From 512b4ee9c7421c4d70352d2a37a6ef1038a515b0 Mon Sep 17 00:00:00 2001 From: Nicholas Wilson Date: Tue, 5 Dec 2017 12:07:33 +0000 Subject: [PATCH 1/4] Use gmtime_r to fix thread-safety issue, and use mbedtls_time on Windows --- ChangeLog | 7 +++++++ include/mbedtls/threading.h | 3 --- library/threading.c | 9 -------- library/x509.c | 42 +++++++------------------------------ 4 files changed, 14 insertions(+), 47 deletions(-) diff --git a/ChangeLog b/ChangeLog index 027a97174..517381bc5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Changes + * Allow overriding the time on Windows via the platform-time abstraction. + Fixed by Nick Wilson. + * Use gmtime_r/gmtime_s for thread-safety. Fixed by Nick Wilson. + = mbed TLS 2.11.0 branch released 2018-06-18 Features diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index aeea5d0e1..c25daa5cd 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -99,9 +99,6 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); #if defined(MBEDTLS_FS_IO) extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; #endif -#if defined(MBEDTLS_HAVE_TIME_DATE) -extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; -#endif #endif /* MBEDTLS_THREADING_C */ #ifdef __cplusplus diff --git a/library/threading.c b/library/threading.c index f1c37245c..7a32e672c 100644 --- a/library/threading.c +++ b/library/threading.c @@ -114,9 +114,6 @@ void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * #if defined(MBEDTLS_FS_IO) mbedtls_mutex_init( &mbedtls_threading_readdir_mutex ); #endif -#if defined(MBEDTLS_HAVE_TIME_DATE) - mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex ); -#endif } /* @@ -127,9 +124,6 @@ void mbedtls_threading_free_alt( void ) #if defined(MBEDTLS_FS_IO) mbedtls_mutex_free( &mbedtls_threading_readdir_mutex ); #endif -#if defined(MBEDTLS_HAVE_TIME_DATE) - mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex ); -#endif } #endif /* MBEDTLS_THREADING_ALT */ @@ -142,8 +136,5 @@ void mbedtls_threading_free_alt( void ) #if defined(MBEDTLS_FS_IO) mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT; #endif -#if defined(MBEDTLS_HAVE_TIME_DATE) -mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT; -#endif #endif /* MBEDTLS_THREADING_C */ diff --git a/library/x509.c b/library/x509.c index 371d6da1d..906d1714b 100644 --- a/library/x509.c +++ b/library/x509.c @@ -59,14 +59,10 @@ #define mbedtls_snprintf snprintf #endif - #if defined(MBEDTLS_HAVE_TIME) #include "mbedtls/platform_time.h" #endif - -#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) -#include -#else +#if defined(MBEDTLS_HAVE_TIME_DATE) #include #endif @@ -903,36 +899,18 @@ int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name ) * Set the time structure to the current time. * Return 0 on success, non-zero on failure. */ -#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) static int x509_get_current_time( mbedtls_x509_time *now ) { - SYSTEMTIME st; - - GetSystemTime( &st ); - - now->year = st.wYear; - now->mon = st.wMonth; - now->day = st.wDay; - now->hour = st.wHour; - now->min = st.wMinute; - now->sec = st.wSecond; - - return( 0 ); -} -#else -static int x509_get_current_time( mbedtls_x509_time *now ) -{ - struct tm *lt; + struct tm *lt, tm_buf; mbedtls_time_t tt; int ret = 0; -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_lock( &mbedtls_threading_gmtime_mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); -#endif - tt = mbedtls_time( NULL ); - lt = gmtime( &tt ); +#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) + lt = gmtime_s( &tm_buf, &tt ) == 0 ? &tm_buf : NULL; +#else + lt = gmtime_r( &tt, &tm_buf ); +#endif if( lt == NULL ) ret = -1; @@ -946,14 +924,8 @@ static int x509_get_current_time( mbedtls_x509_time *now ) now->sec = lt->tm_sec; } -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &mbedtls_threading_gmtime_mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); -#endif - return( ret ); } -#endif /* _WIN32 && !EFIX64 && !EFI32 */ /* * Return 0 if before <= after, 1 otherwise From 2682edf205177a9639d2126238d6f83e19fd5d71 Mon Sep 17 00:00:00 2001 From: Nicholas Wilson Date: Tue, 5 Dec 2017 12:08:15 +0000 Subject: [PATCH 2/4] Fix build using -std=c99 In each place where POSIX/GNU functions are used, the file must declare that it wants POSIX functionality before including any system headers. --- ChangeLog | 1 + library/entropy_poll.c | 5 +++++ library/net_sockets.c | 5 +++++ library/x509.c | 4 ++++ programs/aes/aescrypt2.c | 5 +++++ programs/aes/crypt_and_hash.c | 5 +++++ programs/ssl/ssl_mail_client.c | 5 +++++ tests/CMakeLists.txt | 5 +++++ tests/suites/helpers.function | 1 + 9 files changed, 36 insertions(+) diff --git a/ChangeLog b/ChangeLog index 517381bc5..4d5f5829f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,7 @@ Changes * Allow overriding the time on Windows via the platform-time abstraction. Fixed by Nick Wilson. * Use gmtime_r/gmtime_s for thread-safety. Fixed by Nick Wilson. + * Fix build using -std=c99. Fixed by Nick Wilson. = mbed TLS 2.11.0 branch released 2018-06-18 diff --git a/library/entropy_poll.c b/library/entropy_poll.c index fd96258ce..31f608b83 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -19,6 +19,11 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ +#if defined(__linux__) +/* Ensure that syscall() is available even when compiling with -std=c99 */ +#define _GNU_SOURCE +#endif + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/library/net_sockets.c