From owner-svn-src-all@freebsd.org Sun Jan 5 01:30:45 2020 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A05821EFE50; Sun, 5 Jan 2020 01:30:45 +0000 (UTC) (envelope-from mm@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47r1LF4TXnz4sff; Sun, 5 Jan 2020 01:30:45 +0000 (UTC) (envelope-from mm@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 94C051DEB5; Sun, 5 Jan 2020 01:30:45 +0000 (UTC) (envelope-from mm@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0051Uj5b050179; Sun, 5 Jan 2020 01:30:45 GMT (envelope-from mm@FreeBSD.org) Received: (from mm@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0051Uf2r050149; Sun, 5 Jan 2020 01:30:41 GMT (envelope-from mm@FreeBSD.org) Message-Id: <202001050130.0051Uf2r050149@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: mm set sender to mm@FreeBSD.org using -f From: Martin Matuska Date: Sun, 5 Jan 2020 01:30:41 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r356365 - in vendor/libarchive/dist: . .github/workflows build build/ci build/ci/cirrus_ci build/cmake libarchive X-SVN-Group: vendor X-SVN-Commit-Author: mm X-SVN-Commit-Paths: in vendor/libarchive/dist: . .github/workflows build build/ci build/ci/cirrus_ci build/cmake libarchive X-SVN-Commit-Revision: 356365 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Jan 2020 01:30:45 -0000 Author: mm Date: Sun Jan 5 01:30:41 2020 New Revision: 356365 URL: https://svnweb.freebsd.org/changeset/base/356365 Log: Update vendor/libarchive/dist to git 5e270715b51d199467195b56f77e21cb8bb1d642 Relevant vendor changes: Issue #1302: Plug memory leak on failure of archive_write_client_open() Added: vendor/libarchive/dist/build/cmake/FindMbedTLS.cmake Modified: vendor/libarchive/dist/.cirrus.yml vendor/libarchive/dist/.github/workflows/ci.yml vendor/libarchive/dist/.gitignore vendor/libarchive/dist/CMakeLists.txt vendor/libarchive/dist/build/ci/build.sh vendor/libarchive/dist/build/ci/cirrus_ci/Dockerfile.fc30 vendor/libarchive/dist/build/cmake/config.h.in vendor/libarchive/dist/build/version vendor/libarchive/dist/configure.ac vendor/libarchive/dist/libarchive/archive.h vendor/libarchive/dist/libarchive/archive_cryptor.c vendor/libarchive/dist/libarchive/archive_cryptor_private.h vendor/libarchive/dist/libarchive/archive_digest.c vendor/libarchive/dist/libarchive/archive_digest_private.h vendor/libarchive/dist/libarchive/archive_entry.h vendor/libarchive/dist/libarchive/archive_hmac.c vendor/libarchive/dist/libarchive/archive_hmac_private.h vendor/libarchive/dist/libarchive/archive_write.c Modified: vendor/libarchive/dist/.cirrus.yml ============================================================================== --- vendor/libarchive/dist/.cirrus.yml Sun Jan 5 01:00:11 2020 (r356364) +++ vendor/libarchive/dist/.cirrus.yml Sun Jan 5 01:30:41 2020 (r356365) @@ -29,11 +29,14 @@ FreeBSD_task: Fedora_30_task: container: dockerfile: build/ci/cirrus_ci/Dockerfile.fc30 - matrix: - env: - BS: autotools - env: - BS: cmake + env: + matrix: + - BS: autotools + - BS: cmake + matrix: + - CRYPTO: mbedtls + - CRYPTO: nettle + - CRYPTO: openssl configure_script: - ./build/ci/build.sh -a autogen - ./build/ci/build.sh -a configure Modified: vendor/libarchive/dist/.github/workflows/ci.yml ============================================================================== --- vendor/libarchive/dist/.github/workflows/ci.yml Sun Jan 5 01:00:11 2020 (r356364) +++ vendor/libarchive/dist/.github/workflows/ci.yml Sun Jan 5 01:30:41 2020 (r356365) @@ -39,10 +39,11 @@ jobs: strategy: matrix: bs: [autotools, cmake] + crypto: [mbedtls, nettle, openssl] steps: - uses: actions/checkout@master - name: Install dependencies - run: sudo apt-get install -y build-essential cmake libssl-dev libacl1-dev libbz2-dev liblzma-dev libzip-dev liblz4-dev libzstd-dev lzop + run: sudo apt-get install -y build-essential cmake libssl-dev nettle-dev libmbedtls-dev libacl1-dev libbz2-dev liblzma-dev libzip-dev liblz4-dev libzstd-dev lzop - name: Autogen run: ./build/ci/build.sh -a autogen env: @@ -51,6 +52,7 @@ jobs: run: ./build/ci/build.sh -a configure env: BS: ${{ matrix.bs }} + CRYPTO: ${{ matrix.crypto }} - name: Build run: ./build/ci/build.sh -a build env: Modified: vendor/libarchive/dist/.gitignore ============================================================================== --- vendor/libarchive/dist/.gitignore Sun Jan 5 01:00:11 2020 (r356364) +++ vendor/libarchive/dist/.gitignore Sun Jan 5 01:30:41 2020 (r356365) @@ -4,6 +4,7 @@ *.la *.lo *.cmake +!build/cmake/*.cmake .deps/ .libs/ .dirstamp Modified: vendor/libarchive/dist/CMakeLists.txt ============================================================================== --- vendor/libarchive/dist/CMakeLists.txt Sun Jan 5 01:00:11 2020 (r356364) +++ vendor/libarchive/dist/CMakeLists.txt Sun Jan 5 01:30:41 2020 (r356365) @@ -18,7 +18,7 @@ endif() # RelWithDebInfo : Release build with Debug Info # MinSizeRel : Release Min Size build IF(NOT CMAKE_BUILD_TYPE) - SET(CMAKE_BUILD_TYPE "Release" CACHE STRING "Build Type" FORCE) + SET(CMAKE_BUILD_TYPE "Debug" CACHE STRING "Build Type" FORCE) ENDIF(NOT CMAKE_BUILD_TYPE) # Set a value type to properly display CMAKE_BUILD_TYPE on GUI if the # value type is "UNINITIALIZED". @@ -193,7 +193,8 @@ ENDIF (MSVC) # Enable CTest/CDash support include(CTest) -OPTION(ENABLE_NETTLE "Enable use of Nettle" ON) +OPTION(ENABLE_MBEDTLS "Enable use of mbed TLS" OFF) +OPTION(ENABLE_NETTLE "Enable use of Nettle" OFF) OPTION(ENABLE_OPENSSL "Enable use of OpenSSL" ON) OPTION(ENABLE_LIBB2 "Enable the use of the system LIBB2 library if found" ON) OPTION(ENABLE_LZ4 "Enable the use of the system LZ4 library if found" ON) @@ -739,6 +740,26 @@ CHECK_C_SOURCE_COMPILES( SAFE_TO_DEFINE_EXTENSIONS) # +# Find mbed TLS +# +IF(ENABLE_MBEDTLS) + FIND_PACKAGE(MbedTLS) + IF(MBEDTLS_FOUND) + SET(HAVE_LIBMBEDCRYPTO 1) + LIST(APPEND ADDITIONAL_LIBS ${MBEDCRYPTO_LIBRARY}) + INCLUDE_DIRECTORIES(${MBEDTLS_INCLUDE_DIRS}) + + LIST(APPEND CMAKE_REQUIRED_INCLUDES ${MBEDTLS_INCLUDE_DIRS}) + LA_CHECK_INCLUDE_FILE("mbedtls/aes.h" HAVE_MBEDTLS_AES_H) + LA_CHECK_INCLUDE_FILE("mbedtls/md.h" HAVE_MBEDTLS_MD_H) + LA_CHECK_INCLUDE_FILE("mbedtls/pkcs5.h" HAVE_MBEDTLS_PKCS5_H) + + ENDIF(MBEDTLS_FOUND) + MARK_AS_ADVANCED(CLEAR MBEDTLS_INCLUDE_DIRS) + MARK_AS_ADVANCED(CLEAR MBEDCRYPTO_LIBRARY) +ENDIF(ENABLE_MBEDTLS) + +# # Find Nettle # IF(ENABLE_NETTLE) @@ -800,6 +821,8 @@ MACRO(CHECK_CRYPTO ALGORITHMS IMPLEMENTATION) STRING(TOUPPER "${ALGORITHM}" algorithm) IF ("${IMPLEMENTATION}" MATCHES "^OPENSSL$" AND NOT OPENSSL_FOUND) SET(ARCHIVE_CRYPTO_${ALGORITHM}_${IMPLEMENTATION} FALSE) + ELSEIF("${IMPLEMENTATION}" MATCHES "^MBEDTLS$" AND NOT MBEDTLS_FOUND) + SET(ARCHIVE_CRYPTO_${ALGORITHM}_${IMPLEMENTATION} FALSE) ELSEIF("${IMPLEMENTATION}" MATCHES "^NETTLE$" AND NOT NETTLE_FOUND) SET(ARCHIVE_CRYPTO_${ALGORITHM}_${IMPLEMENTATION} FALSE) ENDIF("${IMPLEMENTATION}" MATCHES "^OPENSSL$" AND NOT OPENSSL_FOUND) @@ -815,6 +838,11 @@ MACRO(CHECK_CRYPTO ALGORITHMS IMPLEMENTATION) "${TRY_CRYPTO_REQUIRED_INCLUDES};${OPENSSL_INCLUDE_DIR}") SET(TRY_CRYPTO_REQUIRED_LIBS "-DLINK_LIBRARIES:STRING=${OPENSSL_LIBRARIES}") + ELSEIF("${IMPLEMENTATION}" MATCHES "^MBEDTLS$" AND MBEDTLS_FOUND) + SET(TRY_CRYPTO_REQUIRED_INCLUDES + "${TRY_CRYPTO_REQUIRED_INCLUDES};${MBEDTLS_INCLUDE_DIRS}") + SET(TRY_CRYPTO_REQUIRED_LIBS + "-DLINK_LIBRARIES:STRING=${MBEDCRYPTO_LIBRARY}") ELSEIF("${IMPLEMENTATION}" MATCHES "^NETTLE$" AND NETTLE_FOUND) SET(TRY_CRYPTO_REQUIRED_INCLUDES "${TRY_CRYPTO_REQUIRED_INCLUDES};${NETTLE_INCLUDE_DIR}") @@ -1960,6 +1988,7 @@ CHECK_CRYPTO("MD5;RMD160;SHA1;SHA256;SHA384;SHA512" LI CHECK_CRYPTO("SHA256;SHA384;SHA512" LIBC2) CHECK_CRYPTO("SHA256;SHA384;SHA512" LIBC3) CHECK_CRYPTO("MD5;SHA1;SHA256;SHA384;SHA512" LIBSYSTEM) +CHECK_CRYPTO("MD5;RMD160;SHA1;SHA256;SHA384;SHA512" MBEDTLS) CHECK_CRYPTO("MD5;RMD160;SHA1;SHA256;SHA384;SHA512" NETTLE) CHECK_CRYPTO("MD5;RMD160;SHA1;SHA256;SHA384;SHA512" OPENSSL) Modified: vendor/libarchive/dist/build/ci/build.sh ============================================================================== --- vendor/libarchive/dist/build/ci/build.sh Sun Jan 5 01:00:11 2020 (r356364) +++ vendor/libarchive/dist/build/ci/build.sh Sun Jan 5 01:30:41 2020 (r356365) @@ -4,9 +4,11 @@ # # Variables that can be passed via environment: # BS= # build system (autotools or cmake) +# CRYPTO= # cryptography provider (openssl, nettle or mbedtls) # BUILDDIR= # build directory # SRCDIR= # source directory # CONFIGURE_ARGS= # configure arguments +# CMAKE_ARGS= # cmake arguments # MAKE_ARGS= # make arguments # DEBUG= # set -g -fsanitize=address flags @@ -23,14 +25,14 @@ SRCDIR="${SRCDIR:-`pwd`}" RET=0 usage () { - echo "Usage: $0 [-b autotools|cmake] [-a autogen|configure|build|test|install|distcheck ] [ -a ... ] [ -d builddir ] [-s srcdir ]" + echo "Usage: $0 [-b autotools|cmake] [-a autogen|configure|build|test|install|distcheck ] [ -a ... ] [ -d builddir ] [-c openssl|nettle|mbedtls] [-s srcdir ]" } inputerror () { echo $1 usage exit 