Merge pull request #1164 from daverodgman/update-2.28-restricted

2025-07-29 11:41:15 +03:00 · 2024-02-02 17:45:18 +00:00
parent 8f7a5f6682 8e3a837e1b
commit 5a2e95dcfa
29 changed files with 1815 additions and 1310 deletions
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@ -204,15 +204,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
 if(USE_SHARED_MBEDTLS_LIBRARY)
    set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR})
    add_library(${mbedcrypto_target} SHARED ${src_crypto})
-    set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 2.28.6 SOVERSION 7)
+    set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 2.28.7 SOVERSION 7)
    target_link_libraries(${mbedcrypto_target} PUBLIC ${libs})

    add_library(${mbedx509_target} SHARED ${src_x509})
-    set_target_properties(${mbedx509_target} PROPERTIES VERSION 2.28.6 SOVERSION 1)
+    set_target_properties(${mbedx509_target} PROPERTIES VERSION 2.28.7 SOVERSION 1)
    target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target})

    add_library(${mbedtls_target} SHARED ${src_tls})
-    set_target_properties(${mbedtls_target} PROPERTIES VERSION 2.28.6 SOVERSION 14)
+    set_target_properties(${mbedtls_target} PROPERTIES VERSION 2.28.7 SOVERSION 14)
    target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target})
 endif(USE_SHARED_MBEDTLS_LIBRARY)

--- a/library/common.h
+++ b/library/common.h
@ -350,4 +350,31 @@ static inline const unsigned char *mbedtls_buffer_offset_const(
 #define MBEDTLS_STATIC_ASSERT(expr, msg)
 #endif

+/* Suppress compiler warnings for unused functions and variables. */
+#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__has_attribute)
+#    if __has_attribute(unused)
+#        define MBEDTLS_MAYBE_UNUSED __attribute__((unused))
+#    endif
+#endif
+#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__GNUC__)
+#    define MBEDTLS_MAYBE_UNUSED __attribute__((unused))
+#endif
+#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__IAR_SYSTEMS_ICC__) && defined(__VER__)
+/* IAR does support __attribute__((unused)), but only if the -e flag (extended language support)
+ * is given; the pragma always works.
+ * Unfortunately the pragma affects the rest of the file where it is used, but this is harmless.
+ * Check for version 5.2 or later - this pragma may be supported by earlier versions, but I wasn't
+ * able to find documentation).
+ */
+#    if (__VER__ >= 5020000)
+#        define MBEDTLS_MAYBE_UNUSED _Pragma("diag_suppress=Pe177")
+#    endif
+#endif
+#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(_MSC_VER)
+#    define MBEDTLS_MAYBE_UNUSED __pragma(warning(suppress:4189))
+#endif
+#if !defined(MBEDTLS_MAYBE_UNUSED)
+#    define MBEDTLS_MAYBE_UNUSED
+#endif
+
 #endif /* MBEDTLS_LIBRARY_COMMON_H */
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@ -321,7 +321,7 @@ static int net_would_block(const mbedtls_net_context *ctx)
 */
 int mbedtls_net_accept(mbedtls_net_context *bind_ctx,
                       mbedtls_net_context *client_ctx,
-                       void *client_ip, size_t buf_size, size_t *ip_len)
+                       void *client_ip, size_t buf_size, size_t *cip_len)
 {
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    int type;
@ -404,22 +404,22 @@ int mbedtls_net_accept(mbedtls_net_context *bind_ctx,
    if (client_ip != NULL) {
        if (client_addr.ss_family == AF_INET) {
            struct sockaddr_in *addr4 = (struct sockaddr_in *) &client_addr;
-            *ip_len = sizeof(addr4->sin_addr.s_addr);
+            *cip_len = sizeof(addr4->sin_addr.s_addr);

-            if (buf_size < *ip_len) {
+            if (buf_size < *cip_len) {
                return MBEDTLS_ERR_NET_BUFFER_TOO_SMALL;
            }

-            memcpy(client_ip, &addr4->sin_addr.s_addr, *ip_len);
+            memcpy(client_ip, &addr4->sin_addr.s_addr, *cip_len);
        } else {
            struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) &client_addr;
-            *ip_len = sizeof(addr6->sin6_addr.s6_addr);
+            *cip_len = sizeof(addr6->sin6_addr.s6_addr);

-            if (buf_size < *ip_len) {
+            if (buf_size < *cip_len) {
                return MBEDTLS_ERR_NET_BUFFER_TOO_SMALL;
            }

-            memcpy(client_ip, &addr6->sin6_addr.s6_addr, *ip_len);
+            memcpy(client_ip, &addr6->sin6_addr.s6_addr, *cip_len);
        }
    }

--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -992,8 +992,7 @@ static int ssl_populate_transform(mbedtls_ssl_transform *transform,
    !defined(MBEDTLS_SSL_EXPORT_KEYS) && \
    !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
    !defined(MBEDTLS_DEBUG_C)
-    ssl = NULL; /* make sure we don't use it except for those cases */
-    (void) ssl;
+    (void) ssl; /* ssl is unused except for those cases */
 #endif

    /*
--- a/library/timing.c
+++ b/library/timing.c
@ -401,6 +401,7 @@ int mbedtls_timing_self_test(int verbose)
    uint32_t a = 0, b = 0;
    mbedtls_timing_delay_context ctx;

+    memset(&ctx, 0, sizeof(ctx));
    if (verbose != 0) {
        mbedtls_printf("  TIMING tests note: will take some time!\n");
    }
--- a/library/x509_create.c
+++ b/library/x509_create.c
@ -195,6 +195,10 @@ int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid,
 {
    mbedtls_asn1_named_data *cur;

+    if (val_len > (SIZE_MAX  - 1)) {
+        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+    }
+
    if ((cur = mbedtls_asn1_store_named_data(head, oid, oid_len,
                                             NULL, val_len + 1)) == NULL) {
        return MBEDTLS_ERR_X509_ALLOC_FAILED;