Relintai/pandemonium_engine
1
0
Fork 0
mirror of https://github.com/Relintai/pandemonium_engine.git synced 2025-02-10 18:10:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

mbedtls: Update to upstream version 2.28.9

Browse Source 
(cherry picked from commit 881645fff9b8bb50a2078f52b4223f5ccc3d1180)
This commit is contained in:
Rémi Verschelde 2024-12-04 15:44:47 +01:00 committed by Relintai
parent 624dcec06e
commit 8d3f6e80cc
12 changed files with 47 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
thirdparty/README.md vendored
View File

@ -218,7 +218,7 @@ Files extracted from upstream source:
## mbedtls ## mbedtls
- Upstream: https://github.com/Mbed-TLS/mbedtls - Upstream: https://github.com/Mbed-TLS/mbedtls
- Version: 2.28.8 (5a764e5555c64337ed17444410269ff21cb617b1, 2024) - Version: 2.28.9 (5e146adef63b326b04282252639bebc2730939c6, 2024)
- License: Apache 2.0 - License: Apache 2.0
File extracted from upstream release tarball: File extracted from upstream release tarball:

34
thirdparty/mbedtls/include/mbedtls/config.h vendored
View File

@ -4020,22 +4020,34 @@
* Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the * Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the
* PSA crypto subsystem. * PSA crypto subsystem.
* *
* If this option is unset: * If this option is unset, the library chooses a hash (currently between
* - If CTR_DRBG is available, the PSA subsystem uses it rather than HMAC_DRBG. * #MBEDTLS_MD_SHA512 and #MBEDTLS_MD_SHA256) based on availability and
* - Otherwise, the PSA subsystem uses HMAC_DRBG with either * unspecified heuristics.
* #MBEDTLS_MD_SHA512 or #MBEDTLS_MD_SHA256 based on availability and *
* on unspecified heuristics. * \note The PSA crypto subsystem uses the first available mechanism amongst
* the following:
* - #MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG if enabled;
* - Entropy from #MBEDTLS_ENTROPY_C plus CTR_DRBG with AES
* if #MBEDTLS_CTR_DRBG_C is enabled;
* - Entropy from #MBEDTLS_ENTROPY_C plus HMAC_DRBG.
*
* A future version may reevaluate the prioritization of DRBG mechanisms.
*/ */
//#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256 //#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256
/** \def MBEDTLS_PSA_KEY_SLOT_COUNT /** \def MBEDTLS_PSA_KEY_SLOT_COUNT
* Restrict the PSA library to supporting a maximum amount of simultaneously
* loaded keys. A loaded key is a key stored by the PSA Crypto core as a
* volatile key, or a persistent key which is loaded temporarily by the
* library as part of a crypto operation in flight.
* *
* If this option is unset, the library will fall back to a default value of * The maximum amount of PSA keys simultaneously in memory. This counts all
* 32 keys. * volatile keys, plus loaded persistent keys.
*
* Currently, persistent keys do not need to be loaded all the time while
* a multipart operation is in progress, only while the operation is being
* set up. This may change in future versions of the library.
*
* Currently, the library traverses of the whole table on each access to a
* persistent key. Therefore large values may cause poor performance.
*
* This option has no effect when #MBEDTLS_PSA_CRYPTO_C is disabled.
*/ */
//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32 //#define MBEDTLS_PSA_KEY_SLOT_COUNT 32

2
thirdparty/mbedtls/include/mbedtls/ecdh.h vendored
View File

@ -299,7 +299,7 @@ int mbedtls_ecdh_read_params(mbedtls_ecdh_context *ctx,
* \brief This function sets up an ECDH context from an EC key. * \brief This function sets up an ECDH context from an EC key.
* *
* It is used by clients and servers in place of the * It is used by clients and servers in place of the
* ServerKeyEchange for static ECDH, and imports ECDH * ServerKeyExchange for static ECDH, and imports ECDH
* parameters from the EC key information of a certificate. * parameters from the EC key information of a certificate.
* *
* \see ecp.h * \see ecp.h

2
thirdparty/mbedtls/include/mbedtls/ecp.h vendored
View File

@ -259,7 +259,7 @@ mbedtls_ecp_point;
* range of <code>0..2^(2*pbits)-1</code>, and transforms it in-place to an integer * range of <code>0..2^(2*pbits)-1</code>, and transforms it in-place to an integer
* which is congruent mod \p P to the given MPI, and is close enough to \p pbits * which is congruent mod \p P to the given MPI, and is close enough to \p pbits
* in size, so that it may be efficiently brought in the 0..P-1 range by a few * in size, so that it may be efficiently brought in the 0..P-1 range by a few
* additions or subtractions. Therefore, it is only an approximative modular * additions or subtractions. Therefore, it is only an approximate modular
* reduction. It must return 0 on success and non-zero on failure. * reduction. It must return 0 on success and non-zero on failure.
* *
* \note Alternative implementations must keep the group IDs distinct. If * \note Alternative implementations must keep the group IDs distinct. If

