Fix mbedtls shim build for many versions.

crocs-muni · Aug 15, 2024 · eed91ff · eed91ff
1 parent cf6816c
commit eed91ff
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 14 deletions.
diff --git a/nix/mbedtlsshim.nix b/nix/mbedtlsshim.nix
@@ -3,6 +3,7 @@ with pkgs;
 stdenv.mkDerivation rec {
   name = "MbedTLSShim";
   src = ../standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni;
+  rawVersion = pkgs.lib.strings.removePrefix "v" mbedtls.version;
 
   buildInputs = [
     mbedtls
@@ -14,7 +15,12 @@ stdenv.mkDerivation rec {
     make mbedtls
   '';
 
-  MBEDTLS_CFLAGS = "-DECTESTER_MBEDTLS_${builtins.replaceStrings ["."] ["_"] mbedtls.version}=1";
+  MBEDTLS_CFLAGS = ''
+    -DECTESTER_MBEDTLS_${builtins.replaceStrings ["."] ["_"] rawVersion}=1 \
+    -DECTESTER_MBEDTLS_MAJOR=${pkgs.lib.versions.major rawVersion} \
+    -DECTESTER_MBEDTLS_MINOR=${pkgs.lib.versions.minor rawVersion} \
+    -DECTESTER_MBEDTLS_PATCH=${pkgs.lib.versions.patch rawVersion} \
+  '';
 
   installPhase = ''
     mkdir --parents $out/lib

diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_utils.h b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_utils.h
@@ -65,4 +65,14 @@ char *biginteger_to_hex(JNIEnv *env, jobject big, jint bytes);
                                                                        } while (0)
 #define ADD_KPG(env, self, kpg_name, kpg_class)       ADD_PROPERTY(env, self, "KeyPairGenerator.", "cz.crcs.ectester.standalone.libs.jni.NativeKeyPairGeneratorSpi$", kpg_name, kpg_class)
 #define ADD_KA(env, self, ka_name, ka_class)          ADD_PROPERTY(env, self, "KeyAgreement.", "cz.crcs.ectester.standalone.libs.jni.NativeKeyAgreementSpi$", ka_name, ka_class)
-#define ADD_SIG(env, self, sig_name, sig_class)       ADD_PROPERTY(env, self, "Signature.", "cz.crcs.ectester.standalone.libs.jni.NativeSignatureSpi$", sig_name, sig_class)
+#define ADD_SIG(env, self, sig_name, sig_class)       ADD_PROPERTY(env, self, "Signature.", "cz.crcs.ectester.standalone.libs.jni.NativeSignatureSpi$", sig_name, sig_class)
+
+
+/**
+ * Version handling.
+ */
+#define VERSION_GT(lib,a,b,c) ((ECTESTER_##lib##_MAJOR == a && ECTESTER_##lib##_MINOR == b && ECTESTER_##lib##_PATCH > c) || (ECTESTER_##lib##_MAJOR == a && ECTESTER_##lib##_MINOR > b) || (ECTESTER_##lib##_MAJOR > a))
+#define VERSION_EQ(lib,a,b,c) (ECTESTER_##lib##_MAJOR == a && ECTESTER_##lib##_MINOR == b && ECTESTER_##lib##_PATCH == c)
+#define VERSION_GE(lib,a,b,c) (VERSION_GT(lib,a,b,c) || VERSION_EQ(lib,a,b,c))
+#define VERSION_LT(lib,a,b,c) !(VERSION_GE(lib,a,b,c))
+#define VERSION_LE(lib,a,b,c) !(VERSION_GT(lib,a,b,c))
diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/mbedtls.c b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/mbedtls.c
@@ -21,6 +21,24 @@ static mbedtls_entropy_context fixed_entropy;
 static jclass provider_class;
 
 
+#if VERSION_LT(MBEDTLS, 3, 0, 0)
+#define MBEDTLS_PRIVATE(member) member
+#else
+#define MBEDTLS_PRIVATE(member) private_##member
+#endif
+
+
+#if VERSION_LT(MBEDTLS, 3, 1, 0)
+#define CURVE_GRP_ID(curve_info) curve_info->MBEDTLS_PRIVATE(grp_id)
+#define CURVE_NAME(curve_info) curve_info->MBEDTLS_PRIVATE(name)
+#define CURVE_BIT_SIZE(curve_info) curve_info->MBEDTLS_PRIVATE(bit_size)
+#else
+#define CURVE_GRP_ID(curve_info) curve_info->grp_id
+#define CURVE_NAME(curve_info) curve_info->name
+#define CURVE_BIT_SIZE(curve_info) curve_info->bit_size
+#endif
+
+
 JNIEXPORT jobject JNICALL Java_cz_crcs_ectester_standalone_libs_MbedTLSLib_createProvider(JNIEnv *env, jobject this) {
     /* Create the custom provider. */
     jclass local_provider_class = (*env)->FindClass(env, "cz/crcs/ectester/standalone/libs/jni/NativeProvider$MbedTLS");
@@ -104,10 +122,10 @@ JNIEXPORT jobject JNICALL Java_cz_crcs_ectester_standalone_libs_MbedTLSLib_getCu
 
     jobject result = (*env)->NewObject(env, hash_set_class, hash_set_ctr);
     for (const mbedtls_ecp_curve_info *curve_info = mbedtls_ecp_curve_list();
-         curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
+         CURVE_GRP_ID(curve_info) != MBEDTLS_ECP_DP_NONE;
          curve_info++) {
 
