SHA256
1
0
forked from pool/mbedtls

Accepting request 440145 from devel:libraries:c_c++

- Update to version 2.4.0:

OBS-URL: https://build.opensuse.org/request/show/440145
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mbedtls?expand=0&rev=10
This commit is contained in:
Dominique Leuenberger 2016-11-15 16:53:02 +00:00 committed by Git OBS Bridge
parent 6e59b5513a
commit e3558034c2
5 changed files with 34 additions and 398 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:590734c8bc8b3ac48e9123d44bf03562e91f8dce0d1ac2615c318c077f3215b2
size 1896335

3
mbedtls-2.4.0-apache.tgz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c1c3559ed39f7a1b1550c4cf4ccb918bf239301a3311d98dda92bed8a25b7f0d
size 1917968

View File

@ -1,3 +1,33 @@
-------------------------------------------------------------------
Sun Nov 13 18:18:58 UTC 2016 - mpluskal@suse.com
- Update to version 2.4.0:
* Removes the MBEDTLS_SSL_AEAD_RANDOM_IV configuration option,
because it was not compliant with RFC-5116 and could lead to
session key recovery in very long TLS sessions.
* Fixes potential stack corruption in mbedtls_x509write_crt_der()
and mbedtls_x509write_csr_der() when the signature is copied to
the buffer without checking whether there is enough space in
the destination. The issue cannot be triggered remotely.
* Added support for CMAC for AES and 3DES and AES-CMAC-PRF-128,
as defined by NIST SP 800-38B, RFC-4493 and RFC-4615.
* Added hardware entropy self-test to verify that the hardware
entropy source is functioning correctly.
* Added a script to print build environment information for
diagnostic use in test scripts, which is also now called by
all.sh verification script.
* Added the macro MBEDTLS_X509_MAX_FILE_PATH_LEN that enables the
user to configure the maximum length of a file path that can be
buffered when calling mbedtls_x509_crt_parse_path().
* Added a configuration file config-no-entropy.h that configures
the subset of library features that do not require an entropy
source.
* Added the macro MBEDTLS_ENTROPY_MIN_HARDWARE in config.h. This
allows users to configure the minimum number of bytes for
entropy sources using the mbedtls_hardware_poll() function.
* Miscelanous bugfixes
- Drop no longer needed mbedtls_fix522.patch
-------------------------------------------------------------------
Sat Aug 27 11:11:20 UTC 2016 - mpluskal@suse.com

View File

@ -20,7 +20,7 @@
%define lib_crypto libmbedcrypto0
%define lib_x509 libmbedx509-0
Name: mbedtls
Version: 2.3.0
Version: 2.4.0
Release: 0
Summary: Libraries for crypto and SSL/TLS protocols
License: Apache-2.0
@ -28,7 +28,6 @@ Group: Development/Libraries/C and C++
Url: https://tls.mbed.org
Source: https://tls.mbed.org/download/%{name}-%{version}-apache.tgz
Source99: baselibs.conf
Patch0: mbedtls_fix522.patch
BuildRequires: cmake
BuildRequires: pkgconfig
BuildRequires: pkgconfig(libpkcs11-helper-1)
@ -89,7 +88,6 @@ SSL/TLS protocol suite.
%prep
%setup -q
%patch0 -p1
sed -i 's|//\(#define MBEDTLS_ZLIB_SUPPORT\)|\1|' include/mbedtls/config.h
sed -i 's|//\(#define MBEDTLS_HAVEGE_C\)|\1|' include/mbedtls/config.h
sed -i 's|//\(#define MBEDTLS_THREADING_C\)|\1|' include/mbedtls/config.h

