d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update vendor/libarchive/dist to git 5e270715b51d199467195b56f77e21cb8bb1d642

Browse Source 
Relevant vendor changes:
  Issue #1302: Plug memory leak on failure of archive_write_client_open()
This commit is contained in:
Martin Matuska 2020-01-05 01:30:41 +00:00
parent ba770b4e70
commit cbda686f24
19 changed files with 529 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
.cirrus.yml
View File

@ -29,11 +29,14 @@ FreeBSD_task:
Fedora_30_task:
container:
dockerfile: build/ci/cirrus_ci/Dockerfile.fc30
matrix:
env:
BS: autotools
env:
BS: cmake
env:
matrix:
- BS: autotools
- BS: cmake
matrix:
- CRYPTO: mbedtls
- CRYPTO: nettle
- CRYPTO: openssl
configure_script:
- ./build/ci/build.sh -a autogen
- ./build/ci/build.sh -a configure

4
.github/workflows/ci.yml vendored
View File

@ -39,10 +39,11 @@ jobs:
strategy:
matrix:
bs: [autotools, cmake]
crypto: [mbedtls, nettle, openssl]
steps:
- uses: actions/checkout@master
- name: Install dependencies
run: sudo apt-get install -y build-essential cmake libssl-dev libacl1-dev libbz2-dev liblzma-dev libzip-dev liblz4-dev libzstd-dev lzop
run: sudo apt-get install -y build-essential cmake libssl-dev nettle-dev libmbedtls-dev libacl1-dev libbz2-dev liblzma-dev libzip-dev liblz4-dev libzstd-dev lzop
- name: Autogen
run: ./build/ci/build.sh -a autogen
env:
@ -51,6 +52,7 @@ jobs:
run: ./build/ci/build.sh -a configure
env:
BS: ${{ matrix.bs }}
CRYPTO: ${{ matrix.crypto }}
- name: Build
run: ./build/ci/build.sh -a build
env:

1
.gitignore vendored
View File

@ -4,6 +4,7 @@
*.la
*.lo
*.cmake
!build/cmake/*.cmake
.deps/
.libs/
.dirstamp

33
CMakeLists.txt
View File

@ -18,7 +18,7 @@ endif()
# RelWithDebInfo : Release build with Debug Info
# MinSizeRel : Release Min Size build
IF(NOT CMAKE_BUILD_TYPE)
SET(CMAKE_BUILD_TYPE "Release" CACHE STRING "Build Type" FORCE)
SET(CMAKE_BUILD_TYPE "Debug" CACHE STRING "Build Type" FORCE)
ENDIF(NOT CMAKE_BUILD_TYPE)
# Set a value type to properly display CMAKE_BUILD_TYPE on GUI if the
# value type is "UNINITIALIZED".
@ -193,7 +193,8 @@ ENDIF (MSVC)
# Enable CTest/CDash support
include(CTest)
OPTION(ENABLE_NETTLE "Enable use of Nettle" ON)
OPTION(ENABLE_MBEDTLS "Enable use of mbed TLS" OFF)
OPTION(ENABLE_NETTLE "Enable use of Nettle" OFF)
OPTION(ENABLE_OPENSSL "Enable use of OpenSSL" ON)
OPTION(ENABLE_LIBB2 "Enable the use of the system LIBB2 library if found" ON)
OPTION(ENABLE_LZ4 "Enable the use of the system LZ4 library if found" ON)
@ -738,6 +739,26 @@ CHECK_C_SOURCE_COMPILES(
int main() { return 0;}"
SAFE_TO_DEFINE_EXTENSIONS)
#
# Find mbed TLS
#
IF(ENABLE_MBEDTLS)
FIND_PACKAGE(MbedTLS)
IF(MBEDTLS_FOUND)
SET(HAVE_LIBMBEDCRYPTO 1)
LIST(APPEND ADDITIONAL_LIBS ${MBEDCRYPTO_LIBRARY})
INCLUDE_DIRECTORIES(${MBEDTLS_INCLUDE_DIRS})
LIST(APPEND CMAKE_REQUIRED_INCLUDES ${MBEDTLS_INCLUDE_DIRS})
LA_CHECK_INCLUDE_FILE("mbedtls/aes.h" HAVE_MBEDTLS_AES_H)
LA_CHECK_INCLUDE_FILE("mbedtls/md.h" HAVE_MBEDTLS_MD_H)
LA_CHECK_INCLUDE_FILE("mbedtls/pkcs5.h" HAVE_MBEDTLS_PKCS5_H)
ENDIF(MBEDTLS_FOUND)
MARK_AS_ADVANCED(CLEAR MBEDTLS_INCLUDE_DIRS)
MARK_AS_ADVANCED(CLEAR MBEDCRYPTO_LIBRARY)
ENDIF(ENABLE_MBEDTLS)
#
# Find Nettle
#
@ -800,6 +821,8 @@ MACRO(CHECK_CRYPTO ALGORITHMS IMPLEMENTATION)
STRING(TOUPPER "${ALGORITHM}" algorithm)
IF ("${IMPLEMENTATION}" MATCHES "^OPENSSL$" AND NOT OPENSSL_FOUND)
SET(ARCHIVE_CRYPTO_${ALGORITHM}_${IMPLEMENTATION} FALSE)
ELSEIF("${IMPLEMENTATION}" MATCHES "^MBEDTLS$" AND NOT MBEDTLS_FOUND)
SET(ARCHIVE_CRYPTO_${ALGORITHM}_${IMPLEMENTATION} FALSE)
ELSEIF("${IMPLEMENTATION}" MATCHES "^NETTLE$" AND NOT NETTLE_FOUND)
SET(ARCHIVE_CRYPTO_${ALGORITHM}_${IMPLEMENTATION} FALSE)
ENDIF("${IMPLEMENTATION}" MATCHES "^OPENSSL$" AND NOT OPENSSL_FOUND)
@ -815,6 +838,11 @@ MACRO(CHECK_CRYPTO ALGORITHMS IMPLEMENTATION)
"${TRY_CRYPTO_REQUIRED_INCLUDES};${OPENSSL_INCLUDE_DIR}")
SET(TRY_CRYPTO_REQUIRED_LIBS
"-DLINK_LIBRARIES:STRING=${OPENSSL_LIBRARIES}")
ELSEIF("${IMPLEMENTATION}" MATCHES "^MBEDTLS$" AND MBEDTLS_FOUND)
SET(TRY_CRYPTO_REQUIRED_INCLUDES
"${TRY_CRYPTO_REQUIRED_INCLUDES};${MBEDTLS_INCLUDE_DIRS}")
SET(TRY_CRYPTO_REQUIRED_LIBS
"-DLINK_LIBRARIES:STRING=${MBEDCRYPTO_LIBRARY}")
ELSEIF("${IMPLEMENTATION}" MATCHES "^NETTLE$" AND NETTLE_FOUND)
SET(TRY_CRYPTO_REQUIRED_INCLUDES
"${TRY_CRYPTO_REQUIRED_INCLUDES};${NETTLE_INCLUDE_DIR}")
@ -1960,6 +1988,7 @@ CHECK_CRYPTO("MD5;RMD160;SHA1;SHA256;SHA384;SHA512" LIBC)
CHECK_CRYPTO("SHA256;SHA384;SHA512" LIBC2)
CHECK_CRYPTO("SHA256;SHA384;SHA512" LIBC3)
CHECK_CRYPTO("MD5;SHA1;SHA256;SHA384;SHA512" LIBSYSTEM)
CHECK_CRYPTO("MD5;RMD160;SHA1;SHA256;SHA384;SHA512" MBEDTLS)
CHECK_CRYPTO("MD5;RMD160;SHA1;SHA256;SHA384;SHA512" NETTLE)
CHECK_CRYPTO("MD5;RMD160;SHA1;SHA256;SHA384;SHA512" OPENSSL)

