forked from pool/mbedtls
Accepting request 440145 from devel:libraries:c_c++
- Update to version 2.4.0: OBS-URL: https://build.opensuse.org/request/show/440145 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mbedtls?expand=0&rev=10
This commit is contained in:
parent
6e59b5513a
commit
e3558034c2
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:590734c8bc8b3ac48e9123d44bf03562e91f8dce0d1ac2615c318c077f3215b2
|
||||
size 1896335
|
3
mbedtls-2.4.0-apache.tgz
Normal file
3
mbedtls-2.4.0-apache.tgz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:c1c3559ed39f7a1b1550c4cf4ccb918bf239301a3311d98dda92bed8a25b7f0d
|
||||
size 1917968
|
@ -1,3 +1,33 @@
|
||||
-------------------------------------------------------------------
|
||||
Sun Nov 13 18:18:58 UTC 2016 - mpluskal@suse.com
|
||||
|
||||
- Update to version 2.4.0:
|
||||
* Removes the MBEDTLS_SSL_AEAD_RANDOM_IV configuration option,
|
||||
because it was not compliant with RFC-5116 and could lead to
|
||||
session key recovery in very long TLS sessions.
|
||||
* Fixes potential stack corruption in mbedtls_x509write_crt_der()
|
||||
and mbedtls_x509write_csr_der() when the signature is copied to
|
||||
the buffer without checking whether there is enough space in
|
||||
the destination. The issue cannot be triggered remotely.
|
||||
* Added support for CMAC for AES and 3DES and AES-CMAC-PRF-128,
|
||||
as defined by NIST SP 800-38B, RFC-4493 and RFC-4615.
|
||||
* Added hardware entropy self-test to verify that the hardware
|
||||
entropy source is functioning correctly.
|
||||
* Added a script to print build environment information for
|
||||
diagnostic use in test scripts, which is also now called by
|
||||
all.sh verification script.
|
||||
* Added the macro MBEDTLS_X509_MAX_FILE_PATH_LEN that enables the
|
||||
user to configure the maximum length of a file path that can be
|
||||
buffered when calling mbedtls_x509_crt_parse_path().
|
||||
* Added a configuration file config-no-entropy.h that configures
|
||||
the subset of library features that do not require an entropy
|
||||
source.
|
||||
* Added the macro MBEDTLS_ENTROPY_MIN_HARDWARE in config.h. This
|
||||
allows users to configure the minimum number of bytes for
|
||||
entropy sources using the mbedtls_hardware_poll() function.
|
||||
* Miscelanous bugfixes
|
||||
- Drop no longer needed mbedtls_fix522.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Aug 27 11:11:20 UTC 2016 - mpluskal@suse.com
|
||||
|
||||
|
@ -20,7 +20,7 @@
|
||||
%define lib_crypto libmbedcrypto0
|
||||
%define lib_x509 libmbedx509-0
|
||||
Name: mbedtls
|
||||
Version: 2.3.0
|
||||
Version: 2.4.0
|
||||
Release: 0
|
||||
Summary: Libraries for crypto and SSL/TLS protocols
|
||||
License: Apache-2.0
|
||||
@ -28,7 +28,6 @@ Group: Development/Libraries/C and C++
|
||||
Url: https://tls.mbed.org
|
||||
Source: https://tls.mbed.org/download/%{name}-%{version}-apache.tgz
|
||||
Source99: baselibs.conf
|
||||
Patch0: mbedtls_fix522.patch
|
||||
BuildRequires: cmake
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: pkgconfig(libpkcs11-helper-1)
|
||||
@ -89,7 +88,6 @@ SSL/TLS protocol suite.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
sed -i 's|//\(#define MBEDTLS_ZLIB_SUPPORT\)|\1|' include/mbedtls/config.h
|
||||
sed -i 's|//\(#define MBEDTLS_HAVEGE_C\)|\1|' include/mbedtls/config.h
|
||||
sed -i 's|//\(#define MBEDTLS_THREADING_C\)|\1|' include/mbedtls/config.h
|
||||
|
@ -1,392 +0,0 @@
|
||||
From b5b6af2663fdb7f57c30494607bade90810f6844 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Butcher <simon.butcher@arm.com>
|
||||
Date: Wed, 13 Jul 2016 14:46:18 +0100
|
||||
Subject: [PATCH 1/3] Puts platform time abstraction into its own header
|
||||
|
||||
Separates platform time abstraction into it's own header from the
|
||||
general platform abstraction as both depend on different build options.
