diff --git a/deps/mbedtls.mk b/deps/mbedtls.mk index ce0396a80f895..150a39f2a1196 100644 --- a/deps/mbedtls.mk +++ b/deps/mbedtls.mk @@ -35,15 +35,11 @@ $(SRCDIR)/srccache/$(MBEDTLS_SRC)/CMakeLists.txt: $(SRCDIR)/srccache/$(MBEDTLS_S $(TAR) -C $(dir $@) --strip-components 1 -xf $< touch -c $@ -$(SRCDIR)/srccache/$(MBEDTLS_SRC)/mbedtls-config.patch-applied: | $(SRCDIR)/srccache/$(MBEDTLS_SRC)/CMakeLists.txt - cd $(SRCDIR)/srccache/$(MBEDTLS_SRC) && patch -p0 -f < $(SRCDIR)/patches/mbedtls-config.patch - echo 1 > $@ - $(SRCDIR)/srccache/$(MBEDTLS_SRC)/mbedtls-ssl.h.patch-applied: | $(SRCDIR)/srccache/$(MBEDTLS_SRC)/CMakeLists.txt cd $(SRCDIR)/srccache/$(MBEDTLS_SRC)/include/mbedtls && patch -p0 -f < $(SRCDIR)/patches/mbedtls-ssl.h.patch echo 1 > $@ -$(BUILDDIR)/mbedtls-$(MBEDTLS_VER)/Makefile: $(SRCDIR)/srccache/$(MBEDTLS_SRC)/CMakeLists.txt $(SRCDIR)/srccache/$(MBEDTLS_SRC)/mbedtls-config.patch-applied $(SRCDIR)/srccache/$(MBEDTLS_SRC)/mbedtls-ssl.h.patch-applied +$(BUILDDIR)/mbedtls-$(MBEDTLS_VER)/Makefile: $(SRCDIR)/srccache/$(MBEDTLS_SRC)/CMakeLists.txt $(SRCDIR)/srccache/$(MBEDTLS_SRC)/mbedtls-ssl.h.patch-applied mkdir -p $(dir $@) cd $(dir $@) && \ $(CMAKE) $(dir $<) $(MBEDTLS_OPTS) diff --git a/deps/patches/libssh2-mbedtls.patch b/deps/patches/libssh2-mbedtls.patch index 2311d1e210b49..d7cdeef91a44b 100644 --- a/deps/patches/libssh2-mbedtls.patch +++ b/deps/patches/libssh2-mbedtls.patch @@ -159,10 +159,10 @@ index e85aecd..366d007 100644 diff --git a/src/mbedtls.c b/src/mbedtls.c new file mode 100644 -index 0000000..98bc549 +index 0000000..1d181e1 --- /dev/null +++ b/src/mbedtls.c -@@ -0,0 +1,570 @@ +@@ -0,0 +1,606 @@ +#include "libssh2_priv.h" + +#ifdef LIBSSH2_MBEDTLS /* compile only if we build with mbedtls */ @@ -277,10 +277,10 @@ index 0000000..98bc549 + if(!ret) + ret = mbedtls_cipher_finish(ctx, output + olen, &finish_olen); + -+ olen += finish_olen; -+ -+ if (!ret) ++ if (!ret) { ++ olen += finish_olen; + memcpy(block, output, olen); ++ } + + _libssh2_mbedtls_safe_free(output, osize); + } @@ -306,6 +306,9 @@ index 0000000..98bc549 + int ret, hmac; + + md_info = mbedtls_md_info_from_type(mdtype); ++ if(!md_info) ++ return 0; ++ + hmac = key == NULL ? 0 : 1; + + mbedtls_md_init(ctx); @@ -339,6 +342,9 @@ index 0000000..98bc549 + int ret; + + md_info = mbedtls_md_info_from_type(mdtype); ++ if(!md_info) ++ return 0; ++ + ret = mbedtls_md(md_info, data, datalen, hash); + + return ret == 0 ? 0 : -1; @@ -362,17 +368,47 @@ index 0000000..98bc549 + return bignum; +} + -+void -+_libssh2_mbedtls_bignum_free(_libssh2_bn *bn) ++int ++_libssh2_mbedtls_bignum_random(_libssh2_bn *bn, int bits, int top, int bottom) +{ -+ if (bn) -+ { -+ mbedtls_mpi_free(bn); -+#ifdef LIBSSH2_CLEAR_MEMORY -+ memset(bn, 0, sizeof(_libssh2_bn)); -+#endif ++ size_t len; ++ int err; ++ int i; ++ ++ if (!bn || bits <= 0) ++ return -1; ++ ++ len = (bits + 7) >> 3; ++ err = mbedtls_mpi_fill_random(bn, len, mbedtls_ctr_drbg_random, &_libssh2_mbedtls_ctr_drbg); ++ if (err) ++ return -1; ++ ++ /* Zero unsued bits above the most significant bit*/ ++ for(i=len*8-1;bits<=i;--i) { ++ err = mbedtls_mpi_set_bit(bn, i, 0); ++ if (err) ++ return -1; ++ } ++ ++ /* If `top` is -1, the most significant bit of the random number can be zero. ++ If top is 0, the most significant bit of the random number is set to 1, ++ and if top is 1, the two most significant bits of the number will be set ++ to 1, so that the product of two such random numbers will always have 2*bits length. ++ */ ++ for(i=0;i<=top;++i) { ++ err = mbedtls_mpi_set_bit(bn, bits-i-1, 1); ++ if (err) ++ return -1; ++ } ++ ++ /* make odd by setting first bit in least significant byte */ ++ if (bottom) { ++ err = mbedtls_mpi_set_bit(bn, 0, 1); ++ if (err) ++ return -1; + } -+ mbedtls_free(bn); ++ ++ return 0; +} + + @@ -464,7 +500,7 @@ index 0000000..98bc549 + mbedtls_pk_init(&pkey); + + ret = mbedtls_pk_parse_keyfile(&pkey, filename, (char *)passphrase); -+ if( ret != 0 ) ++ if( ret != 0 || mbedtls_pk_get_type(&pkey) != MBEDTLS_PK_RSA) + { + mbedtls_pk_free(&pkey); + mbedtls_rsa_free(*rsa); @@ -498,7 +534,7 @@ index 0000000..98bc549 + + ret = mbedtls_pk_parse_key(&pkey, (unsigned char *)filedata, + filedata_len, NULL, 0); -+ if( ret != 0 ) ++ if( ret != 0 || mbedtls_pk_get_type(&pkey) != MBEDTLS_PK_RSA) + { + mbedtls_pk_free(&pkey); + mbedtls_rsa_free(*rsa); @@ -529,7 +565,7 @@ index 0000000..98bc549 + return -1; /* failure */ + + ret = mbedtls_rsa_pkcs1_verify(rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC, -+ MBEDTLS_MD_SHA1, sig_len, hash, sig); ++ MBEDTLS_MD_SHA1, SHA_DIGEST_LENGTH, hash, sig); + + return (ret == 0) ? 0 : -1; +} @@ -735,10 +771,10 @@ index 0000000..98bc549 +#endif /* LIBSSH2_MBEDTLS */ diff --git a/src/mbedtls.h b/src/mbedtls.h new file mode 100644 -index 0000000..f594575 +index 0000000..248583e --- /dev/null +++ b/src/mbedtls.h -@@ -0,0 +1,368 @@ +@@ -0,0 +1,371 @@ +#include +#include + @@ -980,8 +1016,8 @@ index 0000000..f594575 + _libssh2_mbedtls_bignum_init() +#define _libssh2_bn_init_from_bin() \ + _libssh2_mbedtls_bignum_init() -+#define _libssh2_bn_rand(bn, bytes, top, bottom) \ -+ mbedtls_mpi_fill_random(bn, bytes, mbedtls_ctr_drbg_random, &_libssh2_mbedtls_ctr_drbg) ++#define _libssh2_bn_rand(bn, bits, top, bottom) \ ++ _libssh2_mbedtls_bignum_random(bn, bits, top, bottom) +#define _libssh2_bn_mod_exp(r, a, p, m, ctx) \ + mbedtls_mpi_exp_mod(r, a, p, m, NULL) +#define _libssh2_bn_set_word(bn, word) \ @@ -995,7 +1031,7 @@ index 0000000..f594575 +#define _libssh2_bn_bits(bn) \ + mbedtls_mpi_bitlen(bn) +#define _libssh2_bn_free(bn) \ -+ _libssh2_mbedtls_bignum_free(bn) ++ mbedtls_mpi_free(bn) + + +/*******************************************************************/ @@ -1044,6 +1080,9 @@ index 0000000..f594575 +_libssh2_mbedtls_bignum_free(_libssh2_bn *bn); + +int ++_libssh2_mbedtls_bignum_random(_libssh2_bn *bn, int bits, int top, int bottom); ++ ++int +_libssh2_mbedtls_rsa_new(libssh2_rsa_ctx **rsa, + const unsigned char *edata, + unsigned long elen, @@ -1106,4 +1145,4 @@ index 0000000..f594575 + size_t *pubkeydata_len, + const char *privatekeydata, + size_t privatekeydata_len, -+ const char *passphrase); ++ const char *passphrase); \ No newline at end of file diff --git a/deps/patches/mbedtls-config.patch b/deps/patches/mbedtls-config.patch deleted file mode 100644 index 1f774ec61ac33..0000000000000 --- a/deps/patches/mbedtls-config.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff --git include/mbedtls/config.h include/mbedtls/config.h -index 0efee04..787cd8c 100644 ---- include/mbedtls/config.h -+++ include/mbedtls/config.h -@@ -2434,19 +2434,19 @@ - - /* MPI / BIGNUM options */ - //#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ --//#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ -+#define MBEDTLS_MPI_MAX_SIZE 2048 /**< Maximum number of bytes for usable MPIs. */ - - /* CTR_DRBG options */ - //#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ - //#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ - //#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ --//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ -+#define MBEDTLS_CTR_DRBG_MAX_REQUEST 2048 /**< Maximum number of requested bytes per call */ - //#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ - - /* HMAC_DRBG options */ - //#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ - //#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ --//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ -+#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 2048 /**< Maximum number of requested bytes per call */ - //#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ - - /* ECP options */