Control: found -1 0.13-5 Control: tags -1 pending Hi,
I intend to NMU this package with the attached patch in a few days to fix this bug. The main content of the patch is the same as the patch I originally sent. Please tell me if you don't want me to. Thanks, James
diff -Nru gatling-0.13/debian/changelog gatling-0.13/debian/changelog --- gatling-0.13/debian/changelog 2013-11-04 20:31:30.000000000 +0000 +++ gatling-0.13/debian/changelog 2016-01-15 23:32:39.000000000 +0000 @@ -1,3 +1,10 @@ +gatling (0.13-5.1) unstable; urgency=medium + + * Non-maintainer upload. + * Switch from PolarSSL to mbedTLS. (Closes: #808059) + + -- James Cowgill <james...@cowgill.org.uk> Fri, 15 Jan 2016 23:32:12 +0000 + gatling (0.13-5) unstable; urgency=low * Fix FTBFS by adjusting to new polarssl API (Closes: #728625) diff -Nru gatling-0.13/debian/control gatling-0.13/debian/control --- gatling-0.13/debian/control 2013-05-09 14:52:50.000000000 +0100 +++ gatling-0.13/debian/control 2015-11-20 02:20:32.000000000 +0000 @@ -3,7 +3,7 @@ Priority: optional Maintainer: Vedran Furač <vedran.fu...@gmail.com> Uploaders: Roland Stigge <sti...@antcom.de> -Build-Depends: debhelper (>= 9), libowfat-dev (>= 0.29-2), procps, zlib1g-dev, libssl-dev, libpolarssl-dev (>= 1.2.0) +Build-Depends: debhelper (>= 9), libowfat-dev (>= 0.29-2), procps, zlib1g-dev, libssl-dev, libmbedtls-dev Standards-Version: 3.9.4 Homepage: http://www.fefe.de/gatling/ diff -Nru gatling-0.13/debian/patches/10-mbedtls.patch gatling-0.13/debian/patches/10-mbedtls.patch --- gatling-0.13/debian/patches/10-mbedtls.patch 1970-01-01 01:00:00.000000000 +0100 +++ gatling-0.13/debian/patches/10-mbedtls.patch 2015-12-15 16:26:36.000000000 +0000 @@ -0,0 +1,401 @@ +Description: Switch from polarssl to mbedtls +Author: James Cowgill <james...@cowgill.org> +Forwarded: no +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/GNUmakefile ++++ b/GNUmakefile +@@ -84,10 +84,10 @@ tlsgatling_nofail: gatling.c ssl.o $(HTT + -$(CC) -o tlsgatling gatling.c ssl.o $(HTTPS_OBJS) $(CFLAGS) -DSUPPORT_HTTPS $(LDFLAGS) -lssl -lcrypto $(LDLIBS) + + ptlsgatling: gatling.c pssl.o $(PHTTPS_OBJS) libsocket libiconv libcrypt +- $(CC) -o $@ gatling.c pssl.c $(PHTTPS_OBJS) $(CFLAGS) -DSUPPORT_HTTPS -DUSE_POLARSSL $(LDFLAGS) -lpolarssl $(LDLIBS) ++ $(CC) -o $@ gatling.c pssl.c $(PHTTPS_OBJS) $(CFLAGS) -DSUPPORT_HTTPS -DUSE_MBEDTLS $(LDFLAGS) -lmbedcrypto -lmbedx509 -lmbedtls $(LDLIBS) + + ptlsgatling_nofail: gatling.c pssl.o $(PHTTPS_OBJS) libsocket libiconv libcrypt +- -$(CC) -o ptlsgatling gatling.c pssl.c $(PHTTPS_OBJS) $(CFLAGS) -DSUPPORT_HTTPS -DUSE_POLARSSL $(LDFLAGS) -lpolarssl $(LDLIBS) ++ -$(CC) -o ptlsgatling gatling.c pssl.c $(PHTTPS_OBJS) $(CFLAGS) -DSUPPORT_HTTPS -DUSE_MBEDTLS $(LDFLAGS) -lmbedcrypto -lmbedx509 -lmbedtls $(LDLIBS) + + gatling: gatling.o $(OBJS) md5lib + $(CC) $(LDFLAGS) $@.o $(OBJS) -o $@ $(LDLIBS) `cat md5lib` +@@ -113,7 +113,7 @@ https.o: http.c + $(CC) -c $< -o $@ -I. $(CFLAGS) -DSUPPORT_HTTPS + + phttps.o: http.c +- $(CC) -c $< -o $@ -I. $(CFLAGS) -DSUPPORT_HTTPS -DUSE_POLARSSL ++ $(CC) -c $< -o $@ -I. $(CFLAGS) -DSUPPORT_HTTPS -DUSE_MBEDTLS + + %: %.o + $(CC) $(LDFLAGS) $@.o -o $@ $(LDLIBS) +--- a/gatling.c ++++ b/gatling.c +@@ -259,8 +259,8 @@ void cleanup(int64 fd) { + #ifdef USE_OPENSSL + if (h->ssl) SSL_free(h->ssl); + #endif +-#ifdef USE_POLARSSL +- ssl_free(&h->ssl); ++#ifdef USE_MBEDTLS ++ mbedtls_ssl_free(&h->ssl); + #endif + #endif + #ifdef SUPPORT_SMB +@@ -707,11 +707,7 @@ static void accept_server_connection(int + #else + fchdir(origdir); + #endif +-#ifdef USE_OPENSSL + if (init_serverside_tls(&h->ssl,n)) +-#elif defined(USE_POLARSSL) +- if (init_serverside_tls(&h->ssl,&h->ssn,n)) +-#endif + { + if (logging) { + char a[FMT_ULONG]; +@@ -789,22 +785,22 @@ int handle_ssl_error_code(int sock,int c + io_wantwrite(sock); + io_dontwantread(sock); + return 0; +-#elif defined(USE_POLARSSL) +- case POLARSSL_ERR_NET_WANT_READ: ++#elif defined(USE_MBEDTLS) ++ case MBEDTLS_ERR_SSL_WANT_READ: + io_wantread(sock); + io_dontwantwrite(sock); + return 0; +- case POLARSSL_ERR_NET_WANT_WRITE: ++ case MBEDTLS_ERR_SSL_WANT_WRITE: + io_wantwrite(sock); + io_dontwantread(sock); + return 0; + #endif + #ifdef USE_OPENSSL + case SSL_ERROR_SYSCALL: +-#elif defined(USE_POLARSSL) +- case POLARSSL_ERR_NET_RECV_FAILED: +- case POLARSSL_ERR_NET_SEND_FAILED: +- case POLARSSL_ERR_NET_CONN_RESET: ++#elif defined(USE_MBEDTLS) ++ case MBEDTLS_ERR_NET_RECV_FAILED: ++ case MBEDTLS_ERR_NET_SEND_FAILED: ++ case MBEDTLS_ERR_NET_CONN_RESET: + errno=ECONNRESET; + #endif + // we already signal the error up and upsteam will then write an +@@ -870,8 +866,8 @@ void do_sslaccept(int sock,struct http_d + r=SSL_get_error(h->ssl,SSL_accept(h->ssl)); + // printf("do_sslaccept -> %d\n",r); + if (r==SSL_ERROR_NONE) +-#elif defined(USE_POLARSSL) +- r=ssl_handshake(&h->ssl); ++#elif defined(USE_MBEDTLS) ++ r=mbedtls_ssl_handshake(&h->ssl); + if (r==0) + #endif + { +@@ -905,8 +901,8 @@ static void handle_read_misc(int64 i,str + if (h->t == HTTPSREQUEST) { + #ifdef USE_OPENSSL + l=SSL_read(h->ssl,buf,sizeof(buf)); +-#elif defined(USE_POLARSSL) +- l=ssl_read(&h->ssl,(unsigned char*)buf,sizeof(buf)); ++#elif defined(USE_MBEDTLS) ++ l=mbedtls_ssl_read(&h->ssl,(unsigned char*)buf,sizeof(buf)); + #else + #error fixme + #endif +@@ -915,9 +911,9 @@ static void handle_read_misc(int64 i,str + if (l==-1) { + l=SSL_get_error(h->ssl,l); + if (l==SSL_ERROR_WANT_READ || l==SSL_ERROR_WANT_WRITE) { +-#elif defined(USE_POLARSSL) ++#elif defined(USE_MBEDTLS) + if (l<0) { +- if (l==POLARSSL_ERR_NET_WANT_READ || l==POLARSSL_ERR_NET_WANT_WRITE) { ++ if (l==MBEDTLS_ERR_SSL_WANT_READ || l==MBEDTLS_ERR_SSL_WANT_WRITE) { + #else + #error fixme + #endif +@@ -928,8 +924,8 @@ static void handle_read_misc(int64 i,str + return; + } + l=-1; +-#ifdef USE_POLARSSL +- } else if (l==POLARSSL_ERR_NET_RECV_FAILED) { ++#ifdef USE_MBEDTLS ++ } else if (l==MBEDTLS_ERR_NET_RECV_FAILED) { + l=0; + #endif + } else { +@@ -1117,8 +1113,8 @@ int64 https_write_callback(int64 sock,co + l=SSL_write(H->ssl,buf,n); + if (l<0) { + l=SSL_get_error(H->ssl,l); +-#elif defined(USE_POLARSSL) +- l=ssl_write(&H->ssl,buf,n); ++#elif