parent
c310e3339f
commit
e49759025f
@ -2,8 +2,10 @@
|
|||||||
|
|
||||||
set -eu
|
set -eu
|
||||||
|
|
||||||
|
CWD=$(pwd)
|
||||||
|
|
||||||
echo "Compiling mbedtls"
|
echo "Compiling mbedtls"
|
||||||
(cd mbedtls && make no_test)
|
(cd mbedtls && CFLAGS="-fPIC -I$CWD/src/main/c -DMBEDTLS_USER_CONFIG_FILE='<mbedtls_custom_config.h>'" make no_test)
|
||||||
|
|
||||||
echo "Compiling zlib"
|
echo "Compiling zlib"
|
||||||
(cd zlib && CFLAGS=-fPIC ./configure --static && make)
|
(cd zlib && CFLAGS=-fPIC ./configure --static && make)
|
||||||
|
@ -5,11 +5,15 @@
|
|||||||
#include "shared.h"
|
#include "shared.h"
|
||||||
#include "net_md_5_bungee_jni_cipher_NativeCipherImpl.h"
|
#include "net_md_5_bungee_jni_cipher_NativeCipherImpl.h"
|
||||||
|
|
||||||
|
// Hack to keep the compiler from optimizing the memset away
|
||||||
|
static void *(*const volatile memset_func)(void *, int, size_t) = memset;
|
||||||
|
|
||||||
typedef unsigned char byte;
|
typedef unsigned char byte;
|
||||||
|
|
||||||
typedef struct crypto_context {
|
typedef struct crypto_context {
|
||||||
int mode;
|
int mode;
|
||||||
mbedtls_aes_context cipher;
|
mbedtls_aes_context cipher;
|
||||||
|
int keyLen;
|
||||||
byte key[];
|
byte key[];
|
||||||
} crypto_context;
|
} crypto_context;
|
||||||
|
|
||||||
@ -22,6 +26,7 @@ jlong JNICALL Java_net_md_15_bungee_jni_cipher_NativeCipherImpl_init(JNIEnv* env
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
crypto->keyLen = (int) keyLen;
|
||||||
(*env)->GetByteArrayRegion(env, key, 0, keyLen, (jbyte*) &crypto->key);
|
(*env)->GetByteArrayRegion(env, key, 0, keyLen, (jbyte*) &crypto->key);
|
||||||
|
|
||||||
mbedtls_aes_init(&crypto->cipher);
|
mbedtls_aes_init(&crypto->cipher);
|
||||||
@ -36,6 +41,7 @@ void Java_net_md_15_bungee_jni_cipher_NativeCipherImpl_free(JNIEnv* env, jobject
|
|||||||
crypto_context *crypto = (crypto_context*) ctx;
|
crypto_context *crypto = (crypto_context*) ctx;
|
||||||
|
|
||||||
mbedtls_aes_free(&crypto->cipher);
|
mbedtls_aes_free(&crypto->cipher);
|
||||||
|
memset_func(crypto->key, 0, (size_t) crypto->keyLen);
|
||||||
free(crypto);
|
free(crypto);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
31
native/src/main/c/mbedtls_custom_config.h
Normal file
31
native/src/main/c/mbedtls_custom_config.h
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
|
||||||
|
// This is a hack to deal with a glitch that happens when mbedtls is compiled against glibc
|
||||||
|
// but then run on a linux distro that uses musl libc. This implementation of the zeroize
|
||||||
|
// is compatible with both glibc and musl without requiring the library to be recompiled.
|
||||||
|
|
||||||
|
// I checked with a disassembler and for BungeeCord's usage of the library, implementing
|
||||||
|
// this function as a static function only resulted in 2 different subroutines referencing
|
||||||
|
// different versions of memset_func, so we might as well keep things simple and use a
|
||||||
|
// static function here instead of requiring the mbedtls makefile to be modified to add
|
||||||
|
// additional source files.
|
||||||
|
|
||||||
|
#ifndef _INCLUDE_MBEDTLS_CUSTOM_CONFIG_H
|
||||||
|
#define _INCLUDE_MBEDTLS_CUSTOM_CONFIG_H
|
||||||
|
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
#define MBEDTLS_PLATFORM_ZEROIZE_ALT
|
||||||
|
|
||||||
|
#define mbedtls_platform_zeroize mbedtls_platform_zeroize_impl
|
||||||
|
|
||||||
|
// hack to prevent compilers from optimizing the memset away
|
||||||
|
static void *(*const volatile memset_func)(void *, int, size_t) = memset;
|
||||||
|
|
||||||
|
static void mbedtls_platform_zeroize_impl(void *buf, size_t len) {
|
||||||
|
if (len > 0) {
|
||||||
|
memset_func(buf, 0, len);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif // _INCLUDE_MBEDTLS_CUSTOM_CONFIG_H
|
||||||
|
|
Binary file not shown.
Loading…
Reference in New Issue
Block a user