Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Kernel:tools
qemu
0004-mbedtls-fixups.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0004-mbedtls-fixups.patch of Package qemu
From 150546edb28879430c593a108331bf397ecbc714 Mon Sep 17 00:00:00 2001 From: Daniel Axtens <dja@axtens.net> Date: Thu, 9 Apr 2020 11:02:18 +1000 Subject: [PATCH 04/12] mbedtls: fixups all in the process of upstreaming, but I picked an old version when I started the prototype. Signed-off-by: Daniel Axtens <dja@axtens.net> --- .../mbedtls/include/mbedtls/platform.h | 2 ++ lib/libcrypto/mbedtls/library/pkcs7.c | 30 +++++++++++-------- lib/libcrypto/mbedtls/library/x509_crl.c | 2 ++ lib/libcrypto/mbedtls/library/x509_crt.c | 2 ++ 4 files changed, 23 insertions(+), 13 deletions(-) diff --git a/roms/SLOF/lib/libcrypto/mbedtls/include/mbedtls/platform.h b/roms/SLOF/lib/libcrypto/mbedtls/include/mbedtls/platform.h index 89fe8a7..d59d371 100644 --- a/roms/SLOF/lib/libcrypto/mbedtls/include/mbedtls/platform.h +++ b/roms/SLOF/lib/libcrypto/mbedtls/include/mbedtls/platform.h @@ -61,7 +61,9 @@ extern "C" { #if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) #include <stdio.h> #include <stdlib.h> +#if defined(MBED_TLS_HAVE_TIME) #include <time.h> +#endif #if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF) #if defined(_WIN32) #define MBEDTLS_PLATFORM_STD_SNPRINTF mbedtls_platform_win32_snprintf /**< The default \c snprintf function to use. */ diff --git a/roms/SLOF/lib/libcrypto/mbedtls/library/pkcs7.c b/roms/SLOF/lib/libcrypto/mbedtls/library/pkcs7.c index 3a15be5..b44d47d 100644 --- a/roms/SLOF/lib/libcrypto/mbedtls/library/pkcs7.c +++ b/roms/SLOF/lib/libcrypto/mbedtls/library/pkcs7.c @@ -31,8 +31,10 @@ #include <stdlib.h> #include <stdio.h> #include <string.h> +#if defined(MBEDTLS_FS_IO) #include <sys/types.h> #include <sys/stat.h> +#endif #include <unistd.h> #if defined(MBEDTLS_PLATFORM_C) @@ -54,6 +56,7 @@ #include <time.h> #endif +#if defined(MBEDTLS_FS_IO) /* * Load all data from a file into a given buffer. * @@ -98,6 +101,7 @@ int mbedtls_pkcs7_load_file( const char *path, unsigned char **buf, size_t *n ) return( 0 ); } +#endif /** * Initializes the pkcs7 structure. @@ -383,22 +387,22 @@ static int pkcs7_get_signed_data( unsigned char *buf, size_t buflen, p = p + signed_data->content.oid.len; + /* Look for certificates, there may or may not be any */ ret = pkcs7_get_next_content_len( &p, end, &len ); - if ( ret != 0 ) - return ( ret ); + if ( ret == 0 ) { - /* Get certificates */ - mbedtls_x509_crt_init( &signed_data->certs ); - ret = pkcs7_get_certificates( &p, len, &signed_data->certs ); - if ( ret != 0 ) - return ( ret ) ; + /* Get certificates */ + mbedtls_x509_crt_init( &signed_data->certs ); + ret = pkcs7_get_certificates( &p, len, &signed_data->certs ); + if ( ret != 0 ) + return ( ret ) ; - p = p + len; + p = p + len; + } + /* TODO: optional CRLs go here */ /* Get signers info */ ret = pkcs7_get_signers_info_set( &p, end, &signed_data->signers ); - if ( ret != 0 ) - return ( ret ); return ( ret ); } @@ -409,7 +413,7 @@ int mbedtls_pkcs7_parse_der( const unsigned char *buf, const int buflen, unsigned char *start; unsigned char *end; size_t len = 0; - int ret; + int ret = 0; /* use internal buffer for parsing */ start = ( unsigned char * )buf; @@ -447,15 +451,15 @@ int mbedtls_pkcs7_parse_der( const unsigned char *buf, const int buflen, } mbedtls_printf("Content type is SignedData\n"); + // todo: verify if this can push start into an OOB read. start = start + pkcs7->content_type_oid.len; + ret = pkcs7_get_next_content_len( &start, end, &len ); if ( ret != 0 ) goto out; ret = pkcs7_get_signed_data( start, len, &pkcs7->signed_data ); - if ( ret != 0 ) - goto out; out: return ( ret ); diff --git a/roms/SLOF/lib/libcrypto/mbedtls/library/x509_crl.c b/roms/SLOF/lib/libcrypto/mbedtls/library/x509_crl.c index 00f8545..e1976ae 100644 --- a/roms/SLOF/lib/libcrypto/mbedtls/library/x509_crl.c +++ b/roms/SLOF/lib/libcrypto/mbedtls/library/x509_crl.c @@ -57,11 +57,13 @@ #define mbedtls_snprintf snprintf #endif +#if defined(MBEDTLS_HAVE_TIME) #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) #include <windows.h> #else #include <time.h> #endif +#endif #if defined(MBEDTLS_FS_IO) || defined(EFIX64) || defined(EFI32) #include <stdio.h> diff --git a/roms/SLOF/lib/libcrypto/mbedtls/library/x509_crt.c b/roms/SLOF/lib/libcrypto/mbedtls/library/x509_crt.c index 9c2e365..9ee171d 100644 --- a/roms/SLOF/lib/libcrypto/mbedtls/library/x509_crt.c +++ b/roms/SLOF/lib/libcrypto/mbedtls/library/x509_crt.c @@ -63,11 +63,13 @@ #include "mbedtls/threading.h" #endif +#if defined(MBEDTLS_HAVE_TIME) #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) #include <windows.h> #else #include <time.h> #endif +#endif #if defined(MBEDTLS_FS_IO) #include <stdio.h> -- 2.33.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor