[Privoxy-commits] [privoxy] 02/07: Remove support for mbedtls 2.x
User Git
git at git.privoxy.org
Mon Feb 23 12:55:29 CET 2026
This is an automated email from the git hooks/post-receive script.
git pushed a commit to branch master
in repository privoxy.
commit 956b5ce709014db24c48b6a849e954c5c3e6a265
Author: Fabian Keil <fk at fabiankeil.de>
AuthorDate: Sun Feb 8 15:04:30 2026 +0100
Remove support for mbedtls 2.x
---
ssl.c | 81 -------------------------------------------------------------------
1 file changed, 81 deletions(-)
diff --git a/ssl.c b/ssl.c
index c174fbaa..37d7756c 100644
--- a/ssl.c
+++ b/ssl.c
@@ -344,13 +344,8 @@ extern int create_client_ssl_connection(struct client_state *csp)
goto exit;
}
-#if MBEDTLS_VERSION_MAJOR < 3
- ret = mbedtls_pk_parse_keyfile(&(ssl_attr->mbedtls_attr.prim_key),
- key_file, NULL);
-#else
ret = mbedtls_pk_parse_keyfile(&(ssl_attr->mbedtls_attr.prim_key),
key_file, NULL, mbedtls_ctr_drbg_random, &ctr_drbg);
-#endif
if (ret != 0)
{
mbedtls_strerror(ret, err_buf, sizeof(err_buf));
@@ -1263,11 +1258,7 @@ static int generate_host_certificate(struct client_state *csp)
mbedtls_pk_context *issuer_key = &loaded_issuer_key;
mbedtls_pk_context *subject_key = &loaded_subject_key;
mbedtls_x509write_cert cert;
-#if MBEDTLS_VERSION_MAJOR < 3
- mbedtls_mpi serial;
-#else
unsigned char serial_buf[16];
-#endif
unsigned char *key_buf = NULL; /* Buffer for created key */
@@ -1363,9 +1354,6 @@ static int generate_host_certificate(struct client_state *csp)
mbedtls_x509write_crt_set_md_alg(&cert, CERT_SIGNATURE_ALGORITHM);
mbedtls_pk_init(&loaded_issuer_key);
mbedtls_pk_init(&loaded_subject_key);
-#if MBEDTLS_VERSION_MAJOR < 3
- mbedtls_mpi_init(&serial);
-#endif
mbedtls_x509_crt_init(&issuer_cert);
/*
@@ -1379,32 +1367,6 @@ static int generate_host_certificate(struct client_state *csp)
char cert_params[cert_params_len];
memset(cert_params, 0, cert_params_len);
-#if MBEDTLS_VERSION_MAJOR < 3
- /*
- * Converting unsigned long serial number to char * serial number.
- * We must compute length of serial number in string + terminating null.
- */
- unsigned long certificate_serial = get_certificate_serial(csp);
- unsigned long certificate_serial_time = (unsigned long)time(NULL);
- int serial_num_size = snprintf(NULL, 0, "%lu%lu",
- certificate_serial_time, certificate_serial) + 1;
- if (serial_num_size <= 0)
- {
- serial_num_size = 1;
- }
-
- char serial_num_text[serial_num_size]; /* Buffer for serial number */
- ret = snprintf(serial_num_text, (size_t)serial_num_size, "%lu%lu",
- certificate_serial_time, certificate_serial);
- if (ret < 0 || ret >= serial_num_size)
- {
- log_error(LOG_LEVEL_ERROR,
- "Converting certificate serial number into string failed.");
- ret = -1;
- goto exit;
- }
-#endif
-
/*
* Preparing parameters for certificate
*/
@@ -1432,9 +1394,6 @@ static int generate_host_certificate(struct client_state *csp)
cert_opt.subject_name = cert_params;
cert_opt.not_before = cert_valid_from;
cert_opt.not_after = cert_valid_to;
-#if MBEDTLS_VERSION_MAJOR < 3
- cert_opt.serial = serial_num_text;
