Again, enable mbedtls 2

bibledit/cloud#944

1refresh.sh

@@ -90,11 +90,11 @@ sed -i.bak '/HAVE_UTF8PROC/d' config.h
 if [ $? != 0 ]; then exit; fi
 
 
-# Since Windows did have a few build problem on mbedTLS 3.x,
-# use mbedTLS 2.x just now.
+# Windows has a few build problems on mbedTLS 3.x.
+# Use mbedTLS 2.x just now.
 rm -rf mbedtls
 if [ $? != 0 ]; then exit; fi
-mv mbedtls2windows mbedtls
+mv mbedtls2 mbedtls
 if [ $? != 0 ]; then exit; fi
 
 # Disable threading in mbedTLS on Windows.

server/0readme.txt

@@ -0,0 +1,197 @@
+Building Bibledit
+=================
+
+MbedTLS
+=======
+
+The source tree contains two versions of MbedTLS.
+* MbedTLS 2.x in folder mbedtls2.
+* MbedTLS 3.x in folder mbedtls.
+
+Switching between the two versions can be done as follows.
+1. Put the desired version of MbedTLS in folder "mbedtls".
+   This may involve a rename operation.
+2. Put the relevant source code in Makefile.am.
+   The source code is listed below for both versions.
+
+Version 2 source code:
+
+  mbedtls/aes.c \
+  mbedtls/arc4.c \
+  mbedtls/asn1parse.c \
+  mbedtls/asn1write.c \
+  mbedtls/base64.c \
+  mbedtls/bignum.c \
+  mbedtls/blowfish.c \
+  mbedtls/camellia.c \
+  mbedtls/ccm.c \
+  mbedtls/certs.c \
+  mbedtls/chacha20.c \
+  mbedtls/chachapoly.c \
+  mbedtls/cipher.c \
+  mbedtls/cipher_wrap.c \
+  mbedtls/ctr_drbg.c \
+  mbedtls/debug.c \
+  mbedtls/des.c \
+  mbedtls/dhm.c \
+  mbedtls/ecdh.c \
+  mbedtls/ecdsa.c \
+  mbedtls/ecp.c \
+  mbedtls/ecp_curves.c \
+  mbedtls/entropy.c \
+  mbedtls/entropy_poll.c \
+  mbedtls/error.c \
+  mbedtls/gcm.c \
+  mbedtls/hmac_drbg.c \
+  mbedtls/md.c \
+  mbedtls/md5.c \
+  mbedtls/md_wrap.c \
+  mbedtls/net_sockets.c \
+  mbedtls/oid.c \
+  mbedtls/pem.c \
+  mbedtls/pk.c \
+  mbedtls/pk_wrap.c \
+  mbedtls/pkcs12.c \
+  mbedtls/pkcs5.c \
+  mbedtls/pkparse.c \
+  mbedtls/pkwrite.c \
+  mbedtls/platform_util.c \
+  mbedtls/platform.c \
+  mbedtls/poly1305.c \
+  mbedtls/ripemd160.c \
+  mbedtls/rsa.c \
+  mbedtls/rsa_internal.c \
+  mbedtls/sha1.c \
+  mbedtls/sha256.c \
+  mbedtls/sha512.c \
+  mbedtls/ssl_cache.c \
+  mbedtls/ssl_ciphersuites.c \
+  mbedtls/ssl_cli.c \
+  mbedtls/ssl_cookie.c \
+  mbedtls/ssl_srv.c \
+  mbedtls/ssl_ticket.c \
+  mbedtls/ssl_tls.c \
+  mbedtls/threading.c \
+  mbedtls/timing.c \
+  mbedtls/version.c \
+  mbedtls/version_features.c \
+  mbedtls/x509.c \
+  mbedtls/x509_create.c \
+  mbedtls/x509_crl.c \
+  mbedtls/x509_crt.c \
+  mbedtls/x509_csr.c \
+  mbedtls/x509write_crt.c \
+  mbedtls/x509write_csr.c \
+  mbedtls/xtea.c \
+
+Version 3 source code:
+
+  mbedtls/aes.c \
+  mbedtls/aesce.c \
+  mbedtls/aesni.c \
+  mbedtls/aria.c \