28
build/ci/build.sh
View File

@ -4,9 +4,11 @@
#
# Variables that can be passed via environment:
# BS= # build system (autotools or cmake)
# CRYPTO= # cryptography provider (openssl, nettle or mbedtls)
# BUILDDIR= # build directory
# SRCDIR= # source directory
# CONFIGURE_ARGS= # configure arguments
# CMAKE_ARGS= # cmake arguments
# MAKE_ARGS= # make arguments
# DEBUG= # set -g -fsanitize=address flags
@ -23,14 +25,14 @@ SRCDIR="${SRCDIR:-`pwd`}"
RET=0
usage () {
echo "Usage: $0 [-b autotools|cmake] [-a autogen|configure|build|test|install|distcheck ] [ -a ... ] [ -d builddir ] [-s srcdir ]"
echo "Usage: $0 [-b autotools|cmake] [-a autogen|configure|build|test|install|distcheck ] [ -a ... ] [ -d builddir ] [-c openssl|nettle|mbedtls] [-s srcdir ]"
}
inputerror () {
echo $1
usage
exit 1
}
while getopts a:b:d:s: opt; do
while getopts a:b:c:d:s: opt; do
case ${opt} in
a)
case "${OPTARG}" in
@ -51,6 +53,14 @@ while getopts a:b:d:s: opt; do
*) inputerror "Invalid build system (-b)" ;;
esac
;;
c) CRYPTO="${OPTARG}"
case "${CRYPTO}" in
mbedtls) ;;
openssl) ;;
nettle) ;;
*) inputerror "Invalid crypto provider (-c)" ;;
esac
;;
d)
BUILDDIR="${OPTARG}"
;;
@ -62,6 +72,16 @@ while getopts a:b:d:s: opt; do
;;
esac
done
case "${CRYPTO}" in
mbedtls)
CMAKE_ARGS="${CMAKE_ARGS} -DENABLE_OPENSSL=OFF -DENABLE_MBEDTLS=ON"
CONFIGURE_ARGS="${CONFIGURE_ARGS} --without-openssl --with-mbedtls"
;;
nettle)
CMAKE_ARGS="${CMAKE_ARGS} -DENABLE_OPENSSL=OFF -DENABLE_NETTLE=ON"
CONFIGURE_ARGS="${CONFIGURE_ARGS} --without-openssl --with-nettle"
;;
esac
if [ -z "${MAKE_ARGS}" ]; then
if [ "${BS}" = "autotools" ]; then
MAKE_ARGS="V=1"
@ -76,7 +96,7 @@ if [ -n "${DEBUG}" ]; then
export CFLAGS="-g -fsanitize=address"
fi
if [ "${BS}" = "cmake" ]; then
CONFIGURE_ARGS="${CONFIGURE_ARGS} -DCMAKE_C_CFLAGS=-g -fsanitize=address"
CMAKE_ARGS="${CMAKE_ARGS} -DCMAKE_C_CFLAGS=-g -fsanitize=address"
fi
fi
if [ -z "${ACTIONS}" ]; then
@ -104,7 +124,7 @@ for action in ${ACTIONS}; do
configure)
case "${BS}" in
autotools) "${SRCDIR}/configure" ${CONFIGURE_ARGS} ;;
cmake) ${CMAKE} ${CONFIGURE_ARGS} "${SRCDIR}" ;;
cmake) ${CMAKE} ${CMAKE_ARGS} "${SRCDIR}" ;;
esac
RET="$?"
;;

