diff options
author | Cem Keylan <cem@ckyln.com> | 2020-06-12 11:21:24 +0300 |
---|---|---|
committer | Cem Keylan <cem@ckyln.com> | 2020-06-12 11:21:24 +0300 |
commit | 726d6b5ff1083cd0a9f47cb97ca331ae8bf68259 (patch) | |
tree | a676251181331176dd47a0bd27cc79f2448396d7 | |
parent | 7a3aa7ad7a13c769c09f1ce043343c0ebec41e25 (diff) | |
download | repository-726d6b5ff1083cd0a9f47cb97ca331ae8bf68259.tar.gz |
bearssl: add patches from michael
-rwxr-xr-x | core/bearssl/build | 4 | ||||
-rw-r--r-- | core/bearssl/checksums | 2 | ||||
-rw-r--r-- | core/bearssl/patches/0001-Add-missing-return-in-client-single-EC-choose-functi.patch | 25 | ||||
-rw-r--r-- | core/bearssl/patches/0002-Add-functions-to-retrieve-certificate-validity-perio.patch | 60 | ||||
-rw-r--r-- | core/bearssl/sources | 2 |
5 files changed, 93 insertions, 0 deletions
diff --git a/core/bearssl/build b/core/bearssl/build index 88cfba4f..0b40bffc 100755 --- a/core/bearssl/build +++ b/core/bearssl/build @@ -1,5 +1,9 @@ #!/bin/sh -e +for patch in *.patch; do + patch -p1 < "$patch" +done + kinstall() { mkdir -p "${3%/*}"; cp "$2" "$3" chmod "$1" "$3" diff --git a/core/bearssl/checksums b/core/bearssl/checksums index d71b6ddc..cd6661bf 100644 --- a/core/bearssl/checksums +++ b/core/bearssl/checksums @@ -1 +1,3 @@ 6705bba1714961b41a728dfc5debbe348d2966c117649392f8c8139efc83ff14 bearssl-0.6.tar.gz +ad783bbbbb58bbdad66af299c5a0ea5389474a7d7256391673fe94e88f11fbef 0001-Add-missing-return-in-client-single-EC-choose-functi.patch +414fd90fc27353ae3ca2478b68891715088de8b6cf6b81927ed8337df63f47e4 0002-Add-functions-to-retrieve-certificate-validity-perio.patch diff --git a/core/bearssl/patches/0001-Add-missing-return-in-client-single-EC-choose-functi.patch b/core/bearssl/patches/0001-Add-missing-return-in-client-single-EC-choose-functi.patch new file mode 100644 index 00000000..421bbc7f --- /dev/null +++ b/core/bearssl/patches/0001-Add-missing-return-in-client-single-EC-choose-functi.patch @@ -0,0 +1,25 @@ +From a5c3ea02385205858128e414873a0150cd8bceda Mon Sep 17 00:00:00 2001 +From: Michael Forney <mforney@mforney.org> +Date: Fri, 31 Jan 2020 15:11:32 -0800 +Subject: [PATCH] Add missing return in client single EC choose function + +Otherwise, static ECDH is never selected. +--- + src/ssl/ssl_ccert_single_ec.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/ssl/ssl_ccert_single_ec.c b/src/ssl/ssl_ccert_single_ec.c +index 93ebcde..2e1e54f 100644 +--- a/src/ssl/ssl_ccert_single_ec.c ++++ b/src/ssl/ssl_ccert_single_ec.c +@@ -69,6 +69,7 @@ cc_choose(const br_ssl_client_certificate_class **pctx, + choices->hash_id = -1; + choices->chain = zc->chain; + choices->chain_len = zc->chain_len; ++ return; + } + } + +-- +2.25.0 + diff --git a/core/bearssl/patches/0002-Add-functions-to-retrieve-certificate-validity-perio.patch b/core/bearssl/patches/0002-Add-functions-to-retrieve-certificate-validity-perio.patch new file mode 100644 index 00000000..8377da4d --- /dev/null +++ b/core/bearssl/patches/0002-Add-functions-to-retrieve-certificate-validity-perio.patch @@ -0,0 +1,60 @@ +From 31fdee5b9d8fc63c850222768dcd097e43da0116 Mon Sep 17 00:00:00 2001 +From: Michael Forney <mforney@mforney.org> +Date: Thu, 26 Mar 2020 14:17:19 -0700 +Subject: [PATCH] Add functions to retrieve certificate validity period from + br_x509_decoder. + +--- + inc/bearssl_x509.h | 36 ++++++++++++++++++++++++++++++++++++ + 1 file changed, 36 insertions(+) + +diff --git a/inc/bearssl_x509.h b/inc/bearssl_x509.h +index 49d2fba..9d43e15 100644 +--- a/inc/bearssl_x509.h ++++ b/inc/bearssl_x509.h +@@ -1045,6 +1045,42 @@ br_x509_decoder_last_error(br_x509_decoder_context *ctx) + return 0; + } + ++/** ++ * \brief Get the time when the certificate becomes valid. ++ * ++ * The time is represented the same as in `br_x509_minimal_set_time()`. ++ * These values should not be read before decoding completed successfully. ++ * ++ * \param ctx X.509 decoder context. ++ * \param days receives the days since January 1st, 0 AD. ++ * \param seconds receives the seconds since midnight (0 to 86400). ++ */ ++static inline void ++br_x509_decoder_get_notbefore(br_x509_decoder_context *ctx, ++ uint32_t *days, uint32_t *seconds) ++{ ++ *days = ctx->notbefore_days; ++ *seconds = ctx->notbefore_seconds; ++} ++ ++/** ++ * \brief Get the time when the certificate is no longer valid. ++ * ++ * The time is represented the same as in `br_x509_minimal_set_time()`. ++ * These values should not be read before decoding completed successfully. ++ * ++ * \param ctx X.509 decoder context. ++ * \param days receives the days since January 1st, 0 AD. ++ * \param seconds receives the seconds since midnight (0 to 86400). ++ */ ++static inline void ++br_x509_decoder_get_notafter(br_x509_decoder_context *ctx, ++ uint32_t *days, uint32_t *seconds) ++{ ++ *days = ctx->notafter_days; ++ *seconds = ctx->notafter_seconds; ++} ++ + /** + * \brief Get the "isCA" flag from an X.509 decoder context. + * +-- +2.26.0 + diff --git a/core/bearssl/sources b/core/bearssl/sources index be5fb0ae..3d637087 100644 --- a/core/bearssl/sources +++ b/core/bearssl/sources @@ -1 +1,3 @@ https://bearssl.org/bearssl-0.6.tar.gz +patches/0001-Add-missing-return-in-client-single-EC-choose-functi.patch +patches/0002-Add-functions-to-retrieve-certificate-validity-perio.patch |