PUBLIC_REPOS
/
buildroot
kopia lustrzana git://git.buildroot.net/buildroot


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879
							From 91666a38b7bd4bd353394986d8343a33ba61d8e2 Mon Sep 17 00:00:00 2001
From: Hauke Mehrtens <hauke@hauke-m.de>
Date: Sat, 11 Nov 2023 22:13:24 +0100
Subject: [PATCH] ustream-mbedtls: Add compatibility with Mbed TLS 3.0.0

This adds support for compiling the code against Mbed TLS 3.0.0.
It still compiles against Mbed TLS 2.28.

The following changes were needed:
 * DES and 3DES was removed
 * mbedtls_pk_context->pk_info is private, use mbedtls_pk_get_type()
   to check if it was initialized
 * mbedtls_pk_parse_keyfile() now gets a random callback
 * mbedtls/certs.h contains test data and is not installed any more and
   not needed.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Upstream: https://git.openwrt.org/?p=project/ustream-ssl.git;a=commit;h=91666a38b7bd4bd353394986d8343a33ba61d8e2
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
---
 ustream-mbedtls.c | 12 +++++++++++-
 ustream-mbedtls.h |  1 -
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/ustream-mbedtls.c b/ustream-mbedtls.c
index 7fc7874..1c70cac 100644
--- a/ustream-mbedtls.c
+++ b/ustream-mbedtls.c
@@ -110,9 +110,15 @@ static const int default_ciphersuites_client[] =
 	AES_CBC_CIPHERS(ECDHE_ECDSA),
 	AES_CBC_CIPHERS(ECDHE_RSA),
 	AES_CBC_CIPHERS(DHE_RSA),
+/* Removed in Mbed TLS 3.0.0 */
+#ifdef MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
 	MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+#endif
 	AES_CIPHERS(RSA),
+/* Removed in Mbed TLS 3.0.0 */
+#ifdef MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
 	MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+#endif
 	0
 };
 
@@ -171,7 +177,7 @@ static void ustream_ssl_update_own_cert(struct ustream_ssl_ctx *ctx)
 	if (!ctx->cert.version)
 		return;
 
-	if (!ctx->key.pk_info)
+	if (mbedtls_pk_get_type(&ctx->key) == MBEDTLS_PK_NONE)
 		return;
 
 	mbedtls_ssl_conf_own_cert(&ctx->conf, &ctx->cert, &ctx->key);
@@ -206,7 +212,11 @@ __hidden int __ustream_ssl_set_key_file(struct ustream_ssl_ctx *ctx, const char
 {
 	int ret;
 
+#if (MBEDTLS_VERSION_NUMBER >= 0x03000000)
+	ret = mbedtls_pk_parse_keyfile(&ctx->key, file, NULL, _random, NULL);
+#else
 	ret = mbedtls_pk_parse_keyfile(&ctx->key, file, NULL);
+#endif
 	if (ret)
 		return -1;
 
diff --git a/ustream-mbedtls.h b/ustream-mbedtls.h
index e622e5e..7e7c699 100644
--- a/ustream-mbedtls.h
+++ b/ustream-mbedtls.h
@@ -21,7 +21,6 @@
 
 #include <mbedtls/net_sockets.h>
 #include <mbedtls/ssl.h>
-#include <mbedtls/certs.h>
 #include <mbedtls/x509.h>
 #include <mbedtls/rsa.h>
 #include <mbedtls/error.h>
-- 
2.30.2