View File

@ -1,392 +0,0 @@
From b5b6af2663fdb7f57c30494607bade90810f6844 Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Wed, 13 Jul 2016 14:46:18 +0100
Subject: [PATCH 1/3] Puts platform time abstraction into its own header
Separates platform time abstraction into it's own header from the
general platform abstraction as both depend on different build options.
(MBEDTLS_PLATFORM_C vs MBEDTLS_HAVE_TIME)
---
include/mbedtls/platform.h | 37 ++-----------------
include/mbedtls/platform_time.h | 81 +++++++++++++++++++++++++++++++++++++++++
include/mbedtls/ssl.h | 2 +-
library/net.c | 1 -
library/ssl_cache.c | 2 -
library/ssl_ciphersuites.c | 1 -
library/ssl_cli.c | 4 +-
library/ssl_cookie.c | 2 -
library/ssl_srv.c | 4 +-
library/ssl_ticket.c | 2 -
library/ssl_tls.c | 1 -
library/x509.c | 7 +++-
programs/ssl/dtls_client.c | 1 -
13 files changed, 93 insertions(+), 52 deletions(-)
create mode 100644 include/mbedtls/platform_time.h
diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h
index caf8f25..b1b019e 100644
--- a/include/mbedtls/platform.h
+++ b/include/mbedtls/platform.h
@@ -29,6 +29,10 @@
#include MBEDTLS_CONFIG_FILE
#endif
+#if defined(MBEDTLS_HAVE_TIME)
+#include "mbedtls/platform_time.h"
+#endif
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -244,39 +248,6 @@ int mbedtls_platform_set_exit( void (*exit_func)( int status ) );
#endif
/*
- * The time_t datatype
- */
-#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO)
-typedef MBEDTLS_PLATFORM_TIME_TYPE_MACRO mbedtls_time_t;
-#else
-/* For time_t */
-#include <time.h>
-typedef time_t mbedtls_time_t;
-#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */
-
-/*
- * The function pointers for time
- */
-#if defined(MBEDTLS_PLATFORM_TIME_ALT)
-extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time );
-
-/**
- * \brief Set your own time function pointer
- *
- * \param time_func the time function implementation
- *
- * \return 0
- */
-int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) );
-#else
-#if defined(MBEDTLS_PLATFORM_TIME_MACRO)
-#define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO
-#else
-#define mbedtls_time time
-#endif /* MBEDTLS_PLATFORM_TIME_MACRO */
-#endif /* MBEDTLS_PLATFORM_TIME_ALT */
-
-/*
* The function pointers for reading from and writing a seed file to
* Non-Volatile storage (NV) in a platform-independent way
*
diff --git a/include/mbedtls/platform_time.h b/include/mbedtls/platform_time.h
new file mode 100644
index 0000000..abb3431
--- /dev/null
+++ b/include/mbedtls/platform_time.h
@@ -0,0 +1,81 @@
+/**
+ * \file platform_time.h
+ *
+ * \brief mbed TLS Platform time abstraction
+ *
+ * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_PLATFORM_TIME_H
+#define MBEDTLS_PLATFORM_TIME_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+
+/*
+ * The time_t datatype
+ */
+#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO)
+typedef MBEDTLS_PLATFORM_TIME_TYPE_MACRO mbedtls_time_t;
+#else
+/* For time_t */
+#include <time.h>
+typedef time_t mbedtls_time_t;
+#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */
+
+/*
+ * The function pointers for time
+ */
+#if defined(MBEDTLS_PLATFORM_TIME_ALT)
+extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time );
+
+/**
+ * \brief Set your own time function pointer
+ *
+ * \param time_func the time function implementation
+ *
+ * \return 0
+ */
+int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) );
+#else
+#if defined(MBEDTLS_PLATFORM_TIME_MACRO)
+#define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO
+#else
+#define mbedtls_time time
+#endif /* MBEDTLS_PLATFORM_TIME_MACRO */
+#endif /* MBEDTLS_PLATFORM_TIME_ALT */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* platform_time.h */
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 82c0760..c0bfd3e 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -52,7 +52,7 @@
#endif
#if defined(MBEDTLS_HAVE_TIME)
-#include <time.h>
+#include "mbedtls/platform_time.h"
#endif
/*
diff --git a/library/net.c b/library/net.c
index 4142bc0..8b96321 100644
--- a/library/net.c
+++ b/library/net.c
@@ -36,7 +36,6 @@
#include "mbedtls/platform.h"
#else
#include <stdlib.h>
-#define mbedtls_time_t time_t
#endif
#include "mbedtls/net.h"
diff --git a/library/ssl_cache.c b/library/ssl_cache.c
index 01c66ae..9b62de2 100644
--- a/library/ssl_cache.c
+++ b/library/ssl_cache.c
@@ -37,8 +37,6 @@
#include <stdlib.h>
#define mbedtls_calloc calloc
#define mbedtls_free free
-#define mbedtls_time time
-#define mbedtls_time_t time_t
#endif
#include "mbedtls/ssl_cache.h"