2
build/ci/cirrus_ci/Dockerfile.fc30
View File

@ -1,3 +1,3 @@
FROM fedora:30
RUN dnf -y install make cmake gcc gcc-c++ kernel-devel automake libtool bison sharutils pkgconf libacl-devel libasan librichacl-devel bzip2-devel libzip-devel zlib-devel xz-devel lz4-devel libzstd-devel openssl-devel
RUN dnf -y install make cmake gcc gcc-c++ kernel-devel automake libtool bison sharutils pkgconf libacl-devel libasan librichacl-devel bzip2-devel libzip-devel zlib-devel xz-devel lz4-devel libzstd-devel openssl-devel nettle-devel mbedtls-devel

13
build/cmake/FindMbedTLS.cmake Normal file
View File

@ -0,0 +1,13 @@
find_path(MBEDTLS_INCLUDE_DIRS mbedtls/ssl.h)
find_library(MBEDTLS_LIBRARY mbedtls)
find_library(MBEDX509_LIBRARY mbedx509)
find_library(MBEDCRYPTO_LIBRARY mbedcrypto)
set(MBEDTLS_LIBRARIES "${MBEDTLS_LIBRARY}" "${MBEDX509_LIBRARY}" "${MBEDCRYPTO_LIBRARY}")
include(FindPackageHandleStandardArgs)
find_package_handle_standard_args(MBEDTLS DEFAULT_MSG
MBEDTLS_INCLUDE_DIRS MBEDTLS_LIBRARY MBEDX509_LIBRARY MBEDCRYPTO_LIBRARY)
mark_as_advanced(MBEDTLS_INCLUDE_DIRS MBEDTLS_LIBRARY MBEDX509_LIBRARY MBEDCRYPTO_LIBRARY)

3
build/cmake/config.h.in
View File

@ -710,6 +710,9 @@ typedef uint64_t uintmax_t;
/* Define to 1 if you have the `lzo2' library (-llzo2). */
#cmakedefine HAVE_LIBLZO2 1
/* Define to 1 if you have the `mbedcrypto' library (-lmbedcrypto). */
#cmakedefine HAVE_LIBMBEDCRYPTO 1
/* Define to 1 if you have the `nettle' library (-lnettle). */
#cmakedefine HAVE_LIBNETTLE 1

2
build/version
View File

@ -1 +1 @@
3004001
3004002dev

25
configure.ac
View File

@ -4,8 +4,8 @@ dnl First, define all of the version numbers up front.
dnl In particular, this allows the version macro to be used in AC_INIT
dnl These first two version numbers are updated automatically on each release.
m4_define([LIBARCHIVE_VERSION_S],[3.4.1])
m4_define([LIBARCHIVE_VERSION_N],[3004001])
m4_define([LIBARCHIVE_VERSION_S],[3.4.2dev])
m4_define([LIBARCHIVE_VERSION_N],[3004002])
dnl bsdtar and bsdcpio versioning tracks libarchive
m4_define([BSDTAR_VERSION_S],LIBARCHIVE_VERSION_S())
@ -421,8 +421,10 @@ fi
AC_ARG_WITH([cng],
AS_HELP_STRING([--without-cng], [Don't build support of CNG(Crypto Next Generation)]))
AC_ARG_WITH([mbedtls],
AS_HELP_STRING([--with-mbedtls], [Build with crypto support from mbed TLS]))
AC_ARG_WITH([nettle],
AS_HELP_STRING([--without-nettle], [Don't build with crypto support from Nettle]))
AS_HELP_STRING([--with-nettle], [Build with crypto support from Nettle]))
AC_ARG_WITH([openssl],
AS_HELP_STRING([--without-openssl], [Don't build support for mtree and xar hashes through openssl]))
case "$host_os" in
@ -1120,7 +1122,22 @@ if test "x$with_cng" != "xno"; then
]])
fi
if test "x$with_nettle" != "xno"; then
if test "x$with_mbedtls" = "xyes"; then
AC_CHECK_HEADERS([mbedtls/aes.h mbedtls/md.h mbedtls/pkcs5.h])
saved_LIBS=$LIBS
AC_CHECK_LIB(mbedcrypto,mbedtls_sha1_init)
CRYPTO_CHECK(MD5, MBEDTLS, md5)
CRYPTO_CHECK(RMD160, MBEDTLS, rmd160)
CRYPTO_CHECK(SHA1, MBEDTLS, sha1)
CRYPTO_CHECK(SHA256, MBEDTLS, sha256)
CRYPTO_CHECK(SHA384, MBEDTLS, sha384)
CRYPTO_CHECK(SHA512, MBEDTLS, sha512)
if test "x$found_MBEDTLS" != "xyes"; then
LIBS=$saved_LIBS
fi
fi
if test "x$with_nettle" = "xyes"; then
AC_CHECK_HEADERS([nettle/md5.h nettle/ripemd160.h nettle/sha.h])
AC_CHECK_HEADERS([nettle/pbkdf2.h nettle/aes.h nettle/hmac.h])
saved_LIBS=$LIBS

4
libarchive/archive.h
View File

@ -36,7 +36,7 @@
* assert that ARCHIVE_VERSION_NUMBER >= 2012108.
*/
/* Note: Compiler will complain if this does not match archive_entry.h! */
#define ARCHIVE_VERSION_NUMBER 3004001
#define ARCHIVE_VERSION_NUMBER 3004002
#include <sys/stat.h>
#include <stddef.h> /* for wchar_t */
@ -155,7 +155,7 @@ __LA_DECL int archive_version_number(void);
/*
* Textual name/version of the library, useful for version displays.
*/
#define ARCHIVE_VERSION_ONLY_STRING "3.4.1"
#define ARCHIVE_VERSION_ONLY_STRING "3.4.2dev"
#define ARCHIVE_VERSION_STRING "libarchive " ARCHIVE_VERSION_ONLY_STRING
__LA_DECL const char * archive_version_string(void);

