net/curl/patches/100-mbedtls-call-mbedtls_ssl_setup-after-RNG-callback-is.patch

   1 From: Kailun Qin <kailun.qin@intel.com>
   2 Date: Mon, 8 Apr 2024 05:13:56 -0400
   3 Subject: [PATCH] mbedtls: call mbedtls_ssl_setup() after RNG callback is set
   4
   5 Since mbedTLS v3.6.0, the RNG check added in ssl_conf_check() will fail
   6 if no RNG is provided when calling mbedtls_ssl_setup().
   7
   8 Therefore, mbedtls_ssl_conf_rng() needs to be called before the SSL
   9 context is passed to mbedtls_ssl_setup().
  10
  11 Ref: https://github.com/Mbed-TLS/mbedtls/commit/b422cab052b51ec84758638d6783d6ba4fc60613
  12
  13 Signed-off-by: Kailun Qin <kailun.qin@intel.com>
  14 Closes #13314
  15 ---
  16
  17 --- a/lib/vtls/mbedtls.c
  18 +++ b/lib/vtls/mbedtls.c
  19 @@ -602,10 +602,6 @@ mbed_connect_step1(struct Curl_cfilter *
  20    }
  21
  22    mbedtls_ssl_init(&backend->ssl);
  23 -  if(mbedtls_ssl_setup(&backend->ssl, &backend->config)) {
  24 -    failf(data, "mbedTLS: ssl_init failed");
  25 -    return CURLE_SSL_CONNECT_ERROR;
  26 -  }
  27
  28    /* new profile with RSA min key len = 1024 ... */
  29    mbedtls_ssl_conf_cert_profile(&backend->config,
  30 @@ -639,6 +635,15 @@ mbed_connect_step1(struct Curl_cfilter *
  31
  32    mbedtls_ssl_conf_rng(&backend->config, mbedtls_ctr_drbg_random,
  33                         &backend->ctr_drbg);
  34 +
  35 +  ret = mbedtls_ssl_setup(&backend->ssl, &backend->config);
  36 +  if(ret) {
  37 +    mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
  38 +    failf(data, "ssl_setup failed - mbedTLS: (-0x%04X) %s",
  39 +          -ret, errorbuf);
  40 +    return CURLE_SSL_CONNECT_ERROR;
  41 +  }
  42 +
  43    mbedtls_ssl_set_bio(&backend->ssl, cf,
  44                        mbedtls_bio_cf_write,
  45                        mbedtls_bio_cf_read,