+  mbedtls/asn1parse.c \
+  mbedtls/asn1write.c \
+  mbedtls/base64.c \
+  mbedtls/bignum.c \
+  mbedtls/bignum_core.c \
+  mbedtls/bignum_mod.c \
+  mbedtls/bignum_mod_raw.c \
+  mbedtls/block_cipher.c \
+  mbedtls/camellia.c \
+  mbedtls/ccm.c \
+  mbedtls/chacha20.c \
+  mbedtls/chachapoly.c \
+  mbedtls/cipher.c \
+  mbedtls/cipher_wrap.c \
+  mbedtls/cmac.c \
+  mbedtls/constant_time.c \
+  mbedtls/ctr_drbg.c \
+  mbedtls/debug.c \
+  mbedtls/des.c \
+  mbedtls/dhm.c \
+  mbedtls/ecdh.c \
+  mbedtls/ecdsa.c \
+  mbedtls/ecjpake.c \
+  mbedtls/ecp.c \
+  mbedtls/ecp_curves.c \
+  mbedtls/ecp_curves_new.c \
+  mbedtls/entropy.c \
+  mbedtls/entropy_poll.c \
+  mbedtls/error.c \
+  mbedtls/gcm.c \
+  mbedtls/hkdf.c \
+  mbedtls/hmac_drbg.c \
+  mbedtls/lmots.c \
+  mbedtls/lms.c \
+  mbedtls/md.c \
+  mbedtls/md5.c \
+  mbedtls/memory_buffer_alloc.c \
+  mbedtls/mps_reader.c \
+  mbedtls/mps_trace.c \
+  mbedtls/net_sockets.c \
+  mbedtls/nist_kw.c \
+  mbedtls/oid.c \
+  mbedtls/padlock.c \
+  mbedtls/pem.c \
+  mbedtls/pk.c \
+  mbedtls/pk_ecc.c \
+  mbedtls/pk_wrap.c \
+  mbedtls/pkcs12.c \
+  mbedtls/pkcs5.c \
+  mbedtls/pkcs7.c \
+  mbedtls/pkparse.c \
+  mbedtls/pkwrite.c \
+  mbedtls/platform.c \
+  mbedtls/platform_util.c \
+  mbedtls/poly1305.c \
+  mbedtls/psa_crypto.c \
+  mbedtls/psa_crypto_aead.c \
+  mbedtls/psa_crypto_cipher.c \
+  mbedtls/psa_crypto_client.c \
+  mbedtls/psa_crypto_driver_wrappers_no_static.c \
+  mbedtls/psa_crypto_ecp.c \
+  mbedtls/psa_crypto_ffdh.c \
+  mbedtls/psa_crypto_hash.c \
+  mbedtls/psa_crypto_mac.c \
+  mbedtls/psa_crypto_pake.c \
+  mbedtls/psa_crypto_rsa.c \
+  mbedtls/psa_crypto_se.c \
+  mbedtls/psa_crypto_slot_management.c \
+  mbedtls/psa_crypto_storage.c \
+  mbedtls/psa_its_file.c \
+  mbedtls/psa_util.c \
+  mbedtls/ripemd160.c \
+  mbedtls/rsa.c \
+  mbedtls/rsa_alt_helpers.c \
+  mbedtls/sha1.c \
+  mbedtls/sha256.c \
+  mbedtls/sha3.c \
+  mbedtls/sha512.c \
+  mbedtls/ssl_cache.c \
+  mbedtls/ssl_ciphersuites.c \
+  mbedtls/ssl_client.c \
+  mbedtls/ssl_cookie.c \
+  mbedtls/ssl_debug_helpers_generated.c \
+  mbedtls/ssl_msg.c \
+  mbedtls/ssl_ticket.c \
+  mbedtls/ssl_tls.c \
+  mbedtls/ssl_tls12_client.c \
+  mbedtls/ssl_tls12_server.c \
+  mbedtls/ssl_tls13_client.c \
+  mbedtls/ssl_tls13_generic.c \
+  mbedtls/ssl_tls13_keys.c \
+  mbedtls/ssl_tls13_server.c \
+  mbedtls/threading.c \
+  mbedtls/timing.c \
+  mbedtls/version.c \
+  mbedtls/version_features.c \
+  mbedtls/x509.c \
+  mbedtls/x509_create.c \
+  mbedtls/x509_crl.c \
+  mbedtls/x509_crt.c \
+  mbedtls/x509_csr.c \
+  mbedtls/x509write.c \
+  mbedtls/x509write_crt.c \
+  mbedtls/x509write_csr.c \
+

