[packages/pound.git] / mbedtls3.patch

--- Pound-3.0.1/include/pound.h.in~	2021-08-23 17:31:52.000000000 +0200
+++ Pound-3.0.1/include/pound.h.in	2022-04-05 12:35:33.796420709 +0200
@@ -68,8 +68,7 @@
 #include    <grp.h>
 #include    <signal.h>
 #include    <setjmp.h>
-#include    <mbedtls/config.h>
-#include    <mbedtls/certs.h>
+#include    <mbedtls/build_info.h>
 #include    <mbedtls/oid.h>
 #include    <mbedtls/asn1.h>
 #include    <mbedtls/x509.h>
--- Pound-3.0.1/CMakeLists.txt~	2022-04-04 23:23:36.000000000 +0200
+++ Pound-3.0.1/CMakeLists.txt	2022-04-05 12:36:14.645777663 +0200
@@ -28,7 +28,7 @@
 find_package(Threads REQUIRED)
 
 include(CheckIncludeFiles)
-CHECK_INCLUDE_FILES("stdio.h;pthread.h;yaml.h;nanomsg/nn.h;nanomsg/inproc.h;nanomsg/pipeline.h;nanomsg/pair.h;nanomsg/reqrep.h;stdlib.h;unistd.h;fcntl.h;ctype.h;getopt.h;string.h;syslog.h;sys/types.h;sys/socket.h;netdb.h;sys/stat.h;time.h;poll.h;semaphore.h;pwd.h;grp.h;signal.h;setjmp.h;mbedtls/config.h;mbedtls/certs.h;mbedtls/oid.h;mbedtls/asn1.h;mbedtls/x509.h;mbedtls/entropy.h;mbedtls/ctr_drbg.h;mbedtls/ssl.h;mbedtls/error.h" HAVE_MANDATORY_INCLUDES LANGUAGE C)
+CHECK_INCLUDE_FILES("stdio.h;pthread.h;yaml.h;nanomsg/nn.h;nanomsg/inproc.h;nanomsg/pipeline.h;nanomsg/pair.h;nanomsg/reqrep.h;stdlib.h;unistd.h;fcntl.h;ctype.h;getopt.h;string.h;syslog.h;sys/types.h;sys/socket.h;netdb.h;sys/stat.h;time.h;poll.h;semaphore.h;pwd.h;grp.h;signal.h;setjmp.h;mbedtls/oid.h;mbedtls/build_info.h;mbedtls/asn1.h;mbedtls/x509.h;mbedtls/entropy.h;mbedtls/ctr_drbg.h;mbedtls/ssl.h;mbedtls/error.h" HAVE_MANDATORY_INCLUDES LANGUAGE C)
 if(NOT HAVE_MANDATORY_INCLUDES)
 message(FATAL_ERROR "Missing mandatory header files!")
 endif()
--- Pound-3.0.2/src/config.c.orig	2021-11-28 17:04:25.000000000 +0100
+++ Pound-3.0.2/src/config.c	2022-04-05 13:03:00.802981794 +0200
@@ -63,6 +63,19 @@
     return res;
 }
 
+static int mbedtls_rnd( void *rng_state, unsigned char *output, size_t len )
+{
+    size_t i;
+
+    if( rng_state != NULL )
+        rng_state  = NULL;
+
+    for( i = 0; i < len; ++i )
+        output[i] = rand();
+
+    return(0);
+}
+
 static void
 get_global(yaml_document_t *document, yaml_node_t *root)
 {
@@ -380,11 +393,11 @@
     if(mbedtls_x509_crt_parse_file(&res->certificate, filename))
         fatal("SNI: can't read certificate %s", filename);
     mbedtls_pk_init(&res->key);
-    if(mbedtls_pk_parse_keyfile(&res->key, filename, NULL))
+    if(mbedtls_pk_parse_keyfile(&res->key, filename, NULL, mbedtls_rnd, NULL))
         fatal("SNI: can't read key %s", filename);
     utarray_new(hosts, &regex_icd);
     for(cur = &res->certificate; cur != NULL; cur = cur->next) {
-        if(mbedtls_pk_check_pair(&cur->pk, &res->key))
+        if(mbedtls_pk_check_pair(&cur->pk, &res->key, mbedtls_rnd, NULL))
             continue;
         for(nd = &cur->subject; nd != NULL; nd = nd->next)
             if(MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &nd->oid) == 0) {
--- Pound-3.0.2/src/http.c~	2021-11-28 17:04:25.000000000 +0100
+++ Pound-3.0.2/src/http.c	2022-04-05 13:30:02.176298374 +0200
@@ -476,6 +476,7 @@
 