b/library/net_sockets.c index 202da0171..4b267cf35 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -19,6 +19,11 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ +/* Enable definition of getaddrinfo() even when compiling with -std=c99. Must + * be set before config.h, which pulls in glibc's features.h indirectly. + * Harmless on other platforms. */ +#define _POSIX_C_SOURCE 200112L + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/library/x509.c b/library/x509.c index 906d1714b..b47599b0d 100644 --- a/library/x509.c +++ b/library/x509.c @@ -29,6 +29,10 @@ * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf */ +/* Ensure gmtime_r is available even with -std=c99; must be included before + * config.h, which pulls in glibc's features.h. Harmless on other platforms. */ +#define _XOPEN_SOURCE 500 + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c index 4acf38dd7..36dabe940 100644 --- a/programs/aes/aescrypt2.c +++ b/programs/aes/aescrypt2.c @@ -19,6 +19,11 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ +/* Enable definition of fileno() even when compiling with -std=c99. Must be + * set before config.h, which pulls in glibc's features.h indirectly. + * Harmless on other platforms. */ +#define _POSIX_C_SOURCE 1 + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index 0e272ebe4..49c43b321 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -20,6 +20,11 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ +/* Enable definition of fileno() even when compiling with -std=c99. Must be + * set before config.h, which pulls in glibc's features.h indirectly. + * Harmless on other platforms. */ +#define _POSIX_C_SOURCE 1 + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 04b847a69..74d5d7270 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -19,6 +19,11 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ +/* Enable definition of hostname() even when compiling with -std=c99. Must be + * set before config.h, which pulls in glibc's features.h indirectly. + * Harmless on other platforms. */ +#define _POSIX_C_SOURCE 200112L + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index f630edb83..084da59f4 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -15,6 +15,11 @@ if(NOT PERL_FOUND) message(FATAL_ERROR "Cannot build test suites without Perl") endif() +# Enable definition of various functions used throughout the testsuite +# (hostname, strdup, fileno...) even when compiling with -std=c99. Harmless +# on non-POSIX platforms. +add_definitions("-D_POSIX_C_SOURCE=200809L") + function(add_test_suite suite_name) if(ARGV1) set(data_name ${ARGV1}) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index f82694ada..8f04885a5 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -36,6 +36,7 @@ typedef UINT32 uint32_t; #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) #include +#include #endif /*----------------------------------------------------------------------------*/ From 61fa436ad36f9374429a8bb5e5339726fb12553c Mon Sep 17 00:00:00 2001 From: Nicholas Wilson Date: Mon, 25 Jun 2018 12:10:00 +0100 Subject: [PATCH 3/4] Address review comments - tidy usage of macros to use minimal values --- programs/ssl/ssl_mail_client.c | 4 ++-- tests/CMakeLists.txt | 2 +- tests/Makefile | 5 +++++ 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 74d5d7270..0f2b32ddc 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -19,8 +19,8 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -/* Enable definition of hostname() even when compiling with -std=c99. Must be - * set before config.h, which pulls in glibc's features.h indirectly. +/* Enable definition of gethostname() even when compiling with -std=c99. Must + * be set before config.h, which pulls in glibc's features.h indirectly. * Harmless on other platforms. */ #define _POSIX_C_SOURCE 200112L diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 084da59f4..34d649470 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -16,7 +16,7 @@ if(NOT PERL_FOUND) endif() # Enable definition of various functions used throughout the testsuite -# (hostname, strdup, fileno...) even when compiling with -std=c99. Harmless +# (gethostname, strdup, fileno...) even when compiling with -std=c99. Harmless # on non-POSIX platforms. add_definitions("-D_POSIX_C_SOURCE=200809L") diff --git a/tests/Makefile b/tests/Makefile index d65cd93a2..37e8cbcba 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -12,6 +12,11 @@ LOCAL_LDFLAGS = -L../library \ -lmbedx509$(SHARED_SUFFIX) \ -lmbedcrypto$(SHARED_SUFFIX) +# Enable definition of various functions used throughout the testsuite +# (gethostname, strdup, fileno...) even when compiling with -std=c99. Harmless +# on non-POSIX platforms. +LOCAL_CFLAGS += -D_POSIX_C_SOURCE=200809L + ifndef SHARED DEP=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a else From a5fbfd7cd89738938ae6982d79956a6cd66d7d02 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Fri, 6 Jul 2018 14:42:22 +0200 Subject: [PATCH 4/4] Enable snprintf on FreeBSD --- library/x509.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/x509.c b/library/x509.c index b47599b0d..58d6a8911 100644 --- a/library/x509.c +++ b/library/x509.c @@ -31,7 +31,7 @@ /* Ensure gmtime_r is available even with -std=c99; must be included before * config.h, which pulls in glibc's features.h. Harmless on other platforms. */ -#define _XOPEN_SOURCE 500 +#define _POSIX_C_SOURCE 200112L #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h"