diff --git a/CMakeLists.txt b/CMakeLists.txt index a9fe1279a..87fbda58d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -684,7 +684,9 @@ if(OPENSSL_FOUND) add_definitions("-DWITH_OPENSSL") message(STATUS "Using OpenSSL Version: ${OPENSSL_VERSION}") include_directories(${OPENSSL_INCLUDE_DIR}) -elseif(MBEDTLS_FOUND) +endif() + +if(MBEDTLS_FOUND) add_definitions("-DWITH_MBEDTLS") endif() diff --git a/winpr/CMakeLists.txt b/winpr/CMakeLists.txt index 444649c53..abb2086d6 100644 --- a/winpr/CMakeLists.txt +++ b/winpr/CMakeLists.txt @@ -62,12 +62,22 @@ if (WIN32 AND NOT UWP) set(NATIVE_SSPI ON) endif() -if(NOT ANDROID AND NOT IOS AND NOT UWP) +if((NOT ANDROID AND NOT IOS AND NOT UWP) AND NOT WITH_MBEDTLS) set(TOOLS_DEFAULT ON) else() set(TOOLS_DEFAULT OFF) endif() +if(WITH_MBEDTLS) + set(WITH_INTERNAL_RC4_DEFAULT ON) + set(WITH_INTERNAL_MD4_DEFAULT ON) + set(WITH_INTERNAL_MD5_DEFAULT OFF) +else() + set(WITH_INTERNAL_RC4_DEFAULT OFF) + set(WITH_INTERNAL_MD4_DEFAULT OFF) + set(WITH_INTERNAL_MD5_DEFAULT OFF) +endif() + option(WITH_VERBOSE_WINPR_ASSERT "Compile with verbose WINPR_ASSERT." ON) option(WITH_WINPR_TOOLS "Build WinPR helper binaries" ${TOOLS_DEFAULT}) option(WITH_WINPR_DEPRECATED "Build WinPR deprecated symbols" OFF) @@ -77,9 +87,9 @@ option(WITH_DEBUG_SYMBOLS "Pack debug symbols to installer" OFF) option(WITH_NATIVE_SSPI "Use native SSPI modules" ${NATIVE_SSPI}) option(WITH_SMARTCARD_INSPECT "Enable SmartCard API Inspector" OFF) option(WITH_DEBUG_MUTEX "Print mutex debug messages" ${DEFAULT_DEBUG_OPTION}) -option(WITH_INTERNAL_RC4 "Use compiled in rc4 functions instead of OpenSSL/MBedTLS" OFF) -option(WITH_INTERNAL_MD4 "Use compiled in md4 hash functions instead of OpenSSL/MBedTLS" OFF) -option(WITH_INTERNAL_MD5 "Use compiled in md5 hash functions instead of OpenSSL/MBedTLS" OFF) +option(WITH_INTERNAL_RC4 "Use compiled in rc4 functions instead of OpenSSL/MBedTLS" ${WITH_INTERNAL_RC4_DEFAULT}) +option(WITH_INTERNAL_MD4 "Use compiled in md4 hash functions instead of OpenSSL/MBedTLS" ${WITH_INTERNAL_MD4_DEFAULT}) +option(WITH_INTERNAL_MD5 "Use compiled in md5 hash functions instead of OpenSSL/MBedTLS" ${WITH_INTERNAL_MD5_DEFAULT}) option(WITH_UNICODE_BUILTIN "Use built-in Unicode conversion (don't use system-provided libraries)" OFF) # This option MUST be off to avoid symbol conflicts when loading an external SSPI module library @@ -270,18 +280,18 @@ set(OPENSSL_FEATURE_TYPE "RECOMMENDED") find_feature(OpenSSL ${OPENSSL_FEATURE_TYPE} ${OPENSSL_FEATURE_PURPOSE} ${OPENSSL_FEATURE_DESCRIPTION}) find_feature(MbedTLS ${MBEDTLS_FEATURE_TYPE} ${MBEDTLS_FEATURE_PURPOSE} ${MBEDTLS_FEATURE_DESCRIPTION}) - if(OPENSSL_FOUND) + if (NOT OPENSSL_FOUND AND NOT MBEDTLS_FOUND) + message(FATAL_ERROR "OpenSSL or MBedTLS are required, none enabled/found") + endif() + + if(WITH_OPENSSL AND OPENSSL_FOUND) add_definitions("-DWITH_OPENSSL") endif() - if(MBEDTLS_FOUND) + if(WITH_MBEDTLS AND