From ce6eebb0b89ce7deaa87009404399e9511c2af0b Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 7 Aug 2018 20:26:55 +0100 Subject: [PATCH 01/43] Use gmtime when target is not windows or posix --- include/mbedtls/threading.h | 9 +++++++++ library/threading.c | 17 +++++++++++++++++ library/x509.c | 24 +++++++++++++++++++++++- 3 files changed, 49 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index c25daa5cd..4cfaadde2 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -99,6 +99,15 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); #if defined(MBEDTLS_FS_IO) extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; #endif +#if defined(MBEDTLS_HAVE_TIME_DATE) +#if !defined(_WIN32) && (defined(__unix__) || \ + (defined(__APPLE__) && defined(__MACH__))) +#include +#if !defined(_POSIX_VERSION) +extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; +#endif /* !_POSIX_VERSION */ +#endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */ +#endif /* MBEDTLS_HAVE_TIME_DATE */ #endif /* MBEDTLS_THREADING_C */ #ifdef __cplusplus diff --git a/library/threading.c b/library/threading.c index 7a32e672c..fa4f6c928 100644 --- a/library/threading.c +++ b/library/threading.c @@ -29,6 +29,14 @@ #include "mbedtls/threading.h" +#if !defined(_WIN32) && (defined(__unix__) || \ + (defined(__APPLE__) && defined(__MACH__))) +#include +#if !defined(_POSIX_VERSION) +#define MBEDTLS_THREADING_USE_GMTIME +#endif /* !_POSIX_VERSION */ +#endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */ + #if defined(MBEDTLS_THREADING_PTHREAD) static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex ) { @@ -114,6 +122,9 @@ void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * #if defined(MBEDTLS_FS_IO) mbedtls_mutex_init( &mbedtls_threading_readdir_mutex ); #endif +#if defined(MBEDTLS_THREADING_USE_GMTIME) + mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex ); +#endif } /* @@ -124,6 +135,9 @@ void mbedtls_threading_free_alt( void ) #if defined(MBEDTLS_FS_IO) mbedtls_mutex_free( &mbedtls_threading_readdir_mutex ); #endif +#if defined(MBEDTLS_THREADING_USE_GMTIME) + mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex ); +#endif } #endif /* MBEDTLS_THREADING_ALT */ @@ -136,5 +150,8 @@ void mbedtls_threading_free_alt( void ) #if defined(MBEDTLS_FS_IO) mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT; #endif +#if defined(MBEDTLS_THREADING_USE_GMTIME) +mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT; +#endif #endif /* MBEDTLS_THREADING_C */ diff --git a/library/x509.c b/library/x509.c index 2e6795f75..b7e799b44 100644 --- a/library/x509.c +++ b/library/x509.c @@ -890,6 +890,14 @@ int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name ) } #if defined(MBEDTLS_HAVE_TIME_DATE) +#if !defined(_WIN32) && (defined(__unix__) || \ + (defined(__APPLE__) && defined(__MACH__))) +#include +#if !defined(_POSIX_VERSION) +#define MBEDTLS_X509_USE_GMTIME +#endif /* !_POSIX_VERSION */ +#endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */ + /* * Set the time structure to the current time. * Return 0 on success, non-zero on failure. @@ -900,11 +908,20 @@ static int x509_get_current_time( mbedtls_x509_time *now ) mbedtls_time_t tt; int ret = 0; + (void)tm_buf; + +#if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_X509_USE_GMTIME) + if( mbedtls_mutex_lock( &mbedtls_threading_gmtime_mutex ) != 0 ) + return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); +#endif /* MBEDTLS_THREADING_C && MBEDTLS_X509_USE_GMTIME */ + tt = mbedtls_time( NULL ); #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) lt = gmtime_s( &tm_buf, &tt ) == 0 ? &tm_buf : NULL; -#else +#elif defined(_POSIX_VERSION) lt = gmtime_r( &tt, &tm_buf ); +#else + lt = gmtime( &tt ); #endif if( lt == NULL ) @@ -919,6 +936,11 @@ static int x509_get_current_time( mbedtls_x509_time *now ) now->sec = lt->tm_sec; } +#if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_X509_USE_GMTIME) + if( mbedtls_mutex_unlock( &mbedtls_threading_gmtime_mutex ) != 0 ) + return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); +#endif /* MBEDTLS_THREADING_C && MBEDTLS_X509_USE_GMTIME */ + return( ret ); } From 824dfb34b4b34854daefa71211a8896c634f33f4 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 7 Aug 2018 20:29:57 +0100 Subject: [PATCH 02/43] Add ChangeLog entry for use of gmtime --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index bda3de8f5..d8b282990 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,8 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if MBEDTLS_ARC4_C and MBEDTLS_CIPHER_NULL_CIPHER weren't also defined. #1890 + * Fix build failures on where only gmtime() is available but neither + gmtime_r() nor gmtime_s() are present. Fixes #1907. = mbed TLS 2.12.0 branch released 2018-07-25 From 97f3ecb972f2901c55c9a490a69f175012e7e6d1 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 7 Aug 2018 20:39:27 +0100 Subject: [PATCH 03/43] Document dependency on gmtime, gmtime_r & gmtime_s --- include/mbedtls/config.h | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 70820be56..9ee86ff24 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -137,12 +137,20 @@ /** * \def MBEDTLS_HAVE_TIME_DATE * - * System has time.h and time(), gmtime() and the clock is correct. + * System has time.h and time(), gmtime_s() (Windows), gmtime_r() (POSIX) or + * gmtime() and the clock is correct. * The time needs to be correct (not necesarily very accurate, but at least * the date should be correct). This is used to verify the validity period of * X.509 certificates. * * Comment if your system does not have a correct clock. + * + * \warning gmtime() is used if the target platform is neither Windows nor + * POSIX. Unfortunately, gmtime() is not thread-safe, so a mutex is used when + * MBEDTLS_THREADING_C is defined to guarantee sequential usage of gmtime() + * across Mbed TLS threads. However, applications must ensure that calls to + * gmtime() from outside the library also use the mutex to avoid concurrency + * issues. */ #define MBEDTLS_HAVE_TIME_DATE From d7177435e3eb9ec7c1c34e16da9b6385003543e9 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 8 Aug 2018 09:41:17 +0100 Subject: [PATCH 04/43] Fix check-names.sh fail with USE_GMTIME macro --- library/threading.c | 8 ++++---- library/x509.c | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/library/threading.c b/library/threading.c index fa4f6c928..95ae8d144 100644 --- a/library/threading.c +++ b/library/threading.c @@ -33,7 +33,7 @@ (defined(__APPLE__) && defined(__MACH__))) #include #if !defined(_POSIX_VERSION) -#define MBEDTLS_THREADING_USE_GMTIME +#define THREADING_USE_GMTIME #endif /* !_POSIX_VERSION */ #endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */ @@ -122,7 +122,7 @@ void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * #if defined(MBEDTLS_FS_IO) mbedtls_mutex_init( &mbedtls_threading_readdir_mutex ); #endif -#if defined(MBEDTLS_THREADING_USE_GMTIME) +#if defined(THREADING_USE_GMTIME) mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex ); #endif } @@ -135,7 +135,7 @@ void mbedtls_threading_free_alt( void ) #if defined(MBEDTLS_FS_IO) mbedtls_mutex_free( &mbedtls_threading_readdir_mutex ); #endif -#if defined(MBEDTLS_THREADING_USE_GMTIME) +#if defined(THREADING_USE_GMTIME) mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex ); #endif } @@ -150,7 +150,7 @@ void mbedtls_threading_free_alt( void ) #if defined(MBEDTLS_FS_IO) mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT; #endif -#if defined(MBEDTLS_THREADING_USE_GMTIME) +#if defined(THREADING_USE_GMTIME) mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT; #endif diff --git a/library/x509.c b/library/x509.c index b7e799b44..03c3bbe1d 100644 --- a/library/x509.c +++ b/library/x509.c @@ -894,7 +894,7 @@ int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name ) (defined(__APPLE__) && defined(__MACH__))) #include #if !defined(_POSIX_VERSION) -#define MBEDTLS_X509_USE_GMTIME +#define X509_USE_GMTIME #endif /* !_POSIX_VERSION */ #endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */ @@ -910,10 +910,10 @@ static int x509_get_current_time( mbedtls_x509_time *now ) (void)tm_buf; -#if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_X509_USE_GMTIME) +#if defined(MBEDTLS_THREADING_C) && defined(X509_USE_GMTIME) if( mbedtls_mutex_lock( &mbedtls_threading_gmtime_mutex ) != 0 ) return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); -#endif /* MBEDTLS_THREADING_C && MBEDTLS_X509_USE_GMTIME */ +#endif /* MBEDTLS_THREADING_C && X509_USE_GMTIME */ tt = mbedtls_time( NULL ); #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) @@ -936,10 +936,10 @@ static int x509_get_current_time( mbedtls_x509_time *now ) now->sec = lt->tm_sec; } -#if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_X509_USE_GMTIME) +#if defined(MBEDTLS_THREADING_C) && defined(X509_USE_GMTIME) if( mbedtls_mutex_unlock( &mbedtls_threading_gmtime_mutex ) != 0 ) return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); -#endif /* MBEDTLS_THREADING_C && MBEDTLS_X509_USE_GMTIME */ +#endif /* MBEDTLS_THREADING_C && X509_USE_GMTIME */ return( ret ); } From 1abb368b8760569a53350f6d7f7cd628812f29d5 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 16 Aug 2018 21:42:09 +0100 Subject: [PATCH 05/43] Make gmtime() configurable at compile-time --- include/mbedtls/config.h | 19 +++++++++++++ include/mbedtls/platform_util.h | 43 +++++++++++++++++++++++++++++ include/mbedtls/threading.h | 4 +-- library/platform_util.c | 49 +++++++++++++++++++++++++++++++++ library/threading.c | 4 +-- library/x509.c | 31 ++------------------- 6 files changed, 117 insertions(+), 33 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 9ee86ff24..18fbf92df 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3091,6 +3091,25 @@ */ //#define MBEDTLS_PLATFORM_ZEROIZE_ALT +/** + * Uncomment the macro to let Mbed TLS use your alternate implementation of + * mbedtls_platform_gmtime(). This replaces the default implementation in + * platform_util.c. + * + * gmtime() is not a thread safe function as defined in the C standard. The + * library will try to use safer implementations of this function, such as + * gmtime_r() when available. However, if Mbed TLS cannot identify the target + * system, the implementation of mbedtls_platform_gmtime() will default to + * using the standard gmtime(). In this case, calls from the library to + * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex + * if MBEDTLS_THREADING_C is enable. It is advised that calls from outside the + * library