-        jstring curve_name = (*env)->NewStringUTF(env, curve_info->name);
+        jstring curve_name = (*env)->NewStringUTF(env, CURVE_NAME(curve_info));
         (*env)->CallBooleanMethod(env, result, hash_set_add, curve_name);
     }
     return result;
@@ -132,7 +150,8 @@ JNIEXPORT jboolean JNICALL Java_cz_crcs_ectester_standalone_libs_MbedTLSLib_setu
 
     mbedtls_entropy_init(&fixed_entropy);
     // This is NASTY! We are accessing something the library does not want us to.
-    fixed_entropy.private_source_count = 0;
+
+	fixed_entropy.MBEDTLS_PRIVATE(source_count) = 0;
     mbedtls_entropy_add_source(&fixed_entropy, fixed_random, NULL, 32, MBEDTLS_ENTROPY_SOURCE_STRONG);
     mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &fixed_entropy, NULL, 0);
 
@@ -141,9 +160,9 @@ JNIEXPORT jboolean JNICALL Java_cz_crcs_ectester_standalone_libs_MbedTLSLib_setu
 
 JNIEXPORT jboolean JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeKeyPairGeneratorSpi_00024MbedTLS_keysizeSupported(JNIEnv *env, jobject this, jint keysize) {
     for (const mbedtls_ecp_curve_info *curve_info = mbedtls_ecp_curve_list();
-         curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
+         CURVE_GRP_ID(curve_info) != MBEDTLS_ECP_DP_NONE;
          curve_info++) {
-        if (keysize == curve_info->bit_size) {
+        if (keysize == CURVE_BIT_SIZE(curve_info)) {
             return JNI_TRUE;
         }
     }
@@ -170,9 +189,9 @@ JNIEXPORT jboolean JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeKeyPa
         jstring name = (*env)->CallObjectMethod(env, params, get_name);
         const char *utf_name = (*env)->GetStringUTFChars(env, name, NULL);
         for (const mbedtls_ecp_curve_info *curve_info = mbedtls_ecp_curve_list();
-             curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
+             CURVE_GRP_ID(curve_info) != MBEDTLS_ECP_DP_NONE;
              curve_info++) {
-            if (strcasecmp(utf_name, curve_info->name) == 0) {
+            if (strcasecmp(utf_name, CURVE_NAME(curve_info)) == 0) {
                 (*env)->ReleaseStringUTFChars(env, name, utf_name);
                 return JNI_TRUE;
             }
@@ -244,6 +263,13 @@ static void mpi_from_biginteger(JNIEnv* env, jobject biginteger, mbedtls_mpi *mp
     (*env)->ReleaseByteArrayElements(env, byte_array, byte_data, JNI_ABORT);
 }
 
+#if (VERSION_LT(MBEDTLS, 3, 5, 0) && VERSION_GE(MBEDTLS, 3, 0, 0)) || VERSION_LT(MBEDTLS, 2, 28, 5)
+static inline int mbedtls_ecp_group_a_is_minus_3(const mbedtls_ecp_group *grp)
+{
+    return grp->A.MBEDTLS_PRIVATE(p) == NULL;
+}
+#endif
+
 static jobject create_ec_param_spec(JNIEnv *env, const mbedtls_ecp_group *group) {
     jobject p = biginteger_from_mpi(env, &group->P);
     jmethodID fp_field_init = (*env)->GetMethodID(env, fp_field_class, "<init>", "(Ljava/math/BigInteger;)V");
@@ -402,7 +428,7 @@ static jobject generate_from_curve(JNIEnv *env, mbedtls_ecp_group *group) {
 static jobject generate_from_curve_info(JNIEnv *env, const mbedtls_ecp_curve_info *curve) {
     mbedtls_ecp_group group;
     mbedtls_ecp_group_init(&group);
-    mbedtls_ecp_group_load(&group, curve->grp_id);
+    mbedtls_ecp_group_load(&group, CURVE_GRP_ID(curve));
     jobject result = generate_from_curve(env, &group);
     mbedtls_ecp_group_free(&group);
     return result;
@@ -411,9 +437,9 @@ static jobject generate_from_curve_info(JNIEnv *env, const mbedtls_ecp_curve_inf
 JNIEXPORT jobject JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeKeyPairGeneratorSpi_00024MbedTLS_generate__ILjava_security_SecureRandom_2(JNIEnv *env, jobject this, jint keysize, jobject random) {
     const mbedtls_ecp_curve_info *curve = NULL;
     for (const mbedtls_ecp_curve_info *curve_info = mbedtls_ecp_curve_list();
-         curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
+         CURVE_GRP_ID(curve_info) != MBEDTLS_ECP_DP_NONE;
          curve_info++) {
-        if (keysize == curve_info->bit_size) {
+        if (keysize == CURVE_BIT_SIZE(curve_info)) {
             curve = curve_info;
             break;
         }
@@ -443,9 +469,9 @@ JNIEXPORT jobject JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeKeyPai
         const char *utf_name = (*env)->GetStringUTFChars(env, name, NULL);
         const mbedtls_ecp_curve_info *curve = NULL;
         for (const mbedtls_ecp_curve_info *curve_info = mbedtls_ecp_curve_list();
-             curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
+             CURVE_GRP_ID(curve_info) != MBEDTLS_ECP_DP_NONE;
              curve_info++) {
-            if (strcasecmp(utf_name, curve_info->name) == 0) {
+            if (strcasecmp(utf_name, CURVE_NAME(curve_info)) == 0) {
                 (*env)->ReleaseStringUTFChars(env, name, utf_name);
                 curve = curve_info;
                 break;