mbedtls: Update to upstream version 2.16.5
Fixes https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02 Drop patch to disable VIA padlock since we no longer use libwebsockets, so there's no conflict anymore.
This commit is contained in:
parent
bd553d072b
commit
e435bed847
|
@ -281,7 +281,7 @@ changes are marked with `// -- GODOT --` comments.
|
||||||
## mbedtls
|
## mbedtls
|
||||||
|
|
||||||
- Upstream: https://tls.mbed.org/
|
- Upstream: https://tls.mbed.org/
|
||||||
- Version: 2.16.4
|
- Version: 2.16.5
|
||||||
- License: Apache 2.0
|
- License: Apache 2.0
|
||||||
|
|
||||||
File extracted from upstream release tarball (`-apache.tgz` variant):
|
File extracted from upstream release tarball (`-apache.tgz` variant):
|
||||||
|
@ -291,9 +291,6 @@ File extracted from upstream release tarball (`-apache.tgz` variant):
|
||||||
- LICENSE and apache-2.0.txt files
|
- LICENSE and apache-2.0.txt files
|
||||||
- Applied the patch in `thirdparty/mbedtls/patches/1453.diff` (PR 1453).
|
- Applied the patch in `thirdparty/mbedtls/patches/1453.diff` (PR 1453).
|
||||||
Soon to be merged upstream. Check it out at next update.
|
Soon to be merged upstream. Check it out at next update.
|
||||||
- Applied the patch in `thirdparty/mbedtls/patches/padlock.diff`. This disables VIA
|
|
||||||
padlock support which defines a symbol `unsupported` which clashes with
|
|
||||||
a symbol in libwebsockets.
|
|
||||||
- Added 2 files `godot_core_mbedtls_platform.{c,h}` providing configuration
|
- Added 2 files `godot_core_mbedtls_platform.{c,h}` providing configuration
|
||||||
for light bundling with core.
|
for light bundling with core.
|
||||||
|
|
||||||
|
|
|
@ -2542,9 +2542,7 @@
|
||||||
*
|
*
|
||||||
* This modules adds support for the VIA PadLock on x86.
|
* This modules adds support for the VIA PadLock on x86.
|
||||||
*/
|
*/
|
||||||
// -- GODOT start --
|
#define MBEDTLS_PADLOCK_C
|
||||||
// #define MBEDTLS_PADLOCK_C
|
|
||||||
// -- GODOT end --
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \def MBEDTLS_PEM_PARSE_C
|
* \def MBEDTLS_PEM_PARSE_C
|
||||||
|
|
|
@ -40,16 +40,16 @@
|
||||||
*/
|
*/
|
||||||
#define MBEDTLS_VERSION_MAJOR 2
|
#define MBEDTLS_VERSION_MAJOR 2
|
||||||
#define MBEDTLS_VERSION_MINOR 16
|
#define MBEDTLS_VERSION_MINOR 16
|
||||||
#define MBEDTLS_VERSION_PATCH 4
|
#define MBEDTLS_VERSION_PATCH 5
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The single version number has the following structure:
|
* The single version number has the following structure:
|
||||||
* MMNNPP00
|
* MMNNPP00
|
||||||
* Major version | Minor version | Patch version
|
* Major version | Minor version | Patch version
|
||||||
*/
|
*/
|
||||||
#define MBEDTLS_VERSION_NUMBER 0x02100400
|
#define MBEDTLS_VERSION_NUMBER 0x02100500
|
||||||
#define MBEDTLS_VERSION_STRING "2.16.4"
|
#define MBEDTLS_VERSION_STRING "2.16.5"
|
||||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.4"
|
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.5"
|
||||||
|
|
||||||
#if defined(MBEDTLS_VERSION_C)
|
#if defined(MBEDTLS_VERSION_C)
|
||||||
|
|
||||||
|
|
|
@ -157,9 +157,10 @@ int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs )
|
||||||
if( nblimbs > MBEDTLS_MPI_MAX_LIMBS )
|
if( nblimbs > MBEDTLS_MPI_MAX_LIMBS )
|
||||||
return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
|
return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
|
||||||
|
|
||||||
/* Actually resize up in this case */
|
/* Actually resize up if there are currently fewer than nblimbs limbs. */
|
||||||
if( X->n <= nblimbs )
|
if( X->n <= nblimbs )
|
||||||
return( mbedtls_mpi_grow( X, nblimbs ) );
|
return( mbedtls_mpi_grow( X, nblimbs ) );
|
||||||
|
/* After this point, then X->n > nblimbs and in particular X->n > 0. */
|
||||||
|
|
||||||
for( i = X->n - 1; i > 0; i-- )
|
for( i = X->n - 1; i > 0; i-- )
|
||||||
if( X->p[i] != 0 )
|
if( X->p[i] != 0 )
|
||||||
|
@ -198,7 +199,7 @@ int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y )