are also guarded with this mutex to avoid race conditions. However, + * if the macro MBEDTLS_PLATFORM_GMTIME_ALT is defined, Mbed TLS will + * unconditionally use the implementation for mbedtls_platform_time() supplied + * at compile time. + */ +//#define MBEDTLS_PLATFORM_GMTIME_ALT + /* \} name SECTION: Customisation configuration options */ /* Target and application specific configurations */ diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 84f0732ee..5f26fb82c 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -25,7 +25,18 @@ #ifndef MBEDTLS_PLATFORM_UTIL_H #define MBEDTLS_PLATFORM_UTIL_H +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#include "mbedtls/platform_time.h" + #include +#if defined(MBEDTLS_HAVE_TIME_DATE) +#include +#endif /* MBEDTLS_HAVE_TIME_DATE */ #ifdef __cplusplus extern "C" { @@ -55,6 +66,38 @@ extern "C" { */ void mbedtls_platform_zeroize( void *buf, size_t len ); +#if defined(MBEDTLS_HAVE_TIME_DATE) +/** + * \brief Thread safe implementation of gmtime() + * + * The function is an abstraction that when called behaves similar + * to the gmtime() function from the C standard, but is thread + * safe. + * + * Mbed TLS will try to identify the underlying platform and + * configure an appropriate underlying implementation (e.g. + * gmtime_r() for POSIX and gmtime_s() for Windows). If this is + * not possible, then gmtime() will be used. In this case, calls + * from the library to gmtime() will be guarded by the mutex + * mbedtls_threading_gmtime_mutex if MBEDTLS_THREADING_C is + * enabled. It is recommended that calls from outside the library + * are also guarded by this mutex. + * + * If MBEDTLS_PLATFORM_GMTIME_ALT is defined, then Mbed TLS will + * unconditionally use the alternative implementation for + * mbedtls_platform_gmtime() supplied by the user at compile time + * + * \param tt Pointer to an object containing time (in seconds) since the + * Epoc to be converted + * \param tm Pointer to an object where the results will be stored + * + * \return Pointer to an object of type struct tm on success, otherwise + * NULL + */ +struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt, + struct tm *tm_buf ); +#endif /* MBEDTLS_HAVE_TIME_DATE */ + #ifdef __cplusplus } #endif diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 4cfaadde2..070715259 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -103,9 +103,9 @@ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; #if !defined(_WIN32) && (defined(__unix__) || \ (defined(__APPLE__) && defined(__MACH__))) #include -#if !defined(_POSIX_VERSION) +#if !defined(_POSIX_VERSION) || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; -#endif /* !_POSIX_VERSION */ +#endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ #endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */ #endif /* MBEDTLS_HAVE_TIME_DATE */ #endif /* MBEDTLS_THREADING_C */ diff --git a/library/platform_util.c b/library/platform_util.c index 1a57de939..e41f3c49c 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -20,6 +20,12 @@ * This file is part of Mbed TLS (https://tls.mbed.org) */ +/* + * Ensure gmtime_r is available even with -std=c99; must be included before + * config.h, which pulls in glibc's features.h. Harmless on other platforms. + */ +#define _POSIX_C_SOURCE 200112L + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else @@ -27,6 +33,7 @@ #endif #include "mbedtls/platform_util.h" +#include "mbedtls/threading.h" #include #include @@ -65,3 +72,45 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) memset_func( buf, 0, len ); } #endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */ + +#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_ALT) +#include +#if !defined(_WIN32) && (defined(__unix__) || \ + (defined(__APPLE__) && defined(__MACH__))) +#include +#if !defined(_POSIX_VERSION) || _POSIX_C_SOURCE > _POSIX_THREAD_SAFE_FUNCTIONS +#define PLATFORM_UTIL_USE_GMTIME +#endif /* !_POSIX_VERSION || _POSIX_C_SOURCE > _POSIX_THREAD_SAFE_FUNCTIONS */ +#endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */ + +struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt, + struct tm *tm_buf ) +{ +#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) + return ( gmtime_s( tm_buf, tt ) == 0 ) ? tm_buf : NULL; +#elif !defined(PLATFORM_UTIL_USE_GMTIME) + return gmtime_r( tt, tm_buf ); +#else + struct tm *lt; + +#if defined(MBEDTLS_THREADING_C) + if( mbedtls_mutex_lock( &mbedtls_threading_gmtime_mutex ) != 0 ) + return( NULL ); +#endif /* MBEDTLS_THREADING_C */ + + lt = gmtime( tt ); + + if( lt != NULL ) + { + memcpy( tm_buf, lt, sizeof( struct tm ) ); + } + +#if defined(MBEDTLS_THREADING_C) + if( mbedtls_mutex_unlock( &mbedtls_threading_gmtime_mutex ) != 0 ) + return( NULL ); +#endif /* MBEDTLS_THREADING_C */ + + return ( lt == NULL ) ? NULL : tm_buf; +#endif +} +#endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_ALT */ diff --git a/library/threading.c b/library/threading.c index 95ae8d144..3d7f61b2e 100644 --- a/library/threading.c +++ b/library/threading.c @@ -32,9 +32,9 @@ #if !defined(_WIN32) && (defined(__unix__) || \ (defined(__APPLE__) && defined(__MACH__))) #include -#if !defined(_POSIX_VERSION) +#if !defined(_POSIX_VERSION) || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS #define THREADING_USE_GMTIME -#endif /* !_POSIX_VERSION */ +#endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ #endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */ #if defined(MBEDTLS_THREADING_PTHREAD) diff --git a/library/x509.c b/library/x509.c index 03c3bbe1d..15c0123c3 100644 --- a/library/x509.c +++ b/library/x509.c @@ -29,10 +29,6 @@ * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf */ -/* Ensure gmtime_r is available even with -std=c99; must be included before - * config.h, which pulls in glibc's features.h. Harmless on other platforms. */ -#define _POSIX_C_SOURCE 200112L - #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else @@ -67,6 +63,7 @@ #include "mbedtls/platform_time.h" #endif #if defined(MBEDTLS_HAVE_TIME_DATE) +#include "mbedtls/platform_util.h" #include #endif @@ -890,14 +887,6 @@ int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name ) } #if defined(MBEDTLS_HAVE_TIME_DATE) -#if !defined(_WIN32) && (defined(__unix__) || \ - (defined(__APPLE__) && defined(__MACH__))) -#include -#if !defined(_POSIX_VERSION) -#define X509_USE_GMTIME -#endif /* !_POSIX_VERSION */ -#endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */ - /* * Set the time structure to the current time. * Return 0 on success, non-zero on failure. @@ -910,19 +899,8 @@ static int x509_get_current_time( mbedtls_x509_time *now ) (void)tm_buf; -#if defined(MBEDTLS_THREADING_C) && defined(X509_USE_GMTIME) - if( mbedtls_mutex_lock( &mbedtls_threading_gmtime_mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); -#endif /* MBEDTLS_THREADING_C && X509_USE_GMTIME */ - tt = mbedtls_time( NULL ); -#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) - lt = gmtime_s( &tm_buf, &tt ) == 0 ? &tm_buf : NULL; -#elif defined(_POSIX_VERSION) - lt = gmtime_r( &tt, &tm_buf ); -#else - lt = gmtime( &tt ); -#endif + lt = mbedtls_platform_gmtime( &tt, &tm_buf ); if( lt == NULL ) ret = -1; @@ -936,11 +914,6 @@ static int x509_get_current_time( mbedtls_x509_time *now ) now->sec = lt->tm_sec; } -#if defined(MBEDTLS_THREADING_C) && defined(X509_USE_GMTIME) - if( mbedtls_mutex_unlock( &mbedtls_threading_gmtime_mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); -#endif /* MBEDTLS_THREADING_C && X509_USE_GMTIME */ - return( ret ); } From a7b9f15f2721850ba2d4a02d438e40e050358f12 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 16 Aug 2018 21:46:35 +0100 Subject: [PATCH 06/43] Add ChangeLog entry for configurable gmtime() in platform --- ChangeLog | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ChangeLog b/ChangeLog index d8b282990..5aa54e57c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,14 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +API Changes + * Extend the platform module with an abstraction mbedtls_platform_gmtime() + whose implementation should behave as a thread safe version of gmtime(). + This allows users to configure such an implementation at compile time when + the target system cannot be deduced automatically. At this stage Mbed TLS + is only able to configure implementations for Windows and POSIX C + libraries. + Bugfix * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if MBEDTLS_ARC4_C and MBEDTLS_CIPHER_NULL_CIPHER weren't also defined. #1890 From 248e27c487ed2aca15b335112bf909808ba8ba10 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 16 Aug 2018 21:50:23 +0100 Subject: [PATCH 07/43] Remove redundant statement from x509_get_current_time --- library/x509.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/x509.c b/library/x509.c index 15c0123c3..c17697b22 100644 --- a/library/x509.c +++ b/library/x509.c @@ -897,8 +897,6 @@ static int x509_get_current_time( mbedtls_x509_time *now ) mbedtls_time_t tt; int ret = 0; - (void)tm_buf; - tt = mbedtls_time( NULL ); lt = mbedtls_platform_gmtime( &tt, &tm_buf ); From c99b12b158b7897fd91b821849358db7f695f266 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 21 Aug 2018 19:32:44 +0100 Subject: [PATCH 08/43] Fix documentation for MBEDTLS_HAVE_DATE_TIME --- include/mbedtls/config.h | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 18fbf92df..ff123560c 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -137,20 +137,25 @@ /** * \def MBEDTLS_HAVE_TIME_DATE * - * System has time.h and time(), gmtime_s() (Windows), gmtime_r() (POSIX) or - * gmtime() and the clock is correct. + * System has time.h, time(), an implementation for mbedtls_platform_gmtime(), + * and the clock is correct. * The time needs to be correct (not necesarily very accurate, but at least * the date should be correct). This is used to verify the validity period of * X.509 certificates. * * Comment if your system does not have a correct clock. * - * \warning gmtime() is used if the target platform is neither Windows nor - * POSIX. Unfortunately, gmtime() is not thread-safe, so a mutex is used when - * MBEDTLS_THREADING_C is defined to guarantee sequential usage of gmtime() - * across Mbed TLS threads. However, applications must ensure that calls to - * gmtime() from outside the library also use the mutex to avoid concurrency - * issues. + * \note mbedtls_platform_gmtime() is an abstraction in platform_util.h that + * when called behaves similar to the gmtime() function from the C standard, + * but is thread safe. Mbed TLS will try to identify the underlying platform + * and configure an appropriate underlying implementation (e.g. gmtime_r() for + * POSIX and gmtime_s() for Windows). If this is not possible, then gmtime() + * will be used. Refer to the documentation for mbedtls_platform_gmtime() for + * more information. + * + * \note It is possible to configure an implementation for + * mbedtls_platform_gmtime() at compile-time by using the macro + * MBEDTLS_PLATFORM_GMTIME_ALT. */ #define MBEDTLS_HAVE_TIME_DATE From a658d7dd9ddbf1dd7e00ccc9862eee51ba62f092 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 21 Aug 2018 19:33:02 +0100 Subject: [PATCH 09/43] Fix style for mbedtls_platform_gmtime() --- library/platform_util.