From f7edcfcb2a608161dd8e6c8063a4bfb99a4df0e2 Mon Sep 17 00:00:00 2001 From: Mike Gelfand Date: Thu, 29 Dec 2022 14:38:04 -0800 Subject: [PATCH] Drop obsolete CyaSSL and PolarSSL crypto backends (#4495) * Drop support for CyaSSL (keep WolfSSL) * Drop support for PolarSSL (keep MbedTLS) --- CMakeLists.txt | 38 +++---- cmake/FindCyaSSL.cmake | 62 ----------- cmake/FindMbedTLS.cmake | 46 ++++++++ cmake/FindPolarSSL.cmake | 67 ----------- cmake/FindWolfSSL.cmake | 45 ++++++++ libtransmission/CMakeLists.txt | 14 +-- ...ls-polarssl.cc => crypto-utils-mbedtls.cc} | 105 ++++++------------ ...tils-cyassl.cc => crypto-utils-wolfssl.cc} | 67 ++++------- 8 files changed, 171 insertions(+), 273 deletions(-) delete mode 100644 cmake/FindCyaSSL.cmake create mode 100644 cmake/FindMbedTLS.cmake delete mode 100644 cmake/FindPolarSSL.cmake create mode 100644 cmake/FindWolfSSL.cmake rename libtransmission/{crypto-utils-polarssl.cc => crypto-utils-mbedtls.cc} (57%) rename libtransmission/{crypto-utils-cyassl.cc => crypto-utils-wolfssl.cc} (58%) diff --git a/CMakeLists.txt b/CMakeLists.txt index df0fe4db9..20a1b6f6d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -29,14 +29,14 @@ include(GNUInstallDirs) include(TrMacros) set(CURL_MINIMUM 7.28.0) -set(CYASSL_MINIMUM 3.0) +set(WOLFSSL_MINIMUM 3.4) set(DEFLATE_MINIMUM 1.10) set(EVENT2_MINIMUM 2.1.0) set(GIOMM_MINIMUM 2.26.0) set(GLIBMM_MINIMUM 2.60.0) set(GTKMM_MINIMUM 3.24.0) set(OPENSSL_MINIMUM 0.9.7) -set(POLARSSL_MINIMUM 1.3) +set(MBEDTLS_MINIMUM 1.3) set(PSL_MINIMUM 0.21.1) set(QT_MINIMUM 5.6) @@ -65,7 +65,7 @@ tr_auto_option(USE_SYSTEM_B64 "Use system b64 library" AUTO) tr_auto_option(USE_SYSTEM_PSL "Use system psl library" AUTO) tr_list_option(USE_GTK_VERSION "Use specific GTK version" AUTO 3 4) tr_list_option(USE_QT_VERSION "Use specific Qt version" AUTO 5 6) -tr_list_option(WITH_CRYPTO "Use specified crypto library" AUTO ccrypto cyassl mbedtls openssl polarssl wolfssl) +tr_list_option(WITH_CRYPTO "Use specified crypto library" AUTO ccrypto mbedtls openssl wolfssl) tr_auto_option(WITH_INOTIFY "Enable inotify support (on systems that support it)" AUTO) tr_auto_option(WITH_KQUEUE "Enable kqueue support (on systems that support it)" AUTO) tr_auto_option(WITH_APPINDICATOR "Use appindicator for system tray icon in GTK client (GTK+ 3 only)" AUTO) @@ -240,24 +240,24 @@ if(WITH_CRYPTO STREQUAL "AUTO" OR WITH_CRYPTO STREQUAL "openssl") set(CRYPTO_LIBRARIES ${OPENSSL_LIBRARIES}) endif() endif() -if(WITH_CRYPTO STREQUAL "AUTO" OR WITH_CRYPTO STREQUAL "cyassl" OR WITH_CRYPTO STREQUAL "wolfssl") - tr_get_required_flag(WITH_CRYPTO CYASSL_IS_REQUIRED) - find_package(CyaSSL ${CYASSL_MINIMUM} ${CYASSL_IS_REQUIRED}) - tr_fixup_list_option(WITH_CRYPTO "cyassl" CYASSL_FOUND "AUTO" CYASSL_IS_REQUIRED) - if(WITH_CRYPTO STREQUAL "cyassl") - set(CRYPTO_PKG "cyassl") - set(CRYPTO_INCLUDE_DIRS ${CYASSL_INCLUDE_DIRS}) - set(CRYPTO_LIBRARIES ${CYASSL_LIBRARIES}) +if(WITH_CRYPTO STREQUAL "AUTO" OR WITH_CRYPTO STREQUAL "wolfssl") + tr_get_required_flag(WITH_CRYPTO