|
||||
(MBEDTLS_PLATFORM_C vs MBEDTLS_HAVE_TIME)
|
||||
---
|
||||
include/mbedtls/platform.h | 37 ++-----------------
|
||||
include/mbedtls/platform_time.h | 81 +++++++++++++++++++++++++++++++++++++++++
|
||||
include/mbedtls/ssl.h | 2 +-
|
||||
library/net.c | 1 -
|
||||
library/ssl_cache.c | 2 -
|
||||
library/ssl_ciphersuites.c | 1 -
|
||||
library/ssl_cli.c | 4 +-
|
||||
library/ssl_cookie.c | 2 -
|
||||
library/ssl_srv.c | 4 +-
|
||||
library/ssl_ticket.c | 2 -
|
||||
library/ssl_tls.c | 1 -
|
||||
library/x509.c | 7 +++-
|
||||
programs/ssl/dtls_client.c | 1 -
|
||||
13 files changed, 93 insertions(+), 52 deletions(-)
|
||||
create mode 100644 include/mbedtls/platform_time.h
|
||||
|
||||
diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h
|
||||
index caf8f25..b1b019e 100644
|
||||
--- a/include/mbedtls/platform.h
|
||||
+++ b/include/mbedtls/platform.h
|
||||
@@ -29,6 +29,10 @@
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
+#if defined(MBEDTLS_HAVE_TIME)
|
||||
+#include "mbedtls/platform_time.h"
|
||||
+#endif
|
||||
+
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
@@ -244,39 +248,6 @@ int mbedtls_platform_set_exit( void (*exit_func)( int status ) );
|
||||
#endif
|
||||
|
||||
/*
|
||||
- * The time_t datatype
|
||||
- */
|
||||
-#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO)
|
||||
-typedef MBEDTLS_PLATFORM_TIME_TYPE_MACRO mbedtls_time_t;
|
||||
-#else
|
||||
-/* For time_t */
|
||||
-#include <time.h>
|
||||
-typedef time_t mbedtls_time_t;
|
||||
-#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */
|
||||
-
|
||||
-/*
|
||||
- * The function pointers for time
|
||||
- */
|
||||
-#if defined(MBEDTLS_PLATFORM_TIME_ALT)
|
||||
-extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time );
|
||||
-
|
||||
-/**
|
||||
- * \brief Set your own time function pointer
|
||||
- *
|
||||
- * \param time_func the time function implementation
|
||||
- *
|
||||
- * \return 0
|
||||
- */
|
||||
-int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) );
|
||||
-#else
|
||||
-#if defined(MBEDTLS_PLATFORM_TIME_MACRO)
|
||||
-#define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO
|
||||
-#else
|
||||
-#define mbedtls_time time
|
||||
-#endif /* MBEDTLS_PLATFORM_TIME_MACRO */
|
||||
-#endif /* MBEDTLS_PLATFORM_TIME_ALT */
|
||||
-
|
||||
-/*
|
||||
* The function pointers for reading from and writing a seed file to
|
||||
* Non-Volatile storage (NV) in a platform-independent way
|
||||
*
|
||||
diff --git a/include/mbedtls/platform_time.h b/include/mbedtls/platform_time.h
|
||||
new file mode 100644
|
||||
index 0000000..abb3431
|
||||
--- /dev/null
|
||||
+++ b/include/mbedtls/platform_time.h
|
||||
@@ -0,0 +1,81 @@
|
||||
+/**
|
||||
+ * \file platform_time.h
|
||||
+ *
|
||||
+ * \brief mbed TLS Platform time abstraction
|
||||
+ *
|
||||
+ * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||
+ * SPDX-License-Identifier: Apache-2.0
|
||||
+ *
|
||||
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
+ * not use this file except in compliance with the License.
|
||||
+ * You may obtain a copy of the License at
|
||||
+ *
|
||||
+ * http://www.apache.org/licenses/LICENSE-2.0
|
||||
+ *
|
||||
+ * Unless required by applicable law or agreed to in writing, software
|
||||
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+ * See the License for the specific language governing permissions and
|
||||
+ * limitations under the License.
|
||||
+ *
|
||||
+ * This file is part of mbed TLS (https://tls.mbed.org)
|
||||
+ */
|
||||
+#ifndef MBEDTLS_PLATFORM_TIME_H
|
||||
+#define MBEDTLS_PLATFORM_TIME_H
|
||||
+
|
||||
+#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
+#include "config.h"
|
||||
+#else
|
||||
+#include MBEDTLS_CONFIG_FILE
|
||||
+#endif
|
||||
+
|
||||
+#ifdef __cplusplus
|
||||
+extern "C" {
|
||||
+#endif
|
||||
+
|
||||
+/**
|
||||
+ * \name SECTION: Module settings
|
||||
+ *
|
||||
+ * The configuration options you can set for this module are in this section.
|
||||
+ * Either change them in config.h or define them on the compiler command line.
