#include "ustream-ssl.h"
#include "ustream-internal.h"
+#include <psa/crypto.h>
+#include <mbedtls/debug.h>
+
+static void debug_cb(void *ctx_p, int level,
+ const char *file, int line,
+ const char *str)
+{
+ struct ustream_ssl_ctx *ctx = ctx_p;
+ const char *fstr;
+ char buf[512];
+ int len;
+
+ if (!ctx->debug_cb)
+ return;
+
+ while ((fstr = strstr(file + 1, "library/")) != NULL)
+ file = fstr;
+
+ len = snprintf(buf, sizeof(buf), "%s:%04d: %s", file, line, str);
+ if (len >= (int)sizeof(buf))
+ len = (int)sizeof(buf) - 1;
+ if (buf[len - 1] == '\n')
+ buf[len - 1] = 0;
+ ctx->debug_cb(ctx->debug_cb_priv, level, buf);
+}
static int s_ustream_read(void *ctx, unsigned char *buf, size_t len)
{
static int _random(void *ctx, unsigned char *out, size_t len)
{
- ssize_t ret;
+#ifdef linux
+ if (getrandom(out, len, 0) != (ssize_t) len)
+ return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+#else
+ static FILE *f;
- ret = getrandom(out, len, 0);
- if (ret < 0 || (size_t)ret != len)
+ if (!f)
+ f = fopen("/dev/urandom", "r");
+ if (fread(out, len, 1, f) != 1)
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+#endif
return 0;
}
AES_CBC_CIPHERS(ECDHE_ECDSA),
AES_CBC_CIPHERS(ECDHE_RSA),
AES_CBC_CIPHERS(DHE_RSA),
+/* Removed in Mbed TLS 3.0.0 */
+#ifdef MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+#endif
AES_CIPHERS(RSA),
+/* Removed in Mbed TLS 3.0.0 */
+#ifdef MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+#endif
0
};
mbedtls_ssl_config *conf;
int ep;
+#ifdef MBEDTLS_PSA_CRYPTO_C
+ static bool psa_init;
+
+ if (!psa_init && !psa_crypto_init())
+ psa_init = true;
+#endif
+
ctx = calloc(1, sizeof(*ctx));
if (!ctx)
return NULL;
if (!ctx->cert.version)
return;
- if (!ctx->key.pk_info)
+ if (mbedtls_pk_get_type(&ctx->key) == MBEDTLS_PK_NONE)
return;
mbedtls_ssl_conf_own_cert(&ctx->conf, &ctx->cert, &ctx->key);
{
int ret;
+#if (MBEDTLS_VERSION_NUMBER >= 0x03000000)
+ ret = mbedtls_pk_parse_keyfile(&ctx->key, file, NULL, _random, NULL);
+#else
ret = mbedtls_pk_parse_keyfile(&ctx->key, file, NULL);
+#endif
if (ret)
return -1;
return ret;
}
+__hidden void __ustream_ssl_set_debug(struct ustream_ssl_ctx *ctx, int level,
+ ustream_ssl_debug_cb cb, void *cb_priv)
+{
+ ctx->debug_cb = cb;
+ ctx->debug_cb_priv = cb_priv;
+ mbedtls_ssl_conf_dbg(&ctx->conf, debug_cb, ctx);
+ mbedtls_debug_set_threshold(level);
+}
+
__hidden void *__ustream_ssl_session_new(struct ustream_ssl_ctx *ctx)
{
mbedtls_ssl_context *ssl;