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/platform_util.c b/library/platform_util.c index e41f3c49c..68d2522b5 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -87,9 +87,9 @@ struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt, struct tm *tm_buf ) { #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) - return ( gmtime_s( tm_buf, tt ) == 0 ) ? tm_buf : NULL; + return( ( gmtime_s( tm_buf, tt ) == 0 ) ? tm_buf : NULL ); #elif !defined(PLATFORM_UTIL_USE_GMTIME) - return gmtime_r( tt, tm_buf ); + return( gmtime_r( tt, tm_buf ) ); #else struct tm *lt; @@ -110,7 +110,7 @@ struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt, return( NULL ); #endif /* MBEDTLS_THREADING_C */ - return ( lt == NULL ) ? NULL : tm_buf; -#endif + return( ( lt == NULL ) ? NULL : tm_buf ); +#endif /* _WIN32 && !EFIX64 && !EFI32 */ } #endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_ALT */ From c2f948b6c6f1bea1bb0d4a1335ef6a9ea4780f6c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 5 Sep 2018 11:21:44 +0100 Subject: [PATCH 10/43] Fix grammar in docs for MBEDTLS_HAVE_TIME_DATE --- include/mbedtls/config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index ff123560c..ba7e5d3c0 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -146,7 +146,7 @@ * Comment if your system does not have a correct clock. * * \note mbedtls_platform_gmtime() is an abstraction in platform_util.h that - * when called behaves similar to the gmtime() function from the C standard, + * when called behaves similarly to the gmtime() function from the C standard, * but is thread safe. Mbed TLS will try to identify the underlying platform * and configure an appropriate underlying implementation (e.g. gmtime_r() for * POSIX and gmtime_s() for Windows). If this is not possible, then gmtime() From e9b10b21f11a84a8fbf74ce663935c7caea563fa Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 5 Sep 2018 11:25:30 +0100 Subject: [PATCH 11/43] Define _POSIX_C_SOURCE in threading.c before POSIX detection --- library/threading.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/threading.c b/library/threading.c index 3d7f61b2e..c22a1dadc 100644 --- a/library/threading.c +++ b/library/threading.c @@ -19,6 +19,12 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ +/* + * Ensure gmtime_r is available even with -std=c99; must be included before + * config.h, which pulls in glibc's features.h. Harmless on other platforms. + */ +#define _POSIX_C_SOURCE 200112L + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else From 209960611f6212004f89215091246a1882e22fe9 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 5 Sep 2018 11:27:56 +0100 Subject: [PATCH 12/43] Use gmtime_s() for IAR --- library/platform_util.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/platform_util.c b/library/platform_util.c index 68d2522b5..e440e5a55 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -88,6 +88,8 @@ struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt, { #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) return( ( gmtime_s( tm_buf, tt ) == 0 ) ? tm_buf : NULL ); +#elif defined(__IAR_SYSTEMS_ICC__) + return( gmtime_s( tt, tm_buf ) ); #elif !defined(PLATFORM_UTIL_USE_GMTIME) return( gmtime_r( tt, tm_buf ) ); #else From 8c9a620fb6a8cd5504d757abd19aabf8453531bd Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 5 Sep 2018 11:30:28 +0100 Subject: [PATCH 13/43] Fix missing word in ChangeLog entry for gmtime() --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5aa54e57c..dce8f5ff8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,8 +13,8 @@ API Changes Bugfix * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if MBEDTLS_ARC4_C and MBEDTLS_CIPHER_NULL_CIPHER weren't also defined. #1890 - * Fix build failures on where only gmtime() is available but neither - gmtime_r() nor gmtime_s() are present. Fixes #1907. + * Fix build failures on platforms where only gmtime() is available but + neither gmtime_r() nor gmtime_s() are present. Fixes #1907. = mbed TLS 2.12.0 branch released 2018-07-25 From ca04a01bb8599eeca77d6f426a65aba7e9b8b0a3 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 5 Sep 2018 11:43:57 +0100 Subject: [PATCH 14/43] Document shorthand gmtime macros --- include/mbedtls/threading.h | 11 ++++++++--- library/platform_util.c | 13 ++++++++++--- library/threading.c | 13 ++++++++++--- 3 files changed, 28 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 070715259..e613be9c2 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -100,13 +100,18 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; #endif #if defined(MBEDTLS_HAVE_TIME_DATE) -#if !defined(_WIN32) && (defined(__unix__) || \ - (defined(__APPLE__) && defined(__MACH__))) +#if !defined(_WIN32) && (defined(unix) || defined(__unix) || \ + defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))) #include #if !defined(_POSIX_VERSION) || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS +/* + * The preprocessor conditions above are the same as in platform_utils.c and + * threading.c. Remember to update the code there when changing the conditions + * here + */ extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ -#endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */ +#endif /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__)) */ #endif /* MBEDTLS_HAVE_TIME_DATE */ #endif /* MBEDTLS_THREADING_C */ diff --git a/library/platform_util.c b/library/platform_util.c index e440e5a55..2dd530d1d 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -75,13 +75,20 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_ALT) #include -#if !defined(_WIN32) && (defined(__unix__) || \ - (defined(__APPLE__) && defined(__MACH__))) +#if !defined(_WIN32) && (defined(unix) || defined(__unix) || \ + defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))) #include #if !defined(_POSIX_VERSION) || _POSIX_C_SOURCE > _POSIX_THREAD_SAFE_FUNCTIONS +/* + * This is a convenience shorthand macro to avoid checking the long + * preprocessor conditions above. Ideally, we could expose this macro in + * platform_utils.h and simply use it in platform_utils.c, threading.c and + * threading.h. However, this macro is not part of the Mbed TLS public API, so + * we keep it private by only definining it in this file + */ #define PLATFORM_UTIL_USE_GMTIME #endif /* !_POSIX_VERSION || _POSIX_C_SOURCE > _POSIX_THREAD_SAFE_FUNCTIONS */ -#endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */ +#endif /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__)) */ struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt, struct tm *tm_buf ) diff --git a/library/threading.c b/library/threading.c index c22a1dadc..f7bca0fec 100644 --- a/library/threading.c +++ b/library/threading.c @@ -35,13 +35,20 @@ #include "mbedtls/threading.h" -#if !defined(_WIN32) && (defined(__unix__) || \ - (defined(__APPLE__) && defined(__MACH__))) +#if !defined(_WIN32) && (defined(unix) || defined(__unix) || \ + defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))) #include #if !defined(_POSIX_VERSION) || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS +/* + * This is a convenience shorthand macro to avoid checking the long + * preprocessor conditions above. Ideally, we could expose this macro in + * platform_utils.h and simply use it in platform_utils.c, threading.c and + * threading.h. However, this macro is not part of the Mbed TLS public API, so + * we keep it private by only definining it in this file + */ #define THREADING_USE_GMTIME #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ -#endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */ +#endif /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__)) */ #if defined(MBEDTLS_THREADING_PTHREAD) static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex ) From 193fe893a696b624ce2348b608e458adb14c87af Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 5 Sep 2018 11:47:33 +0100 Subject: [PATCH 15/43] Add missing _POSIX_C_SOURCE define in threading.h --- include/mbedtls/threading.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index e613be9c2..71538c07a 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -24,6 +24,12 @@ #ifndef MBEDTLS_THREADING_H #define MBEDTLS_THREADING_H +/* + * Ensure gmtime_r is available even with -std=c99; must be included before + * config.h, which pulls in glibc's features.h. Harmless on other platforms. + */ +#define _POSIX_C_SOURCE 200112L + #if !defined(MBEDTLS_CONFIG_FILE) #include "config.h" #else From 3c9733a0a3a18b1381dfeaa7e6bc07457672f9cc Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 5 Sep 2018 11:52:07 +0100 Subject: [PATCH 16/43] Fix typo in comment for gmtime macro defines --- library/platform_util.c | 2 +- library/threading.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/library/platform_util.c b/library/platform_util.c index 2dd530d1d..89f132ae9 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -84,7 +84,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) * preprocessor conditions above. Ideally, we could expose this macro in * platform_utils.h and simply use it in platform_utils.c, threading.c and * threading.h. However, this macro is not part of the Mbed TLS public API, so - * we keep it private by only definining it in this file + * we keep it private by only defining it in this file */ #define PLATFORM_UTIL_USE_GMTIME #endif /* !