61
libarchive/archive_cryptor.c
View File

@ -85,6 +85,35 @@ pbkdf2_sha1(const char *pw, size_t pw_len, const uint8_t *salt,
return (BCRYPT_SUCCESS(status)) ? 0: -1;
}
#elif defined(HAVE_LIBMBEDCRYPTO) && defined(HAVE_MBEDTLS_PKCS5_H)
static int
pbkdf2_sha1(const char *pw, size_t pw_len, const uint8_t *salt,
size_t salt_len, unsigned rounds, uint8_t *derived_key,
size_t derived_key_len)
{
mbedtls_md_context_t ctx;
const mbedtls_md_info_t *info;
int ret;
mbedtls_md_init(&ctx);
info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
if (info == NULL) {
mbedtls_md_free(&ctx);
return (-1);
}
ret = mbedtls_md_setup(&ctx, info, 1);
if (ret != 0) {
mbedtls_md_free(&ctx);
return (-1);
}
ret = mbedtls_pkcs5_pbkdf2_hmac(&ctx, (const unsigned char *)pw,
pw_len, salt, salt_len, rounds, derived_key_len, derived_key);
mbedtls_md_free(&ctx);
return (ret);
}
#elif defined(HAVE_LIBNETTLE) && defined(HAVE_NETTLE_PBKDF2_H)
static int
@ -269,6 +298,38 @@ aes_ctr_release(archive_crypto_ctx *ctx)
return 0;
}
#elif defined(HAVE_LIBMBEDCRYPTO) && defined(HAVE_MBEDTLS_AES_H)
static int
aes_ctr_init(archive_crypto_ctx *ctx, const uint8_t *key, size_t key_len)
{
mbedtls_aes_init(&ctx->ctx);
ctx->key_len = key_len;
memcpy(ctx->key, key, key_len);
memset(ctx->nonce, 0, sizeof(ctx->nonce));
ctx->encr_pos = AES_BLOCK_SIZE;
return 0;
}
static int
aes_ctr_encrypt_counter(archive_crypto_ctx *ctx)
{
if (mbedtls_aes_setkey_enc(&ctx->ctx, ctx->key,
ctx->key_len * 8) != 0)
return (-1);
if (mbedtls_aes_crypt_ecb(&ctx->ctx, MBEDTLS_AES_ENCRYPT, ctx->nonce,
ctx->encr_buf) != 0)
return (-1);
return 0;
}
static int
aes_ctr_release(archive_crypto_ctx *ctx)
{
mbedtls_aes_free(&ctx->ctx);
memset(ctx, 0, sizeof(*ctx));
return 0;
}
#elif defined(HAVE_LIBNETTLE) && defined(HAVE_NETTLE_AES_H)
static int

17
libarchive/archive_cryptor_private.h
View File

@ -83,6 +83,23 @@ typedef struct {
unsigned encr_pos;
} archive_crypto_ctx;
#elif defined(HAVE_LIBMBEDCRYPTO) && defined(HAVE_MBEDTLS_AES_H)
#include <mbedtls/aes.h>
#include <mbedtls/md.h>
#include <mbedtls/pkcs5.h>
#define AES_MAX_KEY_SIZE 32
#define AES_BLOCK_SIZE 16
typedef struct {
mbedtls_aes_context ctx;
uint8_t key[AES_MAX_KEY_SIZE];
unsigned key_len;
uint8_t nonce[AES_BLOCK_SIZE];
uint8_t encr_buf[AES_BLOCK_SIZE];
unsigned encr_pos;
} archive_crypto_ctx;
#elif defined(HAVE_LIBNETTLE) && defined(HAVE_NETTLE_AES_H)
#if defined(HAVE_NETTLE_PBKDF2_H)
#include <nettle/pbkdf2.h>