MBEDTLS_FOUND) add_definitions("-DWITH_MBEDTLS") endif() - if (NOT OPENSSL_FOUND AND NOT MBEDTLS_FOUND) - message(FATAL_ERROR "OpenSSL or MBedTLS are required, none enabled/found") - endif() - enable_testing() if(MSVC) diff --git a/winpr/libwinpr/crypto/cipher.c b/winpr/libwinpr/crypto/cipher.c index 98ade4b9a..28dac6a0f 100644 --- a/winpr/libwinpr/crypto/cipher.c +++ b/winpr/libwinpr/crypto/cipher.c @@ -39,9 +39,12 @@ #ifdef WITH_MBEDTLS #include #include -#include #include #include +#if MBEDTLS_VERSION_MAJOR < 3 +#define mbedtls_cipher_info_get_iv_size(_info) (_info->iv_size) +#define mbedtls_cipher_info_get_key_bitlen(_info) (_info->key_bitlen) +#endif #endif /** @@ -56,9 +59,6 @@ struct winpr_rc4_ctx_private_st #if defined(WITH_OPENSSL) EVP_CIPHER_CTX* ctx; #endif -#if defined(WITH_MBEDTLS) && defined(MBEDTLS_ARC4_C) - mbedtls_arc4_context* mctx; -#endif #endif }; @@ -107,15 +107,6 @@ static WINPR_RC4_CTX* winpr_RC4_New_Internal(const BYTE* key, size_t keylen, BOO EVP_CIPHER_CTX_set_key_length(ctx->ctx, (int)keylen); if (EVP_EncryptInit_ex(ctx->ctx, NULL, NULL, key, NULL) != 1) goto fail; - -#elif defined(WITH_MBEDTLS) && defined(MBEDTLS_ARC4_C) - - ctx->mctx = calloc(1, sizeof(mbedtls_arc4_context)); - if (!ctx->mctx) - goto fail; - - mbedtls_arc4_init(ctx->mctx); - mbedtls_arc4_setup(ctx->mctx, key, (unsigned int)keylen); #endif return ctx; @@ -150,12 +141,6 @@ BOOL winpr_RC4_Update(WINPR_RC4_CTX* ctx, size_t length, const void* input, void if (EVP_CipherUpdate(ctx->ctx, output, &outputLength, input, (int)length) != 1) return FALSE; return TRUE; -#elif defined(WITH_MBEDTLS) && defined(MBEDTLS_ARC4_C) - - WINPR_ASSERT(ctx->mctx); - if (mbedtls_arc4_crypt(ctx->mctx, length, input, output) == 0) - return TRUE; - #endif return FALSE; } @@ -169,8 +154,6 @@ void winpr_RC4_Free(WINPR_RC4_CTX* ctx) winpr_int_rc4_free(ctx->ictx); #elif defined(WITH_OPENSSL) EVP_CIPHER_CTX_free(ctx->ctx); -#elif defined(WITH_MBEDTLS) && defined(MBEDTLS_ARC4_C) - mbedtls_arc4_free(ctx->mctx); #endif free(ctx); } @@ -465,110 +448,6 @@ mbedtls_cipher_type_t winpr_mbedtls_get_cipher_type(int cipher) type = MBEDTLS_CIPHER_AES_256_GCM; break; - case WINPR_CIPHER_CAMELLIA_128_ECB: - type = MBEDTLS_CIPHER_CAMELLIA_128_ECB; - break; - - case WINPR_CIPHER_CAMELLIA_192_ECB: - type = MBEDTLS_CIPHER_CAMELLIA_192_ECB; - break; - - case WINPR_CIPHER_CAMELLIA_256_ECB: - type = MBEDTLS_CIPHER_CAMELLIA_256_ECB; - break; - - case WINPR_CIPHER_CAMELLIA_128_CBC: - type = MBEDTLS_CIPHER_CAMELLIA_128_CBC; - break; - - case WINPR_CIPHER_CAMELLIA_192_CBC: - type = MBEDTLS_CIPHER_CAMELLIA_192_CBC; - break; - - case WINPR_CIPHER_CAMELLIA_256_CBC: - type = MBEDTLS_CIPHER_CAMELLIA_256_CBC; - break; - - case WINPR_CIPHER_CAMELLIA_128_CFB128: - type = MBEDTLS_CIPHER_CAMELLIA_128_CFB128; - break; - - case WINPR_CIPHER_CAMELLIA_192_CFB128: - type = MBEDTLS_CIPHER_CAMELLIA_192_CFB128; - break; - - case WINPR_CIPHER_CAMELLIA_256_CFB128: - type = MBEDTLS_CIPHER_CAMELLIA_256_CFB128; - break; - - case