defined(USE_MBEDTLS) ++ l=mbedtls_ssl_write(&H->ssl,buf,n); + if (l<0) { + #endif + if (handle_ssl_error_code(sock,l,0)==-1) { +@@ -1127,8 +1123,8 @@ int64 https_write_callback(int64 sock,co + } + #ifdef USE_OPENSSL + if (l==SSL_ERROR_WANT_READ || l==SSL_ERROR_WANT_WRITE) { +-#elif defined(USE_POLARSSL) +- if (l==POLARSSL_ERR_NET_WANT_READ || l==POLARSSL_ERR_NET_WANT_WRITE) { ++#elif defined(USE_MBEDTLS) ++ if (l==MBEDTLS_ERR_SSL_WANT_READ || l==MBEDTLS_ERR_SSL_WANT_WRITE) { + #endif + l=-1; errno=EAGAIN; + } else +--- a/gatling.h ++++ b/gatling.h +@@ -98,7 +98,7 @@ enum conntype { + + #ifdef SUPPORT_HTTPS + +-#ifdef USE_POLARSSL ++#ifdef USE_MBEDTLS + #undef USE_OPENSSL + #else + #define USE_OPENSSL +@@ -111,10 +111,11 @@ enum conntype { + extern int init_serverside_tls(SSL** ssl,int sock); + #endif + +-#ifdef USE_POLARSSL ++#ifdef USE_MBEDTLS + /* in pssl.c */ +-#include <polarssl/ssl.h> +-extern int init_serverside_tls(ssl_context* ssl,ssl_session* ssn,int sock); ++#include <mbedtls/ssl.h> ++#include <mbedtls/net.h> ++extern int init_serverside_tls(mbedtls_ssl_context* ssl, int sock); + #endif + + #endif +@@ -169,9 +170,8 @@ struct http_data { + char* oldheader; /* old, unmodified request */ + #endif + #ifdef SUPPORT_HTTPS +-#ifdef USE_POLARSSL +- ssl_context ssl; +- ssl_session ssn; ++#ifdef USE_MBEDTLS ++ mbedtls_ssl_context ssl; + #endif + #ifdef USE_OPENSSL + SSL* ssl; +--- a/http.c ++++ b/http.c +@@ -22,12 +22,12 @@ + #include <dirent.h> + #ifdef __dietlibc__ + #include <md5.h> +-#elif defined(USE_POLARSSL) +-#include <polarssl/md5.h> +-#define MD5_CTX md5_context +-#define MD5Init md5_starts +-#define MD5Update md5_update +-#define MD5Final(out,ctx) md5_finish(ctx,out) ++#elif defined(USE_MBEDTLS) ++#include <mbedtls/md5.h> ++#define MD5_CTX mbedtls_md5_context ++#define MD5Init mbedtls_md5_starts ++#define MD5Update mbedtls_md5_update ++#define MD5Final(out,ctx) mbedtls_md5_finish(ctx,out) + #else + #include <openssl/md5.h> + #define MD5Init MD5_Init +@@ -871,8 +871,8 @@ punt2: + if (ctx_for_sockfd->t==HTTPSREQUEST) + #if defined(USE_OPENSSL) + SSL_write(ctx_for_sockfd->ssl,contmsg,sizeof(contmsg)-1); +-#elif defined(USE_POLARSSL) +- ssl_write(&ctx_for_sockfd->ssl,(const unsigned char*)contmsg,sizeof(contmsg)-1); ++#elif defined(USE_MBEDTLS) ++ mbedtls_ssl_write(&ctx_for_sockfd->ssl,(const unsigned char*)contmsg,sizeof(contmsg)-1); + #else + #warn fixme update SSL code in http.c + #endif +@@ -1112,10 +1112,10 @@ int read_http_post(int sockfd,struct htt + if (i<0) { + i=SSL_get_error(H->ssl,i); + if (l==SSL_ERROR_WANT_READ || l==SSL_ERROR_WANT_WRITE) { +-#elif defined(USE_POLARSSL) +- i=ssl_read(&H->ssl,(unsigned char*)buf,l); ++#elif defined(USE_MBEDTLS) ++ i=mbedtls_ssl_read(&H->ssl,(unsigned char*)buf,l); + if (i<0) { +- if (l==POLARSSL_ERR_NET_WANT_READ || l==POLARSSL_ERR_NET_WANT_WRITE) { ++ if (l==MBEDTLS_ERR_SSL_WANT_READ || l==MBEDTLS_ERR_SSL_WANT_WRITE) { + #endif + io_eagain(sockfd); + if (handle_ssl_error_code(sockfd,i,1)==-1) +--- a/pssl.c ++++ b/pssl.c +@@ -6,15 +6,11 @@ + #include <sys/poll.h> + #include <netdb.h> + #include <fcntl.h> +-#include <polarssl/compat-1.2.h> +-#include <polarssl/havege.h> +-#include <polarssl/ssl.h> ++#include <mbedtls/havege.h> ++#include <mbedtls/net.h> ++#include <mbedtls/ssl.h> + #include "mmap.h" + +-#ifdef POLARSSL_ERR_NET_TRY_AGAIN +-#error polarssl version too old, try the svn trunk +-#endif +- + static int library_inited; + + const char* ssl_server_cert="server.pem"; +@@ -23,95 +19,76 @@ const char* ssl_client_ca="clientca.pem" + const char* ssl_ciphers="DEFAULT"; + const char* ssl_client_cert="clientcert.pem"; + +-x509_cert srvcert; +-rsa_context rsa; +-havege_state hs; ++static mbedtls_ssl_config tls_config; ++static mbedtls_pk_context tls_pk; ++static mbedtls_x509_crt tls_srvcert; ++static mbedtls_havege_state tls_hs; + + int my_ciphersuites[] = + { +- TLS_DHE_RSA_WITH_AES_256_CBC_SHA, +- TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, +- TLS_DHE_RSA_WITH_AES_128_CBC_SHA, +- TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, +- TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, +- TLS_RSA_WITH_AES_256_CBC_SHA, +- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, +- TLS_RSA_WITH_AES_128_CBC_SHA, +- TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, +- TLS_RSA_WITH_3DES_EDE_CBC_SHA, +- TLS_RSA_WITH_RC4_128_SHA, +- TLS_RSA_WITH_RC4_128_MD5, ++ MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, ++ MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, ++ MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, ++ MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, ++ MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, ++ MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, ++ MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, ++ MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, ++ MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, ++ MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA, ++ MBEDTLS_TLS_RSA_WITH_RC4_128_SHA, ++ MBEDTLS_TLS_RSA_WITH_RC4_128_MD5, + 0 + }; + + static int my_net_recv( void *ctx, unsigned char *buf, size_t len ) { + int sock=(int)(uintptr_t)ctx; +- return net_recv(&sock,buf,len); ++ return mbedtls_net_recv(&sock,buf,len); + }; + + static int my_net_send( void *ctx, const unsigned char *buf, size_t len ) { + int sock=(int)(uintptr_t)ctx; +- return net_send(&sock,buf,len); ++ return mbedtls_net_send(&sock,buf,len); + }; + + +-int init_serverside_tls(ssl_context* ssl,ssl_session* ssn,int sock) { +- size_t l,i; +- int found=0; +- char* buf; ++int init_serverside_tls(mbedtls_ssl_context* ssl, int sock) { + if (!library_inited) { +- library_inited=1; +- havege_init(&hs); +- } else +- x509_free(&srvcert); +- +- memset(&srvcert,0,sizeof(x509_cert)); +- /* for compatibility we expect the same file format as openssl, which +- * looks like this: +- +- -----BEGIN RSA PRIVATE KEY----- +- [base64] +- -----END RSA PRIVATE KEY----- +- -----BEGIN CERTIFICATE----- +- [base64] +- -----END CERTIFICATE----- +- +- */ +- buf=(char*)mmap_read(ssl_server_cert,&l); +- if (!buf) return -1; +- for (i=0; i<l-sizeof("-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----"); ++i) +- if (!memcmp(buf+i,"-----BEGIN CERTIFICATE-----",sizeof("-----BEGIN CERTIFICATE-----")-1)) { +- found=1; +- break; ++ mbedtls_havege_init(&tls_hs); ++ mbedtls_x509_crt_init(&tls_srvcert); ++ mbedtls_pk_init(&tls_pk); ++ mbedtls_ssl_config_init(&tls_config); ++ ++ /* Load certificate and private key */ ++ if (mbedtls_x509_crt_parse_file(&tls_srvcert, ssl_server_cert) || ++ mbedtls_pk_parse_keyfile(&tls_pk, ssl_server_cert, NULL) || ++ !mbedtls_pk_can_do(&tls_pk, MBEDTLS_PK_RSA)) { ++ ++ mbedtls_pk_free(&tls_pk); ++ mbedtls_x509_crt_free(&tls_srvcert); ++ return -1; + } +- if (!found) { +-fail: +- mmap_unmap(buf,l); +- return -1; +- } +- /* parse cert and key */ +- if (x509parse_crt(&srvcert,(unsigned char*)buf+i,l-i) || +- x509parse_key(&rsa,(unsigned char*)buf,i,NULL,0)) +- goto fail; +- mmap_unmap(buf,l); + +- memset(ssl,0,sizeof(*ssl)); +- memset(ssn,0,sizeof(*ssn)); ++ /* Setup common TLS config */ ++ mbedtls_ssl_config_defaults(&tls_config, ++ MBEDTLS_SSL_IS_SERVER, ++ MBEDTLS_SSL_TRANSPORT_STREAM, ++ MBEDTLS_SSL_PRESET_DEFAULT); ++ mbedtls_ssl_conf_rng(&tls_config, mbedtls_havege_random, &tls_hs); ++ mbedtls_ssl_conf_ciphersuites(&tls_config, my_ciphersuites); ++ mbedtls_ssl_conf_ca_chain(&tls_config, tls_srvcert.next, NULL); ++ mbedtls_ssl_conf_own_cert(&tls_config, &tls_srvcert, &tls_pk); ++ mbedtls_ssl_conf_dh_param(&tls_config, "CD95C1B9959B0A135B9D306D53A87518E8ED3EA8CBE6E3A338D9DD3167889FC809FE1AD59B38C98D1A8FCE47E46DF5FB56B8EA3B03B2132C249A99209F62A1AD63511BD08A60655B0463B6F1BB79BEC9D17C71BD269C6B50CF0EDDAAB83290B4C697A7F641FBD21EE0E7B57C698AFEED8DA3AB800525E6887215A61CA62DC437", "04"); + +- if (ssl_init(ssl)) +- return -1; ++ library_inited=1; ++ } + +- ssl_set_endpoint( ssl, SSL_IS_SERVER ); +- ssl_set_authmode( ssl, SSL_VERIFY_NONE ); +- ssl_set_rng( ssl, havege_random, &hs ); +- ssl_set_bio( ssl, my_net_recv, (void*)(uintptr_t)sock, my_net_send, (void*)(uintptr_t)sock ); +- ssl_set_ciphersuites( ssl, my_ciphersuites ); +- ssl_set_session( ssl, ssn ); +- +- ssl_set_ca_chain( ssl, srvcert.next, NULL, NULL ); +- ssl_set_own_cert( ssl, &srvcert, &rsa ); +- ssl_set_dh_param( ssl, "CD95C1B9959B0A135B9D306D53A87518E8ED3EA8CBE6E3A338D9DD3167889FC809FE1AD59B38C98D1A8FCE47E46DF5FB56B8EA3B03B2132C249A99209F62A1AD63511BD08A60655B0463B6F1BB79BEC9D17C71BD269C6B50CF0EDDAAB83290B4C697A7F641FBD21EE0E7B57C698AFEED8DA3AB800525E6887215A61CA62DC437", "04" ); ++ /** Initialize new SSL context */ ++ mbedtls_ssl_init(ssl); ++ if (mbedtls_ssl_setup(ssl, &tls_config)) ++ return -1; + ++ mbedtls_ssl_set_bio(ssl, (void*)(uintptr_t) sock, my_net_send, my_net_recv, NULL); + return 0; + } + diff -Nru gatling-0.13/debian/patches/series gatling-0.13/debian/patches/series --- gatling-0.13/debian/patches/series 2012-11-04 10:45:03.000000000 +0000 +++ gatling-0.13/debian/patches/series 2015-11-20 02:20:22.000000000 +0000 @@ -6,3 +6,4 @@ 07-writelog.patch 08-cgi-post-fix.patch 09-new-libpolarssl.patch +10-mbedtls.patch
signature.asc
Description: This is a digitally signed message part