File 0004-mbedtls-fixups.patch of Package qemu
From 150546edb28879430c593a108331bf397ecbc714 Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Thu, 9 Apr 2020 11:02:18 +1000
Subject: [PATCH 04/12] mbedtls: fixups
all in the process of upstreaming, but I picked an old version
when I started the prototype.
Signed-off-by: Daniel Axtens <dja@axtens.net>
---
.../mbedtls/include/mbedtls/platform.h | 2 ++
lib/libcrypto/mbedtls/library/pkcs7.c | 30 +++++++++++--------
lib/libcrypto/mbedtls/library/x509_crl.c | 2 ++
lib/libcrypto/mbedtls/library/x509_crt.c | 2 ++
4 files changed, 23 insertions(+), 13 deletions(-)
diff --git a/roms/SLOF/lib/libcrypto/mbedtls/include/mbedtls/platform.h b/roms/SLOF/lib/libcrypto/mbedtls/include/mbedtls/platform.h
index 89fe8a7..d59d371 100644
--- a/roms/SLOF/lib/libcrypto/mbedtls/include/mbedtls/platform.h
+++ b/roms/SLOF/lib/libcrypto/mbedtls/include/mbedtls/platform.h
@@ -61,7 +61,9 @@ extern "C" {
#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
#include <stdio.h>
#include <stdlib.h>
+#if defined(MBED_TLS_HAVE_TIME)
#include <time.h>
+#endif
#if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
#if defined(_WIN32)
#define MBEDTLS_PLATFORM_STD_SNPRINTF mbedtls_platform_win32_snprintf /**< The default \c snprintf function to use. */
diff --git a/roms/SLOF/lib/libcrypto/mbedtls/library/pkcs7.c b/roms/SLOF/lib/libcrypto/mbedtls/library/pkcs7.c
index 3a15be5..b44d47d 100644
--- a/roms/SLOF/lib/libcrypto/mbedtls/library/pkcs7.c
+++ b/roms/SLOF/lib/libcrypto/mbedtls/library/pkcs7.c
@@ -31,8 +31,10 @@
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
+#if defined(MBEDTLS_FS_IO)
#include <sys/types.h>
#include <sys/stat.h>
+#endif
#include <unistd.h>
#if defined(MBEDTLS_PLATFORM_C)
@@ -54,6 +56,7 @@
#include <time.h>
#endif
+#if defined(MBEDTLS_FS_IO)
/*
* Load all data from a file into a given buffer.
*
@@ -98,6 +101,7 @@ int mbedtls_pkcs7_load_file( const char *path, unsigned char **buf, size_t *n )
return( 0 );
}
+#endif
/**
* Initializes the pkcs7 structure.
@@ -383,22 +387,22 @@ static int pkcs7_get_signed_data( unsigned char *buf, size_t buflen,
p = p + signed_data->content.oid.len;
+ /* Look for certificates, there may or may not be any */
ret = pkcs7_get_next_content_len( &p, end, &len );
- if ( ret != 0 )
- return ( ret );
+ if ( ret == 0 ) {
- /* Get certificates */
- mbedtls_x509_crt_init( &signed_data->certs );
- ret = pkcs7_get_certificates( &p, len, &signed_data->certs );
- if ( ret != 0 )
- return ( ret ) ;
+ /* Get certificates */
+ mbedtls_x509_crt_init( &signed_data->certs );
+ ret = pkcs7_get_certificates( &p, len, &signed_data->certs );
+ if ( ret != 0 )
+ return ( ret ) ;
- p = p + len;
+ p = p + len;
+ }
+ /* TODO: optional CRLs go here */
/* Get signers info */
ret = pkcs7_get_signers_info_set( &p, end, &signed_data->signers );
- if ( ret != 0 )
- return ( ret );
return ( ret );
}
@@ -409,7 +413,7 @@ int mbedtls_pkcs7_parse_der( const unsigned char *buf, const int buflen,
unsigned char *start;
unsigned char *end;
size_t len = 0;
- int ret;
+ int ret = 0;
/* use internal buffer for parsing */
start = ( unsigned char * )buf;
@@ -447,15 +451,15 @@ int mbedtls_pkcs7_parse_der( const unsigned char *buf, const int buflen,
}
mbedtls_printf("Content type is SignedData\n");
+ // todo: verify if this can push start into an OOB read.
start = start + pkcs7->content_type_oid.len;
+
ret = pkcs7_get_next_content_len( &start, end, &len );
if ( ret != 0 )
goto out;
ret = pkcs7_get_signed_data( start, len, &pkcs7->signed_data );
- if ( ret != 0 )
- goto out;
out:
return ( ret );
diff --git a/roms/SLOF/lib/libcrypto/mbedtls/library/x509_crl.c b/roms/SLOF/lib/libcrypto/mbedtls/library/x509_crl.c
index 00f8545..e1976ae 100644
--- a/roms/SLOF/lib/libcrypto/mbedtls/library/x509_crl.c
+++ b/roms/SLOF/lib/libcrypto/mbedtls/library/x509_crl.c
@@ -57,11 +57,13 @@
#define mbedtls_snprintf snprintf
#endif
+#if defined(MBEDTLS_HAVE_TIME)
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
#include <windows.h>
#else
#include <time.h>
#endif
+#endif
#if defined(MBEDTLS_FS_IO) || defined(EFIX64) || defined(EFI32)
#include <stdio.h>
diff --git a/roms/SLOF/lib/libcrypto/mbedtls/library/x509_crt.c b/roms/SLOF/lib/libcrypto/mbedtls/library/x509_crt.c
index 9c2e365..9ee171d 100644
--- a/roms/SLOF/lib/libcrypto/mbedtls/library/x509_crt.c
+++ b/roms/SLOF/lib/libcrypto/mbedtls/library/x509_crt.c
@@ -63,11 +63,13 @@
#include "mbedtls/threading.h"
#endif
+#if defined(MBEDTLS_HAVE_TIME)
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
#include <windows.h>
#else
#include <time.h>
#endif
+#endif
#if defined(MBEDTLS_FS_IO)
#include <stdio.h>
--
2.33.1