frodovdr
/
hyperion.ng
mirror of https://github.com/hyperion-project/hyperion.ng.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Support MBEDTLS 3 (#1374) 

* Support MBEDTLS 3

* mbedTLS 2 & 3 support (incl. System libs)

Co-authored-by: Markus <16664240+Paulchen-Panther@users.noreply.github.com>
This commit is contained in:
LordGrey 2021-11-18 20:58:56 +00:00 committed by GitHub
parent f156f52123
commit 7311c3e424
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 147 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
cmake/Findmbedtls.cmake
View File

@ -7,9 +7,16 @@ find_library(MBEDTLS_CRYPTO_LIBRARY mbedcrypto)
set(MBEDTLS_LIBRARIES ${MBEDTLS_SSL_LIBRARY} ${MBEDTLS_X509_LIBRARY} ${MBEDTLS_CRYPTO_LIBRARY}) set(MBEDTLS_LIBRARIES ${MBEDTLS_SSL_LIBRARY} ${MBEDTLS_X509_LIBRARY} ${MBEDTLS_CRYPTO_LIBRARY})
set(MBEDTLS_LIBRARIES ${MBEDTLS_LIBRARIES} PARENT_SCOPE) set(MBEDTLS_LIBRARIES ${MBEDTLS_LIBRARIES} PARENT_SCOPE)
if (MBEDTLS_INCLUDE_DIR AND EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h") if (MBEDTLS_INCLUDE_DIR)
file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h" _MBEDTLS_VERSION_STRING REGEX "^#[\t ]*define[\t ]+MBEDTLS_VERSION_STRING[\t ]+\"[0-9]+.[0-9]+.[0-9]+\"") if (EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/build_info.h")
string(REGEX REPLACE "^.*MBEDTLS_VERSION_STRING.*([0-9]+.[0-9]+.[0-9]+).*" "\\1" MBEDTLS_VERSION "${_MBEDTLS_VERSION_STRING}") file(STRINGS ${MBEDTLS_INCLUDE_DIR}/mbedtls/build_info.h _MBEDTLS_VERSION_LINE REGEX "^#define[ \t]+MBEDTLS_VERSION_STRING[\t ].*")
string(REGEX REPLACE ".*MBEDTLS_VERSION_STRING[\t ]+\"(.*)\"" "\\1" MBEDTLS_VERSION ${_MBEDTLS_VERSION_LINE})
set (MBEDTLS_VERSION ${MBEDTLS_VERSION} PARENT_SCOPE)
elseif(EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h")
file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h" _MBEDTLS_VERSION_STRING REGEX "^#[\t ]*define[\t ]+MBEDTLS_VERSION_STRING[\t ]+\"[0-9]+.[0-9]+.[0-9]+\"")
string(REGEX REPLACE "^.*MBEDTLS_VERSION_STRING.*([0-9]+.[0-9]+.[0-9]+).*" "\\1" MBEDTLS_VERSION "${_MBEDTLS_VERSION_STRING}")
set (MBEDTLS_VERSION ${MBEDTLS_VERSION} PARENT_SCOPE)
endif()
endif () endif ()
if (MBEDTLS_INCLUDE_DIR AND MBEDTLS_LIBRARIES AND MBEDTLS_VERSION) if (MBEDTLS_INCLUDE_DIR AND MBEDTLS_LIBRARIES AND MBEDTLS_VERSION)
@ -20,10 +27,11 @@ if (MBEDTLS_INCLUDE_DIR AND MBEDTLS_LIBRARIES AND MBEDTLS_VERSION)
REQUIRED_VARS REQUIRED_VARS
MBEDTLS_INCLUDE_DIR MBEDTLS_INCLUDE_DIR
MBEDTLS_LIBRARIES MBEDTLS_LIBRARIES
VERSION_VAR VERSION_VAR
MBEDTLS_VERSION MBEDTLS_VERSION
) )
mark_as_advanced (MBEDTLS_INCLUDE_DIR MBEDTLS_LIBRARIES MBEDTLS_SSL_LIBRARY MBEDTLS_X509_LIBRARY MBEDTLS_CRYPTO_LIBRARY) mark_as_advanced (MBEDTLS_INCLUDE_DIR MBEDTLS_LIBRARIES MBEDTLS_SSL_LIBRARY MBEDTLS_X509_LIBRARY MBEDTLS_CRYPTO_LIBRARY MBEDTLS_VERSION)
endif (MBEDTLS_INCLUDE_DIR AND MBEDTLS_LIBRARIES AND MBEDTLS_VERSION) endif (MBEDTLS_INCLUDE_DIR AND MBEDTLS_LIBRARIES AND MBEDTLS_VERSION)

