Accepting request 969433 from SUSE:SLE-15-SP3:Update:Products:MicroOS52

needs a devel project to submit to Factory OBS-URL: https://build.opensuse.org/request/show/969433 OBS-URL: https://build.opensuse.org/package/show/security/fdo-client?expand=0&rev=1
2022-04-12 13:54:01 +00:00 · 2022-04-12 13:54:01 +00:00 · 03570f9175
commit 03570f9175
14 changed files with 620 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+.osc
--- a/7
+++ b/7
@ -0,0 +1,7 @@
+For more information please have a look at the previous release:
+https://github.com/schubi2/sdo-client
+This client does only works with a fdo server.
+The environment and examples are defined here:
+https://github.com/secure-device-onboard/pri-fidoiot
+
+NOTE: Each FDO clients has to be adapted to customers individual requirements.
--- a/32
+++ b/32
@ -0,0 +1,32 @@
+<services>
+  <service name="tar_scm" mode="disabled">
+    <param name="version">1.0.0</param>
+    <param name="versionformat">1.0.0+git%cd.%h</param>
+    <param name="url">git://github.com/intel/safestringlib.git</param>
+    <param name="revision">v1.0.0</param>
+    <param name="scm">git</param>
+    <param name="changesgenerate">enable</param>
+  </service>
+  <service name="tar_scm" mode="disabled">
+    <param name="version">1.0.0</param>
+    <param name="versionformat">1.0.0+git%cd.%h</param>
+    <param name="url">git@github.com:intel/tinycbor.git</param>
+    <param name="scm">git</param>
+    <param name="revision">v0.5.3</param>
+    <param name="changesgenerate">enable</param>
+  </service>  
+  <service name="tar_scm" mode="disabled">
+    <param name="version">1.0.0</param>
+    <param name="versionformat">1.0.0+git%cd.%h</param>
+    <param name="url">git@github.com:secure-device-onboard/client-sdk-fidoiot.git</param>
+    <param name="revision">v1.0.0</param>
+    <param name="scm">git</param>
+    <param name="filename">fdo-client</param>
+    <param name="changesgenerate">enable</param>
+  </service>  
+  <service name="recompress" mode="disabled">
+    <param name="compression">xz</param>
+    <param name="file">*.tar</param>
+  </service>
+  <service name="set_version" mode="disabled"/>
+</services>
--- a/14
+++ b/14
@ -0,0 +1,14 @@
+<servicedata>
+  <service name="tar_scm">
+    <param name="url">git://github.com/intel/safestringlib.git</param>
+    <param name="changesrevision">5da1badd337e68c1334fb232c778166f46f6d9f9</param>
+ </service>
+  <service name="tar_scm">
+    <param name="url">git@github.com:intel/tinycbor.git</param>
+    <param name="changesrevision">755f9ef932f9830a63a712fd2ac971d838b131f1</param>
+ </service> 
+  <service name="tar_scm">
+    <param name="url">git@github.com:secure-device-onboard/client-sdk-fidoiot.git</param>
+    <param name="changesrevision">baa09b537ddbb4ce9fdf289ad55e885526d045ec</param>
+ </service> 
+</servicedata>
--- a/build.patch
+++ b/build.patch
@ -0,0 +1,169 @@
+diff -u a/blob_path.cmake b/blob_path.cmake
+--- a/cmake/blob_path.cmake	2021-10-14 22:02:06.855474972 +0200
+++ b/cmake/blob_path.cmake	2021-10-14 22:19:21.969170219 +0200
+@@ -7,17 +7,18 @@
+ # Note all blobs and data will be made relative.