|
||||||
if( X == Y )
|
if( X == Y )
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
|
||||||
if( Y->p == NULL )
|
if( Y->n == 0 )
|
||||||
{
|
{
|
||||||
mbedtls_mpi_free( X );
|
mbedtls_mpi_free( X );
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
|
|
@ -361,6 +361,10 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
|
||||||
|
|
||||||
*olen = 0;
|
*olen = 0;
|
||||||
block_size = mbedtls_cipher_get_block_size( ctx );
|
block_size = mbedtls_cipher_get_block_size( ctx );
|
||||||
|
if ( 0 == block_size )
|
||||||
|
{
|
||||||
|
return( MBEDTLS_ERR_CIPHER_INVALID_CONTEXT );
|
||||||
|
}
|
||||||
|
|
||||||
if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB )
|
if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB )
|
||||||
{
|
{
|
||||||
|
@ -396,11 +400,6 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if ( 0 == block_size )
|
|
||||||
{
|
|
||||||
return( MBEDTLS_ERR_CIPHER_INVALID_CONTEXT );
|
|
||||||
}
|
|
||||||
|
|
||||||
if( input == output &&
|
if( input == output &&
|
||||||
( ctx->unprocessed_len != 0 || ilen % block_size ) )
|
( ctx->unprocessed_len != 0 || ilen % block_size ) )
|
||||||
{
|
{
|
||||||
|
@ -459,11 +458,6 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
|
||||||
*/
|
*/
|
||||||
if( 0 != ilen )
|
if( 0 != ilen )
|
||||||
{
|
{
|
||||||
if( 0 == block_size )
|
|
||||||
{
|
|
||||||
return( MBEDTLS_ERR_CIPHER_INVALID_CONTEXT );
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Encryption: only cache partial blocks
|
/* Encryption: only cache partial blocks
|
||||||
* Decryption w/ padding: always keep at least one whole block
|
* Decryption w/ padding: always keep at least one whole block
|
||||||
* Decryption w/o padding: only cache partial blocks
|
* Decryption w/o padding: only cache partial blocks
|
||||||
|
|
|
@ -297,7 +297,7 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
|
||||||
*p_sign_tries = 0;
|
*p_sign_tries = 0;
|
||||||
do
|
do
|
||||||
{
|
{
|
||||||
if( *p_sign_tries++ > 10 )
|
if( (*p_sign_tries)++ > 10 )
|
||||||
{
|
{
|
||||||
ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
|
ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
@ -310,7 +310,7 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
|
||||||
*p_key_tries = 0;
|
*p_key_tries = 0;
|
||||||
do
|
do
|
||||||
{
|
{
|
||||||
if( *p_key_tries++ > 10 )
|
if( (*p_key_tries)++ > 10 )
|
||||||
{
|
{
|
||||||
ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
|
ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
|
@ -61,43 +61,28 @@
|
||||||
#define _WIN32_WINNT 0x0400
|
#define _WIN32_WINNT 0x0400
|
||||||
#endif
|
#endif
|
||||||
#include <windows.h>
|
#include <windows.h>
|
||||||
#include <bcrypt.h>
|
#include <wincrypt.h>
|
||||||
#if defined(_MSC_VER) && _MSC_VER <= 1600
|
|
||||||
/* Visual Studio 2010 and earlier issue a warning when both <stdint.h> and
|
|
||||||
* <intsafe.h> are included, as they redefine a number of <TYPE>_MAX constants.
|
|
||||||
* These constants are guaranteed to be the same, though, so we suppress the
|
|
||||||
* warning when including intsafe.h.
|
|
||||||
*/
|
|
||||||
#pragma warning( push )
|
|
||||||
#pragma warning( disable : 4005 )
|
|
||||||
#endif
|
|
||||||
#include <intsafe.h>
|
|
||||||
#if defined(_MSC_VER) && _MSC_VER <= 1600
|
|
||||||
#pragma warning( pop )
|
|
||||||
#endif
|
|
||||||
|
|
||||||
int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len,
|
int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len,
|
||||||
size_t *olen )
|
size_t *olen )
|
||||||
{
|
{
|
||||||
ULONG len_as_ulong = 0;
|
HCRYPTPROV provider;
|
||||||
((void) data);
|
((void) data);
|
||||||
*olen = 0;
|
*olen = 0;
|
||||||
|
|
||||||
/*
|
if( CryptAcquireContext( &provider, NULL, NULL,
|
||||||
* BCryptGenRandom takes ULONG for size, which is smaller than size_t on
|
PROV_RSA_FULL, CRYPT_VERIFYCONTEXT ) == FALSE )
|
||||||
* 64-bit Windows platforms. Ensure len's value can be safely converted into
|
|
||||||
* a ULONG.