228
libarchive/archive_digest.c
View File

@ -178,6 +178,40 @@ __archive_libsystem_md5final(archive_md5_ctx *ctx, void *md)
return (ARCHIVE_OK);
}
#elif defined(ARCHIVE_CRYPTO_MD5_MBEDTLS)
static int
__archive_mbedtls_md5init(archive_md5_ctx *ctx)
{
mbedtls_md5_init(ctx);
if (mbedtls_md5_starts_ret(ctx) == 0)
return (ARCHIVE_OK);
else
return (ARCHIVE_FATAL);
}
static int
__archive_mbedtls_md5update(archive_md5_ctx *ctx, const void *indata,
size_t insize)
{
if (mbedtls_md5_update_ret(ctx, indata, insize) == 0)
return (ARCHIVE_OK);
else
return (ARCHIVE_FATAL);
}
static int
__archive_mbedtls_md5final(archive_md5_ctx *ctx, void *md)
{
if (mbedtls_md5_finish_ret(ctx, md) == 0) {
mbedtls_md5_free(ctx);
return (ARCHIVE_OK);
} else {
mbedtls_md5_free(ctx);
return (ARCHIVE_FATAL);
}
}
#elif defined(ARCHIVE_CRYPTO_MD5_NETTLE)
static int
@ -335,6 +369,40 @@ __archive_libmd_ripemd160final(archive_rmd160_ctx *ctx, void *md)
return (ARCHIVE_OK);
}
#elif defined(ARCHIVE_CRYPTO_RMD160_MBEDTLS)
static int
__archive_mbedtls_ripemd160init(archive_rmd160_ctx *ctx)
{
mbedtls_ripemd160_init(ctx);
if (mbedtls_ripemd160_starts_ret(ctx) == 0)
return (ARCHIVE_OK);
else
return (ARCHIVE_FATAL);
}
static int
__archive_mbedtls_ripemd160update(archive_rmd160_ctx *ctx, const void *indata,
size_t insize)
{
if (mbedtls_ripemd160_update_ret(ctx, indata, insize) == 0)
return (ARCHIVE_OK);
else
return (ARCHIVE_FATAL);
}
static int
__archive_mbedtls_ripemd160final(archive_rmd160_ctx *ctx, void *md)
{
if (mbedtls_ripemd160_finish_ret(ctx, md) == 0) {
mbedtls_ripemd160_free(ctx);
return (ARCHIVE_OK);
} else {
mbedtls_ripemd160_free(ctx);
return (ARCHIVE_FATAL);
}
}
#elif defined(ARCHIVE_CRYPTO_RMD160_NETTLE)
static int
@ -491,6 +559,40 @@ __archive_libsystem_sha1final(archive_sha1_ctx *ctx, void *md)
return (ARCHIVE_OK);
}
#elif defined(ARCHIVE_CRYPTO_SHA1_MBEDTLS)
static int
__archive_mbedtls_sha1init(archive_sha1_ctx *ctx)
{
mbedtls_sha1_init(ctx);
if (mbedtls_sha1_starts_ret(ctx) == 0)
return (ARCHIVE_OK);
else
return (ARCHIVE_FATAL);
}
static int
__archive_mbedtls_sha1update(archive_sha1_ctx *ctx, const void *indata,
size_t insize)
{
if (mbedtls_sha1_update_ret(ctx, indata, insize) == 0)
return (ARCHIVE_OK);
else
return (ARCHIVE_FATAL);
}
static int
__archive_mbedtls_sha1final(archive_sha1_ctx *ctx, void *md)
{
if (mbedtls_sha1_finish_ret(ctx, md) == 0) {
mbedtls_sha1_free(ctx);
return (ARCHIVE_OK);
} else {
mbedtls_sha1_free(ctx);
return (ARCHIVE_FATAL);
}
}
#elif defined(ARCHIVE_CRYPTO_SHA1_NETTLE)
static int
@ -720,6 +822,40 @@ __archive_libsystem_sha256final(archive_sha256_ctx *ctx, void *md)
return (ARCHIVE_OK);
}
#elif defined(ARCHIVE_CRYPTO_SHA256_MBEDTLS)
static int
__archive_mbedtls_sha256init(archive_sha256_ctx *ctx)
{
mbedtls_sha256_init(ctx);
if (mbedtls_sha256_starts_ret(ctx, 0) == 0)
return (ARCHIVE_OK);
else
return (ARCHIVE_FATAL);
}
static int
__archive_mbedtls_sha256update(archive_sha256_ctx *ctx, const void *indata,
size_t insize)
{
if (mbedtls_sha256_update_ret(ctx, indata, insize) == 0)
return (ARCHIVE_OK);
else
return (ARCHIVE_FATAL);
}
static int
__archive_mbedtls_sha256final(archive_sha256_ctx *ctx, void *md)
{
if (mbedtls_sha256_finish_ret(ctx, md) == 0) {
mbedtls_sha256_free(ctx);
return (ARCHIVE_OK);
} else {
mbedtls_sha256_free(ctx);
return (ARCHIVE_FATAL);
}
}
#elif defined(ARCHIVE_CRYPTO_SHA256_NETTLE)
static int
@ -921,6 +1057,40 @@ __archive_libsystem_sha384final(archive_sha384_ctx *ctx, void *md)
return (ARCHIVE_OK);
}
#elif defined(ARCHIVE_CRYPTO_SHA384_MBEDTLS)
static int
__archive_mbedtls_sha384init(archive_sha384_ctx *ctx)
{
mbedtls_sha512_init(ctx);
if (mbedtls_sha512_starts_ret(ctx, 1) == 0)
return (ARCHIVE_OK);
else
return (ARCHIVE_FATAL);
}
static int