+ # if absoulte is needed declare BLOB_PATH on CLI
+ # or export BLOB_PATH=<path>
+# RO_BLOB_PATH=<path> is for data which does not need write access
+ 
+ if(TARGET_OS MATCHES linux)
+   
+   client_sdk_compile_definitions(
+-    -DSERIAL_FILE=\"${BLOB_PATH}/data/manufacturer_sn.bin\"
+-    -DMODEL_FILE=\"${BLOB_PATH}/data/manufacturer_mod.bin\"
+    -DSERIAL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_sn.bin\"
+    -DMODEL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_mod.bin\"
+     -DPLATFORM_IV=\"${BLOB_PATH}/data/platform_iv.bin\"
+     -DPLATFORM_HMAC_KEY=\"${BLOB_PATH}/data/platform_hmac_key.bin\"
+     -DPLATFORM_AES_KEY=\"${BLOB_PATH}/data/platform_aes_key.bin\"
+-    -DMANUFACTURER_ADDR=\"${BLOB_PATH}/data/manufacturer_addr.bin\"
+-    -DMAX_SERVICEINFO_SZ_FILE=\"${BLOB_PATH}/data/max_serviceinfo_sz.bin\"
+    -DMANUFACTURER_ADDR=\"${RO_BLOB_PATH}/data/manufacturer_addr.bin\"
+    -DMAX_SERVICEINFO_SZ_FILE=\"${RO_BLOB_PATH}/data/max_serviceinfo_sz.bin\"
+     )
+   if (${DA} MATCHES tpm)
+     client_sdk_compile_definitions(
+@@ -53,24 +54,24 @@
+         -DFDO_CRED_SECURE=\"${BLOB_PATH}/data/Secure.blob\"
+         -DFDO_CRED_MFG=\"${BLOB_PATH}/data/Mfg.blob\"
+         -DFDO_CRED_NORMAL=\"${BLOB_PATH}/data/Normal.blob\"
+-        -DRAW_BLOB=\"${BLOB_PATH}/data/raw.blob\"
+        -DRAW_BLOB=\"${RO_BLOB_PATH}/data/raw.blob\"
+         )
+     else() 				#Not unit tests
+       if (${DA} MATCHES ecdsa256)	#ecdsa 256 selected
+ 	if (${DA_FILE} MATCHES pem)
+ 	  client_sdk_compile_definitions(
+-	    -DECDSA_PEM -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa256privkey.pem\")
+	    -DECDSA_PEM -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa256privkey.pem\")
+ 	else()
+ 	  client_sdk_compile_definitions(
+-	    -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa256privkey.dat\")
+	    -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa256privkey.dat\")
+ 	endif()
+       else() 				# ecdsa 384 selected
+ 	if (${DA_FILE} MATCHES pem)
+ 	  client_sdk_compile_definitions(
+-	    -DECDSA_PEM -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa384privkey.pem\")
+	    -DECDSA_PEM -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa384privkey.pem\")
+ 	else()
+ 	  client_sdk_compile_definitions(
+-	    -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa384privkey.dat\")
+	    -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa384privkey.dat\")
+ 	endif()
+       endif()
+       client_sdk_compile_definitions(
+@@ -80,27 +81,27 @@
+ 	-DFDO_CRED_SECURE=\"${BLOB_PATH}/data/Secure.blob\"
+ 	-DFDO_CRED_MFG=\"${BLOB_PATH}/data/Mfg.blob\"
+ 	-DFDO_CRED_NORMAL=\"${BLOB_PATH}/data/Normal.blob\"
+-	-DRAW_BLOB=\"${BLOB_PATH}/data/raw.blob\"
+	-DRAW_BLOB=\"${RO_BLOB_PATH}/data/raw.blob\"
+ 	)
+     endif()
+     if (NOT(${HTTPPROXY} STREQUAL ""))
+       client_sdk_compile_definitions(
+-	-DMFG_PROXY=\"${BLOB_PATH}/data/mfg_proxy.dat\"
+-	-DRV_PROXY=\"${BLOB_PATH}/data/rv_proxy.dat\"
+-	-DOWNER_PROXY=\"${BLOB_PATH}/data/owner_proxy.dat\"
+	-DMFG_PROXY=\"${RO_BLOB_PATH}/data/mfg_proxy.dat\"
+	-DRV_PROXY=\"${RO_BLOB_PATH}/data/rv_proxy.dat\"
+	-DOWNER_PROXY=\"${RO_BLOB_PATH}/data/owner_proxy.dat\"
+ 	)