_POSIX_VERSION || _POSIX_C_SOURCE > _POSIX_THREAD_SAFE_FUNCTIONS */ diff --git a/library/threading.c b/library/threading.c index f7bca0fec..0496b976a 100644 --- a/library/threading.c +++ b/library/threading.c @@ -44,7 +44,7 @@ * preprocessor conditions above. Ideally, we could expose this macro in * platform_utils.h and simply use it in platform_utils.c, threading.c and * threading.h. However, this macro is not part of the Mbed TLS public API, so - * we keep it private by only definining it in this file + * we keep it private by only defining it in this file */ #define THREADING_USE_GMTIME #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ From c29c34c1b4bc4f3036cf45a4fda3a044fd9e4efa Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 5 Sep 2018 11:54:40 +0100 Subject: [PATCH 17/43] Improve wording of gmtime feature in ChangeLog --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index dce8f5ff8..093a42bc1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,8 +7,8 @@ API Changes whose implementation should behave as a thread safe version of gmtime(). This allows users to configure such an implementation at compile time when the target system cannot be deduced automatically. At this stage Mbed TLS - is only able to configure implementations for Windows and POSIX C - libraries. + is only able to automtically select implementations for Windows and POSIX + C libraries. Bugfix * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if From e58088edb9c9bbea6c70ed40c88205c4de4a6774 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 5 Sep 2018 11:55:49 +0100 Subject: [PATCH 18/43] Clarify docs for MBEDTLS_HAVE_TIME_DATE --- include/mbedtls/config.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index ba7e5d3c0..f4c8ecff9 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -137,8 +137,8 @@ /** * \def MBEDTLS_HAVE_TIME_DATE * - * System has time.h, time(), an implementation for mbedtls_platform_gmtime(), - * and the clock is correct. + * System has time.h, time(), an implementation for mbedtls_platform_gmtime() + * (see below), and the clock is correct. * The time needs to be correct (not necesarily very accurate, but at least * the date should be correct). This is used to verify the validity period of * X.509 certificates. From 433f911e59162c6356955ff1e8ef8d28ab2a5ea1 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 5 Sep 2018 12:01:57 +0100 Subject: [PATCH 19/43] Check for IAR in gmtime macros --- include/mbedtls/threading.h | 8 +++++--- library/platform_util.c | 8 +++++--- library/threading.c | 8 +++++--- 3 files changed, 15 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 71538c07a..dc724eee2 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -106,8 +106,9 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; #endif #if defined(MBEDTLS_HAVE_TIME_DATE) -#if !defined(_WIN32) && (defined(unix) || defined(__unix) || \ - defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))) +#if !defined(_WIN32) && !defined(__IAR_SYSTEMS_ICC__) && (defined(unix) || \ + defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ + defined(__MACH__))) #include #if !defined(_POSIX_VERSION) || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS /* @@ -117,7 +118,8 @@ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; */ extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ -#endif /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__)) */ +#endif /* !_WIN32 && !__IAR_SYSTEMS_ICC__ && (unix || __unix || __unix__ || + * (__APPLE__ && __MACH__)) */ #endif /* MBEDTLS_HAVE_TIME_DATE */ #endif /* MBEDTLS_THREADING_C */ diff --git a/library/platform_util.c b/library/platform_util.c index 89f132ae9..9bcf15e6a 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -75,8 +75,9 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_ALT) #include -#if !defined(_WIN32) && (defined(unix) || defined(__unix) || \ - defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))) +#if !defined(_WIN32) && !defined(__IAR_SYSTEMS_ICC__) && (defined(unix) || \ + defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ + defined(__MACH__))) #include #if !defined(_POSIX_VERSION) || _POSIX_C_SOURCE > _POSIX_THREAD_SAFE_FUNCTIONS /* @@ -88,7 +89,8 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) */ #define PLATFORM_UTIL_USE_GMTIME #endif /* !_POSIX_VERSION || _POSIX_C_SOURCE > _POSIX_THREAD_SAFE_FUNCTIONS */ -#endif /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__)) */ +#endif /* !_WIN32 && !__IAR_SYSTEMS_ICC__ && (unix || __unix || __unix__ || + * (__APPLE__ && __MACH__)) */ struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt, struct tm *tm_buf ) diff --git a/library/threading.c b/library/threading.c index 0496b976a..7231f2f9b 100644 --- a/library/threading.c +++ b/library/threading.c @@ -35,8 +35,9 @@ #include "mbedtls/threading.h" -#if !defined(_WIN32) && (defined(unix) || defined(__unix) || \ - defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))) +#if !defined(_WIN32) && !defined(__IAR_SYSTEMS_ICC__) && (defined(unix) || \ + defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ + defined(__MACH__))) #include #if !defined(_POSIX_VERSION) || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS /* @@ -48,7 +49,8 @@ */ #define THREADING_USE_GMTIME #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ -#endif /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__)) */ +#endif /* !_WIN32 && !__IAR_SYSTEMS_ICC__ && (unix || __unix || __unix__ || + * (__APPLE__ && __MACH__)) */ #if defined(MBEDTLS_THREADING_PTHREAD) static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex ) From 45e30201a4c2c31bbc92d556817cdf4b092a4619 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 5 Sep 2018 12:05:59 +0100 Subject: [PATCH 20/43] Document that IAR gmtime_s() is auto selected --- ChangeLog | 4 ++-- include/mbedtls/config.h | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 093a42bc1..1ba5f0e00 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,8 +7,8 @@ API Changes whose implementation should behave as a thread safe version of gmtime(). This allows users to configure such an implementation at compile time when the target system cannot be deduced automatically. At this stage Mbed TLS - is only able to automtically select implementations for Windows and POSIX - C libraries. + is only able to automatically select implementations for Windows, POSIX + C libraries and IAR. Bugfix * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index f4c8ecff9..cbf8f58aa 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -149,9 +149,9 @@ * when called behaves similarly to the gmtime() function from the C standard, * but is thread safe. Mbed TLS will try to identify the underlying platform * and configure an appropriate underlying implementation (e.g. gmtime_r() for - * POSIX and gmtime_s() for Windows). If this is not possible, then gmtime() - * will be used. Refer to the documentation for mbedtls_platform_gmtime() for - * more information. + * POSIX and gmtime_s() for Windows and IAR). If this is not possible, then + * gmtime() will be used. Refer to the documentation for + * mbedtls_platform_gmtime() for more information. * * \note It is possible to configure an implementation for * mbedtls_platform_gmtime() at compile-time by using the macro From 94b540ac63c0c8d9d87edff9772dc7754bd4d220 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 5 Sep 2018 12:27:32 +0100 Subject: [PATCH 21/43] Avoid redefining _POSIX_C_SOURCE --- include/mbedtls/threading.h | 2 ++ library/platform_util.c | 2 ++ library/threading.c | 2 ++ 3 files changed, 6 insertions(+) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index dc724eee2..1b13deb3e 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -28,7 +28,9 @@ * Ensure gmtime_r is available even with -std=c99; must be included before * config.h, which pulls in glibc's features.h. Harmless on other platforms. */ +#if !defined(_POSIX_C_SOURCE) #define _POSIX_C_SOURCE 200112L +#endif #if !defined(MBEDTLS_CONFIG_FILE) #include "config.h" diff --git a/library/platform_util.c b/library/platform_util.c index 9bcf15e6a..6a5feb321 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -24,7 +24,9 @@ * Ensure gmtime_r is available even with -std=c99; must be included before * config.h, which pulls in glibc's features.h. Harmless on other platforms. */ +#if !defined(_POSIX_C_SOURCE) #define _POSIX_C_SOURCE 200112L +#endif #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" diff --git a/library/threading.c b/library/threading.c index 7231f2f9b..c1834bace 100644 --- a/library/threading.c +++ b/library/threading.c @@ -23,7 +23,9 @@ * Ensure gmtime_r is available even with -std=c99; must be included before * config.h, which pulls in glibc's features.h. Harmless on other platforms. */ +#if !defined(_POSIX_C_SOURCE) #define _POSIX_C_SOURCE 200112L +#endif #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" From cfeb70c6b98d489dd3a7de5b1523abe44ccd5793 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 13:50:22 +0100 Subject: [PATCH 22/43] gmtime: Remove special treatment for IAR Previous commits attempted to use `gmtime_s()` for IAR systems; however, this attempt depends on the use of C11 extensions which lead to incompatibility with other pieces of the library, such as the use of `memset()` which is being deprecated in favor of `memset_s()` in C11. --- ChangeLog | 4 ++-- include/mbedtls/threading.h | 4 ++-- library/platform_util.c | 6 ++---- library/threading.c | 4 ++-- 4 files changed, 8 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1ba5f0e00..0a60f70fe 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,8 +7,8 @@ API Changes whose implementation should behave as a thread safe version of gmtime(). This allows users to configure such an implementation at compile time when the target system cannot be deduced automatically. At this stage Mbed TLS - is only able to automatically select implementations for Windows, POSIX - C libraries and IAR. + is only able to automatically select implementations for Windows and POSIX + C libraries. Bugfix * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 1b13deb3e..a65eefa92 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -108,7 +108,7 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; #endif #if defined(MBEDTLS_HAVE_TIME_DATE) -#if !defined(_WIN32) && !defined(__IAR_SYSTEMS_ICC__) && (defined(unix) || \ +#if !defined(_WIN32) && (defined(unix) || \ defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ defined(__MACH__))) #include @@ -120,7 +120,7 @@ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; */ extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ -#endif /* !_WIN32 && !__IAR_SYSTEMS_ICC__ && (unix || __unix || __unix__ || +#endif /* !