang diagnostic ignored "-Wcpp"
+# elif defined(__GNUC__)
+# pragma GCC diagnostic push
+# pragma GCC diagnostic ignored "-Wcpp"
+# endif
+
+# include <mbedtls/compat-2.x.h>
+
+# if defined(__clang__)
+# pragma clang diagnostic pop
+# elif defined(__GNUC__)
+# pragma GCC diagnostic pop
+# endif
+#endif // MBEDTLS_VERSION_MAJOR >= 3
+
#if MBEDTLS_VERSION_MAJOR < 2 || (MBEDTLS_VERSION_MAJOR == 2 && MBEDTLS_VERSION_MINOR < 4)
-#include <mbedtls/net.h>
+# include <mbedtls/net.h>
#else
-#include <mbedtls/net_sockets.h>
+# include <mbedtls/net_sockets.h>
#endif
#endif // LIBEVENT_MBEDTLS_COMPAT_H
#define EVENT_VISIBILITY_WANT_DLLIMPORT
#include "event2/util.h"
+#include <mbedtls/version.h>
#include <mbedtls/ssl.h>
#include <mbedtls/entropy.h>
#include <mbedtls/ctr_drbg.h>
line, loglen, str));
}
+static int
+mbedtls_rng(void* ctx, unsigned char* buffer, size_t len)
+{
+ int rc;
+
+ (void)ctx;
+
+ rc = evutil_secure_rng_init();
+ if (rc != 0)
+ return rc;
+ evutil_secure_rng_get_bytes(buffer, len);
+ return 0;
+}
+
static mbedtls_pk_context *
mbedtls_getkey(void)
{
mbedtls_pk_context *pk = malloc(sizeof(mbedtls_pk_context));
tt_assert(pk);
mbedtls_pk_init(pk);
- ret = mbedtls_pk_parse_key(
- pk, (const unsigned char *)KEY, sizeof(KEY), NULL, 0);
+ ret = mbedtls_pk_parse_key(pk,
+ (const unsigned char *)KEY, sizeof(KEY),
+ NULL, 0
+#if MBEDTLS_VERSION_MAJOR >= 3
+ , mbedtls_rng, NULL
+#endif
+ );
tt_assert(ret == 0);
return pk;
end:
MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
mbedtls_ssl_conf_rng(
the_mbedtls_conf[endpoint], mbedtls_ctr_drbg_random, &ctr_drbg);
+#if MBEDTLS_VERSION_MAJOR < 3
+ /* Mbed-TLS 3 doesn't support anything below TLS v1.2 */
if (disable_tls_11_and_12) {
mbedtls_ssl_conf_max_version(the_mbedtls_conf[endpoint],
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1);
}
+#endif
if (endpoint == MBEDTLS_SSL_IS_SERVER) {
mbedtls_ssl_conf_own_cert(
the_mbedtls_conf[endpoint], the_cert, the_key);
projects / libevent / commitdiff