WOLFSSL_IS_REQUIRED) + find_package(WolfSSL ${WOLFSSL_MINIMUM} ${WOLFSSL_IS_REQUIRED}) + tr_fixup_list_option(WITH_CRYPTO "wolfssl" WOLFSSL_FOUND "AUTO" WOLFSSL_IS_REQUIRED) + if(WITH_CRYPTO STREQUAL "wolfssl") + set(CRYPTO_PKG "wolfssl") + set(CRYPTO_INCLUDE_DIRS ${WOLFSSL_INCLUDE_DIRS}) + set(CRYPTO_LIBRARIES ${WOLFSSL_LIBRARIES}) endif() endif() -if(WITH_CRYPTO STREQUAL "AUTO" OR WITH_CRYPTO STREQUAL "polarssl" OR WITH_CRYPTO STREQUAL "mbedtls") - tr_get_required_flag(WITH_CRYPTO POLARSSL_IS_REQUIRED) - find_package(PolarSSL ${POLARSSL_MINIMUM} ${POLARSSL_IS_REQUIRED}) - tr_fixup_list_option(WITH_CRYPTO "polarssl" POLARSSL_FOUND "AUTO" POLARSSL_IS_REQUIRED) - if(WITH_CRYPTO STREQUAL "polarssl") - set(CRYPTO_PKG "polarssl") - set(CRYPTO_INCLUDE_DIRS ${POLARSSL_INCLUDE_DIRS}) - set(CRYPTO_LIBRARIES ${POLARSSL_LIBRARIES}) +if(WITH_CRYPTO STREQUAL "AUTO" OR WITH_CRYPTO STREQUAL "mbedtls") + tr_get_required_flag(WITH_CRYPTO MBEDTLS_IS_REQUIRED) + find_package(MbedTLS ${MBEDTLS_MINIMUM} ${MBEDTLS_IS_REQUIRED}) + tr_fixup_list_option(WITH_CRYPTO "mbedtls" MBEDTLS_FOUND "AUTO" MBEDTLS_IS_REQUIRED) + if(WITH_CRYPTO STREQUAL "mbedtls") + set(CRYPTO_PKG "mbedtls") + set(CRYPTO_INCLUDE_DIRS ${MBEDTLS_INCLUDE_DIRS}) + set(CRYPTO_LIBRARIES ${MBEDTLS_LIBRARIES}) endif() endif() # We should have found the library by now diff --git a/cmake/FindCyaSSL.cmake b/cmake/FindCyaSSL.cmake deleted file mode 100644 index 1f301aa52..000000000 --- a/cmake/FindCyaSSL.cmake +++ /dev/null @@ -1,62 +0,0 @@ -if(CYASSL_PREFER_STATIC_LIB) - set(CYASSL_ORIG_CMAKE_FIND_LIBRARY_SUFFIXES ${CMAKE_FIND_LIBRARY_SUFFIXES}) - if(WIN32) - set(CMAKE_FIND_LIBRARY_SUFFIXES .a .lib ${CMAKE_FIND_LIBRARY_SUFFIXES}) - else() - set(CMAKE_FIND_LIBRARY_SUFFIXES .a ${CMAKE_FIND_LIBRARY_SUFFIXES}) - endif() -endif() - -if(UNIX) - find_package(PkgConfig QUIET) - pkg_check_modules(_WOLFSSL QUIET wolfssl) -endif() - -find_path(WOLFSSL_INCLUDE_DIR NAMES wolfssl/version.h HINTS ${_WOLFSSL_INCLUDEDIR}) -find_library(WOLFSSL_LIBRARY NAMES wolfssl HINTS ${_WOLFSSL_LIBDIR}) -if(WOLFSSL_INCLUDE_DIR AND WOLFSSL_LIBRARY) - set(CYASSL_INCLUDE_DIR ${WOLFSSL_INCLUDE_DIR}) - set(CYASSL_LIBRARY ${WOLFSSL_LIBRARY}) - set(CYASSL_VERSION ${_WOLFSSL_VERSION}) - set(CYASSL_IS_WOLFSSL ON) -else() - if(UNIX) - pkg_check_modules(_CYASSL QUIET cyassl) - endif() - - find_path(CYASSL_INCLUDE_DIR NAMES cyassl/version.h HINTS ${_CYASSL_INCLUDEDIR}) - find_library(CYASSL_LIBRARY NAMES cyassl HINTS ${_CYASSL_LIBDIR}) - set(CYASSL_VERSION ${_CYASSL_VERSION}) - set(CYASSL_IS_WOLFSSL OFF) -endif() - -if(NOT CYASSL_VERSION AND CYASSL_INCLUDE_DIR) - if(CYASSL_IS_WOLFSSL) - file(STRINGS "${CYASSL_INCLUDE_DIR}/wolfssl/version.h" CYASSL_VERSION_STR REGEX "^#define[\t ]+LIBWOLFSSL_VERSION_STRING[\t ]+\"[^\"]+\"") - else() - file(STRINGS "${CYASSL_INCLUDE_DIR}/cyassl/version.h" CYASSL_VERSION_STR REGEX "^#define[\t ]+LIBCYASSL_VERSION_STRING[\t ]+\"[^\"]+\"") - endif() - if(CYASSL_VERSION_STR MATCHES "\"([^\"]+)\"") - set(CYASSL_VERSION "${CMAKE_MATCH_1}") - endif() -endif() - -set(CYASSL_INCLUDE_DIRS ${CYASSL_INCLUDE_DIR}) -set(CYASSL_LIBRARIES ${CYASSL_LIBRARY}) - -include(FindPackageHandleStandardArgs) - -find_package_handle_standard_args(CyaSSL - REQUIRED_VARS - CYASSL_LIBRARY - CYASSL_INCLUDE_DIR - VERSION_VAR - CYASSL_VERSION -) - -mark_as_advanced(WOLFSSL_INCLUDE_DIR WOLFSSL_LIBRARY CYASSL_INCLUDE_DIR CYASSL_LIBRARY) - -if(CYASSL_PREFER_STATIC_LIB) - set(CMAKE_FIND_LIBRARY_SUFFIXES ${CYASSL_ORIG_CMAKE_FIND_LIBRARY_SUFFIXES}) - unset(CYASSL_ORIG_CMAKE_FIND_LIBRARY_SUFFIXES) -endif() diff --git a/cmake/FindMbedTLS.cmake b/cmake/FindMbedTLS.cmake new file mode 100644 index 000000000..935a63538 --- /dev/null +++ b/cmake/FindMbedTLS.cmake @@ -0,0 +1,46 @@ +if(MBEDTLS_PREFER_STATIC_LIB) + set(MBEDTLS_ORIG_CMAKE_FIND_LIBRARY_SUFFIXES ${CMAKE_FIND_LIBRARY_SUFFIXES}) + if(WIN32) + set(CMAKE_FIND_LIBRARY_SUFFIXES .a .lib ${CMAKE_FIND_LIBRARY_SUFFIXES}) + else() + set(CMAKE_FIND_LIBRARY_SUFFIXES .a ${CMAKE_FIND_LIBRARY_SUFFIXES}) + endif() +endif() + +if(UNIX) + find_package(PkgConfig QUIET) + pkg_check_modules(_MBEDTLS QUIET mbedtls) +endif() + +find_path(MBEDTLS_INCLUDE_DIR NAMES mbedtls/version.h HINTS ${_MBEDTLS_INCLUDEDIR}) +find_library(MBEDTLS_LIBRARY NAMES mbedtls HINTS ${_MBEDTLS_LIBDIR}) +find_library(MBEDCRYPTO_LIBRARY NAMES mbedcrypto HINTS ${_MBEDTLS_LIBDIR}) + +if(_MBEDTLS_VERSION) + set(MBEDTLS_VERSION ${_MBEDTLS_VERSION}) +elseif(MBEDTLS_INCLUDE_DIR) + file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h" MBEDTLS_VERSION_STR REGEX "^#define[\t ]+MBEDTLS_VERSION_STRING[\t ]+\"[^\"]+\"") + if(MBEDTLS_VERSION_STR MATCHES "\"([^\"]+)\"") + set(MBEDTLS_VERSION "${CMAKE_MATCH_1}") + endif() +endif() + +set(MBEDTLS_INCLUDE_DIRS ${MBEDTLS_INCLUDE_DIR}) +set(MBEDTLS_LIBRARIES ${MBEDTLS_LIBRARY} ${MBEDCRYPTO_LIBRARY}) + +include(FindPackageHandleStandardArgs) + +find_package_handle_standard_args(MbedTLS + REQUIRED_VARS + MBEDTLS_LIBRARY + MBEDTLS_INCLUDE_DIR + VERSION_VAR + MBEDTLS_VERSION +) + +mark_as_advanced(MBEDTLS_INCLUDE_DIR MBEDTLS_LIBRARY MBEDCRYPTO_LIBRARY) + +if(MBEDTLS_PREFER_STATIC_LIB) + set(CMAKE_FIND_LIBRARY_SUFFIXES ${MBEDTLS_ORIG_CMAKE_FIND_LIBRARY_SUFFIXES}) + unset(MBEDTLS_ORIG_CMAKE_FIND_LIBRARY_SUFFIXES) +endif() diff --git a/cmake/FindPolarSSL.cmake b/cmake/FindPolarSSL.cmake deleted file mode 100644 index cd36c48ab..000000000 --- a/cmake/FindPolarSSL.cmake +++ /dev/null @@ -1,67 +0,0 @@ -if(POLARSSL_PREFER_STATIC_LIB) - set(POLARSSL_ORIG_CMAKE_FIND_LIBRARY_SUFFIXES ${CMAKE_FIND_LIBRARY_SUFFIXES}) - if(WIN32) - set(CMAKE_FIND_LIBRARY_SUFFIXES .a .lib ${CMAKE_FIND_LIBRARY_SUFFIXES}) - else() - set(CMAKE_FIND_LIBRARY_SUFFIXES .a ${CMAKE_FIND_LIBRARY_SUFFIXES}) - endif() -endif() - -if(UNIX) - find_package(PkgConfig QUIET) - pkg_check_modules(_MBEDTLS QUIET mbedtls) -endif() - -find_path(MBEDTLS_INCLUDE_DIR NAMES mbedtls/version.h HINTS ${_MBEDTLS_INCLUDEDIR}) -find_library(MBEDTLS_LIBRARY NAMES mbedtls HINTS ${_MBEDTLS_LIBDIR}) -find_library(MBEDCRYPTO_LIBRARY NAMES mbedcrypto HINTS ${_MBEDTLS_LIBDIR}) -if(MBEDTLS_INCLUDE_DIR AND MBEDTLS_LIBRARY) - set(POLARSSL_INCLUDE_DIR ${MBEDTLS_INCLUDE_DIR}) - if(MBEDCRYPTO_LIBRARY) - set(POLARSSL_LIBRARY ${MBEDTLS_LIBRARY} ${MBEDCRYPTO_LIBRARY}) - else() - set(POLARSSL_LIBRARY ${MBEDTLS_LIBRARY}) - endif() - set(POLARSSL_VERSION ${_MBEDTLS_VERSION}) - set(POLARSSL_IS_MBEDTLS ON) -else() - if(UNIX) - pkg_check_modules(_POLARSSL QUIET polarssl) - endif() - - find_path(POLARSSL_INCLUDE_DIR NAMES polarssl/version.h HINTS ${_POLARSSL_INCLUDEDIR}) - find_library(POLARSSL_LIBRARY NAMES polarssl HINTS ${_POLARSSL_LIBDIR}) - set(POLARSSL_VERSION ${_POLARSSL_VERSION}) - set(POLARSSL_IS_MBEDTLS OFF) -endif() - -if(NOT POLARSSL_VERSION AND POLARSSL_INCLUDE_DIR) - if(POLARSSL_IS_MBEDTLS) - file(STRINGS "${POLARSSL_INCLUDE_DIR}/mbedtls/version.h" POLARSSL_VERSION_STR REGEX "^#define[\t ]+MBEDTLS_VERSION_STRING[\t ]+\"[^\"]+\"") - else() - file(STRINGS "${POLARSSL_INCLUDE_DIR}/polarssl/version.h" POLARSSL_VERSION_STR REGEX "^#define[\t ]+POLARSSL_VERSION_STRING[\t ]+\"[^\"]+\"") - endif() - if(POLARSSL_VERSION_STR MATCHES "\"([^\"]+)\"") - set(POLARSSL_VERSION "${CMAKE_MATCH_1}") - endif() -endif() - -set(POLARSSL_INCLUDE_DIRS ${POLARSSL_INCLUDE_DIR}) -set(POLARSSL_LIBRARIES ${POLARSSL_LIBRARY}) - -include(FindPackageHandleStandardArgs) - -find_package_handle_standard_args(PolarSSL - REQUIRED_VARS - POLARSSL_LIBRARY - POLARSSL_INCLUDE_DIR - VERSION_VAR - POLARSSL_VERSION -) - -mark_as_advanced(MBEDTLS_INCLUDE_DIR MBEDTLS_LIBRARY MBEDCRYPTO_LIBRARY POLARSSL_INCLUDE_DIR POLARSSL_LIBRARY) - -if(POLARSSL_PREFER_STATIC_LIB) - set(CMAKE_FIND_LIBRARY_SUFFIXES ${POLARSSL_ORIG_CMAKE_FIND_LIBRARY_SUFFIXES}) - unset(POLARSSL_ORIG_CMAKE_FIND_LIBRARY_SUFFIXES) -endif() diff --git a/cmake/FindWolfSSL.cmake b/cmake/FindWolfSSL.cmake new file mode 100644 index 000000000..121b0e757 --- /dev/null +++ b/cmake/FindWolfSSL.cmake @@ -0,0 +1,45 @@ +if(WOLFSSL_PREFER_STATIC_LIB) + set(WOLFSSL_ORIG_CMAKE_FIND_LIBRARY_SUFFIXES ${CMAKE_FIND_LIBRARY_SUFFIXES}) + if(WIN32) + set(CMAKE_FIND_LIBRARY_SUFFIXES .a .lib ${CMAKE_FIND_LIBRARY_SUFFIXES}) + else() + set(CMAKE_FIND_LIBRARY_SUFFIXES .a ${CMAKE_FIND_LIBRARY_SUFFIXES}) + endif() +endif() + +if(UNIX) + find_package(PkgConfig QUIET) + pkg_check_modules(_WOLFSSL QUIET wolfssl) +endif() + +find_path(WOLFSSL_INCLUDE_DIR NAMES wolfssl/version.h HINTS ${_WOLFSSL_INCLUDEDIR}) +find_library(WOLFSSL_LIBRARY NAMES wolfssl HINTS ${_WOLFSSL_LIBDIR}) + +if(_WOLFSSL_VERSION) + set(WOLFSSL_VERSION ${_WOLFSSL_VERSION}) +elseif(WOLFSSL_INCLUDE_DIR) + file(STRINGS "${WOLFSSL_INCLUDE_DIR}/wolfssl/version.h" WOLFSSL_VERSION_STR REGEX "^#define[\t ]+LIBWOLFSSL_VERSION_STRING[\t ]+\"[^\"]+\"") + if(WOLFSSL_VERSION_STR MATCHES "\"([^\"]+)\"") + set(WOLFSSL_VERSION "${CMAKE_MATCH_1}") + endif() +endif() + +set(WOLFSSL_INCLUDE_DIRS ${WOLFSSL_INCLUDE_DIR}) +set(WOLFSSL_LIBRARIES ${WOLFSSL_LIBRARY}) + +include(FindPackageHandleStandardArgs) + +find_package_handle_standard_args(WolfSSL + REQUIRED_VARS + WOLFSSL_LIBRARY + WOLFSSL_INCLUDE_DIR + VERSION_VAR + WOLFSSL_VERSION +) + +mark_as_advanced(WOLFSSL_INCLUDE_DIR WOLFSSL_LIBRARY) + +if(WOLFSSL_PREFER_STATIC_LIB) + set(CMAKE_FIND_LIBRARY_SUFFIXES ${WOLFSSL_ORIG_CMAKE_FIND_LIBRARY_SUFFIXES}) + unset(WOLFSSL_ORIG_CMAKE_FIND_LIBRARY_SUFFIXES) +endif() diff --git a/libtransmission/CMakeLists.txt b/libtransmission/CMakeLists.txt index 7991b6b31..8aa6d23f4 100644 --- a/libtransmission/CMakeLists.txt +++ b/libtransmission/CMakeLists.txt @@ -18,10 +18,10 @@ set(${PROJECT_NAME}_SOURCES clients.cc completion.cc crypto-utils-ccrypto.cc - crypto-utils-cyassl.cc crypto-utils-fallback.cc + crypto-utils-mbedtls.cc crypto-utils-openssl.cc - crypto-utils-polarssl.cc + crypto-utils-wolfssl.cc crypto-utils.cc error.cc file-piece-map.cc @@ -90,7 +90,7 @@ set(${PROJECT_NAME}_SOURCES ) set_source_files_properties(crypto-utils-fallback.cc PROPERTIES HEADER_FILE_ONLY ON) -foreach(CP ccrypto cyassl openssl polarssl) +foreach(CP ccrypto mbedtls openssl wolfssl) if(NOT CP STREQUAL CRYPTO_PKG) set_source_files_properties(crypto-utils-${CP}.cc PROPERTIES HEADER_FILE_ONLY ON) endif() @@ -237,14 +237,6 @@ if(USE_SYSTEM_B64) add_definitions(-DUSE_SYSTEM_B64) endif() -if(CYASSL_IS_WOLFSSL) - add_definitions(-DCYASSL_IS_WOLFSSL) -endif() - -if(POLARSSL_IS_MBEDTLS) - add_definitions(-DPOLARSSL_IS_MBEDTLS) -endif() - if(HAVE_SO_REUSEPORT) add_definitions(-DHAVE_SO_REUSEPORT=1) endif() diff --git a/libtransmission/crypto-utils-polarssl.cc b/libtransmission/crypto-utils-mbedtls.cc similarity index 57% rename from libtransmission/crypto-utils-polarssl.cc rename to libtransmission/crypto-utils-mbedtls.cc index c77bf1aae..1b1730c96 100644 --- a/libtransmission/crypto-utils-polarssl.cc +++ b/libtransmission/crypto-utils-mbedtls.cc @@ -6,24 +6,12 @@ #include #include -#if defined(POLARSSL_IS_MBEDTLS) -// NOLINTBEGIN bugprone-macro-parentheses -#define API_HEADER(x) -#define API(x) mbedtls_##x -// NOLINTEND -#define API_VERSION_NUMBER MBEDTLS_VERSION_NUMBER -#else -#define API_HEADER(x) -#define API(x) x -#define API_VERSION_NUMBER POLARSSL_VERSION_NUMBER -#endif - -#include API_HEADER(base64.h) -#include API_HEADER(ctr_drbg.h) -#include API_HEADER(error.h) -#include API_HEADER(sha1.h) -#include API_HEADER(sha256.h) -#include API_HEADER(version.h) +#include +#include +#include +#include +#include +#include #include @@ -40,23 +28,12 @@ **** ***/ -using api_ctr_drbg_context = API(ctr_drbg_context); -using api_sha1_context = API(sha1_context); -using api_sha256_context = API(sha256_context); - -static void log_polarssl_error(int error_code, char const* file, int line) +static void log_mbedtls_error(int error_code, char const* file, int line) { if (tr_logLevelIsActive(TR_LOG_ERROR)) { char error_message[256]; - -#if defined(POLARSSL_IS_MBEDTLS) mbedtls_strerror(error_code, error_message, sizeof(error_message)); -#elif API_VERSION_NUMBER >= 0x01030000 - polarssl_strerror(error_code, error_message, sizeof(error_message)); -#else - error_strerror(error_code, error_message, sizeof(error_message)); -#endif