_WIN32 && (unix || __unix || __unix__ || * (__APPLE__ && __MACH__)) */ #endif /* MBEDTLS_HAVE_TIME_DATE */ #endif /* MBEDTLS_THREADING_C */ diff --git a/library/platform_util.c b/library/platform_util.c index 6a5feb321..c248cf529 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -77,7 +77,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_ALT) #include -#if !defined(_WIN32) && !defined(__IAR_SYSTEMS_ICC__) && (defined(unix) || \ +#if !defined(_WIN32) && (defined(unix) || \ defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ defined(__MACH__))) #include @@ -91,7 +91,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) */ #define PLATFORM_UTIL_USE_GMTIME #endif /* !_POSIX_VERSION || _POSIX_C_SOURCE > _POSIX_THREAD_SAFE_FUNCTIONS */ -#endif /* !_WIN32 && !__IAR_SYSTEMS_ICC__ && (unix || __unix || __unix__ || +#endif /* !_WIN32 && (unix || __unix || __unix__ || * (__APPLE__ && __MACH__)) */ struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt, @@ -99,8 +99,6 @@ struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt, { #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) return( ( gmtime_s( tm_buf, tt ) == 0 ) ? tm_buf : NULL ); -#elif defined(__IAR_SYSTEMS_ICC__) - return( gmtime_s( tt, tm_buf ) ); #elif !defined(PLATFORM_UTIL_USE_GMTIME) return( gmtime_r( tt, tm_buf ) ); #else diff --git a/library/threading.c b/library/threading.c index c1834bace..9d5c4f104 100644 --- a/library/threading.c +++ b/library/threading.c @@ -37,7 +37,7 @@ #include "mbedtls/threading.h" -#if !defined(_WIN32) && !defined(__IAR_SYSTEMS_ICC__) && (defined(unix) || \ +#if !defined(_WIN32) && (defined(unix) || \ defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ defined(__MACH__))) #include @@ -51,7 +51,7 @@ */ #define THREADING_USE_GMTIME #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ -#endif /* !_WIN32 && !__IAR_SYSTEMS_ICC__ && (unix || __unix || __unix__ || +#endif /* !_WIN32 && (unix || __unix || __unix__ || * (__APPLE__ && __MACH__)) */ #if defined(MBEDTLS_THREADING_PTHREAD) From 272675f4c665a0aa401b0ede5945424f83b64949 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 14:03:02 +0100 Subject: [PATCH 23/43] Correct documentation of mbedtls_platform_gmtime() --- include/mbedtls/platform_util.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 5f26fb82c..befd3344c 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -87,9 +87,9 @@ void mbedtls_platform_zeroize( void *buf, size_t len ); * unconditionally use the alternative implementation for * mbedtls_platform_gmtime() supplied by the user at compile time * - * \param tt Pointer to an object containing time (in seconds) since the - * Epoc to be converted - * \param tm Pointer to an object where the results will be stored + * \param tt Pointer to an object containing time (in seconds) since the + * Epoc to be converted + * \param tm_buf Pointer to an object where the results will be stored * * \return Pointer to an object of type struct tm on success, otherwise * NULL From 5f95c798a321ca7cb8a754100bdae9ccd397685c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 14:36:36 +0100 Subject: [PATCH 24/43] Remove another mentioning of IAR from config.h --- include/mbedtls/config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index cbf8f58aa..226190de0 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -149,7 +149,7 @@ * when called behaves similarly to the gmtime() function from the C standard, * but is thread safe. Mbed TLS will try to identify the underlying platform * and configure an appropriate underlying implementation (e.g. gmtime_r() for - * POSIX and gmtime_s() for Windows and IAR). If this is not possible, then + * POSIX and gmtime_s() for Windows). If this is not possible, then * gmtime() will be used. Refer to the documentation for * mbedtls_platform_gmtime() for more information. * From be2e4bddd5ed6df04f4dc50e76daaf362f27553d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 14:44:31 +0100 Subject: [PATCH 25/43] Guard decl and use of gmtime mutex by HAVE_TIME_DATE and !GMTIME_ALT --- include/mbedtls/threading.h | 4 ++-- library/threading.c | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index a65eefa92..9235a1e98 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -107,7 +107,7 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); #if defined(MBEDTLS_FS_IO) extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; #endif -#if defined(MBEDTLS_HAVE_TIME_DATE) +#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_ALT) #if !defined(_WIN32) && (defined(unix) || \ defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ defined(__MACH__))) @@ -122,7 +122,7 @@ extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ #endif /* !_WIN32 && (unix || __unix || __unix__ || * (__APPLE__ && __MACH__)) */ -#endif /* MBEDTLS_HAVE_TIME_DATE */ +#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_ALT */ #endif /* MBEDTLS_THREADING_C */ #ifdef __cplusplus diff --git a/library/threading.c b/library/threading.c index 9d5c4f104..1885efdfc 100644 --- a/library/threading.c +++ b/library/threading.c @@ -37,6 +37,7 @@ #include "mbedtls/threading.h" +#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_ALT) #if !defined(_WIN32) && (defined(unix) || \ defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ defined(__MACH__))) @@ -53,6 +54,7 @@ #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ #endif /* !_WIN32 && (unix || __unix || __unix__ || * (__APPLE__ && __MACH__)) */ +#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_ALT */ #if defined(MBEDTLS_THREADING_PTHREAD) static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex ) From 6a739789f39da43f06f3681c9ef51aa86365fdc1 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 15:06:19 +0100 Subject: [PATCH 26/43] Rename mbedtls_platform_gmtime() to mbedtls_platform_gmtime_r() For consistency, also rename MBEDTLS_PLATFORM_GMTIME_ALT to MBEDTLS_PLATFORM_GMTIME_R_ALT. --- include/mbedtls/config.h | 22 ++++++++++----------- include/mbedtls/platform_util.h | 34 ++++++++++++++++----------------- include/mbedtls/threading.h | 4 ++-- library/platform_util.c | 8 ++++---- library/threading.c | 4 ++-- library/x509.c | 2 +- 6 files changed, 37 insertions(+), 37 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 226190de0..0d5d9d017 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -137,7 +137,7 @@ /** * \def MBEDTLS_HAVE_TIME_DATE * - * System has time.h, time(), an implementation for mbedtls_platform_gmtime() + * System has time.h, time(), an implementation for mbedtls_platform_gmtime_r() * (see below), and the clock is correct. * The time needs to be correct (not necesarily very accurate, but at least * the date should be correct). This is used to verify the validity period of @@ -145,17 +145,17 @@ * * Comment if your system does not have a correct clock. * - * \note mbedtls_platform_gmtime() is an abstraction in platform_util.h that + * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that * when called behaves similarly to the gmtime() function from the C standard, * but is thread safe. Mbed TLS will try to identify the underlying platform * and configure an appropriate underlying implementation (e.g. gmtime_r() for * POSIX and gmtime_s() for Windows). If this is not possible, then * gmtime() will be used. Refer to the documentation for - * mbedtls_platform_gmtime() for more information. + * mbedtls_platform_gmtime_r() for more information. * * \note It is possible to configure an implementation for - * mbedtls_platform_gmtime() at compile-time by using the macro - * MBEDTLS_PLATFORM_GMTIME_ALT. + * mbedtls_platform_gmtime_r() at compile-time by using the macro + * MBEDTLS_PLATFORM_GMTIME_R_ALT. */ #define MBEDTLS_HAVE_TIME_DATE @@ -3098,22 +3098,22 @@ /** * Uncomment the macro to let Mbed TLS use your alternate implementation of - * mbedtls_platform_gmtime(). This replaces the default implementation in + * mbedtls_platform_gmtime_r(). This replaces the default implementation in * platform_util.c. * * gmtime() is not a thread safe function as defined in the C standard. The * library will try to use safer implementations of this function, such as * gmtime_r() when available. However, if Mbed TLS cannot identify the target - * system, the implementation of mbedtls_platform_gmtime() will default to + * system, the implementation of mbedtls_platform_gmtime_r() will default to * using the standard gmtime(). In this case, calls from the library to * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex * if MBEDTLS_THREADING_C is enable. It is advised that calls from outside the * library are also guarded with this mutex to avoid race conditions. However, - * if the macro MBEDTLS_PLATFORM_GMTIME_ALT is defined, Mbed TLS will - * unconditionally use the implementation for mbedtls_platform_time() supplied - * at compile time. + * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will + * unconditionally use the implementation for mbedtls_platform_gmtime_r() + * supplied at compile time. */ -//#define MBEDTLS_PLATFORM_GMTIME_ALT +//#define MBEDTLS_PLATFORM_GMTIME_R_ALT /* \} name SECTION: Customisation configuration options */ diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index befd3344c..ca42adf6e 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -68,24 +68,24 @@ void mbedtls_platform_zeroize( void *buf, size_t len ); #if defined(MBEDTLS_HAVE_TIME_DATE) /** - * \brief Thread safe implementation of gmtime() + * \brief Thread safe implementation of gmtime() * - * The function is an abstraction that when called behaves similar - * to the gmtime() function from the C standard, but is thread - * safe. + * The function is an abstraction that when called behaves similar + * to the gmtime() function from the C standard, but is thread + * safe. * - * Mbed TLS will try to identify the underlying platform and - * configure an appropriate underlying implementation (e.g. - * gmtime_r() for POSIX and gmtime_s() for Windows). If this is - * not possible, then gmtime() will be used. In this case, calls - * from the library to gmtime() will be guarded by the mutex - * mbedtls_threading_gmtime_mutex if MBEDTLS_THREADING_C is - * enabled. It is recommended that calls from outside the library - * are also guarded by this mutex. + * Mbed TLS will try to identify the underlying platform and + * configure an appropriate underlying implementation (e.g. + * gmtime_r() for POSIX and gmtime_s() for Windows). If this is + * not possible, then gmtime() will be used. In this case, calls + * from the library to gmtime() will be guarded by the mutex + * mbedtls_threading_gmtime_mutex if MBEDTLS_THREADING_C is + * enabled. It is recommended that calls from outside the library + * are also guarded by this mutex. * - * If MBEDTLS_PLATFORM_GMTIME_ALT is defined, then Mbed TLS will - * unconditionally use the alternative implementation for - * mbedtls_platform_gmtime() supplied by the user at compile time + * If MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, then Mbed TLS will + * unconditionally use the alternative implementation for + * mbedtls_platform_gmtime_r() supplied by the user at compile time. * * \param tt Pointer to an object containing time (in seconds) since the * Epoc to be converted @@ -94,8 +94,8 @@ void mbedtls_platform_zeroize( void *buf, size_t len ); * \return Pointer to an object of type struct tm on success, otherwise * NULL */ -struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt, - struct tm *tm_buf ); +struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, + struct tm *tm_buf ); #endif /* MBEDTLS_HAVE_TIME_DATE */ #ifdef __cplusplus diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 9235a1e98..66f78f5b5 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -107,7 +107,7 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); #if defined(MBEDTLS_FS_IO) extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; #endif -#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_ALT) +#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT) #if !defined(_WIN32) && (defined(unix) || \ defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ defined(__MACH__))) @@ -122,7 +122,7 @@ extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ #endif /* !