diff --git a/m4/mbedtls.m4 b/m4/mbedtls.m4 index 2c478b96..a795790c 100644 --- a/m4/mbedtls.m4 +++ b/m4/mbedtls.m4 @@ -31,7 +31,12 @@ AC_DEFUN([ss_MBEDTLS], AC_COMPILE_IFELSE( [AC_LANG_PROGRAM( [[ +#include +#if MBEDTLS_VERSION_NUMBER >= 0x03000000 +#include +#else #include +#endif ]], [[ #ifndef MBEDTLS_CIPHER_MODE_CFB @@ -48,7 +53,12 @@ AC_DEFUN([ss_MBEDTLS], AC_COMPILE_IFELSE( [AC_LANG_PROGRAM( [[ +#include +#if MBEDTLS_VERSION_NUMBER >= 0x03000000 +#include +#else #include +#endif ]], [[ #ifndef MBEDTLS_ARC4_C @@ -64,7 +74,12 @@ AC_DEFUN([ss_MBEDTLS], AC_COMPILE_IFELSE( [AC_LANG_PROGRAM( [[ +#include +#if MBEDTLS_VERSION_NUMBER >= 0x03000000 +#include +#else #include +#endif ]], [[ #ifndef MBEDTLS_BLOWFISH_C @@ -80,7 +95,12 @@ AC_DEFUN([ss_MBEDTLS], AC_COMPILE_IFELSE( [AC_LANG_PROGRAM( [[ +#include +#if MBEDTLS_VERSION_NUMBER >= 0x03000000 +#include +#else #include +#endif ]], [[ #ifndef MBEDTLS_CAMELLIA_C diff --git a/src/aead.c b/src/aead.c index 358ec938..3388a546 100644 --- a/src/aead.c +++ b/src/aead.c @@ -178,9 +178,14 @@ aead_cipher_encrypt(cipher_ctx_t *cipher_ctx, case AES192GCM: case AES128GCM: +#if MBEDTLS_VERSION_NUMBER < 0x03000000 err = mbedtls_cipher_auth_encrypt(cipher_ctx->evp, n, nlen, ad, adlen, m, mlen, c, clen, c + mlen, tlen); *clen += tlen; +#else + err = mbedtls_cipher_auth_encrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen, + m, mlen, c, mlen + tlen, clen, tlen); +#endif break; case CHACHA20POLY1305IETF: err = crypto_aead_chacha20poly1305_ietf_encrypt(c, &long_clen, m, mlen, @@ -226,8 +231,13 @@ aead_cipher_decrypt(cipher_ctx_t *cipher_ctx, // Otherwise, just use the mbedTLS one with crappy AES-NI. case AES192GCM: case AES128GCM: +#if MBEDTLS_VERSION_NUMBER < 0x03000000 err = mbedtls_cipher_auth_decrypt(cipher_ctx->evp, n, nlen, ad, adlen, m, mlen - tlen, p, plen, m + mlen - tlen, tlen); +#else + err = mbedtls_cipher_auth_decrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen, + m, mlen, p, mlen - tlen, plen, tlen); +#endif break; case CHACHA20POLY1305IETF: err = crypto_aead_chacha20poly1305_ietf_decrypt(p, &long_plen, NULL, m, mlen, @@ -724,9 +734,26 @@ aead_key_init(int method, const char *pass, const char *key) if (method >= CHACHA20POLY1305IETF) { cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t)); cipher->info = cipher_info; +#if MBEDTLS_VERSION_NUMBER < 0x03000000 cipher->info->base = NULL; cipher->info->key_bitlen = supported_aead_ciphers_key_size[method] * 8; cipher->info->iv_size = supported_aead_ciphers_nonce_size[method]; +#else + cipher->info->private_base_idx = 0; + +#ifdef MBEDTLS_KEY_BITLEN_SHIFT + cipher->info->private_key_bitlen = supported_aead_ciphers_key_size[method] * 8 >> MBEDTLS_KEY_BITLEN_SHIFT; +#else + cipher->info->private_key_bitlen = supported_aead_ciphers_key_size[method] * 8; +#endif + +#ifdef MBEDTLS_IV_SIZE_SHIFT + cipher->info->private_iv_size = supported_aead_ciphers_nonce_size[method] >> MBEDTLS_IV_SIZE_SHIFT; +#else + cipher->info->private_iv_size = supported_aead_ciphers_nonce_size[method]; +#endif + +#endif } else { cipher->info = (cipher_kt_t *)aead_get_cipher_type(method); } diff --git a/src/crypto.c b/src/crypto.c index b44d8674..76c426b5 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -103,7 +103,7 @@ crypto_md5(const unsigned char *d, size_t n, unsigned char *md) if (md == NULL) { md = m; } -#if MBEDTLS_VERSION_NUMBER >= 0x02070000 +#if MBEDTLS_VERSION_NUMBER < 0x03000000 && MBEDTLS_VERSION_NUMBER >= 0x02070000 if (mbedtls_md5_ret(d, n, md) != 0) FATAL("Failed to calculate MD5"); #else diff --git a/src/stream.c b/src/stream.c index 35d9050b..4bb95981 100644 --- a/src/stream.c +++ b/src/stream.c @@ -174,7 +174,11 @@ cipher_nonce_size(const cipher_t *cipher) if (cipher == NULL) { return 0; } +#if MBEDTLS_VERSION_NUMBER < 0x03000000 return cipher->info->iv_size; +#else + return (int)mbedtls_cipher_info_get_iv_size(cipher->info); +#endif } int @@ -192,7 +196,11 @@ cipher_key_size(const cipher_t *cipher) return 0; } /* From Version 1.2.7 released 2013-04-13 Default Blowfish keysize is now 128-bits */ +#if MBEDTLS_VERSION_NUMBER < 0x03000000 return cipher->info->key_bitlen / 8; +#else + return (int)mbedtls_cipher_info_get_key_bitlen(cipher->info) / 8; +#endif } const cipher_kt_t * @@ -645,9 +653,26 @@ stream_key_init(int method, const char *pass, const char *key) if (method == SALSA20 || method == CHACHA20 || method == CHACHA20IETF) { cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t)); cipher->info = cipher_info; +#if MBEDTLS_VERSION_NUMBER < 0x03000000 cipher->info->base = NULL; cipher->info->key_bitlen = supported_stream_ciphers_key_size[method] * 8; cipher->info->iv_size = supported_stream_ciphers_nonce_size[method]; +#else + cipher->info->private_base_idx = 0; + +#ifdef MBEDTLS_KEY_BITLEN_SHIFT + cipher->info->private_key_bitlen = supported_stream_ciphers_key_size[method] * 8 >> MBEDTLS_KEY_BITLEN_SHIFT; +#else + cipher->info->private_key_bitlen = supported_stream_ciphers_key_size[method] * 8; +#endif + +#ifdef MBEDTLS_IV_SIZE_SHIFT + cipher->info->private_iv_size = supported_stream_ciphers_nonce_size[method] >> MBEDTLS_IV_SIZE_SHIFT; +#else + cipher->info->private_iv_size = supported_stream_ciphers_nonce_size[method]; +#endif + +#endif } else { cipher->info = (cipher_kt_t *)stream_get_cipher_type(method); }