|
||||
+ * \{
|
||||
+ */
|
||||
+
|
||||
+/*
|
||||
+ * The time_t datatype
|
||||
+ */
|
||||
+#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO)
|
||||
+typedef MBEDTLS_PLATFORM_TIME_TYPE_MACRO mbedtls_time_t;
|
||||
+#else
|
||||
+/* For time_t */
|
||||
+#include <time.h>
|
||||
+typedef time_t mbedtls_time_t;
|
||||
+#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */
|
||||
+
|
||||
+/*
|
||||
+ * The function pointers for time
|
||||
+ */
|
||||
+#if defined(MBEDTLS_PLATFORM_TIME_ALT)
|
||||
+extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time );
|
||||
+
|
||||
+/**
|
||||
+ * \brief Set your own time function pointer
|
||||
+ *
|
||||
+ * \param time_func the time function implementation
|
||||
+ *
|
||||
+ * \return 0
|
||||
+ */
|
||||
+int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) );
|
||||
+#else
|
||||
+#if defined(MBEDTLS_PLATFORM_TIME_MACRO)
|
||||
+#define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO
|
||||
+#else
|
||||
+#define mbedtls_time time
|
||||
+#endif /* MBEDTLS_PLATFORM_TIME_MACRO */
|
||||
+#endif /* MBEDTLS_PLATFORM_TIME_ALT */
|
||||
+
|
||||
+#ifdef __cplusplus
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
+#endif /* platform_time.h */
|
||||
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
|
||||
index 82c0760..c0bfd3e 100644
|
||||
--- a/include/mbedtls/ssl.h
|
||||
+++ b/include/mbedtls/ssl.h
|
||||
@@ -52,7 +52,7 @@
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
-#include <time.h>
|
||||
+#include "mbedtls/platform_time.h"
|
||||
#endif
|
||||
|
||||
/*
|
||||
diff --git a/library/net.c b/library/net.c
|
||||
index 4142bc0..8b96321 100644
|
||||
--- a/library/net.c
|
||||
+++ b/library/net.c
|
||||
@@ -36,7 +36,6 @@
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdlib.h>
|
||||
-#define mbedtls_time_t time_t
|
||||
#endif
|
||||
|
||||
#include "mbedtls/net.h"
|
||||
diff --git a/library/ssl_cache.c b/library/ssl_cache.c
|
||||
index 01c66ae..9b62de2 100644
|
||||
--- a/library/ssl_cache.c
|
||||
+++ b/library/ssl_cache.c
|
||||
@@ -37,8 +37,6 @@
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_calloc calloc
|
||||
#define mbedtls_free free
|
||||
-#define mbedtls_time time
|
||||
-#define mbedtls_time_t time_t
|
||||
#endif
|
||||
|
||||
#include "mbedtls/ssl_cache.h"
|
||||
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
|
||||
index 3546331..a762bf7 100644
|
||||
--- a/library/ssl_ciphersuites.c
|
||||
+++ b/library/ssl_ciphersuites.c
|
||||
@@ -33,7 +33,6 @@
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdlib.h>
|
||||
-#define mbedtls_time_t time_t
|
||||
#endif
|
||||
|
||||
#include "mbedtls/ssl_ciphersuites.h"
|
||||
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
|
||||
index cd39db0..358dc46 100644
|
||||
--- a/library/ssl_cli.c
|
||||
+++ b/library/ssl_cli.c
|
||||
@@ -33,8 +33,6 @@
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_calloc calloc
|
||||
#define mbedtls_free free
|
||||
-#define mbedtls_time time
|
||||
-#define mbedtls_time_t time_t
|
||||
#endif
|
||||
|
||||
#include "mbedtls/debug.h"
|
||||
@@ -46,7 +44,7 @@
|
||||
#include <stdint.h>
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
-#include <time.h>
|
||||
+#include "mbedtls/platform_time.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
|
||||
index f241c86..9fb32de 100644
|
||||
--- a/library/ssl_cookie.c
|
||||
+++ b/library/ssl_cookie.c
|
||||
@@ -36,8 +36,6 @@
|
||||
#else
|
||||
#define mbedtls_calloc calloc
|
||||
#define mbedtls_free free
|
||||
-#define mbedtls_time time
|
||||
-#define mbedtls_time_t time_t
|
||||
#endif
|
||||
|
||||
#include "mbedtls/ssl_cookie.h"
|
||||
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
|
||||
index 7271045..ec59cc1 100644
|
||||
--- a/library/ssl_srv.c
|
||||
+++ b/library/ssl_srv.c
|
||||
@@ -33,8 +33,6 @@
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_calloc calloc
|
||||
#define mbedtls_free free
|
||||
-#define mbedtls_time time
|
||||
-#define mbedtls_time_t time_t
|
||||
#endif
|
||||
|
||||
#include "mbedtls/debug.h"
|
||||
@@ -48,7 +46,7 @@
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
-#include <time.h>
|
||||
+#include "mbedtls/platform_time.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
|
||||
index 5d77403..4d9116d 100644
|
||||
--- a/library/ssl_ticket.c
|