__archive_mbedtls_sha384update(archive_sha384_ctx *ctx, const void *indata,
size_t insize)
{
if (mbedtls_sha512_update_ret(ctx, indata, insize) == 0)
return (ARCHIVE_OK);
else
return (ARCHIVE_FATAL);
}
static int
__archive_mbedtls_sha384final(archive_sha384_ctx *ctx, void *md)
{
if (mbedtls_sha512_finish_ret(ctx, md) == 0) {
mbedtls_sha512_free(ctx);
return (ARCHIVE_OK);
} else {
mbedtls_sha512_free(ctx);
return (ARCHIVE_FATAL);
}
}
#elif defined(ARCHIVE_CRYPTO_SHA384_NETTLE)
static int
@ -1146,6 +1316,40 @@ __archive_libsystem_sha512final(archive_sha512_ctx *ctx, void *md)
return (ARCHIVE_OK);
}
#elif defined(ARCHIVE_CRYPTO_SHA512_MBEDTLS)
static int
__archive_mbedtls_sha512init(archive_sha512_ctx *ctx)
{
mbedtls_sha512_init(ctx);
if (mbedtls_sha512_starts_ret(ctx, 0) == 0)
return (ARCHIVE_OK);
else
return (ARCHIVE_FATAL);
}
static int
__archive_mbedtls_sha512update(archive_sha512_ctx *ctx, const void *indata,
size_t insize)
{
if (mbedtls_sha512_update_ret(ctx, indata, insize) == 0)
return (ARCHIVE_OK);
else
return (ARCHIVE_FATAL);
}
static int
__archive_mbedtls_sha512final(archive_sha512_ctx *ctx, void *md)
{
if (mbedtls_sha512_finish_ret(ctx, md) == 0) {
mbedtls_sha512_free(ctx);
return (ARCHIVE_OK);
} else {
mbedtls_sha512_free(ctx);
return (ARCHIVE_FATAL);
}
}
#elif defined(ARCHIVE_CRYPTO_SHA512_NETTLE)
static int
@ -1276,6 +1480,10 @@ const struct archive_digest __archive_digest =
&__archive_libsystem_md5init,
&__archive_libsystem_md5update,
&__archive_libsystem_md5final,
#elif defined(ARCHIVE_CRYPTO_MD5_MBEDTLS)
&__archive_mbedtls_md5init,
&__archive_mbedtls_md5update,
&__archive_mbedtls_md5final,
#elif defined(ARCHIVE_CRYPTO_MD5_NETTLE)
&__archive_nettle_md5init,
&__archive_nettle_md5update,
@ -1303,6 +1511,10 @@ const struct archive_digest __archive_digest =
&__archive_libmd_ripemd160init,
&__archive_libmd_ripemd160update,
&__archive_libmd_ripemd160final,
#elif defined(ARCHIVE_CRYPTO_RMD160_MBEDTLS)
&__archive_mbedtls_ripemd160init,
&__archive_mbedtls_ripemd160update,
&__archive_mbedtls_ripemd160final,
#elif defined(ARCHIVE_CRYPTO_RMD160_NETTLE)
&__archive_nettle_ripemd160init,
&__archive_nettle_ripemd160update,
@ -1330,6 +1542,10 @@ const struct archive_digest __archive_digest =
&__archive_libsystem_sha1init,
&__archive_libsystem_sha1update,
&__archive_libsystem_sha1final,
#elif defined(ARCHIVE_CRYPTO_SHA1_MBEDTLS)
&__archive_mbedtls_sha1init,
&__archive_mbedtls_sha1update,
&__archive_mbedtls_sha1final,
#elif defined(ARCHIVE_CRYPTO_SHA1_NETTLE)
&__archive_nettle_sha1init,
&__archive_nettle_sha1update,
@ -1369,6 +1585,10 @@ const struct archive_digest __archive_digest =
&__archive_libsystem_sha256init,
&__archive_libsystem_sha256update,
&__archive_libsystem_sha256final,
#elif defined(ARCHIVE_CRYPTO_SHA256_MBEDTLS)
&__archive_mbedtls_sha256init,
&__archive_mbedtls_sha256update,
&__archive_mbedtls_sha256final,
#elif defined(ARCHIVE_CRYPTO_SHA256_NETTLE)
&__archive_nettle_sha256init,
&__archive_nettle_sha256update,
@ -1404,6 +1624,10 @@ const struct archive_digest __archive_digest =
&__archive_libsystem_sha384init,
&__archive_libsystem_sha384update,
&__archive_libsystem_sha384final,
#elif defined(ARCHIVE_CRYPTO_SHA384_MBEDTLS)
&__archive_mbedtls_sha384init,
&__archive_mbedtls_sha384update,
&__archive_mbedtls_sha384final,
#elif defined(ARCHIVE_CRYPTO_SHA384_NETTLE)
&__archive_nettle_sha384init,
&__archive_nettle_sha384update,
@ -1443,6 +1667,10 @@ const struct archive_digest __archive_digest =
&__archive_libsystem_sha512init,
&__archive_libsystem_sha512update,
&__archive_libsystem_sha512final
#elif defined(ARCHIVE_CRYPTO_SHA512_MBEDTLS)
&__archive_mbedtls_sha512init,
&__archive_mbedtls_sha512update,
&__archive_mbedtls_sha512final
#elif defined(ARCHIVE_CRYPTO_SHA512_NETTLE)
&__archive_nettle_sha512init,
&__archive_nettle_sha512update,