_WIN32 && (unix || __unix || __unix__ || * (__APPLE__ && __MACH__)) */ -#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_ALT */ +#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */ #endif /* MBEDTLS_THREADING_C */ #ifdef __cplusplus diff --git a/library/platform_util.c b/library/platform_util.c index c248cf529..8bd53c666 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -75,7 +75,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) } #endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */ -#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_ALT) +#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT) #include #if !defined(_WIN32) && (defined(unix) || \ defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ @@ -94,8 +94,8 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) #endif /* !_WIN32 && (unix || __unix || __unix__ || * (__APPLE__ && __MACH__)) */ -struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt, - struct tm *tm_buf ) +struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, + struct tm *tm_buf ) { #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) return( ( gmtime_s( tm_buf, tt ) == 0 ) ? tm_buf : NULL ); @@ -124,4 +124,4 @@ struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt, return( ( lt == NULL ) ? NULL : tm_buf ); #endif /* _WIN32 && !EFIX64 && !EFI32 */ } -#endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_ALT */ +#endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_R_ALT */ diff --git a/library/threading.c b/library/threading.c index 1885efdfc..3abb17c0b 100644 --- a/library/threading.c +++ b/library/threading.c @@ -37,7 +37,7 @@ #include "mbedtls/threading.h" -#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_ALT) +#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT) #if !defined(_WIN32) && (defined(unix) || \ defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ defined(__MACH__))) @@ -54,7 +54,7 @@ #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ #endif /* !_WIN32 && (unix || __unix || __unix__ || * (__APPLE__ && __MACH__)) */ -#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_ALT */ +#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */ #if defined(MBEDTLS_THREADING_PTHREAD) static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex ) diff --git a/library/x509.c b/library/x509.c index c17697b22..52b5b649f 100644 --- a/library/x509.c +++ b/library/x509.c @@ -898,7 +898,7 @@ static int x509_get_current_time( mbedtls_x509_time *now ) int ret = 0; tt = mbedtls_time( NULL ); - lt = mbedtls_platform_gmtime( &tt, &tm_buf ); + lt = mbedtls_platform_gmtime_r( &tt, &tm_buf ); if( lt == NULL ) ret = -1; From 651d586ccf3ca396828bb7961307e2c820c62a44 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 15:17:43 +0100 Subject: [PATCH 27/43] Style: Add missing period in documentation in threading.h --- include/mbedtls/threading.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 66f78f5b5..2ec41a4f9 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -116,7 +116,7 @@ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; /* * The preprocessor conditions above are the same as in platform_utils.c and * threading.c. Remember to update the code there when changing the conditions - * here + * here. */ extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ From 48a816ff26e03cc0fa1685fb0ce262a82c7890e2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 15:22:22 +0100 Subject: [PATCH 28/43] Minor documentation improvements --- include/mbedtls/platform_util.h | 2 +- include/mbedtls/threading.h | 2 +- library/platform_util.c | 2 +- library/threading.c | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index ca42adf6e..82b1fd05f 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -88,7 +88,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len ); * mbedtls_platform_gmtime_r() supplied by the user at compile time. * * \param tt Pointer to an object containing time (in seconds) since the - * Epoc to be converted + * epoch to be converted * \param tm_buf Pointer to an object where the results will be stored * * \return Pointer to an object of type struct tm on success, otherwise diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 2ec41a4f9..6830bb42a 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -25,7 +25,7 @@ #define MBEDTLS_THREADING_H /* - * Ensure gmtime_r is available even with -std=c99; must be included before + * Ensure gmtime_r is available even with -std=c99; must be defined before * config.h, which pulls in glibc's features.h. Harmless on other platforms. */ #if !defined(_POSIX_C_SOURCE) diff --git a/library/platform_util.c b/library/platform_util.c index 8bd53c666..f2f83e66b 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -21,7 +21,7 @@ */ /* - * Ensure gmtime_r is available even with -std=c99; must be included before + * Ensure gmtime_r is available even with -std=c99; must be defined before * config.h, which pulls in glibc's features.h. Harmless on other platforms. */ #if !defined(_POSIX_C_SOURCE) diff --git a/library/threading.c b/library/threading.c index 3abb17c0b..e7c8d9824 100644 --- a/library/threading.c +++ b/library/threading.c @@ -20,7 +20,7 @@ */ /* - * Ensure gmtime_r is available even with -std=c99; must be included before + * Ensure gmtime_r is available even with -std=c99; must be defined before * config.h, which pulls in glibc's features.h. Harmless on other platforms. */ #if !defined(_POSIX_C_SOURCE) From 4e67cca1d9285d099f12c8489bfddc85a717ea27 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 16:18:38 +0100 Subject: [PATCH 29/43] Improve documentation of MBEDTLS_HAVE_TIME_DATE --- include/mbedtls/config.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 0d5d9d017..da8e7e4ae 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -137,8 +137,8 @@ /** * \def MBEDTLS_HAVE_TIME_DATE * - * System has time.h, time(), an implementation for mbedtls_platform_gmtime_r() - * (see below), and the clock is correct. + * System has time.h, time(), and an implementation for + * mbedtls_platform_gmtime_r() (see below). * The time needs to be correct (not necesarily very accurate, but at least * the date should be correct). This is used to verify the validity period of * X.509 certificates. From acef292eac0fd03fe1b3fa5a2f10e4c843634c7f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 16:19:07 +0100 Subject: [PATCH 30/43] ChangeLog: Add missing renamings gmtime -> gmtime_r --- ChangeLog | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0a60f70fe..d0bd37736 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,12 +3,12 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx API Changes - * Extend the platform module with an abstraction mbedtls_platform_gmtime() + * Extend the platform module with an abstraction mbedtls_platform_gmtime_r() whose implementation should behave as a thread safe version of gmtime(). This allows users to configure such an implementation at compile time when - the target system cannot be deduced automatically. At this stage Mbed TLS - is only able to automatically select implementations for Windows and POSIX - C libraries. + the target system cannot be deduced automatically, by setting the option + MBEDTLS_PLATFORM_GMTIME_R_ALT. At this stage Mbed TLS is only able to + automatically select implementations for Windows and POSIX C libraries. Bugfix * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if From 9a51d019846b2c0389be708f3620f791fe996c1b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 16:20:09 +0100 Subject: [PATCH 31/43] Improve documentation of MBEDTLS_HAVE_TIME_DATE --- include/mbedtls/config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index da8e7e4ae..439a1cd6a 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -146,7 +146,7 @@ * Comment if your system does not have a correct clock. * * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that - * when called behaves similarly to the gmtime() function from the C standard, + * behaves similarly to the gmtime() function from the C standard, * but is thread safe. Mbed TLS will try to identify the underlying platform * and configure an appropriate underlying implementation (e.g. gmtime_r() for * POSIX and gmtime_s() for Windows). If this is not possible, then From 921b76d056c2520c50d674646c9bffa99a560559 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 16:21:36 +0100 Subject: [PATCH 32/43] Replace 'thread safe' by 'thread-safe' in the documentation --- ChangeLog | 2 +- include/mbedtls/config.h | 4 ++-- include/mbedtls/platform_util.h | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index d0bd37736..d1e256e7f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,7 +4,7 @@ mbed TLS ChangeLog (Sorted per branch, date) API Changes * Extend the platform module with an abstraction mbedtls_platform_gmtime_r() - whose implementation should behave as a thread safe version of gmtime(). + whose implementation should behave as a thread-safe version of gmtime(). This allows users to configure such an implementation at compile time when the target system cannot be deduced automatically, by setting the option