WINPR_CIPHER_CAMELLIA_128_CTR: - type = MBEDTLS_CIPHER_CAMELLIA_128_CTR; - break; - - case WINPR_CIPHER_CAMELLIA_192_CTR: - type = MBEDTLS_CIPHER_CAMELLIA_192_CTR; - break; - - case WINPR_CIPHER_CAMELLIA_256_CTR: - type = MBEDTLS_CIPHER_CAMELLIA_256_CTR; - break; - - case WINPR_CIPHER_CAMELLIA_128_GCM: - type = MBEDTLS_CIPHER_CAMELLIA_128_GCM; - break; - - case WINPR_CIPHER_CAMELLIA_192_GCM: - type = MBEDTLS_CIPHER_CAMELLIA_192_GCM; - break; - - case WINPR_CIPHER_CAMELLIA_256_GCM: - type = MBEDTLS_CIPHER_CAMELLIA_256_GCM; - break; - - case WINPR_CIPHER_DES_ECB: - type = MBEDTLS_CIPHER_DES_ECB; - break; - - case WINPR_CIPHER_DES_CBC: - type = MBEDTLS_CIPHER_DES_CBC; - break; - - case WINPR_CIPHER_DES_EDE_ECB: - type = MBEDTLS_CIPHER_DES_EDE_ECB; - break; - - case WINPR_CIPHER_DES_EDE_CBC: - type = MBEDTLS_CIPHER_DES_EDE_CBC; - break; - - case WINPR_CIPHER_DES_EDE3_ECB: - type = MBEDTLS_CIPHER_DES_EDE3_ECB; - break; - - case WINPR_CIPHER_DES_EDE3_CBC: - type = MBEDTLS_CIPHER_DES_EDE3_CBC; - break; - - case WINPR_CIPHER_BLOWFISH_ECB: - type = MBEDTLS_CIPHER_BLOWFISH_ECB; - break; - - case WINPR_CIPHER_BLOWFISH_CBC: - type = MBEDTLS_CIPHER_BLOWFISH_CBC; - break; - - case WINPR_CIPHER_BLOWFISH_CFB64: - type = MBEDTLS_CIPHER_BLOWFISH_CFB64; - break; - - case WINPR_CIPHER_BLOWFISH_CTR: - type = MBEDTLS_CIPHER_BLOWFISH_CTR; - break; - - case WINPR_CIPHER_ARC4_128: - type = MBEDTLS_CIPHER_ARC4_128; - break; - case WINPR_CIPHER_AES_128_CCM: type = MBEDTLS_CIPHER_AES_128_CCM; break; @@ -580,18 +459,6 @@ mbedtls_cipher_type_t winpr_mbedtls_get_cipher_type(int cipher) case WINPR_CIPHER_AES_256_CCM: type = MBEDTLS_CIPHER_AES_256_CCM; break; - - case WINPR_CIPHER_CAMELLIA_128_CCM: - type = MBEDTLS_CIPHER_CAMELLIA_128_CCM; - break; - - case WINPR_CIPHER_CAMELLIA_192_CCM: - type = MBEDTLS_CIPHER_CAMELLIA_192_CCM; - break; - - case WINPR_CIPHER_CAMELLIA_256_CCM: - type = MBEDTLS_CIPHER_CAMELLIA_256_CCM; - break; } return type; @@ -673,7 +540,7 @@ BOOL winpr_Cipher_SetPadding(WINPR_CIPHER_CTX* ctx, BOOL enabled) EVP_CIPHER_CTX_set_padding((EVP_CIPHER_CTX*)ctx, enabled); #elif defined(WITH_MBEDTLS) mbedtls_cipher_padding_t option = enabled ? MBEDTLS_PADDING_PKCS7 : MBEDTLS_PADDING_NONE; - if (mbedtls_cipher_set_padding_mode(ctx, option) != 0) + if (mbedtls_cipher_set_padding_mode((mbedtls_cipher_context_t*)ctx, option) != 0) return FALSE; #else return FALSE; @@ -774,8 +641,8 @@ int winpr_Cipher_BytesToKey(int cipher, WINPR_MD_TYPE md, const void* salt, cons md_info = mbedtls_md_info_from_type(md_type); cipher_type = winpr_mbedtls_get_cipher_type(cipher); cipher_info = mbedtls_cipher_info_from_type(cipher_type); - nkey = cipher_info->key_bitlen / 8; - niv = cipher_info->iv_size; + nkey = mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8; + niv = mbedtls_cipher_info_get_iv_size(cipher_info); if ((nkey > 64) || (niv > 64)) return 0; @@ -867,7 +734,7 @@ int winpr_Cipher_BytesToKey(int