-#endif
cert_opt.is_ca = 0;
cert_opt.max_pathlen = -1;
@@ -1459,21 +1418,6 @@ static int generate_host_certificate(struct client_state *csp)
goto exit;
}
-#if MBEDTLS_VERSION_MAJOR < 3
- /*
- * Parse serial to MPI
- */
- ret = mbedtls_mpi_read_string(&serial, 10, cert_opt.serial);
- if (ret != 0)
- {
- mbedtls_strerror(ret, err_buf, sizeof(err_buf));
- log_error(LOG_LEVEL_ERROR,
- "mbedtls_mpi_read_string failed: %s", err_buf);
- ret = -1;
- goto exit;
- }
-#endif
-
/*
* Loading certificates
*/
@@ -1503,28 +1447,17 @@ static int generate_host_certificate(struct client_state *csp)
if (key_buf != NULL && subject_key_len > 0)
{
/* Key was created in this function and is stored in buffer */
-#if MBEDTLS_VERSION_MAJOR < 3
- ret = mbedtls_pk_parse_key(&loaded_subject_key, key_buf,
- (size_t)(subject_key_len + 1), (unsigned const char *)
- cert_opt.subject_pwd, strlen(cert_opt.subject_pwd));
-#else
ret = mbedtls_pk_parse_key(&loaded_subject_key, key_buf,
(size_t)(subject_key_len + 1), (unsigned const char *)
cert_opt.subject_pwd, strlen(cert_opt.subject_pwd),
mbedtls_ctr_drbg_random, &ctr_drbg);
-#endif
}
else
{
/* Key wasn't created in this function, because it already existed */
-#if MBEDTLS_VERSION_MAJOR < 3
- ret = mbedtls_pk_parse_keyfile(&loaded_subject_key,
- cert_opt.subject_key, cert_opt.subject_pwd);
-#else
ret = mbedtls_pk_parse_keyfile(&loaded_subject_key,
cert_opt.subject_key, cert_opt.subject_pwd,
mbedtls_ctr_drbg_random, &ctr_drbg);
-#endif
}
if (ret != 0)
@@ -1536,13 +1469,8 @@ static int generate_host_certificate(struct client_state *csp)
goto exit;
}
-#if MBEDTLS_VERSION_MAJOR < 3
- ret = mbedtls_pk_parse_keyfile(&loaded_issuer_key, cert_opt.issuer_key,
- cert_opt.issuer_pwd);
-#else
ret = mbedtls_pk_parse_keyfile(&loaded_issuer_key, cert_opt.issuer_key,
cert_opt.issuer_pwd, mbedtls_ctr_drbg_random, &ctr_drbg);
-#endif
if (ret != 0)
{
mbedtls_strerror(ret, err_buf, sizeof(err_buf));
@@ -1578,13 +1506,9 @@ static int generate_host_certificate(struct client_state *csp)
goto exit;
}
-#if MBEDTLS_VERSION_MAJOR < 3
- ret = mbedtls_x509write_crt_set_serial(&cert, &serial);
-#else
mbedtls_ctr_drbg_random(&ctr_drbg, serial_buf, sizeof(serial_buf));
ret = mbedtls_x509write_crt_set_serial_raw(&cert,
(unsigned char *)&serial_buf, sizeof(serial_buf));
-#endif
if (ret != 0)
{
mbedtls_strerror(ret, err_buf, sizeof(err_buf));
@@ -1669,9 +1593,6 @@ exit:
mbedtls_x509write_crt_free(&cert);
mbedtls_pk_free(&loaded_subject_key);
mbedtls_pk_free(&loaded_issuer_key);
-#if MBEDTLS_VERSION_MAJOR < 3
- mbedtls_mpi_free(&serial);
-#endif
mbedtls_x509_crt_free(&issuer_cert);
freez(cert_opt.subject_key);
@@ -1830,7 +1751,6 @@ static int seed_rng(struct client_state *csp)
privoxy_mutex_lock(&ssl_init_mutex);
if (rng_seeded == 0)
{
-#if MBEDTLS_VERSION_MAJOR >= 3
psa_status_t status = psa_crypto_init();
if (PSA_SUCCESS != status)
{
@@ -1838,7 +1758,6 @@ static int seed_rng(struct client_state *csp)
privoxy_mutex_unlock(&ssl_init_mutex);
return -1;
}
-#endif
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Privoxy-commits
mailing list