MBEDTLS_PLATFORM_GMTIME_R_ALT. At this stage Mbed TLS is only able to diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 439a1cd6a..17d08b2fe 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -147,7 +147,7 @@ * * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that * behaves similarly to the gmtime() function from the C standard, - * but is thread safe. Mbed TLS will try to identify the underlying platform + * but is thread-safe. Mbed TLS will try to identify the underlying platform * and configure an appropriate underlying implementation (e.g. gmtime_r() for * POSIX and gmtime_s() for Windows). If this is not possible, then * gmtime() will be used. Refer to the documentation for @@ -3101,7 +3101,7 @@ * mbedtls_platform_gmtime_r(). This replaces the default implementation in * platform_util.c. * - * gmtime() is not a thread safe function as defined in the C standard. The + * gmtime() is not a thread-safe function as defined in the C standard. The * library will try to use safer implementations of this function, such as * gmtime_r() when available. However, if Mbed TLS cannot identify the target * system, the implementation of mbedtls_platform_gmtime_r() will default to diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 82b1fd05f..66a822131 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -68,7 +68,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len ); #if defined(MBEDTLS_HAVE_TIME_DATE) /** - * \brief Thread safe implementation of gmtime() + * \brief Thread-safe implementation of gmtime() * * The function is an abstraction that when called behaves similar * to the gmtime() function from the C standard, but is thread From c9468885a8086bb4525d31e4ccdb8e02ff51c29a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 16:22:10 +0100 Subject: [PATCH 33/43] Fix typo in documentation of MBEDTLS_PLATFORM_GMTIME_R_ALT --- include/mbedtls/config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 17d08b2fe..4f9f9a7aa 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3107,7 +3107,7 @@ * system, the implementation of mbedtls_platform_gmtime_r() will default to * using the standard gmtime(). In this case, calls from the library to * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex - * if MBEDTLS_THREADING_C is enable. It is advised that calls from outside the + * if MBEDTLS_THREADING_C is enabled. It is advised that calls from outside the * library are also guarded with this mutex to avoid race conditions. However, * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will * unconditionally use the implementation for mbedtls_platform_gmtime_r() From 9fbbf1c1f03e74deb7550b0ca235097587b12981 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 16:23:02 +0100 Subject: [PATCH 34/43] Improve wording of documentation of MBEDTLS_PLATFORM_GMTIME_R_ALT --- include/mbedtls/config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 4f9f9a7aa..214ea9403 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3107,7 +3107,7 @@ * system, the implementation of mbedtls_platform_gmtime_r() will default to * using the standard gmtime(). In this case, calls from the library to * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex - * if MBEDTLS_THREADING_C is enabled. It is advised that calls from outside the + * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the * library are also guarded with this mutex to avoid race conditions. However, * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will * unconditionally use the implementation for mbedtls_platform_gmtime_r() From 5a7fe145906a165e4755efb51f7d75e4614b0667 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 16:24:34 +0100 Subject: [PATCH 35/43] Don't include platform_time.h if !MBEDTLS_HAVE_TIME platform_time.h includes time.h, which is not assumed to be present on a system where MBEDTLS_HAVE_TIME is not defined. --- include/mbedtls/platform_util.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 66a822131..e62a3af4e 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -31,10 +31,9 @@ #include MBEDTLS_CONFIG_FILE #endif -#include "mbedtls/platform_time.h" - #include #if defined(MBEDTLS_HAVE_TIME_DATE) +#include "mbedtls/platform_time.h" #include #endif /* MBEDTLS_HAVE_TIME_DATE */ From 7dd82b4f515083fff9fbb1c360f058fbff0dca71 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 16:25:50 +0100 Subject: [PATCH 36/43] platform_utils.{c/h} -> platform_util.{c/h} --- include/mbedtls/threading.h | 2 +- library/platform_util.c | 2 +- library/threading.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 6830bb42a..2e61b2e52 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -114,7 +114,7 @@ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; #include #if !defined(_POSIX_VERSION) || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS /* - * The preprocessor conditions above are the same as in platform_utils.c and + * The preprocessor conditions above are the same as in platform_util.c and * threading.c. Remember to update the code there when changing the conditions * here. */ diff --git a/library/platform_util.c b/library/platform_util.c index f2f83e66b..ddb56ed0b 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -85,7 +85,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) /* * This is a convenience shorthand macro to avoid checking the long * preprocessor conditions above. Ideally, we could expose this macro in - * platform_utils.h and simply use it in platform_utils.c, threading.c and + * platform_util.h and simply use it in platform_util.c, threading.c and * threading.h. However, this macro is not part of the Mbed TLS public API, so * we keep it private by only defining it in this file */ diff --git a/library/threading.c b/library/threading.c index e7c8d9824..f37049b8d 100644 --- a/library/threading.c +++ b/library/threading.c @@ -46,7 +46,7 @@ /* * This is a convenience shorthand macro to avoid checking the long * preprocessor conditions above. Ideally, we could expose this macro in - * platform_utils.h and simply use it in platform_utils.c, threading.c and + * platform_util.h and simply use it in platform_util.c, threading.c and * threading.h. However, this macro is not part of the Mbed TLS public API, so * we keep it private by only defining it in this file */ From c52ef407bad144109ac52cc25f1519cdd2f39520 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 5 Sep 2018 16:28:59 +0100 Subject: [PATCH 37/43] Improve documentation of mbedtls_platform_gmtime_r() --- include/mbedtls/config.h | 8 ++------ include/mbedtls/platform_util.h | 9 ++++----- 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 214ea9403..9a7905ae0 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -146,12 +146,8 @@ * Comment if your system does not have a correct clock. * * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that - * behaves similarly to the gmtime() function from the C standard, - * but is thread-safe. Mbed TLS will try to identify the underlying platform - * and configure an appropriate underlying implementation (e.g. gmtime_r() for - * POSIX and gmtime_s() for Windows). If this is not possible, then - * gmtime() will be used. Refer to the documentation for - * mbedtls_platform_gmtime_r() for more information. + * behaves similarly to the gmtime_r() function from the C standard. Refer to + * the documentation for mbedtls_platform_gmtime_r() for more information. * * \note It is possible to configure an implementation for * mbedtls_platform_gmtime_r() at compile-time by using the macro diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index e62a3af4e..9c8a93077 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -67,14 +67,13 @@ void mbedtls_platform_zeroize( void *buf, size_t len ); #if defined(MBEDTLS_HAVE_TIME_DATE) /** - * \brief Thread-safe implementation of gmtime() + * \brief Platform-specific implementation of gmtime_r() * - * The function is an abstraction that when called behaves similar - * to the gmtime() function from the C standard, but is thread - * safe. + * The function is a thread-safe abstraction that behaves + * similar to the gmtime_r() function from the C standard. * * Mbed TLS will try to identify the underlying platform and - * configure an appropriate underlying implementation (e.g. + * make use of an appropriate underlying implementation (e.g. * gmtime_r() for POSIX and gmtime_s() for Windows). If this is * not possible, then gmtime() will be used. In this case, calls * from the library to gmtime() will be guarded by the mutex From 6f70581c4aa8753969caa3f79db155c74228bfe5 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 6 Sep 2018 09:06:33 +0100 Subject: [PATCH 38/43] Correct POSIX version check to determine presence of gmtime_r() Recent versions of POSIX move gmtime_r to the base. --- include/mbedtls/threading.h | 8 ++++++-- library/platform_util.c | 9 +++++++-- library/threading.c | 8 ++++++-- 3 files changed, 19 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 2e61b2e52..11f6341d9 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -112,14 +112,18 @@ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ defined(__MACH__))) #include -#if !defined(_POSIX_VERSION) || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS +#if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ + ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ + _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) /* * The preprocessor conditions above are the same as in platform_util.c and * threading.c. Remember to update the code there when changing the conditions * here. */ extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; -#endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ +#endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ + ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ + _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */ #endif /* !_WIN32 && (unix || __unix || __unix__ || * (__APPLE__ && __MACH__)) */ #endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */ diff --git a/library/platform_util.c b/library/platform_util.c index ddb56ed0b..7e82293e1 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -81,7 +81,10 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ defined(__MACH__))) #include -#if !defined(_POSIX_VERSION) || _POSIX_C_SOURCE > _POSIX_THREAD_SAFE_FUNCTIONS + +#if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ + ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ + _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) /* * This is a convenience shorthand macro to avoid checking the long * preprocessor conditions above. Ideally, we could expose this macro in @@ -90,7 +93,9 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) * we keep it private by only defining it in this file */ #define PLATFORM_UTIL_USE_GMTIME -#endif /* !