[PATCH ustream-ssl 1/2] ustream-mbedtls: Add compatibility with Mbed TLS 3.0.0

Sat, 11 Nov 2023 13:37:08 -0800 

This adds support for compiling the code against Mbed TLS 3.0.0.
It still compiles against Mbed TLS 2.28.

The following changes were needed:
 * DES and 3DES was removed
 * mbedtls_pk_context->pk_info is private, use mbedtls_pk_get_type()
   to check if it was initialized
 * mbedtls_pk_parse_keyfile() now gets a random callback
 * mbedtls/certs.h contains test data and is not installed any more and
   not needed.

Signed-off-by: Hauke Mehrtens <ha...@hauke-m.de>
---
 ustream-mbedtls.c | 12 +++++++++++-
 ustream-mbedtls.h |  1 -
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/ustream-mbedtls.c b/ustream-mbedtls.c
index 7fc7874..1c70cac 100644
--- a/ustream-mbedtls.c
+++ b/ustream-mbedtls.c
@@ -110,9 +110,15 @@ static const int default_ciphersuites_client[] =
        AES_CBC_CIPHERS(ECDHE_ECDSA),
        AES_CBC_CIPHERS(ECDHE_RSA),
        AES_CBC_CIPHERS(DHE_RSA),
+/* Removed in Mbed TLS 3.0.0 */
+#ifdef MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
        MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+#endif
        AES_CIPHERS(RSA),
+/* Removed in Mbed TLS 3.0.0 */
+#ifdef MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
        MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+#endif
        0
 };
 
@@ -171,7 +177,7 @@ static void ustream_ssl_update_own_cert(struct 
ustream_ssl_ctx *ctx)
        if (!ctx->cert.version)
                return;
 
-       if (!ctx->key.pk_info)
+       if (mbedtls_pk_get_type(&ctx->key) == MBEDTLS_PK_NONE)
                return;
 
        mbedtls_ssl_conf_own_cert(&ctx->conf, &ctx->cert, &ctx->key);
@@ -206,7 +212,11 @@ __hidden int __ustream_ssl_set_key_file(struct 
ustream_ssl_ctx *ctx, const char
 {
        int ret;
 
+#if (MBEDTLS_VERSION_NUMBER >= 0x03000000)
+       ret = mbedtls_pk_parse_keyfile(&ctx->key, file, NULL, _random, NULL);
+#else
        ret = mbedtls_pk_parse_keyfile(&ctx->key, file, NULL);
+#endif
        if (ret)
                return -1;
 
diff --git a/ustream-mbedtls.h b/ustream-mbedtls.h
index e622e5e..7e7c699 100644
--- a/ustream-mbedtls.h
+++ b/ustream-mbedtls.h
@@ -21,7 +21,6 @@
 
 #include <mbedtls/net_sockets.h>
 #include <mbedtls/ssl.h>
-#include <mbedtls/certs.h>
 #include <mbedtls/x509.h>
 #include <mbedtls/rsa.h>
 #include <mbedtls/error.h>
-- 
2.39.2


_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Reply via email to