Update https server for mbedtls 3.6

#944
bibledit · Jul 12, 2024 · 77d0850 · 77d0850
1 parent 62a9173
commit 77d0850
Show file tree

Hide file tree

Showing 2 changed files with 70 additions and 23 deletions.
diff --git a/unittests/dev.cpp b/unittests/dev.cpp
@@ -17,22 +17,16 @@
  */
 
 
-#ifdef HAVE_GTEST
-
 #include <config/libraries.h>
+#ifdef HAVE_GTEST
 #include <unittests/utilities.h>
 #include "gtest/gtest.h"
+#include <webserver/webserver.h>
 
 
-TEST(bibledit, dev)
+TEST(dev, dev)
 {
   refresh_sandbox (true);
-  constexpr int vms_height {25};
-  constexpr int vms_width {200};
-  const unsigned short char_spacing {1};
-  const unsigned short line_spacing {5};
-  const std::string font_path {"UnitTests/Bitmaps/16_23SE1-20-unicode.bdf"};
-  EXPECT_EQ (3, 3);
   refresh_sandbox (true);
 }
 

diff --git a/webserver/webserver.cpp b/webserver/webserver.cpp
@@ -27,22 +27,68 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #include <filter/url.h>
 #include <filter/date.h>
 #pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wswitch-enum"
-#pragma GCC diagnostic ignored "-Wzero-as-null-pointer-constant"
-#include <mbedtls/entropy.h>
-#include <mbedtls/ctr_drbg.h>
-#include <mbedtls/x509.h>
-#include <mbedtls/x509_crt.h>
-#include <mbedtls/ssl.h>
-#include <mbedtls/net_sockets.h>
-#include <mbedtls/error.h>
-#include <mbedtls/ssl_cache.h>
+#pragma clang diagnostic ignored "-Wc99-extensions"
+#include <mbedtls/build_info.h>
+#include <mbedtls/platform.h>
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/x509.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/error.h"
+#include "mbedtls/debug.h"
+#include "mbedtls/ssl_cache.h"
 #pragma GCC diagnostic pop
 #ifdef HAVE_WINDOWS
 #include <io.h>
 #endif
 
 
+// Static check on required definitions, taken from the ssl_server.c example.
+#ifndef MBEDTLS_BIGNUM_C
+static_assert (false, "MBEDTLS_BIGNUM_C should be defined");
+#endif
+#ifndef MBEDTLS_PEM_PARSE_C
+static_assert (false, "MBEDTLS_PEM_PARSE_C should be defined");
+#endif
+#ifndef MBEDTLS_ENTROPY_C
+static_assert (false, "MBEDTLS_ENTROPY_C should be defined");
+#endif
+#ifndef MBEDTLS_SSL_TLS_C
+static_assert (false, "MBEDTLS_SSL_TLS_C should be defined");
+#endif
+#ifndef MBEDTLS_SSL_CLI_C
+static_assert (false, "MBEDTLS_SSL_CLI_C should be defined");
+#endif
+#ifndef MBEDTLS_SSL_SRV_C
+static_assert (false, "MBEDTLS_SSL_SRV_C should be defined");
+#endif
+#ifndef MBEDTLS_NET_C
+static_assert (false, "MBEDTLS_NET_C should be defined");
+#endif
+#ifndef MBEDTLS_RSA_C
+static_assert (false, "MBEDTLS_RSA_C should be defined");
+#endif
+#ifndef MBEDTLS_PEM_PARSE_C
+static_assert (false, "MBEDTLS_PEM_PARSE_C should be defined");
+#endif
+#ifndef MBEDTLS_CTR_DRBG_C
+static_assert (false, "MBEDTLS_CTR_DRBG_C should be defined");
+#endif
+#ifndef MBEDTLS_X509_CRT_PARSE_C
+static_assert (false, "MBEDTLS_X509_CRT_PARSE_C should be defined");
+#endif
+#ifndef MBEDTLS_FS_IO
+static_assert (false, "MBEDTLS_FS_IO should be defined");
+#endif
+//#ifndef MBEDTLS_USE_PSA_CRYPTO
+//static_assert (false, "MBEDTLS_USE_PSA_CRYPTO should be defined");
+//#endif
+#ifdef MBEDTLS_X509_REMOVE_INFO
+static_assert (false, "MBEDTLS_X509_REMOVE_INFO should not be defined");
+#endif
+
+
 // Gets a line from a socket.
 // The line may end with a newline, a carriage return, or a CR-LF combination.
 // It terminates the string read with a null character.
@@ -761,13 +807,13 @@ void https_server ()
   // On clients, don't run the secure web server.
   // It is not possible to get a https certificate for https://localhost anyway.
   // Not running this secure server saves valuable system resources on low power devices.
-#undef RUN_SECURE_SERVER // Todo
 #ifdef RUN_SECURE_SERVER
 
   // The https network port to listen on.
-  // Port 0..9 means this:: Don't run the secure web server.
+  // Port 0..9 means: Don't run the secure web server.
   const std::string network_port = config::logic::https_network_port ();
-  if (network_port.length() <= 1) return;
+  if (network_port.length() <= 1) 
+    return;
 
   // Check whether all the certificates are there and can be read.
   // If not, log some feedback and don't run the secure web server.
@@ -824,10 +870,16 @@ void https_server ()
   mbedtls_ctr_drbg_context ctr_drbg;
   mbedtls_ctr_drbg_init (&ctr_drbg);
 
+  const psa_status_t psa_status = psa_crypto_init();
+  if (psa_status != PSA_SUCCESS) {
+    Database_Logs::log("Failure to run PSA crypto initialization: Not running the secure server");
+    return;
+  }
+
   // Load the private RSA server key.
   mbedtls_pk_context pkey;
   mbedtls_pk_init (&pkey);
-  int ret = mbedtls_pk_parse_keyfile (&pkey, server_key_path.c_str (), nullptr);
+  int ret = mbedtls_pk_parse_keyfile (&pkey, server_key_path.c_str (), nullptr, mbedtls_ctr_drbg_random, &ctr_drbg);
   if (ret != 0) {
     filter_url_display_mbed_tls_error (ret, nullptr, true, std::string());
     Database_Logs::log("Invalid " + server_key_path + " so not running secure server");
@@ -928,6 +980,7 @@ void https_server ()
   mbedtls_ssl_cache_free (&cache);
   mbedtls_ctr_drbg_free (&ctr_drbg);
   mbedtls_entropy_free (&entropy);
+  mbedtls_psa_crypto_free();
 #endif
 }