cipher, WINPR_MD_TYPE md, const void* salt, cons break; } - rv = cipher_info->key_bitlen / 8; + rv = mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8; err: mbedtls_md_free(&ctx); SecureZeroMemory(md_buf, 64); diff --git a/winpr/libwinpr/crypto/hash.c b/winpr/libwinpr/crypto/hash.c index d5b16e255..92d7eac04 100644 --- a/winpr/libwinpr/crypto/hash.c +++ b/winpr/libwinpr/crypto/hash.c @@ -34,10 +34,14 @@ #endif #ifdef WITH_MBEDTLS -#include +#ifdef MBEDTLS_MD5_C #include +#endif #include #include +#if MBEDTLS_VERSION_MAJOR < 3 +#define mbedtls_md_info_from_ctx(_ctx) (_ctx->md_info) +#endif #endif #if defined(WITH_INTERNAL_MD4) @@ -77,14 +81,6 @@ mbedtls_md_type_t winpr_mbedtls_get_md_type(int md) switch (md) { - case WINPR_MD_MD2: - type = MBEDTLS_MD_MD2; - break; - - case WINPR_MD_MD4: - type = MBEDTLS_MD_MD4; - break; - case WINPR_MD_MD5: type = MBEDTLS_MD_MD5; break; @@ -108,10 +104,6 @@ mbedtls_md_type_t winpr_mbedtls_get_md_type(int md) case WINPR_MD_SHA512: type = MBEDTLS_MD_SHA512; break; - - case WINPR_MD_RIPEMD160: - type = MBEDTLS_MD_RIPEMD160; - break; } return type; @@ -274,7 +266,7 @@ BOOL winpr_HMAC_Init(WINPR_HMAC_CTX* ctx, WINPR_MD_TYPE md, const void* key, siz if (!md_info || !hmac) return FALSE; - if (hmac->md_info != md_info) + if (mbedtls_md_info_from_ctx(hmac) != md_info) { mbedtls_md_free(hmac); /* can be called at any time after mbedtls_md_init */ @@ -514,7 +506,7 @@ static BOOL winpr_Digest_Init_Internal(WINPR_DIGEST_CTX* ctx, WINPR_MD_TYPE md) if (!md_info) return FALSE; - if (mdctx->md_info != md_info) + if (mbedtls_md_info_from_ctx(mdctx) != md_info) { mbedtls_md_free(mdctx); /* can be called at any time after mbedtls_md_init */ diff --git a/winpr/libwinpr/crypto/rand.c b/winpr/libwinpr/crypto/rand.c index 40bcae24b..41fe06f53 100644 --- a/winpr/libwinpr/crypto/rand.c +++ b/winpr/libwinpr/crypto/rand.c @@ -30,7 +30,9 @@ #ifdef WITH_MBEDTLS #include #include +#ifdef MBEDTLS_HAVEGE_C #include +#endif #include #endif @@ -41,7 +43,8 @@ int winpr_RAND(void* output, size_t len) return -1; if (RAND_bytes(output, (int)len) != 1) return -1; -#elif defined(WITH_MBEDTLS) && defined(MBEDTLS_HAVEGE_C) +#elif defined(WITH_MBEDTLS) +#if defined(MBEDTLS_HAVEGE_C) mbedtls_havege_state hs; mbedtls_havege_init(&hs); @@ -49,6 +52,27 @@ int winpr_RAND(void* output, size_t len) return -1; mbedtls_havege_free(&hs); +#else + int status; + mbedtls_entropy_context entropy; + mbedtls_hmac_drbg_context hmac_drbg; + const mbedtls_md_info_t* md_info; + + mbedtls_entropy_init(&entropy); + mbedtls_hmac_drbg_init(&hmac_drbg); + + md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); + if ((status = mbedtls_hmac_drbg_seed(&hmac_drbg, md_info, mbedtls_entropy_func, &entropy, NULL, + 0)) != 0) + return -1; + + status = mbedtls_hmac_drbg_random(&hmac_drbg, output, len); + mbedtls_hmac_drbg_free(&hmac_drbg); + mbedtls_entropy_free(&entropy); + + if (status != 0) + return -1; +#endif #endif return 0; }