36
libarchive/archive_digest_private.h
View File

@ -112,6 +112,24 @@
#include <CommonCrypto/CommonDigest.h>
#endif
/* mbed TLS crypto headers */
#if defined(ARCHIVE_CRYPTO_MD5_MBEDTLS)
#include <mbedtls/md5.h>
#endif
#if defined(ARCHIVE_CRYPTO_RMD160_MBEDTLS)
#include <mbedtls/ripemd160.h>
#endif
#if defined(ARCHIVE_CRYPTO_SHA1_MBEDTLS)
#include <mbedtls/sha1.h>
#endif
#if defined(ARCHIVE_CRYPTO_SHA256_MBEDTLS)
#include <mbedtls/sha256.h>
#endif
#if defined(ARCHIVE_CRYPTO_SHA384_MBEDTLS) ||\
defined(ARCHIVE_CRYPTO_SHA512_MBEDTLS)
#include <mbedtls/sha512.h>
#endif
/* Nettle crypto headers */
#if defined(ARCHIVE_CRYPTO_MD5_NETTLE)
#include <nettle/md5.h>
@ -159,6 +177,8 @@ typedef MD5_CTX archive_md5_ctx;
typedef MD5_CTX archive_md5_ctx;
#elif defined(ARCHIVE_CRYPTO_MD5_LIBSYSTEM)
typedef CC_MD5_CTX archive_md5_ctx;
#elif defined(ARCHIVE_CRYPTO_MD5_MBEDTLS)
typedef mbedtls_md5_context archive_md5_ctx;
#elif defined(ARCHIVE_CRYPTO_MD5_NETTLE)
typedef struct md5_ctx archive_md5_ctx;
#elif defined(ARCHIVE_CRYPTO_MD5_OPENSSL)
@ -173,6 +193,8 @@ typedef unsigned char archive_md5_ctx;
typedef RMD160_CTX archive_rmd160_ctx;
#elif defined(ARCHIVE_CRYPTO_RMD160_LIBMD)
typedef RIPEMD160_CTX archive_rmd160_ctx;
#elif defined(ARCHIVE_CRYPTO_RMD160_MBEDTLS)
typedef mbedtls_ripemd160_context archive_rmd160_ctx;
#elif defined(ARCHIVE_CRYPTO_RMD160_NETTLE)
typedef struct ripemd160_ctx archive_rmd160_ctx;
#elif defined(ARCHIVE_CRYPTO_RMD160_OPENSSL)
@ -187,6 +209,8 @@ typedef SHA1_CTX archive_sha1_ctx;
typedef SHA1_CTX archive_sha1_ctx;
#elif defined(ARCHIVE_CRYPTO_SHA1_LIBSYSTEM)
typedef CC_SHA1_CTX archive_sha1_ctx;
#elif defined(ARCHIVE_CRYPTO_SHA1_MBEDTLS)
typedef mbedtls_sha1_context archive_sha1_ctx;
#elif defined(ARCHIVE_CRYPTO_SHA1_NETTLE)
typedef struct sha1_ctx archive_sha1_ctx;
#elif defined(ARCHIVE_CRYPTO_SHA1_OPENSSL)
@ -207,6 +231,8 @@ typedef SHA2_CTX archive_sha256_ctx;
typedef SHA256_CTX archive_sha256_ctx;
#elif defined(ARCHIVE_CRYPTO_SHA256_LIBSYSTEM)
typedef CC_SHA256_CTX archive_sha256_ctx;
#elif defined(ARCHIVE_CRYPTO_SHA256_MBEDTLS)
typedef mbedtls_sha256_context archive_sha256_ctx;
#elif defined(ARCHIVE_CRYPTO_SHA256_NETTLE)
typedef struct sha256_ctx archive_sha256_ctx;
#elif defined(ARCHIVE_CRYPTO_SHA256_OPENSSL)
@ -225,6 +251,8 @@ typedef SHA384_CTX archive_sha384_ctx;
typedef SHA2_CTX archive_sha384_ctx;
#elif defined(ARCHIVE_CRYPTO_SHA384_LIBSYSTEM)
typedef CC_SHA512_CTX archive_sha384_ctx;
#elif defined(ARCHIVE_CRYPTO_SHA384_MBEDTLS)
typedef mbedtls_sha512_context archive_sha384_ctx;
#elif defined(ARCHIVE_CRYPTO_SHA384_NETTLE)
typedef struct sha384_ctx archive_sha384_ctx;
#elif defined(ARCHIVE_CRYPTO_SHA384_OPENSSL)
@ -245,6 +273,8 @@ typedef SHA2_CTX archive_sha512_ctx;
typedef SHA512_CTX archive_sha512_ctx;
#elif defined(ARCHIVE_CRYPTO_SHA512_LIBSYSTEM)
typedef CC_SHA512_CTX archive_sha512_ctx;
#elif defined(ARCHIVE_CRYPTO_SHA512_MBEDTLS)
typedef mbedtls_sha512_context archive_sha512_ctx;
#elif defined(ARCHIVE_CRYPTO_SHA512_NETTLE)
typedef struct sha512_ctx archive_sha512_ctx;
#elif defined(ARCHIVE_CRYPTO_SHA512_OPENSSL)
@ -259,6 +289,7 @@ typedef unsigned char archive_sha512_ctx;
#if defined(ARCHIVE_CRYPTO_MD5_LIBC) ||\
defined(ARCHIVE_CRYPTO_MD5_LIBMD) || \
defined(ARCHIVE_CRYPTO_MD5_LIBSYSTEM) ||\
defined(ARCHIVE_CRYPTO_MD5_MBEDTLS) ||\
defined(ARCHIVE_CRYPTO_MD5_NETTLE) ||\
defined(ARCHIVE_CRYPTO_MD5_OPENSSL) ||\
defined(ARCHIVE_CRYPTO_MD5_WIN)
@ -272,6 +303,7 @@ typedef unsigned char archive_sha512_ctx;
__archive_digest.md5update(ctx, buf, n)
#if defined(ARCHIVE_CRYPTO_RMD160_LIBC) ||\
defined(ARCHIVE_CRYPTO_RMD160_MBEDTLS) ||\
defined(ARCHIVE_CRYPTO_RMD160_NETTLE) ||\
defined(ARCHIVE_CRYPTO_RMD160_OPENSSL)
#define ARCHIVE_HAS_RMD160
@ -286,6 +318,7 @@ typedef unsigned char archive_sha512_ctx;
#if defined(ARCHIVE_CRYPTO_SHA1_LIBC) ||\
defined(ARCHIVE_CRYPTO_SHA1_LIBMD) || \
defined(ARCHIVE_CRYPTO_SHA1_LIBSYSTEM) ||\
defined(ARCHIVE_CRYPTO_SHA1_MBEDTLS) ||\
defined(ARCHIVE_CRYPTO_SHA1_NETTLE) ||\
defined(ARCHIVE_CRYPTO_SHA1_OPENSSL) ||\
defined(ARCHIVE_CRYPTO_SHA1_WIN)
@ -303,6 +336,7 @@ typedef unsigned char archive_sha512_ctx;
defined(ARCHIVE_CRYPTO_SHA256_LIBC3) ||\
defined(ARCHIVE_CRYPTO_SHA256_LIBMD) ||\
defined(ARCHIVE_CRYPTO_SHA256_LIBSYSTEM) ||\
defined(ARCHIVE_CRYPTO_SHA256_MBEDTLS) ||\
defined(ARCHIVE_CRYPTO_SHA256_NETTLE) ||\
defined(ARCHIVE_CRYPTO_SHA256_OPENSSL) ||\
defined(ARCHIVE_CRYPTO_SHA256_WIN)
@ -319,6 +353,7 @@ typedef unsigned char archive_sha512_ctx;
defined(ARCHIVE_CRYPTO_SHA384_LIBC2) ||\
defined(ARCHIVE_CRYPTO_SHA384_LIBC3) ||\
defined(ARCHIVE_CRYPTO_SHA384_LIBSYSTEM) ||\
defined(ARCHIVE_CRYPTO_SHA384_MBEDTLS) ||\
defined(ARCHIVE_CRYPTO_SHA384_NETTLE) ||\
defined(ARCHIVE_CRYPTO_SHA384_OPENSSL) ||\
defined(ARCHIVE_CRYPTO_SHA384_WIN)
@ -336,6 +371,7 @@ typedef unsigned char archive_sha512_ctx;
defined(ARCHIVE_CRYPTO_SHA512_LIBC3) ||\
defined(ARCHIVE_CRYPTO_SHA512_LIBMD) ||\
defined(ARCHIVE_CRYPTO_SHA512_LIBSYSTEM) ||\
defined(ARCHIVE_CRYPTO_SHA512_MBEDTLS) ||\
defined(ARCHIVE_CRYPTO_SHA512_NETTLE) ||\
defined(ARCHIVE_CRYPTO_SHA512_OPENSSL) ||\
defined(ARCHIVE_CRYPTO_SHA512_WIN)