tr_logAddMessage( file, @@ -64,28 +41,28 @@ static void log_polarssl_error(int error_code, char const* file, int line) TR_LOG_ERROR, fmt::format( _("{crypto_library} error: {error} ({error_code})"), - fmt::arg("crypto_library", "PolarSSL/MbedTLS"), + fmt::arg("crypto_library", "MbedTLS"), fmt::arg("error", error_message), fmt::arg("error_code", error_code))); } } -#define log_error(error_code) log_polarssl_error((error_code), __FILE__, __LINE__) +#define log_error(error_code) log_mbedtls_error((error_code), __FILE__, __LINE__) -static bool check_polarssl_result(int result, int expected_result, char const* file, int line) +static bool check_mbedtls_result(int result, int expected_result, char const* file, int line) { bool const ret = result == expected_result; if (!ret) { - log_polarssl_error(result, file, line); + log_mbedtls_error(result, file, line); } return ret; } -#define check_result(result) check_polarssl_result((result), 0, __FILE__, __LINE__) -#define check_result_eq(result, x_result) check_polarssl_result((result), (x_result), __FILE__, __LINE__) +#define check_result(result) check_mbedtls_result((result), 0, __FILE__, __LINE__) +#define check_result_eq(result, x_result) check_mbedtls_result((result), (x_result), __FILE__, __LINE__) /*** **** @@ -98,20 +75,20 @@ static int my_rand(void* /*context*/, unsigned char* buffer, size_t buffer_size) return 0; } -static api_ctr_drbg_context* get_rng() +static mbedtls_ctr_drbg_context* get_rng() { - static api_ctr_drbg_context rng; + static mbedtls_ctr_drbg_context rng; static bool rng_initialized = false; if (!rng_initialized) { -#if API_VERSION_NUMBER >= 0x02000000 - API(ctr_drbg_init)(&rng); +#if MBEDTLS_VERSION_NUMBER >= 0x02000000 + mbedtls_ctr_drbg_init(&rng); - if (!check_result(API(ctr_drbg_seed)(&rng, my_rand, nullptr, nullptr, 0))) + if (!check_result(mbedtls_ctr_drbg_seed(&rng, my_rand, nullptr, nullptr, 0))) #else - if (!check_result(API(ctr_drbg_init)(&rng, my_rand, nullptr, nullptr, 0))) + if (!check_result(mbedtls_ctr_drbg_init(&rng, my_rand, nullptr, nullptr, 0))) #endif { return nullptr; @@ -144,14 +121,12 @@ public: void clear() override { -#if API_VERSION_NUMBER >= 0x01030800 - API(sha1_init)(&handle_); -#endif + mbedtls_sha1_init(&handle_); -#if API_VERSION_NUMBER >= 0x02070000 +#if MBEDTLS_VERSION_NUMBER >= 0x02070000 mbedtls_sha1_starts_ret(&handle_); #else - API(sha1_starts)(&handle_); + mbedtls_sha1_starts(&handle_); #endif } @@ -159,10 +134,10 @@ public: { if (data_length > 0U) { -#if API_VERSION_NUMBER >= 0x02070000 +#if MBEDTLS_VERSION_NUMBER >= 0x02070000 mbedtls_sha1_update_ret(&handle_, static_cast(data), data_length); #else - API(sha1_update)(&handle_, static_cast(data), data_length); + mbedtls_sha1_update(&handle_, static_cast(data), data_length); #endif } } @@ -171,16 +146,13 @@ public: { auto digest = tr_sha1_digest_t{}; auto* const digest_as_uchar = reinterpret_cast(std::data(digest)); -#if API_VERSION_NUMBER >= 0x02070000 +#if MBEDTLS_VERSION_NUMBER >= 0x02070000 