diff --git a/CMakeLists.txt b/CMakeLists.txt index 291efeed84..3589eef4bc 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -703,16 +703,16 @@ if(USE_UPNP) endif() if(NOT APPLE AND NOT ANDROID) - include(FindPolarSSL) + include(FindMbedTLS) endif() -if(POLARSSL_FOUND AND POLARSSL_WORKS) - message("Using shared PolarSSL") - include_directories(${POLARSSL_INCLUDE_DIR}) +if(MBEDTLS_FOUND) + message("Using shared mbed TLS") + include_directories(${MBEDTLS_INCLUDE_DIRS}) else() - message("Using PolarSSL from Externals") - set(POLARSSL_LIBRARY polarssl) - add_subdirectory(Externals/polarssl/) - include_directories(Externals/polarssl/include) + message("Using static mbed TLS from Externals") + set(MBEDTLS_LIBRARIES mbedtls mbedcrypto mbedx509) + add_subdirectory(Externals/mbedtls/) + include_directories(Externals/mbedtls/include) endif() if(NOT APPLE AND NOT ANDROID) diff --git a/CMakeTests/FindMbedTLS.cmake b/CMakeTests/FindMbedTLS.cmake new file mode 100644 index 0000000000..6ccde4abd4 --- /dev/null +++ b/CMakeTests/FindMbedTLS.cmake @@ -0,0 +1,23 @@ +find_path(MBEDTLS_INCLUDE_DIR mbedtls/ssl.h) + +find_library(MBEDTLS_LIBRARY mbedtls) +find_library(MBEDX509_LIBRARY mbedx509) +find_library(MBEDCRYPTO_LIBRARY mbedcrypto) + +set(MBEDTLS_INCLUDE_DIRS ${MBEDTLS_INCLUDE_DIR}) +set(MBEDTLS_LIBRARIES ${MBEDTLS_LIBRARY} ${MBEDX509_LIBRARY} ${MBEDCRYPTO_LIBRARY}) + +set(CMAKE_REQUIRED_INCLUDES ${MBEDTLS_INCLUDE_DIRS}) +check_cxx_source_compiles(" + #include + #if MBEDTLS_VERSION_NUMBER < 0x02010100 + #error \"Your mbed TLS version is too old.\" + #endif + int main() {}" + MBEDTLS_VERSION_OK) + +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(MBEDTLS DEFAULT_MSG + MBEDTLS_INCLUDE_DIR MBEDTLS_LIBRARY MBEDX509_LIBRARY MBEDCRYPTO_LIBRARY MBEDTLS_VERSION_OK) + +mark_as_advanced(MBEDTLS_INCLUDE_DIR MBEDTLS_LIBRARY MBEDX509_LIBRARY MBEDCRYPTO_LIBRARY) \ No newline at end of file diff --git a/CMakeTests/FindPolarSSL.cmake b/CMakeTests/FindPolarSSL.cmake deleted file mode 100644 index a209f2f2a1..0000000000 --- a/CMakeTests/FindPolarSSL.cmake +++ /dev/null @@ -1,83 +0,0 @@ -# Locate polarssl library -# This module defines -# POLARSSL_FOUND -# POLARSSL_LIBRARY -# POLARSSL_INCLUDE_DIR -# POLARSSL_WORKS, this is true if polarssl is found and contains the methods -# needed by dolphin-emu - -# validate cached values (but use them as hints) -set(POLARSSL_INCLUDE_DIR_HINT POLARSSL_INCLUDE_DIR) -set(POLARSSL_LIBRARY_HINT POLARSSL_LIBRARY) -unset(POLARSSL_INCLUDE_DIR CACHE) -unset(POLARSSL_LIBRARY CACHE) -find_path(POLARSSL_INCLUDE_DIR polarssl/ssl.h HINTS ${POLARSSL_INCLUDE_DIR_HINT}) -find_library(POLARSSL_LIBRARY polarssl HINTS ${POLARSSL_LIBRARY_HINT}) - -if(POLARSSL_INCLUDE_DIR STREQUAL POLARSSL_INCLUDE_DIR_HINT AND - POLARSSL_LIBRARY STREQUAL POLARSSL_LIBRARY_HINT) - # using cached values, be silent - set(POLARSSL_FIND_QUIETLY TRUE) -endif() - -if (POLARSSL_INCLUDE_DIR AND POLARSSL_LIBRARY) - set (POLARSSL_FOUND TRUE) -endif () - -if (POLARSSL_FOUND) - if (NOT POLARSSL_FIND_QUIETLY) - message (STATUS "Found the polarssl libraries at ${POLARSSL_LIBRARY}") - message (STATUS "Found the polarssl headers at ${POLARSSL_INCLUDE_DIR}") - endif (NOT POLARSSL_FIND_QUIETLY) - - set(CMAKE_REQUIRED_INCLUDES ${POLARSSL_INCLUDE_DIR}) - set(CMAKE_REQUIRED_LIBRARIES ${POLARSSL_LIBRARY}) - unset(POLARSSL_WORKS CACHE) - check_cxx_source_compiles(" - #include - #include - #include - #include - #include - #include - - #if POLARSSL_VERSION_NUMBER < 0x01030000 - #error \"Shared PolarSSL version is too old\" - #endif - - int main() - { - ssl_context