Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Hotfix to porting library to arduino-esp32 v3 #90

Merged
merged 9 commits into from
Jul 12, 2024
Merged

Hotfix to porting library to arduino-esp32 v3 #90

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
b4bfc92
Replaced deprecated dependecy
GotRobbd Jul 11, 2024
a671fe9
Added placeholder due to compiler complainig about comparing pointer …
GotRobbd Jul 11, 2024
b90ba72
Replace mbedtls_x509_cert child var parameters due to mbedtls changes
GotRobbd Jul 11, 2024
2136422
Replace sslclient's variables name due to mbedtls changes
GotRobbd Jul 11, 2024
72e8159
Added placeholder parameters due to function's new requirements
GotRobbd Jul 11, 2024
cbc2f91
Added a RNG to replace missing parameters needed by function
GotRobbd Jul 11, 2024
2554f0a
Wrap additonal code inside macros to allow backwards compatibility
GotRobbd Jul 12, 2024
6c1d17e
Wrap missing additional code inside macros to ensure backwards compat…
GotRobbd Jul 12, 2024
c5fe790
Replaced macro due to certBundle.c not including Arduino by default
GotRobbd Jul 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/SSLClient.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ SSLClient::~SSLClient() {
*/
void SSLClient::stop() {
if (sslclient->client != nullptr) {
if (sslclient->client >= 0) {
if (sslclient->client >= (void*)0) {
log_d("Stopping ssl client");
stop_ssl_socket(sslclient, _CA_cert, _cert, _private_key);
} else {
Expand Down
14 changes: 13 additions & 1 deletion src/certBundle.c
View file
Open in desktop
RobertByrnes marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
Expand Up @@ -53,20 +53,32 @@ static int esp_crt_check_signature(mbedtls_x509_crt *child, const uint8_t *pub_k


// Fast check to avoid expensive computations when not necessary
#if (MBEDTLS_VERSION_MAJOR >= 3)
if (!mbedtls_pk_can_do(&parent.pk, child->private_sig_pk)) {
#else
if (!mbedtls_pk_can_do(&parent.pk, child->sig_pk)) {
#endif
log_e("Simple compare failed");
ret = -1;
goto cleanup;
}

#if (MBEDTLS_VERSION_MAJOR >= 3)
md_info = mbedtls_md_info_from_type(child->private_sig_md);
#else
md_info = mbedtls_md_info_from_type(child->sig_md);
#endif
if ( (ret = mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash )) != 0 ) {
log_e("Internal mbedTLS error %X", ret);
goto cleanup;
}

#if (MBEDTLS_VERSION_MAJOR >= 3)
if ((ret = mbedtls_pk_verify_ext(child->private_sig_pk, child->private_sig_opts, &parent.pk, child->private_sig_md, hash, mbedtls_md_get_size( md_info ),
child->private_sig.p, child->private_sig.len )) != 0 ) {
#else
if ((ret = mbedtls_pk_verify_ext(child->sig_pk, child->sig_opts, &parent.pk, child->sig_md, hash, mbedtls_md_get_size( md_info ),
child->sig.p, child->sig.len )) != 0 ) {
#endif
log_e("PK verify failed with error %X", ret);
goto cleanup;
}
Expand Down
17 changes: 15 additions & 2 deletions src/ssl__client.cpp
View file
Open in desktop
RobertByrnes marked this conversation as resolved.
Show resolved Hide resolved
RobertByrnes marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
Expand Up @@ -576,7 +576,14 @@ int auth_client_cert_key(sslclient__context *ssl_client, const char *cli_cert, c
}

log_v("Loading private key");
#if (MBEDTLS_VERSION_MAJOR >= 3)
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ctr_drbg_init(&ctr_drbg);
ret = mbedtls_pk_parse_key(&ssl_client->client_key, (const unsigned char *)cli_key, strlen(cli_key) + 1, NULL, 0, mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_ctr_drbg_free(&ctr_drbg);
#else
ret = mbedtls_pk_parse_key(&ssl_client->client_key, (const unsigned char *)cli_key, strlen(cli_key) + 1, NULL, 0);
#endif
if (ret != 0) { // PK or PEM non-zero error codes
mbedtls_x509_crt_free(&ssl_client->client_cert); // cert+key are free'd in pair
return ret;
Expand Down Expand Up @@ -814,15 +821,21 @@ void stop_ssl_socket(sslclient__context *ssl_client, const char *rootCABuff, con
log_d("Stopping SSL client. Current client pointer address: %p", (void *)ssl_client->client);
ssl_client->client->stop();
}

#if (MBEDTLS_VERSION_MAJOR >= 3)
if (ssl_client->ssl_conf.private_ca_chain != NULL) {
#else
if (ssl_client->ssl_conf.ca_chain != NULL) {
#endif
log_d("Freeing CA cert. Current ca_cert address: %p", (void *)&ssl_client->ca_cert);

// Free the memory associated with the CA certificate
mbedtls_x509_crt_free(&ssl_client->ca_cert);
}

#if (MBEDTLS_VERSION_MAJOR >= 3)
if (ssl_client->ssl_conf.private_key_cert != NULL) {
#else
if (ssl_client->ssl_conf.key_cert != NULL) {
#endif
log_d("Freeing client cert and client key. Current client_cert address: %p, client_key address: %p",
(void *)&ssl_client->client_cert, (void *)&ssl_client->client_key);

Expand Down
4 changes: 4 additions & 0 deletions src/ssl__client.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,11 @@
#include <mbedtls/platform.h>
#include <mbedtls/sha256.h>
#include <mbedtls/oid.h>
#if (MBEDTLS_VERSION_MAJOR >= 3)
#include <mbedtls/net_sockets.h>
#else
#include <mbedtls/net.h>
#endif
#include <mbedtls/debug.h>
#include <mbedtls/ssl.h>
#include <mbedtls/entropy.h>
Expand Down
Loading