mbedtls_sha1_finish_ret(&handle_, digest_as_uchar); #else - API(sha1_finish)(&handle_, digest_as_uchar); -#endif - -#if API_VERSION_NUMBER >= 0x01030800 - API(sha1_free)(&handle_); + mbedtls_sha1_finish(&handle_, digest_as_uchar); #endif + mbedtls_sha1_free(&handle_); return digest; } @@ -200,14 +172,12 @@ public: void clear() override { -#if API_VERSION_NUMBER >= 0x01030800 - API(sha256_init)(&handle_); -#endif + mbedtls_sha256_init(&handle_); -#if API_VERSION_NUMBER >= 0x02070000 +#if MBEDTLS_VERSION_NUMBER >= 0x02070000 mbedtls_sha256_starts_ret(&handle_, 0); #else - API(sha256_starts)(&handle_); + mbedtls_sha256_starts(&handle_); #endif } @@ -215,10 +185,10 @@ public: { if (data_length > 0U) { -#if API_VERSION_NUMBER >= 0x02070000 +#if MBEDTLS_VERSION_NUMBER >= 0x02070000 mbedtls_sha256_update_ret(&handle_, static_cast(data), data_length); #else - API(sha256_update)(&handle_, static_cast(data), data_length); + mbedtls_sha256_update(&handle_, static_cast(data), data_length); #endif } } @@ -227,16 +197,13 @@ public: { auto digest = tr_sha256_digest_t{}; auto* const digest_as_uchar = reinterpret_cast(std::data(digest)); -#if API_VERSION_NUMBER >= 0x02070000 +#if MBEDTLS_VERSION_NUMBER >= 0x02070000 mbedtls_sha256_finish_ret(&handle_, digest_as_uchar); #else - API(sha256_finish)(&handle_, digest_as_uchar); -#endif - -#if API_VERSION_NUMBER >= 0x01030800 - API(sha256_free)(&handle_); + mbedtls_sha256_finish(&handle_, digest_as_uchar); #endif + mbedtls_sha256_free(&handle_); return digest; } @@ -270,5 +237,5 @@ bool tr_rand_buffer_crypto(void* buffer, size_t length) TR_ASSERT(buffer != nullptr); auto const lock = std::lock_guard(rng_mutex_); - return check_result(API(ctr_drbg_random)(get_rng(), static_cast(buffer), length)); + return check_result(mbedtls_ctr_drbg_random(get_rng(), static_cast(buffer), length)); } diff --git a/libtransmission/crypto-utils-cyassl.cc b/libtransmission/crypto-utils-wolfssl.cc similarity index 58% rename from libtransmission/crypto-utils-cyassl.cc rename to libtransmission/crypto-utils-wolfssl.cc index 3aac80364..4f8304019 100644 --- a/libtransmission/crypto-utils-cyassl.cc +++ b/libtransmission/crypto-utils-wolfssl.cc @@ -6,26 +6,12 @@ #include #include -#if defined(CYASSL_IS_WOLFSSL) -// NOLINTBEGIN bugprone-macro-parentheses -#define API_HEADER(x) -#define API_HEADER_CRYPT(x) API_HEADER(wolfcrypt/x) -// NOLINTEND -#define API(x) wc_##x -#define API_VERSION_HEX LIBWOLFSSL_VERSION_HEX -#else -#define API_HEADER(x) -#define API_HEADER_CRYPT(x) API_HEADER(ctaocrypt/x) -#define API(x) x -#define API_VERSION_HEX LIBCYASSL_VERSION_HEX -#endif - -#include API_HEADER(options.h) -#include API_HEADER_CRYPT(error-crypt.h) -#include API_HEADER_CRYPT(random.h) -#include API_HEADER_CRYPT(sha.h) -#include API_HEADER_CRYPT(sha256.h) -#include API_HEADER(version.h) +#include +#include +#include +#include +#include +#include #include @@ -48,44 +34,35 @@ using TR_WC_RNG = RNG; **** ***/ -static void log_cyassl_error(int error_code, char const* file, int