+     endif()
+   endif()
+ 
+   if (${TARGET_OS} MATCHES mbedos)
+     client_sdk_compile_definitions(
+-      -DSERIAL_FILE=\"${BLOB_PATH}/data/manufacturer_sn.bin\"
+-      -DMODEL_FILE=\"${BLOB_PATH}/data/manufacturer_mod.bin\"
+      -DSERIAL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_sn.bin\"
+      -DMODEL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_mod.bin\"
+       -DPLATFORM_IV=\"${BLOB_PATH}/data/platform_iv.bin\"
+       -DPLATFORM_HMAC_KEY=\"${BLOB_PATH}/data/platform_hmac_key.bin\"
+       -DPLATFORM_AES_KEY=\"${BLOB_PATH}/data/platform_aes_key.bin\"
+-      -DMANUFACTURER_ADDR=\"${BLOB_PATH}/data/manufacturer_addr.bin\"
+-      -DMAX_SERVICEINFO_SZ_FILE=\"${BLOB_PATH}/data/max_serviceinfo_sz.bin\"
+      -DMANUFACTURER_ADDR=\"${RO_BLOB_PATH}/data/manufacturer_addr.bin\"
+      -DMAX_SERVICEINFO_SZ_FILE=\"${RO_BLOB_PATH}/data/max_serviceinfo_sz.bin\"
+       )
+     if (${unit-test} MATCHES true)
+       client_sdk_compile_definitions(
+@@ -110,7 +111,7 @@
+ 	-DFDO_CRED_SECURE=\"${BLOB_PATH}/data/Secure.blob\"
+ 	-DFDO_CRED_MFG=\"${BLOB_PATH}/data/Mfg.blob\"
+ 	-DFDO_CRED_NORMAL=\"${BLOB_PATH}/data/Normal.blob\"
+-	-DRAW_BLOB=\"${BLOB_PATH}/data/raw.blob\"
+	-DRAW_BLOB=\"${RO_BLOB_PATH}/data/raw.blob\"
+ 	)
+       if (${DA_FILE} MATCHES pem)
+ 	client_sdk_compile_definitions(
+@@ -164,10 +165,10 @@
+ # Configure if needed at a later point
+ # configure_file(${BLOB_PATH}/data/Normal.blob NEWLINE_STYLE DOS)
+ 
+-file(WRITE ${BLOB_PATH}/data/platform_iv.bin "")
+-file(WRITE ${BLOB_PATH}/data/platform_hmac_key.bin "")
+-file(WRITE ${BLOB_PATH}/data/platform_aes_key.bin "")
+-file(WRITE ${BLOB_PATH}/data/Normal.blob "")
+-file(WRITE ${BLOB_PATH}/data/Secure.blob "")
+-file(WRITE ${BLOB_PATH}/data/raw.blob "")
+-file(WRITE ${BLOB_PATH}/data/max_serviceinfo_sz.bin "")
+file(WRITE ./data/platform_iv.bin "")
+file(WRITE ./data/platform_hmac_key.bin "")
+file(WRITE ./data/platform_aes_key.bin "")
+file(WRITE ./data/Normal.blob "")
+file(WRITE ./data/Secure.blob "")
+file(WRITE ./data/raw.blob "")
+file(WRITE ./data/max_serviceinfo_sz.bin "")
+Nur in b: blob_path.cmake~.
+diff -u a/cli_input.cmake b/cli_input.cmake
+--- a/cmake/cli_input.cmake	2021-10-14 22:24:53.078959088 +0200
+++ b/cmake/cli_input.cmake	2021-10-14 22:26:36.187516122 +0200
+@@ -24,6 +24,7 @@
+ set (STORAGE true)
+ set (BOARD NUCLEO_F767ZI)
+ set (BLOB_PATH .)
+set (RO_BLOB_PATH .)
+ set (TPM2_TCTI_TYPE tabrmd)
+ set (RESALE true)
+ set (REUSE true)
+@@ -501,6 +502,36 @@
+ message("Selected BLOB_PATH ${BLOB_PATH}")
+ 
+ ###########################################
+# FOR RO_BLOB_PATH
+get_property(cached_ro_blob_path_value CACHE RO_BLOB_PATH PROPERTY VALUE)
+
+set(ro_blob_path_cli_arg ${cached_ro_blob_path_value})
+if(ro_blob_path_cli_arg STREQUAL CACHED_RO_BLOB_PATH)
+  unset(ro_blob_path_cli_arg)
+endif()
+
+set(ro_blob_path_app_cmake_lists ${RO_BLOB_PATH})
+if(cached_ro_blob_path_value STREQUAL RO_BLOB_PATH)
+  unset(ro_blob_path_app_cmake_lists)
+endif()
+
+if(CACHED_RO_BLOB_PATH)
+  if ((ro_blob_path_cli_arg) AND (NOT(CACHED_RO_BLOB_PATH STREQUAL ro_blob_path_cli_arg)))
+    message(WARNING "Need to do make pristine before cmake args can change.")