2
dependencies/CMakeLists-mbedtls.txt.in vendored
View File

@ -14,7 +14,7 @@ include(ExternalProject)
ExternalProject_Add( ExternalProject_Add(
mbedtls mbedtls
GIT_REPOSITORY "https://github.com/ARMmbed/mbedtls.git" GIT_REPOSITORY "https://github.com/ARMmbed/mbedtls.git"
GIT_TAG "v2.27.0" # Latest 2.x Version GIT_TAG origin/master
BUILD_ALWAYS OFF BUILD_ALWAYS OFF
DOWNLOAD_DIR "${DOWNLOAD_DIR}" DOWNLOAD_DIR "${DOWNLOAD_DIR}"
SOURCE_DIR "${SOURCE_DIR}" SOURCE_DIR "${SOURCE_DIR}"

18
dependencies/CMakeLists.txt vendored
View File

@ -241,7 +241,7 @@ if (NOT USE_SYSTEM_MBEDTLS_LIBS)
FetchContent_Declare( FetchContent_Declare(
mbedtls mbedtls
GIT_REPOSITORY https://github.com/ARMmbed/mbedtls.git GIT_REPOSITORY https://github.com/ARMmbed/mbedtls.git
GIT_TAG "v2.27.0" # Latest 2.x Version GIT_TAG origin/master
BUILD_ALWAYS OFF BUILD_ALWAYS OFF
GIT_PROGRESS 1 GIT_PROGRESS 1
DOWNLOAD_DIR "${MBEDTLS_DOWNLOAD_DIR}" DOWNLOAD_DIR "${MBEDTLS_DOWNLOAD_DIR}"
@ -286,10 +286,18 @@ if (NOT USE_SYSTEM_MBEDTLS_LIBS)
set (MBEDTLS_INCLUDE_DIR "${MBEDTLS_SOURCE_DIR}/include") set (MBEDTLS_INCLUDE_DIR "${MBEDTLS_SOURCE_DIR}/include")
set (MBEDTLS_INCLUDE_DIR ${MBEDTLS_INCLUDE_DIR} PARENT_SCOPE) set (MBEDTLS_INCLUDE_DIR ${MBEDTLS_INCLUDE_DIR} PARENT_SCOPE)
if (MBEDTLS_INCLUDE_DIR AND EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h") if (MBEDTLS_INCLUDE_DIR)
file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h" _MBEDTLS_VERSION_STRING REGEX "^#[\t ]*define[\t ]+MBEDTLS_VERSION_STRING[\t ]+\"[0-9]+.[0-9]+.[0-9]+\"") if (EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/build_info.h")
string(REGEX REPLACE "^.*MBEDTLS_VERSION_STRING.*([0-9]+.[0-9]+.[0-9]+).*" "\\1" MBEDTLS_VERSION "${_MBEDTLS_VERSION_STRING}") file(STRINGS ${MBEDTLS_INCLUDE_DIR}/mbedtls/build_info.h _MBEDTLS_VERSION_LINE REGEX "^#define[ \t]+MBEDTLS_VERSION_STRING[\t ].*")
message(STATUS "Using static mbedtls libraries (build version \"${MBEDTLS_VERSION}\")") string(REGEX REPLACE ".*MBEDTLS_VERSION_STRING[\t ]+\"(.*)\"" "\\1" MBEDTLS_VERSION ${_MBEDTLS_VERSION_LINE})
set (MBEDTLS_VERSION ${MBEDTLS_VERSION} PARENT_SCOPE)
message(STATUS "Using static mbedtls libraries (build version \"${MBEDTLS_VERSION}\")")
elseif(EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h")
file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h" _MBEDTLS_VERSION_STRING REGEX "^#[\t ]*define[\t ]+MBEDTLS_VERSION_STRING[\t ]+\"[0-9]+.[0-9]+.[0-9]+\"")
string(REGEX REPLACE "^.*MBEDTLS_VERSION_STRING.*([0-9]+.[0-9]+.[0-9]+).*" "\\1" MBEDTLS_VERSION "${_MBEDTLS_VERSION_STRING}")
set (MBEDTLS_VERSION ${MBEDTLS_VERSION} PARENT_SCOPE)
message(STATUS "Using static mbedtls libraries (build version \"${MBEDTLS_VERSION}\")")
endif()
endif () endif ()
include_directories(${MBEDTLS_INCLUDE_DIR}) include_directories(${MBEDTLS_INCLUDE_DIR})

