diff --git a/_service b/_service
index 1be0df4..c054dee 100644
--- a/_service
+++ b/_service
@@ -2,7 +2,7 @@
1.0.0
1.0.0+git%cd.%h
- git://github.com/intel/safestringlib.git
+ git@github.com:intel/safestringlib.git
v1.0.0
git
enable
@@ -16,10 +16,10 @@
enable
- 1.0.0
- 1.0.0+git%cd.%h
+ 1.1.4
+ 1.1.4+git%cd.%h
git@github.com:secure-device-onboard/client-sdk-fidoiot.git
- v1.0.0
+ v1.1.4
git
fdo-client
enable
diff --git a/_servicedata b/_servicedata
index e1678df..0606053 100644
--- a/_servicedata
+++ b/_servicedata
@@ -9,6 +9,8 @@
git@github.com:secure-device-onboard/client-sdk-fidoiot.git
- baa09b537ddbb4ce9fdf289ad55e885526d045ec
+ c8ef7576afa1b250ff9460b519238f32711ef175
-
\ No newline at end of file
+
+ git@github.com:intel/safestringlib.git
+ 5da1badd337e68c1334fb232c778166f46f6d9f9
\ No newline at end of file
diff --git a/build.patch b/build.patch
index b3934d4..90c74da 100644
--- a/build.patch
+++ b/build.patch
@@ -1,6 +1,5 @@
-diff -u a/blob_path.cmake b/blob_path.cmake
---- a/cmake/blob_path.cmake 2021-10-14 22:02:06.855474972 +0200
-+++ b/cmake/blob_path.cmake 2021-10-14 22:19:21.969170219 +0200
+--- org/cmake/blob_path.cmake 2022-12-09 09:44:34.000000000 +0100
++++ patch/cmake/blob_path.cmake 2023-03-02 14:51:38.637622177 +0100
@@ -7,17 +7,18 @@
# Note all blobs and data will be made relative.
# if absoulte is needed declare BLOB_PATH on CLI
@@ -8,12 +7,12 @@ diff -u a/blob_path.cmake b/blob_path.cmake
+# RO_BLOB_PATH= is for data which does not need write access
if(TARGET_OS MATCHES linux)
-
+
client_sdk_compile_definitions(
- -DSERIAL_FILE=\"${BLOB_PATH}/data/manufacturer_sn.bin\"
- -DMODEL_FILE=\"${BLOB_PATH}/data/manufacturer_mod.bin\"
+ -DSERIAL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_sn.bin\"
-+ -DMODEL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_mod.bin\"
++ -DMODEL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_mod.bin\"
-DPLATFORM_IV=\"${BLOB_PATH}/data/platform_iv.bin\"
-DPLATFORM_HMAC_KEY=\"${BLOB_PATH}/data/platform_hmac_key.bin\"
-DPLATFORM_AES_KEY=\"${BLOB_PATH}/data/platform_aes_key.bin\"
@@ -99,7 +98,7 @@ diff -u a/blob_path.cmake b/blob_path.cmake
)
if (${DA_FILE} MATCHES pem)
client_sdk_compile_definitions(
-@@ -164,10 +165,10 @@
+@@ -164,9 +165,9 @@
# Configure if needed at a later point
# configure_file(${BLOB_PATH}/data/Normal.blob NEWLINE_STYLE DOS)
@@ -109,19 +108,15 @@ diff -u a/blob_path.cmake b/blob_path.cmake
-file(WRITE ${BLOB_PATH}/data/Normal.blob "")
-file(WRITE ${BLOB_PATH}/data/Secure.blob "")
-file(WRITE ${BLOB_PATH}/data/raw.blob "")
--file(WRITE ${BLOB_PATH}/data/max_serviceinfo_sz.bin "")
+file(WRITE ./data/platform_iv.bin "")
+file(WRITE ./data/platform_hmac_key.bin "")
+file(WRITE ./data/platform_aes_key.bin "")
+file(WRITE ./data/Normal.blob "")
+file(WRITE ./data/Secure.blob "")
+file(WRITE ./data/raw.blob "")
-+file(WRITE ./data/max_serviceinfo_sz.bin "")
-Nur in b: blob_path.cmake~.