line) +static void log_wolfssl_error(int error_code, char const* file, int line) { if (tr_logLevelIsActive(TR_LOG_ERROR)) { -#if API_VERSION_HEX >= 0x03004000 - char const* error_message = API(GetErrorString)(error_code); -#elif API_VERSION_HEX >= 0x03000002 - char const* error_message = CTaoCryptGetErrorString(error_code); -#else - char error_message[CYASSL_MAX_ERROR_SZ] = {}; - CTaoCryptErrorString(error_code, error_message); -#endif - tr_logAddMessage( file, line, TR_LOG_ERROR, fmt::format( _("{crypto_library} error: {error} ({error_code})"), - fmt::arg("crypto_library", "CyaSSL/WolfSSL"), - fmt::arg("error", error_message), + fmt::arg("crypto_library", "WolfSSL"), + fmt::arg("error", wc_GetErrorString(error_code)), fmt::arg("error_code", error_code))); } } -static bool check_cyassl_result(int result, char const* file, int line) +static bool check_wolfssl_result(int result, char const* file, int line) { bool const ret = result == 0; if (!ret) { - log_cyassl_error(result, file, line); + log_wolfssl_error(result, file, line); } return ret; } -#define check_result(result) check_cyassl_result((result), __FILE__, __LINE__) +#define check_result(result) check_wolfssl_result((result), __FILE__, __LINE__) /*** **** @@ -98,7 +75,7 @@ static TR_WC_RNG* get_rng() if (!rng_initialized) { - if (!check_result(API(InitRng)(&rng))) + if (!check_result(wc_InitRng(&rng))) { return nullptr; } @@ -130,27 +107,27 @@ public: void clear() override { - API(InitSha)(&handle_); + wc_InitSha(&handle_); } void add(void const* data, size_t data_length) override { if (data_length > 0U) { - API(ShaUpdate)(&handle_, static_cast(data), data_length); + wc_ShaUpdate(&handle_, static_cast(data), data_length); } } [[nodiscard]] tr_sha1_digest_t finish() override { auto digest = tr_sha1_digest_t{}; - API(ShaFinal)(&handle_, reinterpret_cast(std::data(digest))); + wc_ShaFinal(&handle_, reinterpret_cast(std::data(digest))); clear(); return digest; } private: - API(Sha) handle_ = {}; + wc_Sha handle_ = {}; }; class Sha256Impl final : public tr_sha256 @@ -165,27 +142,27 @@ public: void clear() override { - API(InitSha256)(&handle_); + wc_InitSha256(&handle_); } void add(void const* data, size_t data_length) override { if (data_length > 0U) { - API(Sha256Update)(&handle_, static_cast(data), data_length); + wc_Sha256Update(&handle_, static_cast(data), data_length); } } [[nodiscard]] tr_sha256_digest_t finish() override { auto digest = tr_sha256_digest_t{}; - API(Sha256Final)(&handle_, reinterpret_cast(std::data(digest))); + wc_Sha256Final(&handle_, reinterpret_cast(std::data(digest))); clear(); return digest; } private: - API(Sha256) handle_ = {}; + wc_Sha256 handle_ = {}; }; } // namespace @@ -214,5 +191,5 @@ bool tr_rand_buffer_crypto(void* buffer, size_t length) TR_ASSERT(buffer != nullptr); auto const lock = std::lock_guard(rng_mutex_); - return check_result(API(RNG_GenerateBlock)(get_rng(), static_cast(buffer), length)); + return check_result(wc_RNG_GenerateBlock(get_rng(), static_cast(buffer), length)); }