|
|
||||||
*/
|
|
||||||
if ( FAILED( SizeTToULong( len, &len_as_ulong ) ) )
|
|
||||||
{
|
{
|
||||||
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
|
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( !BCRYPT_SUCCESS( BCryptGenRandom( NULL, output, len_as_ulong, BCRYPT_USE_SYSTEM_PREFERRED_RNG ) ) )
|
if( CryptGenRandom( provider, (DWORD) len, output ) == FALSE )
|
||||||
{
|
{
|
||||||
|
CryptReleaseContext( provider, 0 );
|
||||||
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
|
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
CryptReleaseContext( provider, 0 );
|
||||||
*olen = len;
|
*olen = len;
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
|
|
@ -677,6 +677,32 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(MBEDTLS_RSA_C)
|
||||||
|
/*
|
||||||
|
* Wrapper around mbedtls_asn1_get_mpi() that rejects zero.
|
||||||
|
*
|
||||||
|
* The value zero is:
|
||||||
|
* - never a valid value for an RSA parameter
|
||||||
|
* - interpreted as "omitted, please reconstruct" by mbedtls_rsa_complete().
|
||||||
|
*
|
||||||
|
* Since values can't be omitted in PKCS#1, passing a zero value to
|
||||||
|
* rsa_complete() would be incorrect, so reject zero values early.
|
||||||
|
*/
|
||||||
|
static int asn1_get_nonzero_mpi( unsigned char **p,
|
||||||
|
const unsigned char *end,
|
||||||
|
mbedtls_mpi *X )
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
ret = mbedtls_asn1_get_mpi( p, end, X );
|
||||||
|
if( ret != 0 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
|
if( mbedtls_mpi_cmp_int( X, 0 ) == 0 )
|
||||||
|
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Parse a PKCS#1 encoded private RSA key
|
* Parse a PKCS#1 encoded private RSA key
|
||||||
*/
|
*/
|
||||||
|
@ -729,54 +755,84 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Import N */
|
/* Import N */
|
||||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
|
||||||
MBEDTLS_ASN1_INTEGER ) ) != 0 ||
|
( ret = mbedtls_rsa_import( rsa, &T, NULL, NULL,
|
||||||
( ret = mbedtls_rsa_import_raw( rsa, p, len, NULL, 0, NULL, 0,
|
NULL, NULL ) ) != 0 )
|
||||||
NULL, 0, NULL, 0 ) ) != 0 )
|
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
p += len;
|
|
||||||
|
|
||||||
/* Import E */
|
/* Import E */
|
||||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
|
||||||
MBEDTLS_ASN1_INTEGER ) ) != 0 ||
|
( ret = mbedtls_rsa_import( rsa, NULL, NULL, NULL,
|
||||||
( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
|
NULL, &T ) ) != 0 )
|
||||||
NULL, 0, p, len ) ) != 0 )
|
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
p += len;
|
|
||||||
|
|
||||||
/* Import D */
|
/* Import D */
|
||||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
|
||||||
MBEDTLS_ASN1_INTEGER ) ) != 0 ||
|
( ret = mbedtls_rsa_import( rsa, NULL, NULL, NULL,
|
||||||
( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
|
&T, NULL ) ) != 0 )
|
||||||
p, len, NULL, 0 ) ) != 0 )
|
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
p += len;
|
|
||||||
|
|
||||||
/* Import P */
|
/* Import P */
|
||||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
|
||||||
MBEDTLS_ASN1_INTEGER ) ) != 0 ||
|
( ret = mbedtls_rsa_import( rsa, NULL, &T, NULL,
|
||||||
( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, p, len, NULL, 0,
|
NULL, NULL ) ) != 0 )
|
||||||
NULL, 0, NULL, 0 ) ) != 0 )
|
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
p += len;
|
|
||||||
|
|
||||||
/* Import Q */
|
/* Import Q */
|
||||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
|
||||||
MBEDTLS_ASN1_INTEGER ) ) != 0 ||
|
( ret = mbedtls_rsa_import( rsa, NULL, NULL, &T,
|
||||||
( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, p, len,
|
NULL, NULL ) ) != 0 )
|
||||||
NULL, 0, NULL, 0 ) ) != 0 )
|
|
||||||
goto cleanup;
|
|
||||||
p += len;
|
|
||||||
|
|
||||||
/* Complete the RSA private key */
|
|
||||||
if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 )
|
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
||||||
/* Check optional parameters */
|
#if !defined(MBEDTLS_RSA_NO_CRT) && !defined(MBEDTLS_RSA_ALT)
|
||||||
if( ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 ||
|
/*
|
||||||
( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 ||
|
* The RSA CRT parameters DP, DQ and QP are nominally redundant, in
|
||||||
( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 )
|
* that they can be easily recomputed from D, P and Q. However by
|
||||||
|
* parsing them from the PKCS1 structure it is possible to avoid