-diff -u a/cli_input.cmake b/cli_input.cmake
---- a/cmake/cli_input.cmake 2021-10-14 22:24:53.078959088 +0200
-+++ b/cmake/cli_input.cmake 2021-10-14 22:26:36.187516122 +0200
-@@ -24,6 +24,7 @@
+--- org/cmake/cli_input.cmake 2022-12-09 09:44:34.000000000 +0100
++++ patch/cmake/cli_input.cmake 2023-03-02 14:56:02.036016802 +0100
+@@ -25,6 +25,7 @@
set (STORAGE true)
set (BOARD NUCLEO_F767ZI)
set (BLOB_PATH .)
@@ -129,7 +124,7 @@ diff -u a/cli_input.cmake b/cli_input.cmake
set (TPM2_TCTI_TYPE tabrmd)
set (RESALE true)
set (REUSE true)
-@@ -501,6 +502,36 @@
+@@ -530,6 +531,37 @@
message("Selected BLOB_PATH ${BLOB_PATH}")
###########################################
@@ -162,8 +157,8 @@ diff -u a/cli_input.cmake b/cli_input.cmake
+set(CACHED_RO_BLOB_PATH ${RO_BLOB_PATH} CACHE STRING "Selected RO_BLOB_PATH")
+message("Selected RO_BLOB_PATH ${RO_BLOB_PATH}")
+
++
+###########################################
# FOR WIFI_SSID
get_property(cached_wifi_ssid_value CACHE WIFI_SSID PROPERTY VALUE)
-Nur in b: cli_input.cmake~.
diff --git a/fdo-client-1.0.0+git20210816.baa09b5.tar.xz b/fdo-client-1.0.0+git20210816.baa09b5.tar.xz
deleted file mode 100644
index bf8b0e3..0000000
--- a/fdo-client-1.0.0+git20210816.baa09b5.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f35493ad6470003d707834b11614296300f578163c474c7219a9aa4eff82b3c0
-size 255368
diff --git a/fdo-client-1.1.4+git20221209.c8ef757.tar.xz b/fdo-client-1.1.4+git20221209.c8ef757.tar.xz
new file mode 100644
index 0000000..ffbfbdd
--- /dev/null
+++ b/fdo-client-1.1.4+git20221209.c8ef757.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:eafa0b4426e5897b488617b1e25b2012479d64f9ffd90b94fcb177da8cfdf7f4
+size 266604
diff --git a/fdo-client.changes b/fdo-client.changes
index 4c7a1cc..aa79913 100644
--- a/fdo-client.changes
+++ b/fdo-client.changes
@@ -1,5 +1,62 @@
+-------------------------------------------------------------------
+Thu Mar 02 11:38:56 UTC 2023 - schubi@suse.com
+
+- Update to version 1.1.4+git20221209.c8ef757:
+ * Readme update (#210)
+ * Updating the readme with openssl 1.1.1s (#209)
+ * Fix TO when IP/RV is empty string (#208)
+ * * Replaced unsafe string function (#207)
+ * Increase max message buffer size to 64000 (#205)
+ * Update Curl version as 7.86 in Readme (#206)
+ * Readme updates (#204)
+ * Minimal logs by default (compile time) (#203)
+ * Revert openssl3 (#201)
+ * Update HTTPS connection to use TLS 1.2 (#196)
+ * Openssl 3 porting (#194)
+ * Add curl support for HTTP connection (#195)
+ * Update NOTICE file (#192)
+ * Add CURL support for HTTPS connection (#188)
+ * Readme update for installing safestringlib (#191)
