forked from apache/nuttx-apps
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update MbedTLS 3.4.0 -> 3.6.2 and set it as default
Even though one could in theory simply set CONFIG_MBEDTLS_VERSION="3.6.2", this commit is needed for 2 reasons: 1. The patches need to be updated: 0001 works almost as-is (with fuzz 2) but 0002 hunk #4 fails and needed adjustment. Otherwise, the patches are identical. 2. mbedtls_config.h needs to be updated: Following the same approach for the Kconfig this commit updates both Kconfig and mbedtls_config.h according to the changes: mbedtls$ git diff v3.4.0...v3.6.2 -- include/mbedtls/mbedtls_config.h Minor edits also to crypto/controlse to comply with v3.6.2. Signed-off-by: Census Eng <[email protected]>
- Loading branch information
Census Eng
committed
Dec 1, 2024
1 parent
21f5bc9
commit 1e6a8f1
Showing
6 changed files
with
910 additions
and
432 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
33 changes: 21 additions & 12 deletions
33
crypto/mbedtls/0001-mbedtls-entropy_poll-use-getrandom-to-get-the-system.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,22 +1,31 @@ | ||
From e40fdc9238384ee62013c41d74cb4d47ae8c1aad Mon Sep 17 00:00:00 2001 | ||
From: makejian <makejian@xiaomi.com> | ||
Date: Mon, 11 Sep 2023 19:40:04 +0800 | ||
Subject: [PATCH] mbedtls/entropy_poll: use 'getrandom' to get the system | ||
From b82b0c314d78d44f717a69924e7a60d8d43eb200 Mon Sep 17 00:00:00 2001 | ||
From: George Poulios <gpoulios@census-labs.com> | ||
Date: Fri, 29 Nov 2024 10:32:54 +0200 | ||
Subject: [PATCH 1/2] mbedtls/entropy_poll: use 'getrandom' to get the system | ||
entropy | ||
|
||
VELAPLATFO-16390 | ||
Original patch: | ||
From e40fdc9238384ee62013c41d74cb4d47ae8c1aad Mon Sep 17 00:00:00 2001 | ||
From: makejian <[email protected]> | ||
Date: Mon, 11 Sep 2023 19:40:04 +0800 | ||
Subject: [PATCH] mbedtls/entropy_poll: use 'getrandom' to get the system | ||
entropy | ||
|
||
Change-Id: I885969c441cd174f5eedf8c9ce17b89e501148c8 | ||
Signed-off-by: makejian <[email protected]> | ||
VELAPLATFO-16390 | ||
|
||
Change-Id: I885969c441cd174f5eedf8c9ce17b89e501148c8 | ||
Signed-off-by: makejian <[email protected]> | ||
|
||
Signed-off-by: George Poulios <[email protected]> | ||
--- | ||
library/entropy_poll.c | 5 +++-- | ||
1 file changed, 3 insertions(+), 2 deletions(-) | ||
|
||
diff --git mbedtls/library/entropy_poll.c mbedtls/library/entropy_poll.c | ||
index b5024c83f..e9431e812 100644 | ||
--- mbedtls/library/entropy_poll.c | ||
+++ mbedtls/library/entropy_poll.c | ||
@@ -103,10 +103,11 @@ static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags) | ||
diff --git a/library/entropy_poll.c b/library/entropy_poll.c | ||
index 611768cd85..a26e154db1 100644 | ||
--- a/library/entropy_poll.c | ||
+++ b/library/entropy_poll.c | ||
@@ -95,10 +95,11 @@ static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags) | ||
#endif /* SYS_getrandom */ | ||
#endif /* __linux__ || __midipix__ */ | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,17 @@ | ||
From e9eeb5721637faa451f66bbb2789046b9a7963d5 Mon Sep 17 00:00:00 2001 | ||
From: makejian <makejian@xiaomi.com> | ||
