Message ID | 20211101174221.24822-1-omar.groza@gmail.com |
---|---|
State | New |
Headers | show |
Series | [FFmpeg-devel] libavformat/tls_mbedtls.c: Accommodating to mbedtls v3.0.0 API changes | expand |
Context | Check | Description |
---|---|---|
andriy/make_x86 | success | Make finished |
andriy/make_fate_x86 | success | Make fate finished |
andriy/make_ppc | success | Make finished |
andriy/make_fate_ppc | success | Make fate finished |
On 11/1/2021 2:42 PM, meryacine wrote: > > There were breaking API changes in mbedtls from v2.27.0 to v3.0.0. > This patch accounts for these changes. > > Changes: > - mbedtls/certs.h is no longer imported. See https://github.com/ARMmbed/mbedtls/pull/4119. > - mbedtls/config.h is replaced with mbedtls/build_info.h. See https://github.com/ARMmbed/mbedtls/blob/v3.0.0/docs/3.0-migration-guide.md#introduce-a-level-of-indirection-and-versioning-in-the-config-files. > - MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE is replaced with MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE. See https://github.com/ARMmbed/mbedtls/blob/v3.0.0/docs/3.0-migration-guide.md#changes-in-the-ssl-error-code-space. > - The function mbedtls_pk_parse_keyfile should now be given 2 more arguments. See https://github.com/ARMmbed/mbedtls/blob/v3.0.0/docs/3.0-migration-guide.md#some-functions-gained-an-rng-parameter. > > Signed-off-by: meryacine <omar.groza@gmail.com> > --- > libavformat/tls_mbedtls.c | 9 +++++---- > 1 file changed, 5 insertions(+), 4 deletions(-) > diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c > index aadf17760d..0730c2dacb 100644 > --- a/libavformat/tls_mbedtls.c > +++ b/libavformat/tls_mbedtls.c > @@ -19,8 +19,7 @@ > * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA > */ > > -#include <mbedtls/certs.h> > -#include <mbedtls/config.h> > +#include <mbedtls/build_info.h> > #include <mbedtls/ctr_drbg.h> > #include <mbedtls/entropy.h> > #include <mbedtls/net_sockets.h> > @@ -130,7 +129,7 @@ static void handle_pk_parse_error(URLContext *h, int ret) > static void handle_handshake_error(URLContext *h, int ret) > { > switch (ret) { > - case MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE: > + case MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE: > av_log(h, AV_LOG_ERROR, "None of the common ciphersuites is usable. Was the local certificate correctly set?\n"); > break; > case MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE: > @@ -199,7 +198,9 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op > if (shr->key_file) { > if ((ret = mbedtls_pk_parse_keyfile(&tls_ctx->priv_key, > shr->key_file, > - tls_ctx->priv_key_pw)) != 0) { > + tls_ctx->priv_key_pw, > + mbedtls_ctr_drbg_random, > + &tls_ctx->ctr_drbg_context)) != 0) { You need to keep supporting mbedtls <= 2.27 for a while. All distros still ship it. Is there a compile time define that can be used to detect this, and wrap either version of the code in pre-processor checks? > handle_pk_parse_error(h, ret); > goto fail; > }
diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index aadf17760d..0730c2dacb 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -19,8 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ -#include <mbedtls/certs.h> -#include <mbedtls/config.h> +#include <mbedtls/build_info.h> #include <mbedtls/ctr_drbg.h> #include <mbedtls/entropy.h> #include <mbedtls/net_sockets.h> @@ -130,7 +129,7 @@ static void handle_pk_parse_error(URLContext *h, int ret) static void handle_handshake_error(URLContext *h, int ret) { switch (ret) { - case MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE: + case MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE: av_log(h, AV_LOG_ERROR, "None of the common ciphersuites is usable. Was the local certificate correctly set?\n"); break; case MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE: @@ -199,7 +198,9 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op if (shr->key_file) { if ((ret = mbedtls_pk_parse_keyfile(&tls_ctx->priv_key, shr->key_file, - tls_ctx->priv_key_pw)) != 0) { + tls_ctx->priv_key_pw, + mbedtls_ctr_drbg_random, + &tls_ctx->ctr_drbg_context)) != 0) { handle_pk_parse_error(h, ret); goto fail; }
There were breaking API changes in mbedtls from v2.27.0 to v3.0.0. This patch accounts for these changes. Changes: - mbedtls/certs.h is no longer imported. See https://github.com/ARMmbed/mbedtls/pull/4119. - mbedtls/config.h is replaced with mbedtls/build_info.h. See https://github.com/ARMmbed/mbedtls/blob/v3.0.0/docs/3.0-migration-guide.md#introduce-a-level-of-indirection-and-versioning-in-the-config-files. - MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE is replaced with MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE. See https://github.com/ARMmbed/mbedtls/blob/v3.0.0/docs/3.0-migration-guide.md#changes-in-the-ssl-error-code-space. - The function mbedtls_pk_parse_keyfile should now be given 2 more arguments. See https://github.com/ARMmbed/mbedtls/blob/v3.0.0/docs/3.0-migration-guide.md#some-functions-gained-an-rng-parameter. Signed-off-by: meryacine <omar.groza@gmail.com> --- libavformat/tls_mbedtls.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-)