2
libarchive/archive_entry.h
View File

@ -30,7 +30,7 @@
#define ARCHIVE_ENTRY_H_INCLUDED
/* Note: Compiler will complain if this does not match archive.h! */
#define ARCHIVE_VERSION_NUMBER 3004001
#define ARCHIVE_VERSION_NUMBER 3004002
/*
* Note: archive_entry.h is for use outside of libarchive; the

47
libarchive/archive_hmac.c
View File

@ -150,6 +150,52 @@ __hmac_sha1_cleanup(archive_hmac_sha1_ctx *ctx)
}
}
#elif defined(HAVE_LIBMBEDCRYPTO) && defined(HAVE_MBEDTLS_MD_H)
static int
__hmac_sha1_init(archive_hmac_sha1_ctx *ctx, const uint8_t *key, size_t key_len)
{
const mbedtls_md_info_t *info;
int ret;
mbedtls_md_init(ctx);
info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
if (info == NULL) {
mbedtls_md_free(ctx);
return (-1);
}
ret = mbedtls_md_setup(ctx, info, 1);
if (ret != 0) {
mbedtls_md_free(ctx);
return (-1);
}
ret = mbedtls_md_hmac_starts(ctx, key, key_len);
if (ret != 0) {
mbedtls_md_free(ctx);
return (-1);
}
return 0;
}
static void
__hmac_sha1_update(archive_hmac_sha1_ctx *ctx, const uint8_t *data,
size_t data_len)
{
mbedtls_md_hmac_update(ctx, data, data_len);
}
static void __hmac_sha1_final(archive_hmac_sha1_ctx *ctx, uint8_t *out, size_t *out_len)
{
(void)out_len; /* UNUSED */
mbedtls_md_hmac_finish(ctx, out);
}
static void __hmac_sha1_cleanup(archive_hmac_sha1_ctx *ctx)
{
mbedtls_md_free(ctx);
memset(ctx, 0, sizeof(*ctx));
}
#elif defined(HAVE_LIBNETTLE) && defined(HAVE_NETTLE_HMAC_H)
static int
@ -201,6 +247,7 @@ static void
__hmac_sha1_final(archive_hmac_sha1_ctx *ctx, uint8_t *out, size_t *out_len)
{
unsigned int len = (unsigned int)*out_len;
HMAC_Final(*ctx, out, &len);
*out_len = len;
}

5
libarchive/archive_hmac_private.h
View File

@ -64,6 +64,11 @@ typedef struct {
} archive_hmac_sha1_ctx;
#elif defined(HAVE_LIBMBEDCRYPTO) && defined(HAVE_MBEDTLS_MD_H)
#include <mbedtls/md.h>
typedef mbedtls_md_context_t archive_hmac_sha1_ctx;
#elif defined(HAVE_LIBNETTLE) && defined(HAVE_NETTLE_HMAC_H)
#include <nettle/hmac.h>

35
libarchive/archive_write.c
View File

@ -448,6 +448,30 @@ archive_write_client_write(struct archive_write_filter *f,
return (ARCHIVE_OK);
}
static int
archive_write_client_free(struct archive_write_filter *f)
{
struct archive_write *a = (struct archive_write *)f->archive;
struct archive_none *state = (struct archive_none *)f->data;
if (state != NULL) {
free(state->buffer);
free(state);
state = NULL;
}
a->client_data = NULL;
/* Clear passphrase. */
if (a->passphrase != NULL) {
memset(a->passphrase, 0, strlen(a->passphrase));
free(a->passphrase);
a->passphrase = NULL;
}
return (ARCHIVE_OK);
}
static int
archive_write_client_close(struct archive_write_filter *f)
{
@ -484,17 +508,9 @@ archive_write_client_close(struct archive_write_filter *f)
}
if (a->client_closer)
(*a->client_closer)(&a->archive, a->client_data);
free(state->buffer);
free(state);
/* Clear the close handler myself not to be called again. */
f->state = ARCHIVE_WRITE_FILTER_STATE_CLOSED;
a->client_data = NULL;
/* Clear passphrase. */
if (a->passphrase != NULL) {
memset(a->passphrase, 0, strlen(a->passphrase));
free(a->passphrase);
a->passphrase = NULL;
}
return (ret);
}
@ -523,6 +539,7 @@ archive_write_open(struct archive *_a, void *client_data,
client_filter->open = archive_write_client_open;
client_filter->write = archive_write_client_write;
client_filter->close = archive_write_client_close;
client_filter->free = archive_write_client_free;
ret = __archive_write_filters_open(a);
if (ret < ARCHIVE_WARN) {