Date: Fri, 18 Aug 2023 15:52:45 +0800 | ||
Subject: [PATCH 1/2] mbedtls: add mbedtls x509 crt pool | ||
From f846c8fb13238a4db1f7d5e1a9ebce459c21faf7 Mon Sep 17 00:00:00 2001 | ||
From: George Poulios <gpoulios@census-labs.com> | ||
Date: Fri, 29 Nov 2024 10:33:57 +0200 | ||
Subject: [PATCH 2/2] mbedtls: add mbedtls x509 crt pool | ||
|
||
Signed-off-by: makejian <[email protected]> | ||
Original patch: | ||
From e9eeb5721637faa451f66bbb2789046b9a7963d5 Mon Sep 17 00:00:00 2001 | ||
From: makejian <[email protected]> | ||
Date: Fri, 18 Aug 2023 15:52:45 +0800 | ||
Subject: [PATCH 1/2] mbedtls: add mbedtls x509 crt pool | ||
|
||
Signed-off-by: makejian <[email protected]> | ||
|
||
Signed-off-by: George Poulios <[email protected]> | ||
--- | ||
include/mbedtls/threading.h | 4 + | ||
library/threading.c | 3 + | ||
|
@@ -14,13 +22,13 @@ Signed-off-by: makejian <[email protected]> | |
create mode 100644 library/x509_crt_pool.c | ||
create mode 100644 library/x509_crt_pool.h | ||
|
||
diff --git mbedtls/include/mbedtls/threading.h mbedtls/include/mbedtls/threading.h | ||
index 1b9c7ced2..e3986cd67 100644 | ||
--- mbedtls/include/mbedtls/threading.h | ||
+++ mbedtls/include/mbedtls/threading.h | ||
@@ -108,6 +108,10 @@ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; | ||
extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; | ||
#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */ | ||
diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h | ||
index d50d04ead1..9fffe6705d 100644 | ||
--- a/include/mbedtls/threading.h | ||
+++ b/include/mbedtls/threading.h | ||
@@ -128,6 +128,10 @@ extern mbedtls_threading_mutex_t mbedtls_threading_psa_globaldata_mutex; | ||
extern mbedtls_threading_mutex_t mbedtls_threading_psa_rngdata_mutex; | ||
#endif | ||
|
||
+#if defined(MBEDTLS_X509_CRT_POOL) | ||
+extern mbedtls_threading_mutex_t mbedtls_threading_x509crtpool_mutex; | ||
|
@@ -29,24 +37,24 @@ index 1b9c7ced2..e3986cd67 100644 | |
#endif /* MBEDTLS_THREADING_C */ | ||
|
||
#ifdef __cplusplus | ||
diff --git mbedtls/library/threading.c mbedtls/library/threading.c | ||
index 130c6963d..c91df6f6a 100644 | ||
--- mbedtls/library/threading.c | ||
+++ mbedtls/library/threading.c | ||
@@ -189,5 +189,8 @@ mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT; | ||
#if defined(THREADING_USE_GMTIME) | ||
mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT; | ||
diff --git a/library/threading.c b/library/threading.c | ||
index 85db243f21..da500193f5 100644 | ||
--- a/library/threading.c | ||
+++ b/library/threading.c | ||
@@ -191,5 +191,8 @@ mbedtls_threading_mutex_t mbedtls_threading_key_slot_mutex MUTEX_INIT; | ||
mbedtls_threading_mutex_t mbedtls_threading_psa_globaldata_mutex MUTEX_INIT; | ||
mbedtls_threading_mutex_t mbedtls_threading_psa_rngdata_mutex MUTEX_INIT; | ||
#endif | ||
+#if defined(MBEDTLS_X509_CRT_POOL) | ||
+mbedtls_threading_mutex_t mbedtls_threading_x509crtpool_mutex MUTEX_INIT; | ||
+#endif | ||
|
||
#endif /* MBEDTLS_THREADING_C */ | ||
diff --git mbedtls/library/x509_crt.c mbedtls/library/x509_crt.c | ||
index cf62532f2..8d058a092 100644 | ||