|
||||||
|
* recalculating them which both reduces the overhead of loading
|
||||||
|
* RSA private keys into memory and also avoids side channels which
|
||||||
|
* can arise when computing those values, since all of D, P, and Q
|
||||||
|
* are secret. See https://eprint.iacr.org/2020/055 for a
|
||||||
|
* description of one such attack.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* Import DP */
|
||||||
|
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
|
||||||
|
( ret = mbedtls_mpi_copy( &rsa->DP, &T ) ) != 0 )
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
|
/* Import DQ */
|
||||||
|
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
|
||||||
|
( ret = mbedtls_mpi_copy( &rsa->DQ, &T ) ) != 0 )
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
|
/* Import QP */
|
||||||
|
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
|
||||||
|
( ret = mbedtls_mpi_copy( &rsa->QP, &T ) ) != 0 )
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
|
#else
|
||||||
|
/* Verify existance of the CRT params */
|
||||||
|
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
|
||||||
|
( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
|
||||||
|
( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 )
|
||||||
|
goto cleanup;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* rsa_complete() doesn't complete anything with the default
|
||||||
|
* implementation but is still called:
|
||||||
|
* - for the benefit of alternative implementation that may want to
|
||||||
|
* pre-compute stuff beyond what's provided (eg Montgomery factors)
|
||||||
|
* - as is also sanity-checks the key
|
||||||
|
*
|
||||||
|
* Furthermore, we also check the public part for consistency with
|
||||||
|
* mbedtls_pk_parse_pubkey(), as it includes size minima for example.
|
||||||
|
*/
|
||||||
|
if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 ||
|
||||||
|
( ret = mbedtls_rsa_check_pubkey( rsa ) ) != 0 )
|
||||||
|
{
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
if( p != end )
|
if( p != end )
|
||||||
{
|
{
|
||||||
|
|
|
@ -249,6 +249,9 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx )
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
int have_N, have_P, have_Q, have_D, have_E;
|
int have_N, have_P, have_Q, have_D, have_E;
|
||||||
|
#if !defined(MBEDTLS_RSA_NO_CRT)
|
||||||
|
int have_DP, have_DQ, have_QP;
|
||||||
|
#endif
|
||||||
int n_missing, pq_missing, d_missing, is_pub, is_priv;
|
int n_missing, pq_missing, d_missing, is_pub, is_priv;
|
||||||
|
|
||||||
RSA_VALIDATE_RET( ctx != NULL );
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
@ -259,6 +262,12 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx )
|
||||||
have_D = ( mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 );
|
have_D = ( mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 );
|
||||||
have_E = ( mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0 );
|
have_E = ( mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0 );
|
||||||
|
|
||||||
|
#if !defined(MBEDTLS_RSA_NO_CRT)
|
||||||
|
have_DP = ( mbedtls_mpi_cmp_int( &ctx->DP, 0 ) != 0 );
|
||||||
|
have_DQ = ( mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) != 0 );
|
||||||
|
have_QP = ( mbedtls_mpi_cmp_int( &ctx->QP, 0 ) != 0 );
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Check whether provided parameters are enough
|
* Check whether provided parameters are enough
|
||||||
* to deduce all others. The following incomplete
|
* to deduce all others. The following incomplete
|
||||||
|
@ -324,7 +333,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx )
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#if !defined(MBEDTLS_RSA_NO_CRT)
|
#if !defined(MBEDTLS_RSA_NO_CRT)
|
||||||
if( is_priv )
|
if( is_priv && ! ( have_DP && have_DQ && have_QP ) )
|
||||||
{
|
{
|
||||||
ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D,
|
ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D,
|
||||||
&ctx->DP, &ctx->DQ, &ctx->QP );
|
&ctx->DP, &ctx->DQ, &ctx->QP );
|
||||||
|
|
|
@ -65,19 +65,6 @@
|
||||||
|
|
||||||
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
|
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
|
||||||
#include <windows.h>
|
#include <windows.h>
|
||||||
#if defined(_MSC_VER) && _MSC_VER <= 1600
|
|
||||||
/* Visual Studio 2010 and earlier issue a warning when both <stdint.h> and
|
|
||||||
* <intsafe.h> are included, as they redefine a number of <TYPE>_MAX constants.