2
include/grabber/EncoderThread.h
View File

@ -135,7 +135,7 @@ public:
for (int i = 0; i < _threadCount; i++) for (int i = 0; i < _threadCount; i++)
{ {
_threads[i] = new Thread<EncoderThread>(new EncoderThread, this); _threads[i] = new Thread<EncoderThread>(new EncoderThread, this);
_threads[i]->setObjectName("Encoder " + i); _threads[i]->setObjectName("Encoder " + QString::number(i));
} }
} }

8
libsrc/leddevice/CMakeLists.txt Executable file → Normal file
View File

@ -70,6 +70,7 @@ SET( Leddevice_SOURCES
FILE ( WRITE "${CMAKE_BINARY_DIR}/LedDevice_headers.h" "#pragma once\n\n//this file is autogenerated, don't touch it\n\n" ) FILE ( WRITE "${CMAKE_BINARY_DIR}/LedDevice_headers.h" "#pragma once\n\n//this file is autogenerated, don't touch it\n\n" )
FILE ( WRITE "${CMAKE_BINARY_DIR}/LedDevice_register.cpp" "//this file is autogenerated, don't touch it\n\n" ) FILE ( WRITE "${CMAKE_BINARY_DIR}/LedDevice_register.cpp" "//this file is autogenerated, don't touch it\n\n" )
FOREACH( f ${Leddevice_SOURCES} ) FOREACH( f ${Leddevice_SOURCES} )
# MESSAGE (STATUS "Add led device: ${f}")
if ( "${f}" MATCHES "dev_.*/Led.evice.+h$" ) if ( "${f}" MATCHES "dev_.*/Led.evice.+h$" )
GET_FILENAME_COMPONENT(fname ${f} NAME) GET_FILENAME_COMPONENT(fname ${f} NAME)
FILE ( APPEND "${CMAKE_BINARY_DIR}/LedDevice_headers.h" "#include \"${fname}\"\n" ) FILE ( APPEND "${CMAKE_BINARY_DIR}/LedDevice_headers.h" "#include \"${fname}\"\n" )
@ -86,7 +87,7 @@ target_link_libraries(leddevice
hyperion-utils hyperion-utils
${CMAKE_THREAD_LIBS_INIT} ${CMAKE_THREAD_LIBS_INIT}
Qt${QT_VERSION_MAJOR}::Network Qt${QT_VERSION_MAJOR}::Network
Qt${QT_VERSION_MAJOR}::SerialPort Qt${QT_VERSION_MAJOR}::SerialPort
ssdp ssdp
) )
@ -117,3 +118,8 @@ if (NOT DEFAULT_USE_SYSTEM_MBEDTLS_LIBS)
target_include_directories(leddevice PRIVATE ${MBEDTLS_INCLUDE_DIR}) target_include_directories(leddevice PRIVATE ${MBEDTLS_INCLUDE_DIR})
endif (MBEDTLS_LIBRARIES) endif (MBEDTLS_LIBRARIES)
endif () endif ()
string(REGEX MATCH "[0-9]+|-([A-Za-z0-9_.]+)" MBEDTLS_MAJOR ${MBEDTLS_VERSION})
if (MBEDTLS_MAJOR EQUAL "3")
target_compile_definitions(leddevice PRIVATE USE_MBEDTLS3)
endif()