server/config/config.h

@@ -95,5 +95,3 @@
 #define HAVE_TINY_JOURNAL 1
 #undef RUN_SECURE_SERVER
 #endif
-
-

server/filter/url.cpp

@@ -21,6 +21,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #include <webserver/http.h>
 #include <webserver/request.h>
 #include <config/globals.h>
+#include <config/config.h>
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wold-style-cast"
 #include <filter/UriCodec.hpp>
@@ -34,7 +35,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #endif
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wc99-extensions"
-#include <mbedtls/build_info.h>
+#include <mbedtls/version.h>
 #include <mbedtls/platform.h>
 #include "mbedtls/net_sockets.h"
 #include "mbedtls/debug.h"
@@ -99,6 +100,13 @@ static_assert (false, "MBEDTLS_X509_REMOVE_INFO should not be defined");
 #endif
 
 
+#if MBEDTLS_VERSION_MAJOR == 2
+#elif MBEDTLS_VERSION_MAJOR == 3
+#else
+static_assert (false, "MbedTLS version other than 2 or 3");
+#endif
+
+
 // SSL/TLS variables.
 static mbedtls_x509_crt x509_ca_cert;
 static mbedtls_ctr_drbg_context ctr_drbg_context;
@@ -1927,9 +1935,11 @@ void filter_url_ssl_tls_initialize ()
   mbedtls_ctr_drbg_init (&ctr_drbg_context);
   mbedtls_entropy_init (&entropy_context);
 
-  // Initialize the Platform Security Architecture.
+  // Initialize the Platform Security Architecture that MbedTLS version 3 introduces.
+#if MBEDTLS_VERSION_MAJOR == 3
   psa_status_t status = psa_crypto_init();
   filter_url_display_mbed_tls_error (status, nullptr, false, std::string());
+#endif
 
   // Seed the random number generator.
   constexpr const auto pers = "Client";
@@ -1953,7 +1963,9 @@ void filter_url_ssl_tls_finalize ()
   mbedtls_ctr_drbg_free (&ctr_drbg_context);
   mbedtls_entropy_free (&entropy_context);
   mbedtls_x509_crt_free (&x509_ca_cert);
+#if MBEDTLS_VERSION_MAJOR == 3
   mbedtls_psa_crypto_free();
+#endif
 }
 
 

server/pkgdata/files.txt

@@ -1,3 +1,4 @@
+/0readme.txt
 /access
 /assets
 /assets/bibledit.png
@@ -184,7 +185,6 @@
 /config
 /config/config.txt
 /config/googletranslate.txt
-/config.h.bak
 /config/ldap.txt
 /config/local.authorities.crt
 /config/local.cert.pem
@@ -550,8 +550,8 @@
 /mapping/Vulgate.txt
 /mbedtls
 /mbedtls/0readme.txt
-/mbedtls2windows
-/mbedtls2windows/0readme.txt
+/mbedtls2
+/mbedtls2/0readme.txt
 /menu
 /microtar
 /microtar/LICENSE
@@ -675,7 +675,6 @@
 /pix/safari-pinned-tab.svg
 /pix/splash.jpg
 /pkgdata
-/pkgdata/.!72340!files.txt
 /pkgdata/create.sh
 /pkgdata/files.txt
 /pkgdata/install.sh

server/webserver/webserver.cpp

@@ -28,7 +28,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #include <filter/date.h>
 #pragma GCC diagnostic push
 #pragma clang diagnostic ignored "-Wc99-extensions"
-#include <mbedtls/build_info.h>
+#include <mbedtls/version.h>
 #include <mbedtls/platform.h>
 #include "mbedtls/entropy.h"
 #include "mbedtls/ctr_drbg.h"
@@ -89,6 +89,13 @@ static_assert (false, "MBEDTLS_X509_REMOVE_INFO should not be defined");
 #endif
 