 typedef struct cookie {
     mbedtls_ssl_context *fd;
+    mbedtls_net_context *ssl_fd;
 }   COOKIE;
 
 static size_t
@@ -506,13 +507,11 @@
 {
     COOKIE  *c;
     int     res;
-    mbedtls_net_context *ssl_fd;
 
     c = (COOKIE *)cv;
     res = mbedtls_ssl_close_notify(c->fd);
-    ssl_fd = c->fd->p_bio;
+    mbedtls_net_free(c->ssl_fd);
     mbedtls_ssl_free(c->fd);
-    mbedtls_net_free(ssl_fd);
     return res;
 }
 
@@ -580,6 +579,7 @@
                 crt_buf[0] = '\0';
             /* for HTTP2: !strcmp(mbedtls_ssl_get_alpn_protocol(&ssl), "h2"), but we don't really need it */
             c.fd = &ssl;
+            c.ssl_fd = &ssl_client;
             cio.read = (cookie_read_function_t *)c_read;
             cio.write = (cookie_write_function_t *)c_write;
             cio.seek = NULL;
Commit	Line	Data
875c35e0 JR	1	--- Pound-3.0.1/include/pound.h.in~ 2021-08-23 17:31:52.000000000 +0200
	2	+++ Pound-3.0.1/include/pound.h.in 2022-04-05 12:35:33.796420709 +0200
	3	@@ -68,8 +68,7 @@
	4	#include <grp.h>
	5	#include <signal.h>
	6	#include <setjmp.h>
	7	-#include <mbedtls/config.h>
	8	-#include <mbedtls/certs.h>
	9	+#include <mbedtls/build_info.h>
	10	#include <mbedtls/oid.h>
	11	#include <mbedtls/asn1.h>
	12	#include <mbedtls/x509.h>
	13	--- Pound-3.0.1/CMakeLists.txt~ 2022-04-04 23:23:36.000000000 +0200
	14	+++ Pound-3.0.1/CMakeLists.txt 2022-04-05 12:36:14.645777663 +0200
	15	@@ -28,7 +28,7 @@
	16	find_package(Threads REQUIRED)
	17
	18	include(CheckIncludeFiles)
	19	-CHECK_INCLUDE_FILES("stdio.h;pthread.h;yaml.h;nanomsg/nn.h;nanomsg/inproc.h;nanomsg/pipeline.h;nanomsg/pair.h;nanomsg/reqrep.h;stdlib.h;unistd.h;fcntl.h;ctype.h;getopt.h;string.h;syslog.h;sys/types.h;sys/socket.h;netdb.h;sys/stat.h;time.h;poll.h;semaphore.h;pwd.h;grp.h;signal.h;setjmp.h;mbedtls/config.h;mbedtls/certs.h;mbedtls/oid.h;mbedtls/asn1.h;mbedtls/x509.h;mbedtls/entropy.h;mbedtls/ctr_drbg.h;mbedtls/ssl.h;mbedtls/error.h" HAVE_MANDATORY_INCLUDES LANGUAGE C)
	20	+CHECK_INCLUDE_FILES("stdio.h;pthread.h;yaml.h;nanomsg/nn.h;nanomsg/inproc.h;nanomsg/pipeline.h;nanomsg/pair.h;nanomsg/reqrep.h;stdlib.h;unistd.h;fcntl.h;ctype.h;getopt.h;string.h;syslog.h;sys/types.h;sys/socket.h;netdb.h;sys/stat.h;time.h;poll.h;semaphore.h;pwd.h;grp.h;signal.h;setjmp.h;mbedtls/oid.h;mbedtls/build_info.h;mbedtls/asn1.h;mbedtls/x509.h;mbedtls/entropy.h;mbedtls/ctr_drbg.h;mbedtls/ssl.h;mbedtls/error.h" HAVE_MANDATORY_INCLUDES LANGUAGE C)
