diff options
| author | Joel Klinghed <the_jk@opera.com> | 2023-07-18 14:11:04 +0200 |
|---|---|---|
| committer | Joel Klinghed <the_jk@opera.com> | 2023-07-18 14:11:04 +0200 |
| commit | 2a8a19c674dd843828771c04f25e906e3c58f845 (patch) | |
| tree | 24cb36814d4ac7b4bde8e75253234270fc6ddff8 | |
| parent | 467db2e9086bdffb9adfcb2143684471c061f206 (diff) | |
Support mbedtls 3.x
| -rw-r--r-- | src/genca.cc | 2 | ||||
| -rw-r--r-- | src/mitm.cc | 5 | ||||
| -rw-r--r-- | src/monitor-gui.cc | 2 | ||||
| -rw-r--r-- | src/ssl.hh | 3 | ||||
| -rw-r--r-- | src/ssl_mbedtls.cc | 16 |
5 files changed, 16 insertions, 12 deletions
diff --git a/src/genca.cc b/src/genca.cc index ee0f580..9762321 100644 --- a/src/genca.cc +++ b/src/genca.cc @@ -20,7 +20,7 @@ bool genca(std::ostream& out, std::string const& name) { std::string key; if (!SSLKey::generate(logger.get(), entropy.get(), &key)) return false; std::string cert; - std::unique_ptr<SSLKey> pkey(SSLKey::load(logger.get(), key)); + std::unique_ptr<SSLKey> pkey(SSLKey::load(logger.get(), key, entropy.get())); if (!SSLCert::generate(logger.get(), entropy.get(), nullptr, nullptr, name, pkey.get(), &cert)) return false; out << cert << '\n' << key << std::endl; diff --git a/src/mitm.cc b/src/mitm.cc index f809afd..fb5c6c2 100644 --- a/src/mitm.cc +++ b/src/mitm.cc @@ -148,7 +148,7 @@ public: unsecure_ = config->get("ssl_unsecure", false); issuer_cert_.reset(SSLCert::load(logger_, ca_cert)); if (!issuer_cert_) return false; - issuer_key_.reset(SSLKey::load(logger_, ca_key)); + issuer_key_.reset(SSLKey::load(logger_, ca_key, entropy_.get())); if (!issuer_key_) return false; return true; } @@ -163,7 +163,8 @@ public: unsecure_ = config->get("ssl_unsecure", false); std::unique_ptr<SSLCert> issuer_cert(SSLCert::load(logger_, ca_cert)); if (!issuer_cert) return false; - std::unique_ptr<SSLKey> issuer_key(SSLKey::load(logger_, ca_key)); + std::unique_ptr<SSLKey> issuer_key( + SSLKey::load(logger_, ca_key, entropy_.get())); if (!issuer_key) return false; store_.swap(store); issuer_cert_.swap(issuer_cert); diff --git a/src/monitor-gui.cc b/src/monitor-gui.cc index b02f028..c4152b0 100644 --- a/src/monitor-gui.cc +++ b/src/monitor-gui.cc @@ -699,7 +699,7 @@ private: std::string key; if (!SSLKey::generate(logger, entropy.get(), &key)) return false; std::string cert; - std::unique_ptr<SSLKey> pkey(SSLKey::load(logger, key)); + std::unique_ptr<SSLKey> pkey(SSLKey::load(logger, key, entropy.get())); if (!SSLCert::generate(logger, entropy.get(), nullptr, nullptr, issuer, pkey.get(), &cert)) return false; std::ofstream of(output); @@ -34,7 +34,8 @@ class SSLKey { public: virtual ~SSLKey() {} static bool generate(Logger* logger, SSLEntropy* entropy, std::string* key); - static SSLKey* load(Logger* logger, std::string const& data); + static SSLKey* load(Logger* logger, std::string const& data, + SSLEntropy* entropy); protected: SSLKey() {} diff --git a/src/ssl_mbedtls.cc b/src/ssl_mbedtls.cc index a34067b..50c7975 100644 --- a/src/ssl_mbedtls.cc +++ b/src/ssl_mbedtls.cc @@ -4,7 +4,6 @@ #include <cstring> #include <mbedtls/asn1write.h> -#include <mbedtls/certs.h> #include <mbedtls/ctr_drbg.h> #include <mbedtls/entropy.h> #include <mbedtls/error.h> @@ -108,11 +107,13 @@ public: mbedtls_pk_free(&key_); } - bool load(Logger* logger, std::string const& data) { + bool load(Logger* logger, std::string const& data, SSLEntropy* entropy) { auto ret = mbedtls_pk_parse_key( &key_, reinterpret_cast<const unsigned char*>(data.c_str()), data.size() + 1, - nullptr, 0); + nullptr, 0, + mbedtls_ctr_drbg_random, + static_cast<SSLEntropyImpl*>(entropy)->random()); if (ret) { logerr(logger, ret, "Error parsing key"); return false; @@ -394,8 +395,8 @@ private: mbedtls_ssl_conf_min_version(&conf_, MBEDTLS_SSL_MAJOR_VERSION_3, - unsecure() ? MBEDTLS_SSL_MINOR_VERSION_0 : - MBEDTLS_SSL_MINOR_VERSION_1); + unsecure() ? MBEDTLS_SSL_MINOR_VERSION_3 : + MBEDTLS_SSL_MINOR_VERSION_4); return true; } }; @@ -482,9 +483,10 @@ SSLCertStore* SSLCertStore::create(Logger* logger, std::string const& path) { } // static -SSLKey* SSLKey::load(Logger* logger, std::string const& data) { +SSLKey* SSLKey::load(Logger* logger, std::string const& data, + SSLEntropy* entropy) { std::unique_ptr<SSLKeyImpl> key(new SSLKeyImpl()); - if (!key->load(logger, data)) return nullptr; + if (!key->load(logger, data, entropy)) return nullptr; return key.release(); } |