+ * Updating the readme with openssl 1.1.1q (#187)
+ * switch to host.docker.internal (#185)
+ * Fix to enable compilation of CSDK in ubuntu 22 (#183)
+ * Fix TO when IP is NULL (#184)
+ * Update EAT-UEID value as per FIDO working draft specification (#180)
+ * Revert "Update EAT-UEID value as per FIDO working draft specification (#178)" (#179)
+ * Update EAT-UEID value as per FIDO working draft specification (#178)
+ * Updating comments in fdonet.c (#177)
+ * Upgrade OpenSSL toolkit version to 1.1.1n (#176)
+ * Documentation updates (#175)
+ * Add a note regarding fdosys issue (#174)
+ * Update Jenkinsfile to copy PRI artifacts from master (#173)
+ * Merging 1.1 dev branch to master. (#172)
+ * Fix multiple owner support for CSDK devices. (#167)
+ * Fix: fdo_sys:exec_cb/exec not working after initial fdo_sys:exec (#166)
+ * Add implementation for fdo_sys keep-alive (#165)
+ * Fix an issue with keeping in-memory Mfg PublicKey hash (#164)
+ * Update/Tweak Device Status and Cred management (#163)
+ * Updating EAT IANA numbers as per spec ERRATA (#160)
+ * Updating Device ServiceInfo framework to handle writes (#162)
+ * Add TPM support on RHEL (#161)
+ * Update README for RHEL support (#159)
+ * Remove disclaimer from README (#158)
+
+-------------------------------------------------------------------
+Thu Mar 02 11:37:36 UTC 2023 - schubi@suse.com
+
+- Update to version 1.0.0+git20171208.5da1bad:
+ * Use secure functions where appropriate
+ * Added extern definition
+ * Fix Klocwork Errors
+ * Fix output
+ * Fix Core Dump in Unit Test
+ * Add Makefile
+ * publish unit tests
+ * strpcpu_s: remove unsed redundant variable overlap_bumper
+ * Update LICENSE©ING.txt
+
-------------------------------------------------------------------
Fri Oct 15 17:39:31 UTC 2021 - Stefan Schubert
- This is the successor of sdo-client
- EPIC: SLE/SLE-22946
+ EPIC: SLE/SLE-22946
\ No newline at end of file
diff --git a/fdo-client.spec b/fdo-client.spec
index 2fc24bb..4e273b0 100644
--- a/fdo-client.spec
+++ b/fdo-client.spec
@@ -17,7 +17,7 @@
Name: fdo-client
-Version: 1.0.0+git20210816.baa09b5
+Version: 1.1.4+git20221209.c8ef757
Release: 0
Summary: FIDO Device Onboard Client
License: Apache-2.0
@@ -32,11 +32,11 @@ Source5: README
Patch0: build.patch
Patch1: gcc.patch
Requires: openssl
-Obsoletes: sdo-client
BuildRequires: cmake
BuildRequires: vim
BuildRequires: gcc-c++
BuildRequires: libopenssl-devel
+BuildRequires: libcurl-devel
%{?systemd_ordering}
%description
diff --git a/gcc.patch b/gcc.patch
index b7a7232..87a4216 100644
--- a/gcc.patch
+++ b/gcc.patch
@@ -1,171 +1,37 @@
---- org/lib/fdoprotctx.c 2021-10-18 21:51:23.914574062 +0200
