diff mbox series

[FFmpeg-devel] libavformat/tls_mbedtls.c: Accommodating to mbedtls v3.0.0 API changes

Message ID 20211101174221.24822-1-omar.groza@gmail.com
State New
Headers show
Series [FFmpeg-devel] libavformat/tls_mbedtls.c: Accommodating to mbedtls v3.0.0 API changes
Related show

Checks

Context Check Description
andriy/make_x86 success Make finished
andriy/make_fate_x86 success Make fate finished
andriy/make_ppc success Make finished
andriy/make_fate_ppc success Make fate finished

Commit Message

meryacine Nov. 1, 2021, 5:42 p.m. UTC
There were breaking API changes in mbedtls from v2.27.0 to v3.0.0.
This patch accounts for these changes.

Changes:
- mbedtls/certs.h is no longer imported. See https://github.com/ARMmbed/mbedtls/pull/4119.
- mbedtls/config.h is replaced with mbedtls/build_info.h. See https://github.com/ARMmbed/mbedtls/blob/v3.0.0/docs/3.0-migration-guide.md#introduce-a-level-of-indirection-and-versioning-in-the-config-files.
- MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE is replaced with MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE. See https://github.com/ARMmbed/mbedtls/blob/v3.0.0/docs/3.0-migration-guide.md#changes-in-the-ssl-error-code-space.
- The function mbedtls_pk_parse_keyfile should now be given 2 more arguments. See https://github.com/ARMmbed/mbedtls/blob/v3.0.0/docs/3.0-migration-guide.md#some-functions-gained-an-rng-parameter.

Signed-off-by: meryacine <omar.groza@gmail.com>
---
 libavformat/tls_mbedtls.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

Comments

James Almer Nov. 1, 2021, 6:15 p.m. UTC | #1
On 11/1/2021 2:42 PM, meryacine wrote:
> 
> There were breaking API changes in mbedtls from v2.27.0 to v3.0.0.
> This patch accounts for these changes.
> 
> Changes:
> - mbedtls/certs.h is no longer imported. See https://github.com/ARMmbed/mbedtls/pull/4119.
> - mbedtls/config.h is replaced with mbedtls/build_info.h. See https://github.com/ARMmbed/mbedtls/blob/v3.0.0/docs/3.0-migration-guide.md#introduce-a-level-of-indirection-and-versioning-in-the-config-files.
> - MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE is replaced with MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE. See https://github.com/ARMmbed/mbedtls/blob/v3.0.0/docs/3.0-migration-guide.md#changes-in-the-ssl-error-code-space.
> - The function mbedtls_pk_parse_keyfile should now be given 2 more arguments. See https://github.com/ARMmbed/mbedtls/blob/v3.0.0/docs/3.0-migration-guide.md#some-functions-gained-an-rng-parameter.
> 
> Signed-off-by: meryacine <omar.groza@gmail.com>
> ---
>   libavformat/tls_mbedtls.c | 9 +++++----
>   1 file changed, 5 insertions(+), 4 deletions(-)

> diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c
> index aadf17760d..0730c2dacb 100644
> --- a/libavformat/tls_mbedtls.c
> +++ b/libavformat/tls_mbedtls.c
> @@ -19,8 +19,7 @@
>   * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
>   */
>  
> -#include <mbedtls/certs.h>
> -#include <mbedtls/config.h>
> +#include <mbedtls/build_info.h>
>  #include <mbedtls/ctr_drbg.h>
>  #include <mbedtls/entropy.h>
>  #include <mbedtls/net_sockets.h>
> @@ -130,7 +129,7 @@ static void handle_pk_parse_error(URLContext *h, int ret)
>  static void handle_handshake_error(URLContext *h, int ret)
>  {
>      switch (ret) {
> -    case MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE:
> +    case MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:
>          av_log(h, AV_LOG_ERROR, "None of the common ciphersuites is usable. Was the local certificate correctly set?\n");
>          break;
>      case MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE:
> @@ -199,7 +198,9 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op
>      if (shr->key_file) {
>          if ((ret = mbedtls_pk_parse_keyfile(&tls_ctx->priv_key,
>                                              shr->key_file,
> -                                            tls_ctx->priv_key_pw)) != 0) {
> +                                            tls_ctx->priv_key_pw,
> +                                            mbedtls_ctr_drbg_random,
> +                                            &tls_ctx->ctr_drbg_context)) != 0) {

You need to keep supporting mbedtls <= 2.27 for a while. All distros 
still ship it.

Is there a compile time define that can be used to detect this, and wrap 
either version of the code in pre-processor checks?

>              handle_pk_parse_error(h, ret);
>              goto fail;
>          }
diff mbox series

Patch

diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c
index aadf17760d..0730c2dacb 100644
--- a/libavformat/tls_mbedtls.c
+++ b/libavformat/tls_mbedtls.c
@@ -19,8 +19,7 @@ 
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  */
 
-#include <mbedtls/certs.h>
-#include <mbedtls/config.h>
+#include <mbedtls/build_info.h>
 #include <mbedtls/ctr_drbg.h>
 #include <mbedtls/entropy.h>
 #include <mbedtls/net_sockets.h>
@@ -130,7 +129,7 @@  static void handle_pk_parse_error(URLContext *h, int ret)
 static void handle_handshake_error(URLContext *h, int ret)
 {
     switch (ret) {
-    case MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE:
+    case MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:
         av_log(h, AV_LOG_ERROR, "None of the common ciphersuites is usable. Was the local certificate correctly set?\n");
         break;
     case MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE:
@@ -199,7 +198,9 @@  static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op
     if (shr->key_file) {
         if ((ret = mbedtls_pk_parse_keyfile(&tls_ctx->priv_key,
                                             shr->key_file,
-                                            tls_ctx->priv_key_pw)) != 0) {
+                                            tls_ctx->priv_key_pw,
+                                            mbedtls_ctr_drbg_random,
+                                            &tls_ctx->ctr_drbg_context)) != 0) {
             handle_pk_parse_error(h, ret);
             goto fail;
         }