 
+#if MBEDTLS_VERSION_MAJOR == 2
+#elif MBEDTLS_VERSION_MAJOR == 3
+#else
+static_assert (false, "MbedTLS version other than 2 or 3");
+#endif
+
+
 // Gets a line from a socket.
 // The line may end with a newline, a carriage return, or a CR-LF combination.
 // It terminates the string read with a null character.
@@ -870,16 +877,24 @@ void https_server ()
   mbedtls_ctr_drbg_context ctr_drbg;
   mbedtls_ctr_drbg_init (&ctr_drbg);
 
+#if MBEDTLS_VERSION_MAJOR == 3
   const psa_status_t psa_status = psa_crypto_init();
   if (psa_status != PSA_SUCCESS) {
     Database_Logs::log("Failure to run PSA crypto initialization: Not running the secure server");
     return;
   }
+#endif
 
   // Load the private RSA server key.
   mbedtls_pk_context pkey;
   mbedtls_pk_init (&pkey);
-  int ret = mbedtls_pk_parse_keyfile (&pkey, server_key_path.c_str (), nullptr, mbedtls_ctr_drbg_random, &ctr_drbg);
+  int ret =
+#if MBEDTLS_VERSION_MAJOR == 2
+  mbedtls_pk_parse_keyfile (&pkey, server_key_path.c_str (), nullptr);
+#endif
+#if MBEDTLS_VERSION_MAJOR == 3
+  mbedtls_pk_parse_keyfile (&pkey, server_key_path.c_str (), nullptr, mbedtls_ctr_drbg_random, &ctr_drbg);
+#endif
   if (ret != 0) {
     filter_url_display_mbed_tls_error (ret, nullptr, true, std::string());
     Database_Logs::log("Invalid " + server_key_path + " so not running secure server");
@@ -980,8 +995,11 @@ void https_server ()
   mbedtls_ssl_cache_free (&cache);
   mbedtls_ctr_drbg_free (&ctr_drbg);
   mbedtls_entropy_free (&entropy);
+#if MBEDTLS_VERSION_MAJOR == 3
   mbedtls_psa_crypto_free();
 #endif
+
+#endif // ifdef RUN_SECURE_SERVER
 }
 
 

server/xcode.xcodeproj/project.pbxproj

@@ -234,6 +234,7 @@
 		CA77114727524BC8003ADD67 /* libicuuc.67.1.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libicuuc.67.1.dylib; path = ../../../../opt/local/lib/libicuuc.67.1.dylib; sourceTree = "<group>"; };
 		CA77114927524BFF003ADD67 /* libicudata.67.1.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libicudata.67.1.dylib; path = ../../../../opt/local/lib/libicudata.67.1.dylib; sourceTree = "<group>"; };
 		CA772E29262F58580097D5C7 /* studylight.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = studylight.cpp; sourceTree = "<group>"; };
+		CA7A057B2C4C067C0087DBE5 /* 0readme.txt */ = {isa = PBXFileReference; lastKnownFileType = text; path = 0readme.txt; sourceTree = "<group>"; };
 		CA83A69F289D7C9F0038E298 /* googletranslate.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = googletranslate.cpp; sourceTree = "<group>"; };
 		CA83A6A0289D7C9F0038E298 /* googletranslate.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = googletranslate.h; sourceTree = "<group>"; };
 		CA83A6A1289D7C9F0038E298 /* googletranslate.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = googletranslate.html; sourceTree = "<group>"; };
@@ -1907,6 +1908,7 @@
 		CA18ADB624F169DA00FF603C = {
 			isa = PBXGroup;
 			children = (
+				CA7A057B2C4C067C0087DBE5 /* 0readme.txt */,
 				CADE36FD24F1737A003165BB /* access */,
 				CADE36FC24F1737A003165BB /* aclocal.m4 */,
 				CADE370D24F1737A003165BB /* assets */,