||||
+++ b/library/ssl_ticket.c
|
||||
@@ -33,8 +33,6 @@
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_calloc calloc
|
||||
#define mbedtls_free free
|
||||
-#define mbedtls_time time
|
||||
-#define mbedtls_time_t time_t
|
||||
#endif
|
||||
|
||||
#include "mbedtls/ssl_ticket.h"
|
||||
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
|
||||
index 80a908d..505bb6c 100644
|
||||
--- a/library/ssl_tls.c
|
||||
+++ b/library/ssl_tls.c
|
||||
@@ -41,7 +41,6 @@
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_calloc calloc
|
||||
#define mbedtls_free free
|
||||
-#define mbedtls_time_t time_t
|
||||
#endif
|
||||
|
||||
#include "mbedtls/debug.h"
|
||||
diff --git a/library/x509.c b/library/x509.c
|
||||
index a0df817..bc3bfe0 100644
|
||||
--- a/library/x509.c
|
||||
+++ b/library/x509.c
|
||||
@@ -55,12 +55,15 @@
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_free free
|
||||
#define mbedtls_calloc calloc
|
||||
-#define mbedtls_time time
|
||||
-#define mbedtls_time_t time_t
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_snprintf snprintf
|
||||
#endif
|
||||
|
||||
+
|
||||
+#if defined(MBEDTLS_HAVE_TIME)
|
||||
+#include "mbedtls/platform_time.h"
|
||||
+#endif
|
||||
+
|
||||
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
|
||||
#include <windows.h>
|
||||
#else
|
||||
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
|
||||
index 14fb612..b37eb83 100644
|
||||
--- a/programs/ssl/dtls_client.c
|
||||
+++ b/programs/ssl/dtls_client.c
|
||||
@@ -31,7 +31,6 @@
|
||||
#include <stdio.h>
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_fprintf fprintf
|
||||
-#define mbedtls_time_t time_t
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SSL_CLI_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \
|
||||
|
||||
From b92834324f29768a5bf39c58c674c5f3c09b6763 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Butcher <simon.butcher@arm.com>
|
||||
Date: Wed, 13 Jul 2016 11:02:41 +0100
|
||||
Subject: [PATCH 2/3] Fixes all.sh for full config
|
||||
|
||||
MBEDTLS_PLATFORM_TIME_ALT was accidentally left in the full config test
|
||||
leading to linker problems.
|
||||
---
|
||||
tests/scripts/all.sh | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
|
||||
index 5262397..a2b0995 100755
|
||||
--- a/tests/scripts/all.sh
|
||||
+++ b/tests/scripts/all.sh
|
||||
@@ -231,6 +231,7 @@ scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY
|
||||
scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT
|
||||
scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT
|
||||
scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT
|
||||
+scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT
|
||||
scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT
|
||||
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
|
||||
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
||||
|
||||
From 23e9778684ba734dbfba1445e145b04dd6b59e76 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Butcher <simon.butcher@arm.com>
|
||||
Date: Wed, 13 Jul 2016 13:31:08 +0100
|
||||
Subject: [PATCH 3/3] Adds missing conditions for platform time
|
||||
|
||||
In platform.c, made the time functions dependent on the configuration
|
||||
MBEDTLS_HAVE_TIME to fix a build break where the functions could be
|
||||
built but the mbedtls_time_t was not defined.
|
||||
---
|
||||
library/platform.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/library/platform.c b/library/platform.c
|
||||
index 68ca45d..2591c45 100644
|
||||
--- a/library/platform.c
|
||||
+++ b/library/platform.c
|
||||
@@ -190,6 +190,8 @@ int mbedtls_platform_set_exit( void (*exit_func)( int status ) )
|
||||
}
|
||||
#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
|
||||
|
||||
+#if defined(MBEDTLS_HAVE_TIME)
|
||||
+
|
||||
#if defined(MBEDTLS_PLATFORM_TIME_ALT)
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_TIME)
|
||||
/*
|
||||
@@ -213,6 +215,8 @@ int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time
|
||||
}
|
||||
#endif /* MBEDTLS_PLATFORM_TIME_ALT */
|
||||
|
||||
+#endif /* MBEDTLS_HAVE_TIME */
|
||||
+
|
||||
#if defined(MBEDTLS_ENTROPY_NV_SEED)
|
||||
#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO)
|
||||
/* Default implementations for the platform independent seed functions use
|
Loading…
Reference in New Issue
Block a user