+  endif()
+  set(RO_BLOB_PATH ${CACHED_RO_BLOB_PATH})
+elseif(ro_blob_path_cli_arg)
+  set(RO_BLOB_PATH ${ro_blob_path_cli_arg})
+elseif(DEFINED ENV{RO_BLOB_PATH})
+  set(RO_BLOB_PATH $ENV{RO_BLOB_PATH})
+elseif(ro_blob_path_app_cmake_lists)
+  set(RO_BLOB_PATH ${ro_blob_path_app_cmake_lists})
+endif()
+
+set(CACHED_RO_BLOB_PATH ${RO_BLOB_PATH} CACHE STRING "Selected RO_BLOB_PATH")
+message("Selected RO_BLOB_PATH ${RO_BLOB_PATH}")
+
+###########################################
+ # FOR WIFI_SSID
+ get_property(cached_wifi_ssid_value CACHE WIFI_SSID PROPERTY VALUE)
+ 
+Nur in b: cli_input.cmake~.
--- a/fdo-client-1.0.0+git20210816.baa09b5.tar.xz
+++ b/fdo-client-1.0.0+git20210816.baa09b5.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f35493ad6470003d707834b11614296300f578163c474c7219a9aa4eff82b3c0
+size 255368
--- a/29
+++ b/29
@ -0,0 +1,29 @@
+#!/bin/sh
+check_file=/var/lib/fdo-client/initialized
+data=/var/lib/fdo-client/data
+log=/var/log/fdo-client.log
+
+cd ${data}
+
+if [ ! -f ${check_file} ]; then
+    # The first time the client will connect the manufacturer
+    # server in order to get information about rendevous service.
+    # After that the service will be stopped. The machine is now
+    # ready for delivery. Next time the machine will connect to
+    # the rendezvous service when it will be switched on.
+    /usr/bin/fdo-client >${log}
+    systemctl status fdoclient| grep 'Main PID' | awk '{print $3}' >${check_file}
+    /bin/systemctl stop fdoclient
+    exit 0
+fi
+
+while :
+do
+    # The rendevous service returns the information about the
+    # prider platform service (only the first time). This service
+    # will be contacted periodically.
+    /usr/bin/fdo-client >>${log}
+    sleep 30;
+done
+
+
--- a/fdo-client.changes
+++ b/fdo-client.changes
@ -0,0 +1,5 @@
+-------------------------------------------------------------------
+Fri Oct 15 17:39:31 UTC 2021 - Stefan Schubert <schubi@suse.de>
+
+- This is the successor of sdo-client
+  EPIC: SLE/SLE-22946
--- a/fdo-client.spec
+++ b/fdo-client.spec
@ -0,0 +1,145 @@
+#
+# spec file for package fdo-client
+#
+# Copyright (c) 2021 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+Name:           fdo-client
+Version:        1.0.0+git20210816.baa09b5
+Release:        0
+Summary:        FIDO Device Onboard Client
+License:        Apache-2.0
+Group:          System/Base
+URL:            https://github.com/intel/safestringlib/tree/v1.0.0
+Source0:        fdo-client-%{version}.tar.xz
+Source1:        safestringlib-1.0.0+git20171208.5da1bad.tar.xz
+Source2:        tinycbor-1.0.0+git20191022.755f9ef.tar.xz
+Source3:        fdo-client-service
+Source4:        fdoclient.service
+Source5:        README
+Patch0:         build.patch
+Patch1:         gcc.patch
+Requires:       openssl
+Obsoletes:      sdo-client
+BuildRequires:  cmake
+BuildRequires:  vim
+BuildRequires:  gcc-c++
+BuildRequires:  libopenssl-devel
+%{?systemd_ordering}
+
+%description
+FDO-Client is a portable implementation of the FIDO Device Onboard Spec.
+This component is portable across multiple environments,
+including to various microprocessors (MPUs) and microcontrollers (MCUs).
+
+%package devel
+Summary:        FIDO Device Onboard Client SDK
+Group:          Development/Libraries/C and C++
+Requires:       libopenssl-1_1-devel
+
+%description devel
+This is a production-ready implementation of the Device component defined
+in FIDO Device Onboard Spec published by the FIDO Alliance.
+Appropriate security measures should be taken for storing the device
+credentials while porting this to different platforms.
+
+%prep
+%setup -q
+%setup -q -D -a 1
+%setup -q -D -a 2
+%patch0 -p1
+%patch1 -p1
+
+%build
+pushd .