8
thirdparty/mbedtls/include/mbedtls/version.h vendored
View File

@ -26,16 +26,16 @@
*/ */
#define MBEDTLS_VERSION_MAJOR 2 #define MBEDTLS_VERSION_MAJOR 2
#define MBEDTLS_VERSION_MINOR 28 #define MBEDTLS_VERSION_MINOR 28
#define MBEDTLS_VERSION_PATCH 8 #define MBEDTLS_VERSION_PATCH 9
/** /**
* The single version number has the following structure: * The single version number has the following structure:
* MMNNPP00 * MMNNPP00
* Major version | Minor version | Patch version * Major version | Minor version | Patch version
*/ */
#define MBEDTLS_VERSION_NUMBER 0x021C0800 #define MBEDTLS_VERSION_NUMBER 0x021C0900
#define MBEDTLS_VERSION_STRING "2.28.8" #define MBEDTLS_VERSION_STRING "2.28.9"
#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 2.28.8" #define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 2.28.9"
#if defined(MBEDTLS_VERSION_C) #if defined(MBEDTLS_VERSION_C)

15
thirdparty/mbedtls/library/common.h vendored
View File

@ -337,17 +337,18 @@ static inline const unsigned char *mbedtls_buffer_offset_const(
#endif #endif
/* Always provide a static assert macro, so it can be used unconditionally. /* Always provide a static assert macro, so it can be used unconditionally.
* It will expand to nothing on some systems. * It will expand to nothing on some systems. */
* Can be used outside functions (but don't add a trailing ';' in that case: /* Can't use the C11-style `defined(static_assert)` on FreeBSD, since it
* the semicolon is included here to avoid triggering -Wextra-semi when
* MBEDTLS_STATIC_ASSERT() expands to nothing).
* Can't use the C11-style `defined(static_assert)` on FreeBSD, since it
* defines static_assert even with -std=c99, but then complains about it. * defines static_assert even with -std=c99, but then complains about it.
*/ */
#if defined(static_assert) && !defined(__FreeBSD__) #if defined(static_assert) && !defined(__FreeBSD__)
#define MBEDTLS_STATIC_ASSERT(expr, msg) static_assert(expr, msg); #define MBEDTLS_STATIC_ASSERT(expr, msg) static_assert(expr, msg)
#else #else
#define MBEDTLS_STATIC_ASSERT(expr, msg) /* Make sure `MBEDTLS_STATIC_ASSERT(expr, msg);` is valid both inside and
* outside a function. We choose a struct declaration, which can be repeated
* any number of times and does not need a matching definition. */
#define MBEDTLS_STATIC_ASSERT(expr, msg) \
struct ISO_C_does_not_allow_extra_semicolon_outside_of_a_function
#endif #endif
/* Suppress compiler warnings for unused functions and variables. */ /* Suppress compiler warnings for unused functions and variables. */

4
thirdparty/mbedtls/library/entropy_poll.c vendored
View File

@ -5,10 +5,12 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/ */
#if defined(__linux__) || defined(__midipix__) && !defined(_GNU_SOURCE) #if defined(__linux__) || defined(__midipix__)
/* Ensure that syscall() is available even when compiling with -std=c99 */ /* Ensure that syscall() is available even when compiling with -std=c99 */
#if !defined(_GNU_SOURCE)
#define _GNU_SOURCE #define _GNU_SOURCE
#endif #endif
#endif
#include "common.h" #include "common.h"

1
thirdparty/mbedtls/library/oid.c vendored
View File

@ -15,6 +15,7 @@
#include "mbedtls/rsa.h" #include "mbedtls/rsa.h"
#include "mbedtls/error.h" #include "mbedtls/error.h"
#include <limits.h>
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>

1
thirdparty/mbedtls/library/ssl_msg.c vendored
View File

@ -29,6 +29,7 @@
#include "constant_time_internal.h" #include "constant_time_internal.h"
#include "mbedtls/constant_time.h" #include "mbedtls/constant_time.h"
#include <limits.h>
#include <string.h> #include <string.h>
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)

1
thirdparty/mbedtls/library/ssl_tls.c vendored
View File

@ -4452,6 +4452,7 @@ static void ssl_remove_psk(mbedtls_ssl_context *ssl)
ssl->handshake->psk_len); ssl->handshake->psk_len);
mbedtls_free(ssl->handshake->psk); mbedtls_free(ssl->handshake->psk);
ssl->handshake->psk_len = 0; ssl->handshake->psk_len = 0;
ssl->handshake->psk = NULL;
} }
} }

1
thirdparty/mbedtls/library/x509_crt.c vendored
View File

@ -26,6 +26,7 @@
#include "mbedtls/oid.h" #include "mbedtls/oid.h"
#include "mbedtls/platform_util.h" #include "mbedtls/platform_util.h"
#include <limits.h>
#include <string.h> #include <string.h>
#if defined(MBEDTLS_PEM_PARSE_C) #if defined(MBEDTLS_PEM_PARSE_C)

4
thirdparty/mbedtls/patches/windows-entropy-bcrypt.diff vendored
View File

@ -1,10 +1,10 @@
Backported from: https://github.com/Mbed-TLS/mbedtls/pull/8047 Backported from: https://github.com/Mbed-TLS/mbedtls/pull/8047
diff --git a/thirdparty/mbedtls/library/entropy_poll.c b/thirdparty/mbedtls/library/entropy_poll.c diff --git a/thirdparty/mbedtls/library/entropy_poll.c b/thirdparty/mbedtls/library/entropy_poll.c
index cde49e66a0..4c5184686e 100644 index 095fa9873d..3bbe88f88d 100644
--- a/thirdparty/mbedtls/library/entropy_poll.c --- a/thirdparty/mbedtls/library/entropy_poll.c
+++ b/thirdparty/mbedtls/library/entropy_poll.c +++ b/thirdparty/mbedtls/library/entropy_poll.c
@@ -39,32 +39,34 @@ @@ -41,32 +41,34 @@
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)