File 0004-mbedtls-fixups.patch of Package qemu

From 150546edb28879430c593a108331bf397ecbc714 Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Thu, 9 Apr 2020 11:02:18 +1000
Subject: [PATCH 04/12] mbedtls: fixups

all in the process of upstreaming, but I picked an old version
when I started the prototype.

Signed-off-by: Daniel Axtens <dja@axtens.net>
---
 .../mbedtls/include/mbedtls/platform.h        |  2 ++
 lib/libcrypto/mbedtls/library/pkcs7.c         | 30 +++++++++++--------
 lib/libcrypto/mbedtls/library/x509_crl.c      |  2 ++
 lib/libcrypto/mbedtls/library/x509_crt.c      |  2 ++
 4 files changed, 23 insertions(+), 13 deletions(-)

diff --git a/roms/SLOF/lib/libcrypto/mbedtls/include/mbedtls/platform.h b/roms/SLOF/lib/libcrypto/mbedtls/include/mbedtls/platform.h
index 89fe8a7..d59d371 100644
--- a/roms/SLOF/lib/libcrypto/mbedtls/include/mbedtls/platform.h
+++ b/roms/SLOF/lib/libcrypto/mbedtls/include/mbedtls/platform.h
@@ -61,7 +61,9 @@ extern "C" {
 #if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
 #include <stdio.h>
 #include <stdlib.h>
+#if defined(MBED_TLS_HAVE_TIME)
 #include <time.h>
+#endif
 #if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
 #if defined(_WIN32)
 #define MBEDTLS_PLATFORM_STD_SNPRINTF   mbedtls_platform_win32_snprintf /**< The default \c snprintf function to use.  */
diff --git a/roms/SLOF/lib/libcrypto/mbedtls/library/pkcs7.c b/roms/SLOF/lib/libcrypto/mbedtls/library/pkcs7.c
index 3a15be5..b44d47d 100644
--- a/roms/SLOF/lib/libcrypto/mbedtls/library/pkcs7.c
+++ b/roms/SLOF/lib/libcrypto/mbedtls/library/pkcs7.c
@@ -31,8 +31,10 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
+#if defined(MBEDTLS_FS_IO)
 #include <sys/types.h>
 #include <sys/stat.h>
+#endif
 #include <unistd.h>
 
 #if defined(MBEDTLS_PLATFORM_C)
@@ -54,6 +56,7 @@
 #include <time.h>
 #endif
 
+#if defined(MBEDTLS_FS_IO)
 /*
  * Load all data from a file into a given buffer.
  *
@@ -98,6 +101,7 @@ int mbedtls_pkcs7_load_file( const char *path, unsigned char **buf, size_t *n )
 
     return( 0 );
 }
+#endif
 
 /**
  * Initializes the pkcs7 structure.
@@ -383,22 +387,22 @@ static int pkcs7_get_signed_data( unsigned char *buf, size_t buflen,
 
       p = p + signed_data->content.oid.len;
 
+      /* Look for certificates, there may or may not be any */
       ret = pkcs7_get_next_content_len( &p, end, &len );
-      if ( ret != 0 )
-              return ( ret ); 
+      if ( ret == 0 ) {
 
-      /* Get certificates */
-      mbedtls_x509_crt_init( &signed_data->certs );
-      ret = pkcs7_get_certificates( &p, len, &signed_data->certs );
-      if ( ret != 0 )
-              return ( ret ) ;
+	      /* Get certificates */
+     	      mbedtls_x509_crt_init( &signed_data->certs );
+      	      ret = pkcs7_get_certificates( &p, len, &signed_data->certs );
+      	      if ( ret != 0 )
+        	return ( ret ) ;
 
-      p = p + len;
+	      p = p + len;
+      }
+      /* TODO: optional CRLs go here */
 
       /* Get signers info */
       ret = pkcs7_get_signers_info_set( &p, end, &signed_data->signers );
-      if ( ret != 0 )
-              return ( ret );
 
       return ( ret );
 }
@@ -409,7 +413,7 @@ int mbedtls_pkcs7_parse_der( const unsigned char *buf, const int buflen,
       unsigned char *start;
       unsigned char *end;
       size_t len = 0;
-      int ret;
+      int ret = 0;
 
       /* use internal buffer for parsing */
       start = ( unsigned char * )buf;
@@ -447,15 +451,15 @@ int mbedtls_pkcs7_parse_der( const unsigned char *buf, const int buflen,
       }
       mbedtls_printf("Content type is SignedData\n");
 
+      // todo: verify if this can push start into an OOB read.
       start = start + pkcs7->content_type_oid.len;
 
+   
       ret = pkcs7_get_next_content_len( &start, end, &len );
       if ( ret != 0 )
               goto out;
 
       ret = pkcs7_get_signed_data( start, len, &pkcs7->signed_data );
-      if ( ret != 0 )
-              goto out;
 
 out:
       return ( ret );
diff --git a/roms/SLOF/lib/libcrypto/mbedtls/library/x509_crl.c b/roms/SLOF/lib/libcrypto/mbedtls/library/x509_crl.c
index 00f8545..e1976ae 100644
--- a/roms/SLOF/lib/libcrypto/mbedtls/library/x509_crl.c
+++ b/roms/SLOF/lib/libcrypto/mbedtls/library/x509_crl.c
@@ -57,11 +57,13 @@
 #define mbedtls_snprintf   snprintf
 #endif
 
+#if defined(MBEDTLS_HAVE_TIME)
 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
 #include <windows.h>
 #else
 #include <time.h>
 #endif
+#endif
 
 #if defined(MBEDTLS_FS_IO) || defined(EFIX64) || defined(EFI32)
 #include <stdio.h>
diff --git a/roms/SLOF/lib/libcrypto/mbedtls/library/x509_crt.c b/roms/SLOF/lib/libcrypto/mbedtls/library/x509_crt.c
index 9c2e365..9ee171d 100644
--- a/roms/SLOF/lib/libcrypto/mbedtls/library/x509_crt.c
+++ b/roms/SLOF/lib/libcrypto/mbedtls/library/x509_crt.c
@@ -63,11 +63,13 @@
 #include "mbedtls/threading.h"
 #endif
 
+#if defined(MBEDTLS_HAVE_TIME)
 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
 #include <windows.h>
 #else
 #include <time.h>
 #endif
+#endif
 
 #if defined(MBEDTLS_FS_IO)
 #include <stdio.h>
-- 
2.33.1

openSUSE Build Service is sponsored by