ctx; - ssl_session session; - entropy_context entropy; - ctr_drbg_context ctr_drbg; - x509_crt cacert; - x509_crt clicert; - pk_context pk; - - ssl_init(&ctx); - entropy_init(&entropy); - - const char* pers = \"dolphin-emu\"; - ctr_drbg_init(&ctr_drbg, entropy_func, - &entropy, - (const unsigned char*)pers, - strlen(pers)); - - ssl_set_rng(&ctx, ctr_drbg_random, &ctr_drbg); - ssl_set_session(&ctx, &session); - - ssl_close_notify(&ctx); - ssl_session_free(&session); - ssl_free(&ctx); - entropy_free(&entropy); - - return 0; - }" - POLARSSL_WORKS) -else () - message (STATUS "Could not find polarssl") -endif () - -mark_as_advanced(POLARSSL_INCLUDE_DIR POLARSSL_LIBRARY) - diff --git a/Source/Core/Core/CMakeLists.txt b/Source/Core/Core/CMakeLists.txt index 207743bbd0..2fd2bf7bb5 100644 --- a/Source/Core/Core/CMakeLists.txt +++ b/Source/Core/Core/CMakeLists.txt @@ -242,7 +242,7 @@ if(LIBUSB_FOUND) HW/SI_GCAdapter.cpp) endif(LIBUSB_FOUND) -set(LIBS ${LIBS} ${POLARSSL_LIBRARY}) +set(LIBS ${LIBS} ${MBEDTLS_LIBRARIES}) if(WIN32) set(SRCS ${SRCS} HW/BBA-TAP/TAP_Win32.cpp HW/WiimoteReal/IOWin.cpp) diff --git a/Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_net_ssl.cpp b/Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_net_ssl.cpp index 08ba8392d7..92d37b9f8c 100644 --- a/Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_net_ssl.cpp +++ b/Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_net_ssl.cpp @@ -31,6 +31,7 @@ CWII_IPC_HLE_Device_net_ssl::~CWII_IPC_HLE_Device_net_ssl() mbedtls_ssl_close_notify(&ssl.ctx); mbedtls_ssl_session_free(&ssl.session); mbedtls_ssl_free(&ssl.ctx); + mbedtls_ssl_config_free(&ssl.config); mbedtls_x509_crt_free(&ssl.cacert); mbedtls_x509_crt_free(&ssl.clicert); @@ -149,18 +150,14 @@ IPCCommandResult CWII_IPC_HLE_Device_net_ssl::IOCtlV(u32 _CommandAddress) { int sslID = freeSSL - 1; WII_SSL* ssl = &_SSL[sslID]; - int ret = mbedtls_ssl_init(&ssl->ctx); - if (ret) - { - goto _SSL_NEW_ERROR; - } - + mbedtls_ssl_init(&ssl->ctx); mbedtls_entropy_init(&ssl->entropy); const char* pers = "dolphin-emu"; - ret = mbedtls_ctr_drbg_init(&ssl->ctr_drbg, mbedtls_entropy_func, - &ssl->entropy, - (const unsigned char*)pers, - strlen(pers)); + mbedtls_ctr_drbg_init(&ssl->ctr_drbg); + int ret = mbedtls_ctr_drbg_seed(&ssl->ctr_drbg, mbedtls_entropy_func, + &ssl->entropy, + (const unsigned char*)pers, + strlen(pers)); if (ret) { mbedtls_ssl_free(&ssl->ctx); @@ -168,16 +165,18 @@ IPCCommandResult CWII_IPC_HLE_Device_net_ssl::IOCtlV(u32 _CommandAddress) goto _SSL_NEW_ERROR; } - mbedtls_ssl_conf_rng(&ssl->ctx, mbedtls_ctr_drbg_random, &ssl->ctr_drbg); + mbedtls_ssl_config_init(&ssl->config); + mbedtls_ssl_config_defaults(&ssl->config, MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); + mbedtls_ssl_conf_rng(&ssl->config, mbedtls_ctr_drbg_random, &ssl->ctr_drbg); // For some reason we can't use TLSv1.2, v1.1 and below are fine! - mbedtls_ssl_conf_max_version(&ssl->ctx, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_2); + mbedtls_ssl_conf_max_version(&ssl->config, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_2); mbedtls_ssl_set_session(&ssl->ctx, &ssl->session); - mbedtls_ssl_conf_endpoint(&ssl->ctx, MBEDTLS_SSL_IS_CLIENT); - mbedtls_ssl_conf_authmode(&ssl->ctx, MBEDTLS_SSL_VERIFY_NONE); - mbedtls_ssl_conf_renegotiation(&ssl->ctx, MBEDTLS_SSL_RENEGOTIATION_ENABLED); + mbedtls_ssl_conf_authmode(&ssl->config, MBEDTLS_SSL_VERIFY_NONE); + mbedtls_ssl_conf_renegotiation(&ssl->config, MBEDTLS_SSL_RENEGOTIATION_ENABLED); ssl->hostname = hostname; mbedtls_ssl_set_hostname(&ssl->ctx, ssl->hostname.c_str()); @@ -210,6 +209,7 @@ _SSL_NEW_ERROR: mbedtls_ssl_close_notify(&ssl->ctx); mbedtls_ssl_session_free(&ssl->session); mbedtls_ssl_free(&ssl->ctx); + mbedtls_ssl_config_free(&ssl->config); mbedtls_entropy_free(&ssl->entropy); @@ -261,7 +261,7 @@ _SSL_NEW_ERROR: } else { - mbedtls_ssl_conf_ca_chain(&ssl->ctx, &ssl->cacert, nullptr, ssl->hostname.c_str()); + mbedtls_ssl_conf_ca_chain(&ssl->config, &ssl->cacert, nullptr); Memory::Write_U32(SSL_OK, _BufferIn); } @@ -298,7 +298,7 @@ _SSL_NEW_ERROR: } else { - mbedtls_ssl_conf_own_cert(&ssl->ctx, &ssl->clicert, &ssl->pk); + mbedtls_ssl_conf_own_cert(&ssl->config, &ssl->clicert, &ssl->pk); Memory::Write_U32(SSL_OK, _BufferIn); } @@ -328,7 +328,7 @@ _SSL_NEW_ERROR: mbedtls_x509_crt_free(&ssl->clicert); mbedtls_pk_free(&ssl->pk); - mbedtls_ssl_conf_own_cert(&ssl->ctx, nullptr, nullptr); + mbedtls_ssl_conf_own_cert(&ssl->config, nullptr, nullptr); Memory::Write_U32(SSL_OK, _BufferIn); } else @@ -353,7 +353,7 @@ _SSL_NEW_ERROR: } else { - mbedtls_ssl_conf_ca_chain(&ssl->ctx, &ssl->cacert, nullptr, ssl->hostname.c_str()); + mbedtls_ssl_conf_ca_chain(&ssl->config, &ssl->cacert, nullptr); Memory::Write_U32(SSL_OK, _BufferIn); } INFO_LOG(WII_IPC_SSL, "IOCTLV_NET_SSL_SETBUILTINROOTCA = %d", ret); @@ -377,9 +377,11 @@ _SSL_NEW_ERROR: if (SSLID_VALID(sslID)) { WII_SSL* ssl = &_SSL[sslID]; + mbedtls_ssl_setup(&ssl->ctx, &ssl->config); ssl->sockfd = Memory::Read_U32(BufferOut2); INFO_LOG(WII_IPC_SSL, "IOCTLV_NET_SSL_CONNECT socket = %d", ssl->sockfd); - mbedtls_ssl_set_bio(&ssl->ctx, mbedtls_net_recv, &ssl->sockfd, mbedtls_net_send, &ssl->sockfd); + mbedtls_ssl_set_bio(&ssl->ctx, &ssl->sockfd, mbedtls_net_send, + mbedtls_net_recv, mbedtls_net_recv_timeout); Memory::Write_U32(SSL_OK, _BufferIn); } else diff --git a/Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_net_ssl.h b/Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_net_ssl.h index 4072ceb796..8665435acf 100644 --- a/Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_net_ssl.h +++ b/Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_net_ssl.h @@ -57,6 +57,7 @@ enum SSL_IOCTL struct WII_SSL { mbedtls_ssl_context ctx; + mbedtls_ssl_config config; mbedtls_ssl_session session; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; diff --git a/Source/Core/Core/Movie.cpp b/Source/Core/Core/Movie.cpp index da6147f54f..f31073e7d5 100644 --- a/Source/Core/Core/Movie.cpp +++ b/Source/Core/Core/Movie.cpp @@ -3,7 +3,8 @@ // Refer to the license.txt file included. #include -#include +#include +#include #include "Common/ChunkFile.h" #include "Common/CommonPaths.h" @@ -1350,6 +1351,8 @@ void GetSettings() } } +static const mbedtls_md_info_t* s_md5_info = mbedtls_md_info_from_type(MBEDTLS_MD_MD5); + void CheckMD5() { for (int i = 0, n = 0; i < 16; ++i) @@ -1363,7 +1366,7 @@ void CheckMD5() Core::DisplayMessage("Verifying checksum...", 2000); unsigned char gameMD5[16]; - mbedtls_md5_file(SConfig::GetInstance().m_strFilename.c_str(), gameMD5); + mbedtls_md_file(s_md5_info, SConfig::GetInstance().m_strFilename.c_str(), gameMD5); if (memcmp(gameMD5,s_MD5,16) == 0) Core::DisplayMessage("Checksum of current game matches the recorded game.", 2000); @@ -1375,7 +1378,7 @@ void GetMD5() { Core::DisplayMessage("Calculating checksum of game file...", 2000); memset(s_MD5, 0, sizeof(s_MD5)); - mbedtls_md5_file(SConfig::GetInstance().m_strFilename.c_str(), s_MD5); + mbedtls_md_file(s_md5_info, SConfig::GetInstance().m_strFilename.c_str(), s_MD5); Core::DisplayMessage("Finished calculating checksum.", 2000); }