130
libsrc/leddevice/dev_net/ProviderUdpSSL.cpp
View File

@ -2,6 +2,7 @@
// STL includes // STL includes
#include <cstdio> #include <cstdio>
#include <exception> #include <exception>
#include <algorithm>
// Linux includes // Linux includes
#include <fcntl.h> #include <fcntl.h>
@ -11,7 +12,6 @@
// Local Hyperion includes // Local Hyperion includes
#include "ProviderUdpSSL.h" #include "ProviderUdpSSL.h"
#include <utils/QStringUtils.h>
const int MAX_RETRY = 5; const int MAX_RETRY = 5;
const ushort MAX_PORT_SSL = 65535; const ushort MAX_PORT_SSL = 65535;
@ -22,6 +22,7 @@ ProviderUdpSSL::ProviderUdpSSL(const QJsonObject &deviceConfig)
, entropy() , entropy()
, ssl() , ssl()
, conf() , conf()
, cacert()
, ctr_drbg() , ctr_drbg()
, timer() , timer()
, _transport_type("DTLS") , _transport_type("DTLS")
@ -246,34 +247,32 @@ bool ProviderUdpSSL::initConnection()
bool ProviderUdpSSL::seedingRNG() bool ProviderUdpSSL::seedingRNG()
{ {
sslLog("Seeding the random number generator..."); sslLog( "Seeding the random number generator..." );
mbedtls_entropy_init(&entropy); mbedtls_entropy_init(&entropy);
sslLog("Set mbedtls_ctr_drbg_seed..."); sslLog( "Set mbedtls_ctr_drbg_seed..." );
QByteArray customDataArray = _custom.toLocal8Bit(); QByteArray customDataArray = _custom.toLocal8Bit();
const char* customData = customDataArray.constData(); const char* customData = customDataArray.constData();
int ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, int ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
&entropy, reinterpret_cast<const unsigned char*>(customData), &entropy, reinterpret_cast<const unsigned char*>(customData),
std::min(strlen(customData), (size_t)MBEDTLS_CTR_DRBG_MAX_SEED_INPUT)); std::min(strlen(customData), (size_t)MBEDTLS_CTR_DRBG_MAX_SEED_INPUT));
if (ret != 0) if (ret != 0)
{ {
sslLog(QString("mbedtls_ctr_drbg_seed FAILED %1").arg(errorMsg(ret)), "error"); sslLog( QString("mbedtls_ctr_drbg_seed FAILED %1").arg( errorMsg( ret ) ), "error" );
return false; return false;
} }
sslLog("Seeding the random number generator...ok"); sslLog( "Seeding the random number generator...ok" );
return true; return true;
} }
bool ProviderUdpSSL::setupStructure() bool ProviderUdpSSL::setupStructure()
{ {
int ret = 0;
sslLog( QString( "Setting up the %1 structure").arg( _transport_type ) ); sslLog( QString( "Setting up the %1 structure").arg( _transport_type ) );
//TLS MBEDTLS_SSL_TRANSPORT_STREAM //TLS MBEDTLS_SSL_TRANSPORT_STREAM
@ -281,7 +280,9 @@ bool ProviderUdpSSL::setupStructure()
int transport = ( _transport_type == "DTLS" ) ? MBEDTLS_SSL_TRANSPORT_DATAGRAM : MBEDTLS_SSL_TRANSPORT_STREAM; int transport = ( _transport_type == "DTLS" ) ? MBEDTLS_SSL_TRANSPORT_DATAGRAM : MBEDTLS_SSL_TRANSPORT_STREAM;
if ((ret = mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, transport, MBEDTLS_SSL_PRESET_DEFAULT)) != 0) int ret = mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, transport, MBEDTLS_SSL_PRESET_DEFAULT);
if (ret != 0)
{ {
sslLog( QString("mbedtls_ssl_config_defaults FAILED %1").arg( errorMsg( ret ) ), "error" ); sslLog( QString("mbedtls_ssl_config_defaults FAILED %1").arg( errorMsg( ret ) ), "error" );
return false; return false;
@ -291,12 +292,11 @@ bool ProviderUdpSSL::setupStructure()
if( _debugStreamer ) if( _debugStreamer )
{ {
int s = ( sizeof( ciphersuites ) ) / sizeof( int );
QString cipher_values; QString cipher_values;
for(int i=0; i<s; i++) for(int i=0; ciphersuites != nullptr && ciphersuites[i] != 0; i++)
{ {
if(i > 0) cipher_values.append(", "); if (i > 0)
cipher_values.append(", ");
cipher_values.append(QString::number(ciphersuites[i])); cipher_values.append(QString::number(ciphersuites[i]));
} }
@ -304,8 +304,6 @@ bool ProviderUdpSSL::setupStructure()
} }
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED); mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED);
//mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
//mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE);
mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
mbedtls_ssl_conf_ciphersuites(&conf, ciphersuites); mbedtls_ssl_conf_ciphersuites(&conf, ciphersuites);
@ -343,15 +341,15 @@ bool ProviderUdpSSL::startUPDConnection()
{ {
sslLog( "init SSL Network -> startUPDConnection" ); sslLog( "init SSL Network -> startUPDConnection" );
int ret = 0;
mbedtls_ssl_session_reset(&ssl); mbedtls_ssl_session_reset(&ssl);
if(!setupPSK()) return false; if(!setupPSK()) return false;
sslLog( QString("Connecting to udp %1:%2").arg( _address.toString() ).arg( _ssl_port ) ); sslLog( QString("Connecting to udp %1:%2").arg( _address.toString() ).arg( _ssl_port ) );
if ((ret = mbedtls_net_connect( &client_fd, _address.toString().toUtf8(), std::to_string(_ssl_port).c_str(), MBEDTLS_NET_PROTO_UDP)) != 0) int ret = mbedtls_net_connect(&client_fd, _address.toString().toUtf8(), std::to_string(_ssl_port).c_str(), MBEDTLS_NET_PROTO_UDP);
if (ret != 0)
{ {
sslLog( QString("mbedtls_net_connect FAILED %1").arg( errorMsg( ret ) ), "error" ); sslLog( QString("mbedtls_net_connect FAILED %1").arg( errorMsg( ret ) ), "error" );
return false; return false;