--- mbedtls/library/x509_crt.c | ||
+++ mbedtls/library/x509_crt.c | ||
@@ -78,6 +78,10 @@ | ||
diff --git a/library/x509_crt.c b/library/x509_crt.c | ||
index 53cdcf0266..dd3c83a91a 100644 | ||
--- a/library/x509_crt.c | ||
+++ b/library/x509_crt.c | ||
@@ -71,6 +71,10 @@ | ||
#endif /* !_WIN32 || EFIX64 || EFI32 */ | ||
#endif | ||
|
||
|
@@ -57,9 +65,9 @@ index cf62532f2..8d058a092 100644 | |
/* | ||
* Item in a verification chain: cert and flags for it | ||
*/ | ||
@@ -995,6 +999,12 @@ static int x509_crt_parse_der_core(mbedtls_x509_crt *crt, | ||
@@ -1113,6 +1117,12 @@ static int x509_crt_parse_der_core(mbedtls_x509_crt *crt, | ||
end = crt_end = p + len; | ||
crt->raw.len = crt_end - buf; | ||
crt->raw.len = (size_t) (crt_end - buf); | ||
if (make_copy != 0) { | ||
+#if defined(MBEDTLS_X509_CRT_POOL) | ||
+ crt->raw.p = p = x509_crt_pool_ref_buf(buf, crt->raw.len); | ||
|
@@ -70,32 +78,31 @@ index cf62532f2..8d058a092 100644 | |
/* Create and populate a new buffer for the raw field. */ | ||
crt->raw.p = p = mbedtls_calloc(1, crt->raw.len); | ||
if (crt->raw.p == NULL) { | ||
@@ -1002,6 +1012,7 @@ static int x509_crt_parse_der_core(mbedtls_x509_crt *crt, | ||
@@ -1120,6 +1130,7 @@ static int x509_crt_parse_der_core(mbedtls_x509_crt *crt, | ||
} | ||
|
||
memcpy(crt->raw.p, buf, crt->raw.len); | ||
+#endif | ||
crt->own_buffer = 1; | ||
|
||
p += crt->raw.len - len; | ||
@@ -2839,8 +2850,12 @@ void mbedtls_x509_crt_free(mbedtls_x509_crt *crt) | ||
mbedtls_asn1_sequence_free(cert_cur->certificate_policies.next); | ||
@@ -3246,7 +3257,11 @@ void mbedtls_x509_crt_free(mbedtls_x509_crt *crt) | ||
mbedtls_asn1_sequence_free(cert_cur->authority_key_id.authorityCertIssuer.next); | ||
|
||
if (cert_cur->raw.p != NULL && cert_cur->own_buffer) { | ||
+#if defined(MBEDTLS_X509_CRT_POOL) | ||
+ x509_crt_pool_unref_buf(cert_cur->raw.p); | ||
+#else | ||
mbedtls_platform_zeroize(cert_cur->raw.p, cert_cur->raw.len); | ||
mbedtls_free(cert_cur->raw.p); | ||
mbedtls_zeroize_and_free(cert_cur->raw.p, cert_cur->raw.len); | ||
+#endif | ||
} | ||
|
||
cert_prv = cert_cur; | ||
diff --git mbedtls/library/x509_crt_pool.c mbedtls/library/x509_crt_pool.c | ||
diff --git a/library/x509_crt_pool.c b/library/x509_crt_pool.c | ||
new file mode 100644 | ||
index 000000000..da00c88a8 | ||
index 0000000000..da00c88a85 | ||
--- /dev/null | ||
+++ mbedtls/library/x509_crt_pool.c | ||
+++ b/library/x509_crt_pool.c | ||
@@ -0,0 +1,142 @@ | ||
+/* | ||
+ * X.509 certificate pool | ||
|
@@ -239,11 +246,11 @@ index 000000000..da00c88a8 | |
+} | ||
+ | ||
+#endif /* MBEDTLS_X509_CRT_POOL */ | ||
diff --git mbedtls/library/x509_crt_pool.h mbedtls/library/x509_crt_pool.h | ||
diff --git a/library/x509_crt_pool.h b/library/x509_crt_pool.h | ||
new file mode 100644 | ||
index 000000000..8592761de | ||
index 0000000000..8592761de4 | ||
--- /dev/null | ||
+++ mbedtls/library/x509_crt_pool.h | ||
+++ b/library/x509_crt_pool.h | ||
@@ -0,0 +1,30 @@ | ||
+/** | ||
+ * \file x509_crt_pool.h | ||
|
@@ -277,4 +284,3 @@ index 000000000..8592761de | |
+#endif /* mbedtls_x509_crt_pool.h */ | ||
-- | ||
2.40.0 | ||
|
Oops, something went wrong.