	21	if(NOT HAVE_MANDATORY_INCLUDES)
	22	message(FATAL_ERROR "Missing mandatory header files!")
	23	endif()
	24	--- Pound-3.0.2/src/config.c.orig 2021-11-28 17:04:25.000000000 +0100
	25	+++ Pound-3.0.2/src/config.c 2022-04-05 13:03:00.802981794 +0200
	26	@@ -63,6 +63,19 @@
	27	return res;
	28	}
	29
	30	+static int mbedtls_rnd( void rng_state, unsigned char output, size_t len )
	31	+{
	32	+ size_t i;
	33	+
	34	+ if( rng_state != NULL )
	35	+ rng_state = NULL;
	36	+
	37	+ for( i = 0; i < len; ++i )
	38	+ output[i] = rand();
	39	+
	40	+ return(0);
	41	+}
	42	+
	43	static void
	44	get_global(yaml_document_t document, yaml_node_t root)
	45	{
	46	@@ -380,11 +393,11 @@
	47	if(mbedtls_x509_crt_parse_file(&res->certificate, filename))
	48	fatal("SNI: can't read certificate %s", filename);
	49	mbedtls_pk_init(&res->key);
	50	- if(mbedtls_pk_parse_keyfile(&res->key, filename, NULL))
	51	+ if(mbedtls_pk_parse_keyfile(&res->key, filename, NULL, mbedtls_rnd, NULL))
	52	fatal("SNI: can't read key %s", filename);
	53	utarray_new(hosts, &regex_icd);
	54	for(cur = &res->certificate; cur != NULL; cur = cur->next) {
	55	- if(mbedtls_pk_check_pair(&cur->pk, &res->key))
	56	+ if(mbedtls_pk_check_pair(&cur->pk, &res->key, mbedtls_rnd, NULL))
	57	continue;
	58	for(nd = &cur->subject; nd != NULL; nd = nd->next)
	59	if(MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &nd->oid) == 0) {
	60	--- Pound-3.0.2/src/http.c~ 2021-11-28 17:04:25.000000000 +0100
	61	+++ Pound-3.0.2/src/http.c 2022-04-05 13:30:02.176298374 +0200
	62	@@ -476,6 +476,7 @@
	63
	64	typedef struct cookie {
65	mbedtls_ssl_context *fd;
66	+ mbedtls_net_context *ssl_fd;
67	} COOKIE;
68
69	static size_t
70	@@ -506,13 +507,11 @@
71	{
72	COOKIE *c;
73	int res;
74	- mbedtls_net_context *ssl_fd;
75
76	c = (COOKIE *)cv;
77	res = mbedtls_ssl_close_notify(c->fd);
78	- ssl_fd = c->fd->p_bio;
79	+ mbedtls_net_free(c->ssl_fd);
80	mbedtls_ssl_free(c->fd);
81	- mbedtls_net_free(ssl_fd);
82	return res;
83	}
84
85	@@ -580,6 +579,7 @@
86	crt_buf[0] = '\0';
87	/* for HTTP2: !strcmp(mbedtls_ssl_get_alpn_protocol(&ssl), "h2"), but we don't really need it */
88	c.fd = &ssl;
89	+ c.ssl_fd = &ssl_client;
90	cio.read = (cookie_read_function_t *)c_read;
91	cio.write = (cookie_write_function_t *)c_write;
92	cio.seek = NULL;