+cd safestringlib*
+mkdir obj
+make
+popd
+cd tinycbor*
+make
+cd %{_builddir}/%{name}*
+export SAFESTRING_ROOT=%{_builddir}/%{name}-%{version}/safestringlib-1.0.0+git20171208.5da1bad
+export TINYCBOR_ROOT=%{_builddir}/%{name}-%{version}/tinycbor-1.0.0+git20191022.755f9ef
+export BLOB_PATH=%{_sharedstatedir}/%{name}
+export RO_BLOB_PATH=%{_datadir}/%{name}
+cmake .
+make
+bash utils/keys_gen.sh .
+
+%install
+mkdir -p %{buildroot}/%{_bindir}
+mkdir -p %{buildroot}/%{_libdir}
+mkdir -p %{buildroot}/%{_sbindir}
+mkdir -p %{buildroot}/%{_docdir}/%{name}
+mkdir -p %{buildroot}/%{_includedir}
+mkdir -p %{buildroot}/%{_datadir}/%{name}/data
+mkdir -p %{buildroot}/%{_sharedstatedir}/%{name}/data
+
+%{__install} -m 0755 build/linux-client %{buildroot}/%{_bindir}/%{name}
+%{__install} -m 0755 %{SOURCE3} %{buildroot}/%{_bindir}/fdo-client-service
+%{__install} -D -m 644 %{SOURCE4} %{buildroot}/%{_unitdir}/fdoclient.service
+%{__install} -m 0644 %{SOURCE5} %{buildroot}/%{_docdir}/%{name}/README
+ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcfdoclient
+
+%{__install} -m 644 build/*.a %{buildroot}/%{_libdir}
+%{__install} -m 644 include/*.h %{buildroot}/%{_includedir}
+
+%{__install} data/ecdsa* %{buildroot}/%{_datadir}/%{name}/data
+%{__install} data/manufacturer_addr.bin %{buildroot}/%{_datadir}/%{name}/data
+%{__install} data/max_serviceinfo_sz.bin %{buildroot}/%{_datadir}/%{name}/data
+%{__install} data/mfg_proxy.dat %{buildroot}/%{_datadir}/%{name}/data
+%{__install} data/owner_proxy.dat %{buildroot}/%{_datadir}/%{name}/data
+%{__install} data/raw.blob %{buildroot}/%{_datadir}/%{name}/data
+%{__install} data/rv_proxy.dat %{buildroot}/%{_datadir}/%{name}/data
+
+%{__install} data/Normal.blob %{buildroot}/%{_sharedstatedir}/%{name}/data
+%{__install} data/platform_aes_key.bin %{buildroot}/%{_sharedstatedir}/%{name}/data
+%{__install} data/platform_hmac_key.bin %{buildroot}/%{_sharedstatedir}/%{name}/data
+%{__install} data/platform_iv.bin %{buildroot}/%{_sharedstatedir}/%{name}/data
+%{__install} data/Secure.blob %{buildroot}/%{_sharedstatedir}/%{name}/data
+
+%pre
+%service_add_pre fdoclient.service
+
+%preun
+%service_del_preun fdoclient.service
+
+%post
+%service_add_post fdoclient.service
+
+%postun
+%service_del_postun fdoclient.service
+
+%files
+%license LICENSE
+%doc README
+%dir %{_datadir}/%{name}
+%dir %{_datadir}/%{name}/data
+%dir %{_sharedstatedir}/%{name}
+%dir %{_sharedstatedir}/%{name}/data/
+%{_bindir}/%{name}
+%{_bindir}/fdo-client-service
+%{_datadir}/%{name}/data/*
+%{_sharedstatedir}/%{name}/data/*
+%{_unitdir}/fdoclient.service
+%{_sbindir}/rcfdoclient
+
+%files devel
+%license LICENSE
+%{_includedir}/*.h
+%{_libdir}/*.a
+
+%changelog
--- a/fdoclient.service
