From 1628f6cab8d2ffde0a02e2110ca33e99675c7afc Mon Sep 17 00:00:00 2001
From: Seo Suchan <tjtncks@gmail.com>
Date: Thu, 11 Jul 2024 13:27:36 +0900
Subject: [PATCH] mbedtls: expose `mbedtls_pk_load_file()` for our use

While it's moved to pk_internal, it won't removed in mbedTLS 3.6 LTS
so it's safe to redeclare it on our side to find it.

This is implementing emergency fix suggested from
https://github.com/libssh2/libssh2/commit/2e4c5ec4627b3ecf4b6da16f365c011dec9a31b4#commitcomment-141379351

Follow-up to e973493f992313b3be73f51d3f7ca6d52e288558 #1393
Follow-up to 2e4c5ec4627b3ecf4b6da16f365c011dec9a31b4 #1349
Closes #1421
---
 .github/workflows/ci.yml |  4 ++--
 src/mbedtls.c            | 17 ++++++-----------
 2 files changed, 8 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 4841ac1c..8602be1e 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -593,8 +593,8 @@ jobs:
             cmake: -DCRYPTO_BACKEND=Libgcrypt
           - name: 'mbedTLS'
             install: mbedtls
-            configure: --with-crypto=mbedtls "--with-libmbedcrypto-prefix=$(brew --prefix)" CPPFLAGS=-D_LIBSSH2_DISABLE_MBEDTLS36_PK_LOAD_FILE
-            cmake: -DCRYPTO_BACKEND=mbedTLS "-DMBEDTLS_INCLUDE_DIR=$(brew --prefix)/opt/mbedtls/include" "-DMBEDCRYPTO_LIBRARY=$(brew --prefix)/opt/mbedtls/lib/libmbedcrypto.a" -DCMAKE_C_FLAGS=-D_LIBSSH2_DISABLE_MBEDTLS36_PK_LOAD_FILE
+            configure: --with-crypto=mbedtls "--with-libmbedcrypto-prefix=$(brew --prefix)"
+            cmake: -DCRYPTO_BACKEND=mbedTLS "-DMBEDTLS_INCLUDE_DIR=$(brew --prefix)/opt/mbedtls/include" "-DMBEDCRYPTO_LIBRARY=$(brew --prefix)/opt/mbedtls/lib/libmbedcrypto.a"
     steps:
       - name: 'install packages'
         run: brew install automake libtool ${{ matrix.crypto.install }}
diff --git a/src/mbedtls.c b/src/mbedtls.c
index 8c29c2a3..cfd0dc77 100644
--- a/src/mbedtls.c
+++ b/src/mbedtls.c
@@ -1276,6 +1276,11 @@ cleanup:
     return *ctx ? 0 : -1;
 }
 
+/* Force-expose internal mbedTLS function */
+#if MBEDTLS_VERSION_NUMBER >= 0x03060000
+int mbedtls_pk_load_file(const char *path, unsigned char **buf, size_t *n);
+#endif
+
 /* _libssh2_ecdsa_new_private
  *
  * Creates a new private key given a file path and password
@@ -1292,16 +1297,7 @@ _libssh2_mbedtls_ecdsa_new_private(libssh2_ecdsa_ctx **ctx,
     unsigned char *data;
     size_t data_len;
 
-#if MBEDTLS_VERSION_NUMBER >= 0x03060000 && \
-    defined(_LIBSSH2_DISABLE_MBEDTLS36_PK_LOAD_FILE)
-
-    /* FIXME: implement this functionality via a public API */
-    (void)session;
-    (void)filename;
-    (void)pwd;
-    data = NULL;
-    data_len = 0;
-#else
+    /* FIXME: Reimplement this functionality via a public API. */
     if(mbedtls_pk_load_file(filename, &data, &data_len))
         goto cleanup;
 
@@ -1314,7 +1310,6 @@ _libssh2_mbedtls_ecdsa_new_private(libssh2_ecdsa_ctx **ctx,
     _libssh2_mbedtls_parse_openssh_key(ctx, session, data, data_len, pwd);
 
 cleanup:
-#endif
 
     mbedtls_pk_free(&pkey);