@ -367,15 +365,19 @@ bool ProviderUdpSSL::startUPDConnection()
bool ProviderUdpSSL::setupPSK() bool ProviderUdpSSL::setupPSK()
{ {
int ret;
QByteArray pskArray = _psk.toUtf8(); QByteArray pskArray = _psk.toUtf8();
QByteArray pskRawArray = QByteArray::fromHex(pskArray); QByteArray pskRawArray = QByteArray::fromHex(pskArray);
QByteArray pskIdArray = _psk_identity.toUtf8(); QByteArray pskIdArray = _psk_identity.toUtf8();
QByteArray pskIdRawArray = pskIdArray; QByteArray pskIdRawArray = pskIdArray;
if (0 != (ret = mbedtls_ssl_conf_psk( &conf, ( const unsigned char* ) pskRawArray.data(), pskRawArray.length() * sizeof(char), reinterpret_cast<const unsigned char *> ( pskIdRawArray.data() ), pskIdRawArray.length() * sizeof(char) ) ) ) int ret = mbedtls_ssl_conf_psk( &conf,
reinterpret_cast<const unsigned char*> (pskRawArray.constData()),
pskRawArray.length() * sizeof(char),
reinterpret_cast<const unsigned char*> (pskIdRawArray.constData()),
pskIdRawArray.length() * sizeof(char));
if (ret != 0)
{ {
sslLog( QString("mbedtls_ssl_conf_psk FAILED %1").arg( errorMsg( ret ) ), "error" ); sslLog( QString("mbedtls_ssl_conf_psk FAILED %1").arg( errorMsg( ret ) ), "error" );
return false; return false;
@ -460,9 +462,12 @@ void ProviderUdpSSL::freeSSLConnection()
} }
} }
void ProviderUdpSSL::writeBytes(unsigned size, const unsigned char * data) void ProviderUdpSSL::writeBytes(unsigned int size, const uint8_t* data)
{ {
if( _stopConnection ) return; if ( _stopConnection )
{
return;
}
QMutexLocker locker(&_hueMutex); QMutexLocker locker(&_hueMutex);
@ -526,6 +531,46 @@ QString ProviderUdpSSL::errorMsg(int ret) {
#else #else
switch (ret) switch (ret)
{ {
#if defined(MBEDTLS_ERR_SSL_DECODE_ERROR)
case MBEDTLS_ERR_SSL_DECODE_ERROR:
msg = "The requested feature is not available. - MBEDTLS_ERR_SSL_DECODE_ERROR -0x7300";
break;
#endif
#if defined(MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER)
case MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER:
msg = "The requested feature is not available. - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER -0x6600";
break;
#endif
#if defined(MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE)
case MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:
msg = "The requested feature is not available. - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE -0x6E00";
break;
#endif
#if defined(MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION)
case MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION:
msg = "The requested feature is not available. - MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION -0x6E80";
break;
#endif
#if defined(MBEDTLS_ERR_SSL_BAD_CERTIFICATE)
case MBEDTLS_ERR_SSL_BAD_CERTIFICATE:
msg = "The requested feature is not available. - MBEDTLS_ERR_SSL_BAD_CERTIFICATE -0x7A00";
break;
#endif
#if defined(MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME)
case MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME:
msg = "The requested feature is not available. - MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME -0x7800";
break;
#endif
#if defined(MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION)
case MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION:
msg = "The requested feature is not available. - MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION -0x7500";
break;
#endif
#if defined(MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL)
case MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL:
msg = "The requested feature is not available. - MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL -0x7580";
break;
#endif
#if defined(MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE) #if defined(MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE)
case MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE: case MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE:
msg = "The requested feature is not available. - MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080"; msg = "The requested feature is not available. - MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080";
@ -822,3 +867,40 @@ void ProviderUdpSSL::closeSSLNotify()
sslLog( "SSL Connection successful closed" ); sslLog( "SSL Connection successful closed" );
} }
void ProviderUdpSSL::ProviderUdpSSLDebug(void* ctx, int level, const char* file, int line, const char* str)
{
const char* p, * basename;
(void)ctx;
/* Extract basename from file */
for (p = basename = file; *p != '\0'; p++)
{
if (*p == '/' || *p == '\\')
{
basename = p + 1;
}
}
mbedtls_printf("%s:%04d: |%d| %s", basename, line, level, str);
}
int ProviderUdpSSL::ProviderUdpSSLVerify(void* data, mbedtls_x509_crt* crt, int depth, uint32_t* flags)
{
const uint32_t buf_size = 1024;
char* buf = new char[buf_size];
(void)data;
mbedtls_printf("\nVerifying certificate at depth %d:\n", depth);
mbedtls_x509_crt_info(buf, buf_size - 1, " ", crt);
mbedtls_printf("%s", buf);
if (*flags == 0)
mbedtls_printf("No verification issue for this certificate\n");
else
{
mbedtls_x509_crt_verify_info(buf, buf_size, " ! ", *flags);
mbedtls_printf("%s\n", buf);
}
delete[] buf;
return 0;
}