+++ b/fdoclient.service
@ -0,0 +1,15 @@
+[Unit]
+Description=FDO client
+After=remote-fs.target network-online.target 
+Wants=network-online.target
+
+[Service]
+Type=simple
+Environment=TERM=linux
+ExecStart=/usr/bin/fdo-client-service
+RemainAfterExit=no
+TimeoutSec=0
+
+[Install]
+WantedBy=default.target
+
--- a/gcc.patch
+++ b/gcc.patch
@ -0,0 +1,171 @@
+--- org/lib/fdoprotctx.c	2021-10-18 21:51:23.914574062 +0200
+++ patch/lib/fdoprotctx.c	2021-10-18 21:49:40.170002557 +0200
+@@ -118,8 +118,11 @@
+ 
+ 	switch (prot_ctx->protdata->state) {
+ 	case FDO_STATE_DI_APP_START: /* type 10 */
+-		ATTRIBUTE_FALLTHROUGH;
+		{
+			ATTRIBUTE_FALLTHROUGH;
+		}
+ 	case FDO_STATE_DI_SET_CREDENTIALS: /* type 11 */
+		{
+ 		if (prot_ctx->host_dns) {
+ 			if (prot_ctx->resolved_ip) {
+ 				fdo_free(prot_ctx->resolved_ip);
+@@ -133,9 +136,12 @@
+ 				break;
+ 			}
+ 		}
+-		ATTRIBUTE_FALLTHROUGH;
+			ATTRIBUTE_FALLTHROUGH;
+		}
+ 	case FDO_STATE_DI_SET_HMAC: /* type 12 */
+-		ATTRIBUTE_FALLTHROUGH;
+		{
+			ATTRIBUTE_FALLTHROUGH;
+		}
+ 	case FDO_STATE_DI_DONE: /* type 13 */
+ 		ret = connect_to_manufacturer(
+ 			      prot_ctx->resolved_ip ? prot_ctx->resolved_ip : prot_ctx->host_ip,
+@@ -144,24 +150,30 @@
+ 			      (prot_ctx->tls ? &prot_ctx->ssl : NULL));
+ 		break;
+ 	case FDO_STATE_T01_SND_HELLO_FDO: /* type 30 */
+-		ATTRIBUTE_FALLTHROUGH;
+		{
+			ATTRIBUTE_FALLTHROUGH;
+		}
+ 	case FDO_STATE_TO1_RCV_HELLO_FDOACK: /* type 31 */
+-		if (prot_ctx->host_dns) {
+-			if (prot_ctx->resolved_ip) {
+-				fdo_free(prot_ctx->resolved_ip);
+-			}
+-			if (!resolve_dn(prot_ctx->host_dns,
+-					&prot_ctx->resolved_ip,
+-					prot_ctx->host_port,
+-					(prot_ctx->tls ? &prot_ctx->ssl : NULL),
+-					is_rv_proxy_defined())) {
+-				ret = false;
+-				fdo_free(prot_ctx->resolved_ip);
+		{
+			if (prot_ctx->host_dns) {
+				if (prot_ctx->resolved_ip) {
+					fdo_free(prot_ctx->resolved_ip);
+				}
+				if (!resolve_dn(prot_ctx->host_dns,
+						&prot_ctx->resolved_ip,
+						prot_ctx->host_port,
+						(prot_ctx->tls ? &prot_ctx->ssl : NULL),
+						is_rv_proxy_defined())) {
+					ret = false;
+					fdo_free(prot_ctx->resolved_ip);
+				}
+ 			}
+			ATTRIBUTE_FALLTHROUGH;
+ 		}
+-		ATTRIBUTE_FALLTHROUGH;
+ 	case FDO_STATE_TO1_SND_PROVE_TO_FDO: /* type 32 */
+-		ATTRIBUTE_FALLTHROUGH;
+		{
+			ATTRIBUTE_FALLTHROUGH;
+		}
+ 	case FDO_STATE_TO1_RCV_FDO_REDIRECT: /* type 33 */
+ 		// try DNS's resolved IP first, if it fails, try given IP address
+ 		ret = connect_to_rendezvous(
+@@ -174,40 +186,62 @@
+ 		}
+ 		break;
+ 	case FDO_STATE_T02_SND_HELLO_DEVICE: /* type 60 */
+-		ATTRIBUTE_FALLTHROUGH;
+		{	
+			ATTRIBUTE_FALLTHROUGH;
+		}
+ 	case FDO_STATE_TO2_RCV_PROVE_OVHDR: /* type 61 */
+-		if (prot_ctx->host_dns) {