_POSIX_VERSION || _POSIX_C_SOURCE > _POSIX_THREAD_SAFE_FUNCTIONS */ +#endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ + ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ + _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */ #endif /* !_WIN32 && (unix || __unix || __unix__ || * (__APPLE__ && __MACH__)) */ diff --git a/library/threading.c b/library/threading.c index f37049b8d..60dfd02af 100644 --- a/library/threading.c +++ b/library/threading.c @@ -42,7 +42,9 @@ defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ defined(__MACH__))) #include -#if !defined(_POSIX_VERSION) || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS +#if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ + ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ + _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) /* * This is a convenience shorthand macro to avoid checking the long * preprocessor conditions above. Ideally, we could expose this macro in @@ -51,7 +53,9 @@ * we keep it private by only defining it in this file */ #define THREADING_USE_GMTIME -#endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */ +#endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ + ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ + _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */ #endif /* !_WIN32 && (unix || __unix || __unix__ || * (__APPLE__ && __MACH__)) */ #endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */ From a50fed99102150cd6e70a2d3c34aad175313959b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 6 Sep 2018 09:08:39 +0100 Subject: [PATCH 39/43] Correct typo in documentation of mbedtls_platform_gmtime_r() --- include/mbedtls/platform_util.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 9c8a93077..38b85b82a 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -70,7 +70,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len ); * \brief Platform-specific implementation of gmtime_r() * * The function is a thread-safe abstraction that behaves - * similar to the gmtime_r() function from the C standard. + * similarly to the gmtime_r() function from the C standard. * * Mbed TLS will try to identify the underlying platform and * make use of an appropriate underlying implementation (e.g. From 03b2bd4a062dc3ba5e14f3a5fee36690fa6624d7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 6 Sep 2018 09:08:55 +0100 Subject: [PATCH 40/43] Correct documentation of mbedtls_platform_gmtime_r() Previous documentation stated that gmtime_r() was from the standard library, but it's POSIX. --- include/mbedtls/platform_util.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 38b85b82a..164a1a05f 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -70,7 +70,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len ); * \brief Platform-specific implementation of gmtime_r() * * The function is a thread-safe abstraction that behaves - * similarly to the gmtime_r() function from the C standard. + * similarly to the gmtime_r() function from Unix/POSIX. * * Mbed TLS will try to identify the underlying platform and * make use of an appropriate underlying implementation (e.g. From 323d8019bf7e581c2b376b019e7ae59796fcede2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 6 Sep 2018 11:30:57 +0100 Subject: [PATCH 41/43] Correct preprocessor guards determining use of gmtime() The previous code erroneously used gmtime_r() to implement mbedtls_platform_gmtime() in case of a non-windows, non-unix system. --- include/mbedtls/threading.h | 6 ++++-- library/platform_util.c | 4 ++-- library/threading.c | 7 +++++-- 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 11f6341d9..49ecdc30e 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -108,10 +108,14 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; #endif #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT) + #if !defined(_WIN32) && (defined(unix) || \ defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ defined(__MACH__))) #include +#endif /* !_WIN32 && (unix || __unix || __unix__ || + * (__APPLE__ && __MACH__)) */ + #if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) @@ -124,8 +128,6 @@ extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; #endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */ -#endif /* !_WIN32 && (unix || __unix || __unix__ || - * (__APPLE__ && __MACH__)) */ #endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */ #endif /* MBEDTLS_THREADING_C */ diff --git a/library/platform_util.c b/library/platform_util.c index 7e82293e1..ca4d03312 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -81,6 +81,8 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ defined(__MACH__))) #include +#endif /* !_WIN32 && (unix || __unix || __unix__ || + * (__APPLE__ && __MACH__)) */ #if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ @@ -96,8 +98,6 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) #endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */ -#endif /* !_WIN32 && (unix || __unix || __unix__ || - * (__APPLE__ && __MACH__)) */ struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, struct tm *tm_buf ) diff --git a/library/threading.c b/library/threading.c index 60dfd02af..8c1e25c17 100644 --- a/library/threading.c +++ b/library/threading.c @@ -38,10 +38,14 @@ #include "mbedtls/threading.h" #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT) + #if !defined(_WIN32) && (defined(unix) || \ defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ defined(__MACH__))) #include +#endif /* !_WIN32 && (unix || __unix || __unix__ || + * (__APPLE__ && __MACH__)) */ + #if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) @@ -56,8 +60,7 @@ #endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */ -#endif /* !_WIN32 && (unix || __unix || __unix__ || - * (__APPLE__ && __MACH__)) */ + #endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */ #if defined(MBEDTLS_THREADING_PTHREAD) From f5106d54ebadd74fc9e6ba2483858523b99d8d7a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 6 Sep 2018 12:09:56 +0100 Subject: [PATCH 42/43] Don't declare and define gmtime()-mutex on Windows platforms --- include/mbedtls/threading.h | 3 +++ library/platform_util.c | 3 +++ library/threading.c | 4 ++++ 3 files changed, 10 insertions(+) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 49ecdc30e..8fdb63343 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -124,7 +124,10 @@ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; * threading.c. Remember to update the code there when changing the conditions * here. */ +#if ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; +#endif /* ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) */ + #endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */ diff --git a/library/platform_util.c b/library/platform_util.c index ca4d03312..ca5fe4fb8 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -94,7 +94,10 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) * threading.h. However, this macro is not part of the Mbed TLS public API, so * we keep it private by only defining it in this file */ +#if ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) #define PLATFORM_UTIL_USE_GMTIME +#endif /* ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) */ + #endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */ diff --git a/library/threading.c b/library/threading.c index 8c1e25c17..7c90c7c59 100644 --- a/library/threading.c +++ b/library/threading.c @@ -56,7 +56,11 @@ * threading.h. However, this macro is not part of the Mbed TLS public API, so * we keep it private by only defining it in this file */ + +#if ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) #define THREADING_USE_GMTIME +#endif /* ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) */ + #endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */ From d2ef25478e0e20834edb712bd84cf2df8ba4949f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 6 Sep 2018 14:53:25 +0100 Subject: [PATCH 43/43] Don't define _POSIX_C_SOURCE in header file --- include/mbedtls/threading.h | 38 ++++++++----------------------------- 1 file changed, 8 insertions(+), 30 deletions(-) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 8fdb63343..3ca3cd3a1 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -24,14 +24,6 @@ #ifndef MBEDTLS_THREADING_H #define MBEDTLS_THREADING_H -/* - * Ensure gmtime_r is available even with -std=c99; must be defined before - * config.h, which pulls in glibc's features.h. Harmless on other platforms. - */ -#if !defined(_POSIX_C_SOURCE) -#define _POSIX_C_SOURCE 200112L -#endif - #if !defined(MBEDTLS_CONFIG_FILE) #include "config.h" #else @@ -107,31 +99,17 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); #if defined(MBEDTLS_FS_IO) extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; #endif + #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT) - -#if !defined(_WIN32) && (defined(unix) || \ - defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ - defined(__MACH__))) -#include -#endif /* !_WIN32 && (unix || __unix || __unix__ || - * (__APPLE__ && __MACH__)) */ - -#if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ - ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ - _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) -/* - * The preprocessor conditions above are the same as in platform_util.c and - * threading.c. Remember to update the code there when changing the conditions - * here. - */ -#if ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) +/* This mutex may or may not be used in the default definition of + * mbedtls_platform_gmtime_r(), but in order to determine that, + * we need to check POSIX features, hence modify _POSIX_C_SOURCE. + * With the current approach, this declaration is orphaned, lacking + * an accompanying definition, in case mbedtls_platform_gmtime_r() + * doesn't need it, but that's not a problem. */ extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; -#endif /* ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) */ - -#endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ - ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ - _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */ #endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */ + #endif /* MBEDTLS_THREADING_C */ #ifdef __cplusplus