45
libsrc/leddevice/dev_net/ProviderUdpSSL.h
View File

@ -11,12 +11,15 @@
#include <QThread> #include <QThread>
//----------- mbedtls //----------- mbedtls
#if defined(USE_MBEDTLS3)
#include <mbedtls/build_info.h>
#else
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include <mbedtls/config.h> #include <mbedtls/config.h>
#else #else
#include MBEDTLS_CONFIG_FILE #include MBEDTLS_CONFIG_FILE
#endif #endif
#endif
#if defined(MBEDTLS_PLATFORM_C) #if defined(MBEDTLS_PLATFORM_C)
#include <mbedtls/platform.h> #include <mbedtls/platform.h>
@ -106,7 +109,7 @@ protected:
/// @param[in] size The length of the data /// @param[in] size The length of the data
/// @param[in] data The data /// @param[in] data The data
/// ///
void writeBytes(unsigned size, const uint8_t *data); void writeBytes(unsigned int size, const uint8_t *data);
/// ///
/// get ciphersuites list from mbedtls_ssl_list_ciphersuites /// get ciphersuites list from mbedtls_ssl_list_ciphersuites
@ -123,46 +126,13 @@ protected:
* Debug callback for mbed TLS * Debug callback for mbed TLS
* Just prints on the USB serial port * Just prints on the USB serial port
*/ */
static void ProviderUdpSSLDebug(void *ctx, int level, const char *file, int line, const char *str) static void ProviderUdpSSLDebug(void* ctx, int level, const char* file, int line, const char* str);
{
const char *p, *basename;
(void) ctx;
/* Extract basename from file */
for(p = basename = file; *p != '\0'; p++)
{
if(*p == '/' || *p == '\\')
{
basename = p + 1;
}
}
mbedtls_printf("%s:%04d: |%d| %s", basename, line, level, str);
}
/** /**
* Certificate verification callback for mbed TLS * Certificate verification callback for mbed TLS
* Here we only use it to display information on each cert in the chain * Here we only use it to display information on each cert in the chain
*/ */
static int ProviderUdpSSLVerify(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags) static int ProviderUdpSSLVerify(void* data, mbedtls_x509_crt* crt, int depth, uint32_t* flags);
{
const uint32_t buf_size = 1024;
char *buf = new char[buf_size];
(void) data;
mbedtls_printf("\nVerifying certificate at depth %d:\n", depth);
mbedtls_x509_crt_info(buf, buf_size - 1, " ", crt);
mbedtls_printf("%s", buf);
if (*flags == 0)
mbedtls_printf("No verification issue for this certificate\n");
else
{
mbedtls_x509_crt_verify_info(buf, buf_size, " ! ", *flags);
mbedtls_printf("%s\n", buf);
}
delete[] buf;
return 0;
}
/// ///
/// closeSSLNotify and freeSSLConnection /// closeSSLNotify and freeSSLConnection
@ -171,7 +141,6 @@ protected:
private: private:
bool buildConnection();
bool initConnection(); bool initConnection();
bool seedingRNG(); bool seedingRNG();
bool setupStructure(); bool setupStructure();