+-			if (prot_ctx->resolved_ip) {
+-				fdo_free(prot_ctx->resolved_ip);
+-			}
+-			if (!resolve_dn(prot_ctx->host_dns,
+-					&prot_ctx->resolved_ip,
+-					prot_ctx->host_port,
+-					(prot_ctx->tls ? &prot_ctx->ssl : NULL),
+-					is_owner_proxy_defined())) {
+-				ret = false;
+-				fdo_free(prot_ctx->resolved_ip);
+		{
+			if (prot_ctx->host_dns) {
+				if (prot_ctx->resolved_ip) {
+					fdo_free(prot_ctx->resolved_ip);
+				}
+				if (!resolve_dn(prot_ctx->host_dns,
+						&prot_ctx->resolved_ip,
+						prot_ctx->host_port,
+						(prot_ctx->tls ? &prot_ctx->ssl : NULL),
+						is_owner_proxy_defined())) {
+					ret = false;
+					fdo_free(prot_ctx->resolved_ip);
+				}
+ 			}
+			ATTRIBUTE_FALLTHROUGH;
+ 		}
+-		ATTRIBUTE_FALLTHROUGH;
+ 	case FDO_STATE_TO2_SND_GET_OP_NEXT_ENTRY: /* type 62 */
+-		ATTRIBUTE_FALLTHROUGH;
+ 		{
+			ATTRIBUTE_FALLTHROUGH;
+		}
+ 	case FDO_STATE_T02_RCV_OP_NEXT_ENTRY: /* type 63 */
+-		ATTRIBUTE_FALLTHROUGH;
+		{
+			ATTRIBUTE_FALLTHROUGH;
+		}
+ 	case FDO_STATE_TO2_SND_PROVE_DEVICE: /* type 64 */
+-		ATTRIBUTE_FALLTHROUGH;
+		{
+			ATTRIBUTE_FALLTHROUGH;
+		}
+ 	case FDO_STATE_TO2_RCV_GET_NEXT_DEVICE_SERVICE_INFO: /* type 65 */
+-		ATTRIBUTE_FALLTHROUGH;
+		{
+			ATTRIBUTE_FALLTHROUGH;
+		}
+ 	case FDO_STATE_TO2_SND_NEXT_DEVICE_SERVICE_INFO: /* type 66 */
+-		ATTRIBUTE_FALLTHROUGH;
+		{
+			ATTRIBUTE_FALLTHROUGH;
+		}
+ 	case FDO_STATE_TO2_RCV_SETUP_DEVICE: /* type 67 */
+-		ATTRIBUTE_FALLTHROUGH;
+		{
+			ATTRIBUTE_FALLTHROUGH;
+		}
+ 	case FDO_STATE_T02_SND_GET_NEXT_OWNER_SERVICE_INFO: /* type 68 */
+-		ATTRIBUTE_FALLTHROUGH;
+		{
+			ATTRIBUTE_FALLTHROUGH;
+		}
+ 	case FDO_STATE_T02_RCV_NEXT_OWNER_SERVICE_INFO: /* type 69 */
+-		ATTRIBUTE_FALLTHROUGH;
+		{
+			ATTRIBUTE_FALLTHROUGH;
+		}
+ 	case FDO_STATE_TO2_SND_DONE: /* type 70 */
+-		ATTRIBUTE_FALLTHROUGH;
+		{
+			ATTRIBUTE_FALLTHROUGH;
+		}
+ 	case FDO_STATE_TO2_RCV_DONE_2: /* type 71 */
+ 		// try DNS's resolved IP first, if it fails, try given IP address
+ 		ret = connect_to_owner(prot_ctx->resolved_ip, prot_ctx->host_port,
+--- org/lib/credentials_from_file.c	2021-10-18 22:19:33.447783075 +0200
+++ patch/lib/credentials_from_file.c	2021-10-18 22:19:20.143711330 +0200
+@@ -228,8 +228,6 @@
+ 		return true;
+ 	}
+ 
+-	LOG(LOG_DEBUG, "Reading DeviceCredential blob of length %"PRIu64"\n", dev_cred_len);
+-
+ 	fdor = fdo_alloc(sizeof(fdor_t));
+ 	if (!fdor || !fdor_init(fdor) || !fdo_block_alloc_with_size(&fdor->b, dev_cred_len)) {
+ 		LOG(LOG_ERROR, "FDOR Initialization/Allocation failed!\n");
--- a/safestringlib-1.0.0+git20171208.5da1bad.tar.xz
+++ b/safestringlib-1.0.0+git20171208.5da1bad.tar.xz
--- a/tinycbor-1.0.0+git20191022.755f9ef.tar.xz
+++ b/tinycbor-1.0.0+git20191022.755f9ef.tar.xz