-+++ patch/lib/fdoprotctx.c 2021-10-18 21:49:40.170002557 +0200
-@@ -118,8 +118,11 @@
+--- org/network/network_if_linux.c 2022-12-09 09:44:34.000000000 +0100
++++ patch/network/network_if_linux.c 2023-03-02 16:05:07.625074915 +0100
+@@ -246,7 +246,7 @@
+ goto err;
+ }
- switch (prot_ctx->protdata->state) {
- case FDO_STATE_DI_APP_START: /* type 10 */
-- ATTRIBUTE_FALLTHROUGH;
-+ {
-+ ATTRIBUTE_FALLTHROUGH;
-+ }
- case FDO_STATE_DI_SET_CREDENTIALS: /* type 11 */
-+ {
- if (prot_ctx->host_dns) {
- if (prot_ctx->resolved_ip) {
- fdo_free(prot_ctx->resolved_ip);
-@@ -133,9 +136,12 @@
- break;
- }
+- if (ip_addr->addr) {
++ if (ip_addr->length > 0) {
+ ip_ascii = fdo_alloc(IP_TAG_LEN);
+ if (!ip_ascii) {
+ goto err;
+@@ -331,7 +331,7 @@
}
-- ATTRIBUTE_FALLTHROUGH;
-+ ATTRIBUTE_FALLTHROUGH;
-+ }
- case FDO_STATE_DI_SET_HMAC: /* type 12 */
-- ATTRIBUTE_FALLTHROUGH;
-+ {
-+ ATTRIBUTE_FALLTHROUGH;
-+ }
- case FDO_STATE_DI_DONE: /* type 13 */
- ret = connect_to_manufacturer(
- prot_ctx->resolved_ip ? prot_ctx->resolved_ip : prot_ctx->host_ip,
-@@ -144,24 +150,30 @@
- (prot_ctx->tls ? &prot_ctx->ssl : NULL));
- break;
- case FDO_STATE_T01_SND_HELLO_FDO: /* type 30 */
-- ATTRIBUTE_FALLTHROUGH;
-+ {
-+ ATTRIBUTE_FALLTHROUGH;
-+ }
- case FDO_STATE_TO1_RCV_HELLO_FDOACK: /* type 31 */
-- if (prot_ctx->host_dns) {
-- if (prot_ctx->resolved_ip) {
-- fdo_free(prot_ctx->resolved_ip);
-- }
-- if (!resolve_dn(prot_ctx->host_dns,
-- &prot_ctx->resolved_ip,
-- prot_ctx->host_port,
-- (prot_ctx->tls ? &prot_ctx->ssl : NULL),
-- is_rv_proxy_defined())) {
-- ret = false;
-- fdo_free(prot_ctx->resolved_ip);
-+ {
-+ if (prot_ctx->host_dns) {
-+ if (prot_ctx->resolved_ip) {
-+ fdo_free(prot_ctx->resolved_ip);
-+ }
-+ if (!resolve_dn(prot_ctx->host_dns,
-+ &prot_ctx->resolved_ip,
-+ prot_ctx->host_port,
-+ (prot_ctx->tls ? &prot_ctx->ssl : NULL),
-+ is_rv_proxy_defined())) {
-+ ret = false;
-+ fdo_free(prot_ctx->resolved_ip);
-+ }
- }
-+ ATTRIBUTE_FALLTHROUGH;
- }
-- ATTRIBUTE_FALLTHROUGH;
- case FDO_STATE_TO1_SND_PROVE_TO_FDO: /* type 32 */
-- ATTRIBUTE_FALLTHROUGH;
-+ {
-+ ATTRIBUTE_FALLTHROUGH;
-+ }
- case FDO_STATE_TO1_RCV_FDO_REDIRECT: /* type 33 */
- // try DNS's resolved IP first, if it fails, try given IP address
- ret = connect_to_rendezvous(
-@@ -174,40 +186,62 @@
- }
- break;
- case FDO_STATE_T02_SND_HELLO_DEVICE: /* type 60 */
-- ATTRIBUTE_FALLTHROUGH;
-+ {
-+ ATTRIBUTE_FALLTHROUGH;
-+ }
- case FDO_STATE_TO2_RCV_PROVE_OVHDR: /* type 61 */
-- if (prot_ctx->host_dns) {
-- if (prot_ctx->resolved_ip) {
-- fdo_free(prot_ctx->resolved_ip);
-- }
-- if (!resolve_dn(prot_ctx->host_dns,
-- &prot_ctx->resolved_ip,
-- prot_ctx->host_port,