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 3546331..a762bf7 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -33,7 +33,6 @@
#include "mbedtls/platform.h"
#else
#include <stdlib.h>
-#define mbedtls_time_t time_t
#endif
#include "mbedtls/ssl_ciphersuites.h"
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index cd39db0..358dc46 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -33,8 +33,6 @@
#include <stdlib.h>
#define mbedtls_calloc calloc
#define mbedtls_free free
-#define mbedtls_time time
-#define mbedtls_time_t time_t
#endif
#include "mbedtls/debug.h"
@@ -46,7 +44,7 @@
#include <stdint.h>
#if defined(MBEDTLS_HAVE_TIME)
-#include <time.h>
+#include "mbedtls/platform_time.h"
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index f241c86..9fb32de 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -36,8 +36,6 @@
#else
#define mbedtls_calloc calloc
#define mbedtls_free free
-#define mbedtls_time time
-#define mbedtls_time_t time_t
#endif
#include "mbedtls/ssl_cookie.h"
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 7271045..ec59cc1 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -33,8 +33,6 @@
#include <stdlib.h>
#define mbedtls_calloc calloc
#define mbedtls_free free
-#define mbedtls_time time
-#define mbedtls_time_t time_t
#endif
#include "mbedtls/debug.h"
@@ -48,7 +46,7 @@
#endif
#if defined(MBEDTLS_HAVE_TIME)
-#include <time.h>
+#include "mbedtls/platform_time.h"
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index 5d77403..4d9116d 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -33,8 +33,6 @@
#include <stdlib.h>
#define mbedtls_calloc calloc
#define mbedtls_free free
-#define mbedtls_time time
-#define mbedtls_time_t time_t
#endif
#include "mbedtls/ssl_ticket.h"
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 80a908d..505bb6c 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -41,7 +41,6 @@
#include <stdlib.h>
#define mbedtls_calloc calloc
#define mbedtls_free free
-#define mbedtls_time_t time_t
#endif
#include "mbedtls/debug.h"
diff --git a/library/x509.c b/library/x509.c
index a0df817..bc3bfe0 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -55,12 +55,15 @@
#include <stdlib.h>
#define mbedtls_free free
#define mbedtls_calloc calloc
-#define mbedtls_time time
-#define mbedtls_time_t time_t
#define mbedtls_printf printf
#define mbedtls_snprintf snprintf
#endif
+
+#if defined(MBEDTLS_HAVE_TIME)
+#include "mbedtls/platform_time.h"
+#endif
+
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
#include <windows.h>
#else
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index 14fb612..b37eb83 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -31,7 +31,6 @@
#include <stdio.h>
#define mbedtls_printf printf
#define mbedtls_fprintf fprintf
-#define mbedtls_time_t time_t
#endif
#if !defined(MBEDTLS_SSL_CLI_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \
From b92834324f29768a5bf39c58c674c5f3c09b6763 Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Wed, 13 Jul 2016 11:02:41 +0100
Subject: [PATCH 2/3] Fixes all.sh for full config
MBEDTLS_PLATFORM_TIME_ALT was accidentally left in the full config test
leading to linker problems.
---
tests/scripts/all.sh | 1 +
1 file changed, 1 insertion(+)
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 5262397..a2b0995 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -231,6 +231,7 @@ scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY
scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT
+scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
From 23e9778684ba734dbfba1445e145b04dd6b59e76 Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Wed, 13 Jul 2016 13:31:08 +0100
Subject: [PATCH 3/3] Adds missing conditions for platform time
In platform.c, made the time functions dependent on the configuration
MBEDTLS_HAVE_TIME to fix a build break where the functions could be
built but the mbedtls_time_t was not defined.
---
library/platform.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/library/platform.c b/library/platform.c
index 68ca45d..2591c45 100644
--- a/library/platform.c
+++ b/library/platform.c
@@ -190,6 +190,8 @@ int mbedtls_platform_set_exit( void (*exit_func)( int status ) )
}
#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
+#if defined(MBEDTLS_HAVE_TIME)
+
#if defined(MBEDTLS_PLATFORM_TIME_ALT)
#if !defined(MBEDTLS_PLATFORM_STD_TIME)
/*
@@ -213,6 +215,8 @@ int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time
}
#endif /* MBEDTLS_PLATFORM_TIME_ALT */
+#endif /* MBEDTLS_HAVE_TIME */
+
#if defined(MBEDTLS_ENTROPY_NV_SEED)
#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO)
/* Default implementations for the platform independent seed functions use