|
|
||||||
* These constants are guaranteed to be the same, though, so we suppress the
|
|
||||||
* warning when including intsafe.h.
|
|
||||||
*/
|
|
||||||
#pragma warning( push )
|
|
||||||
#pragma warning( disable : 4005 )
|
|
||||||
#endif
|
|
||||||
#include <intsafe.h>
|
|
||||||
#if defined(_MSC_VER) && _MSC_VER <= 1600
|
|
||||||
#pragma warning( pop )
|
|
||||||
#endif
|
|
||||||
#else
|
#else
|
||||||
#include <time.h>
|
#include <time.h>
|
||||||
#endif
|
#endif
|
||||||
|
@ -1290,7 +1277,6 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
|
||||||
char filename[MAX_PATH];
|
char filename[MAX_PATH];
|
||||||
char *p;
|
char *p;
|
||||||
size_t len = strlen( path );
|
size_t len = strlen( path );
|
||||||
int lengthAsInt = 0;
|
|
||||||
|
|
||||||
WIN32_FIND_DATAW file_data;
|
WIN32_FIND_DATAW file_data;
|
||||||
HANDLE hFind;
|
HANDLE hFind;
|
||||||
|
@ -1305,18 +1291,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
|
||||||
p = filename + len;
|
p = filename + len;
|
||||||
filename[len++] = '*';
|
filename[len++] = '*';
|
||||||
|
|
||||||
if ( FAILED ( SizeTToInt( len, &lengthAsInt ) ) )
|
w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir,
|
||||||
return( MBEDTLS_ERR_X509_FILE_IO_ERROR );
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Note this function uses the code page CP_ACP, and assumes the incoming
|
|
||||||
* string is encoded in ANSI, before translating it into Unicode. If the
|
|
||||||
* incoming string were changed to be UTF-8, then the length check needs to
|
|
||||||
* change to check the number of characters, not the number of bytes, in the
|
|
||||||
* incoming string are less than MAX_PATH to avoid a buffer overrun with
|
|
||||||
* MultiByteToWideChar().
|
|
||||||
*/
|
|
||||||
w_ret = MultiByteToWideChar( CP_ACP, 0, filename, lengthAsInt, szDir,
|
|
||||||
MAX_PATH - 3 );
|
MAX_PATH - 3 );
|
||||||
if( w_ret == 0 )
|
if( w_ret == 0 )
|
||||||
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
|
||||||
|
@ -1333,11 +1308,8 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
|
||||||
if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY )
|
if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY )
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
if ( FAILED( SizeTToInt( wcslen( file_data.cFileName ), &lengthAsInt ) ) )
|
|
||||||
return( MBEDTLS_ERR_X509_FILE_IO_ERROR );
|
|
||||||
|
|
||||||
w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName,
|
w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName,
|
||||||
lengthAsInt,
|
lstrlenW( file_data.cFileName ),
|
||||||
p, (int) len - 1,
|
p, (int) len - 1,
|
||||||
NULL, NULL );
|
NULL, NULL );
|
||||||
if( w_ret == 0 )
|
if( w_ret == 0 )
|
||||||
|
|
|
@ -226,7 +226,9 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s
|
||||||
/*
|
/*
|
||||||
* Prepare signature
|
* Prepare signature
|
||||||
*/
|
*/
|
||||||
mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash );
|
ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash );
|
||||||
|
if( ret != 0 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
if( ( ret = mbedtls_pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len,
|
if( ( ret = mbedtls_pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len,
|
||||||
f_rng, p_rng ) ) != 0 )
|
f_rng, p_rng ) ) != 0 )
|
||||||
|
|
|
@ -1,13 +0,0 @@
|
||||||
--- a/thirdparty/mbedtls/include/mbedtls/config.h
|
|
||||||
+++ b/thirdparty/mbedtls/include/mbedtls/config.h
|
|
||||||
@@ -2477,7 +2477,9 @@
|
|
||||||
*
|
|
||||||
* This modules adds support for the VIA PadLock on x86.
|
|
||||||
*/
|
|
||||||
-#define MBEDTLS_PADLOCK_C
|
|
||||||
+// -- GODOT start --
|
|
||||||
+// #define MBEDTLS_PADLOCK_C
|
|
||||||
+// -- GODOT end --
|
|
||||||
|
|
||||||
/**
|
|
||||||
* \def MBEDTLS_PEM_PARSE_C
|
|
Loading…
Reference in New Issue