-- (prot_ctx->tls ? &prot_ctx->ssl : NULL),
-- is_owner_proxy_defined())) {
-- ret = false;
-- fdo_free(prot_ctx->resolved_ip);
-+ {
-+ if (prot_ctx->host_dns) {
-+ if (prot_ctx->resolved_ip) {
-+ fdo_free(prot_ctx->resolved_ip);
-+ }
-+ if (!resolve_dn(prot_ctx->host_dns,
-+ &prot_ctx->resolved_ip,
-+ prot_ctx->host_port,
-+ (prot_ctx->tls ? &prot_ctx->ssl : NULL),
-+ is_owner_proxy_defined())) {
-+ ret = false;
-+ fdo_free(prot_ctx->resolved_ip);
-+ }
- }
-+ ATTRIBUTE_FALLTHROUGH;
- }
-- ATTRIBUTE_FALLTHROUGH;
- case FDO_STATE_TO2_SND_GET_OP_NEXT_ENTRY: /* type 62 */
-- ATTRIBUTE_FALLTHROUGH;
-+ {
-+ ATTRIBUTE_FALLTHROUGH;
-+ }
- case FDO_STATE_T02_RCV_OP_NEXT_ENTRY: /* type 63 */
-- ATTRIBUTE_FALLTHROUGH;
-+ {
-+ ATTRIBUTE_FALLTHROUGH;
-+ }
- case FDO_STATE_TO2_SND_PROVE_DEVICE: /* type 64 */
-- ATTRIBUTE_FALLTHROUGH;
-+ {
-+ ATTRIBUTE_FALLTHROUGH;
-+ }
- case FDO_STATE_TO2_RCV_GET_NEXT_DEVICE_SERVICE_INFO: /* type 65 */
-- ATTRIBUTE_FALLTHROUGH;
-+ {
-+ ATTRIBUTE_FALLTHROUGH;
-+ }
- case FDO_STATE_TO2_SND_NEXT_DEVICE_SERVICE_INFO: /* type 66 */
-- ATTRIBUTE_FALLTHROUGH;
-+ {
-+ ATTRIBUTE_FALLTHROUGH;
-+ }
- case FDO_STATE_TO2_RCV_SETUP_DEVICE: /* type 67 */
-- ATTRIBUTE_FALLTHROUGH;
-+ {
-+ ATTRIBUTE_FALLTHROUGH;
-+ }
- case FDO_STATE_T02_SND_GET_NEXT_OWNER_SERVICE_INFO: /* type 68 */
-- ATTRIBUTE_FALLTHROUGH;
-+ {
-+ ATTRIBUTE_FALLTHROUGH;
-+ }
- case FDO_STATE_T02_RCV_NEXT_OWNER_SERVICE_INFO: /* type 69 */
-- ATTRIBUTE_FALLTHROUGH;
-+ {
-+ ATTRIBUTE_FALLTHROUGH;
-+ }
- case FDO_STATE_TO2_SND_DONE: /* type 70 */
-- ATTRIBUTE_FALLTHROUGH;
-+ {
-+ ATTRIBUTE_FALLTHROUGH;
-+ }
- case FDO_STATE_TO2_RCV_DONE_2: /* type 71 */
- // try DNS's resolved IP first, if it fails, try given IP address
- ret = connect_to_owner(prot_ctx->resolved_ip, prot_ctx->host_port,
---- org/lib/credentials_from_file.c 2021-10-18 22:19:33.447783075 +0200
-+++ patch/lib/credentials_from_file.c 2021-10-18 22:19:20.143711330 +0200
-@@ -228,8 +228,6 @@
+ }
+
+- if (ip_addr->addr) {
++ if (ip_addr->length > 0) {
+ ip_ascii = fdo_alloc(IP_TAG_LEN);
+ if (!ip_ascii) {
+ goto err;
+--- org/lib/credentials_from_file.c 2022-12-09 09:44:34.000000000 +0100
++++ patch/lib/credentials_from_file.c 2023-03-02 16:34:46.597314561 +0100
+@@ -231,7 +231,6 @@
return true;
}
- LOG(LOG_DEBUG, "Reading DeviceCredential blob of length %"PRIu64"\n", dev_cred_len);
--
+
fdor = fdo_alloc(sizeof(fdor_t));
if (!fdor || !fdor_init(fdor) || !fdo_block_alloc_with_size(&fdor->b, dev_cred_len)) {
- LOG(LOG_ERROR, "FDOR Initialization/Allocation failed!\n");
+@@ -531,4 +530,4 @@
+ return true;
+ }
+ return false;
+-}
+\ Kein Zeilenumbruch am Dateiende.
++}