1 } -while getopts a:b:d:s: opt; do +while getopts a:b:c:d:s: opt; do case ${opt} in a) case "${OPTARG}" in @@ -51,6 +53,14 @@ while getopts a:b:d:s: opt; do *) inputerror "Invalid build system (-b)" ;; esac ;; + c) CRYPTO="${OPTARG}" + case "${CRYPTO}" in + mbedtls) ;; + openssl) ;; + nettle) ;; + *) inputerror "Invalid crypto provider (-c)" ;; + esac + ;; d) BUILDDIR="${OPTARG}" ;; @@ -62,6 +72,16 @@ while getopts a:b:d:s: opt; do ;; esac done +case "${CRYPTO}" in + mbedtls) + CMAKE_ARGS="${CMAKE_ARGS} -DENABLE_OPENSSL=OFF -DENABLE_MBEDTLS=ON" + CONFIGURE_ARGS="${CONFIGURE_ARGS} --without-openssl --with-mbedtls" + ;; + nettle) + CMAKE_ARGS="${CMAKE_ARGS} -DENABLE_OPENSSL=OFF -DENABLE_NETTLE=ON" + CONFIGURE_ARGS="${CONFIGURE_ARGS} --without-openssl --with-nettle" + ;; +esac if [ -z "${MAKE_ARGS}" ]; then if [ "${BS}" = "autotools" ]; then MAKE_ARGS="V=1" @@ -76,7 +96,7 @@ if [ -n "${DEBUG}" ]; then export CFLAGS="-g -fsanitize=address" fi if [ "${BS}" = "cmake" ]; then - CONFIGURE_ARGS="${CONFIGURE_ARGS} -DCMAKE_C_CFLAGS=-g -fsanitize=address" + CMAKE_ARGS="${CMAKE_ARGS} -DCMAKE_C_CFLAGS=-g -fsanitize=address" fi fi if [ -z "${ACTIONS}" ]; then @@ -104,7 +124,7 @@ for action in ${ACTIONS}; do configure) case "${BS}" in autotools) "${SRCDIR}/configure" ${CONFIGURE_ARGS} ;; - cmake) ${CMAKE} ${CONFIGURE_ARGS} "${SRCDIR}" ;; + cmake) ${CMAKE} ${CMAKE_ARGS} "${SRCDIR}" ;; esac RET="$?" ;; Modified: vendor/libarchive/dist/build/ci/cirrus_ci/Dockerfile.fc30 ============================================================================== --- vendor/libarchive/dist/build/ci/cirrus_ci/Dockerfile.fc30 Sun Jan 5 01:00:11 2020 (r356364) +++ vendor/libarchive/dist/build/ci/cirrus_ci/Dockerfile.fc30 Sun Jan 5 01:30:41 2020 (r356365) @@ -1,3 +1,3 @@ FROM fedora:30 -RUN dnf -y install make cmake gcc gcc-c++ kernel-devel automake libtool bison sharutils pkgconf libacl-devel libasan librichacl-devel bzip2-devel libzip-devel zlib-devel xz-devel lz4-devel libzstd-devel openssl-devel +RUN dnf -y install make cmake gcc gcc-c++ kernel-devel automake libtool bison sharutils pkgconf libacl-devel libasan librichacl-devel bzip2-devel libzip-devel zlib-devel xz-devel lz4-devel libzstd-devel openssl-devel nettle-devel mbedtls-devel Added: vendor/libarchive/dist/build/cmake/FindMbedTLS.cmake ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/libarchive/dist/build/cmake/FindMbedTLS.cmake Sun Jan 5 01:30:41 2020 (r356365) @@ -0,0 +1,13 @@ +find_path(MBEDTLS_INCLUDE_DIRS mbedtls/ssl.h) + +find_library(MBEDTLS_LIBRARY mbedtls) +find_library(MBEDX509_LIBRARY mbedx509) +find_library(MBEDCRYPTO_LIBRARY mbedcrypto) + +set(MBEDTLS_LIBRARIES "${MBEDTLS_LIBRARY}" "${MBEDX509_LIBRARY}" "${MBEDCRYPTO_LIBRARY}") + +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(MBEDTLS DEFAULT_MSG + MBEDTLS_INCLUDE_DIRS MBEDTLS_LIBRARY MBEDX509_LIBRARY MBEDCRYPTO_LIBRARY) + +mark_as_advanced(MBEDTLS_INCLUDE_DIRS MBEDTLS_LIBRARY MBEDX509_LIBRARY MBEDCRYPTO_LIBRARY) Modified: vendor/libarchive/dist/build/cmake/config.h.in ============================================================================== --- vendor/libarchive/dist/build/cmake/config.h.in Sun Jan 5 01:00:11 2020 (r356364) +++ vendor/libarchive/dist/build/cmake/config.h.in Sun Jan 5 01:30:41 2020 (r356365) @@ -710,6 +710,9 @@ typedef uint64_t uintmax_t; /* Define to 1 if you have the `lzo2' library (-llzo2). */ #cmakedefine HAVE_LIBLZO2 1 +/* Define to 1 if you have the `mbedcrypto' library (-lmbedcrypto). */ +#cmakedefine HAVE_LIBMBEDCRYPTO 1 + /* Define to 1 if you have the `nettle' library (-lnettle). */ #cmakedefine HAVE_LIBNETTLE 1 Modified: vendor/libarchive/dist/build/version ============================================================================== --- vendor/libarchive/dist/build/version Sun Jan 5 01:00:11 2020 (r356364) +++ vendor/libarchive/dist/build/version Sun Jan 5 01:30:41 2020 (r356365) @@ -1 +1 @@ -3004001 +3004002dev Modified: vendor/libarchive/dist/configure.ac ============================================================================== --- vendor/libarchive/dist/configure.ac Sun Jan 5 01:00:11 2020 (r356364) +++ vendor/libarchive/dist/configure.ac Sun Jan 5 01:30:41 2020 (r356365) @@ -4,8 +4,8 @@ dnl First, define all of the version numbers up front. dnl In particular, this allows the version macro to be used in AC_INIT dnl These first two version numbers are updated automatically on each release. -m4_define([LIBARCHIVE_VERSION_S],[3.4.1]) -m4_define([LIBARCHIVE_VERSION_N],[3004001]) +m4_define([LIBARCHIVE_VERSION_S],[3.4.2dev]) +m4_define([LIBARCHIVE_VERSION_N],[3004002]) dnl bsdtar and bsdcpio versioning tracks libarchive m4_define([BSDTAR_VERSION_S],LIBARCHIVE_VERSION_S()) @@ -421,8 +421,10 @@ fi AC_ARG_WITH([cng], AS_HELP_STRING([--without-cng], [Don't build support of CNG(Crypto Next Generation)])) +AC_ARG_WITH([mbedtls], + AS_HELP_STRING([--with-mbedtls], [Build with crypto support from mbed TLS])) AC_ARG_WITH([nettle], - AS_HELP_STRING([--without-nettle], [Don't build with crypto support from Nettle])) + AS_HELP_STRING([--with-nettle], [Build with crypto support from Nettle])) AC_ARG_WITH([openssl], AS_HELP_STRING([--without-openssl], [Don't build support for mtree and xar hashes through openssl])) case "$host_os" in @@ -1120,7 +1122,22 @@ if test "x$with_cng" != "xno"; then ]]) fi -if test "x$with_nettle" != "xno"; then +if test "x$with_mbedtls" = "xyes"; then + AC_CHECK_HEADERS([mbedtls/aes.h mbedtls/md.h mbedtls/pkcs5.h]) + saved_LIBS=$LIBS + AC_CHECK_LIB(mbedcrypto,mbedtls_sha1_init) + CRYPTO_CHECK(MD5, MBEDTLS, md5) + CRYPTO_CHECK(RMD160, MBEDTLS, rmd160) + CRYPTO_CHECK(SHA1, MBEDTLS, sha1) + CRYPTO_CHECK(SHA256, MBEDTLS, sha256) + CRYPTO_CHECK(SHA384, MBEDTLS, sha384) + CRYPTO_CHECK(SHA512, MBEDTLS, sha512) + if test "x$found_MBEDTLS" != "xyes"; then + LIBS=$saved_LIBS + fi +fi + +if test "x$with_nettle" = "xyes"; then AC_CHECK_HEADERS([nettle/md5.h nettle/ripemd160.h nettle/sha.h]) AC_CHECK_HEADERS([nettle/pbkdf2.h nettle/aes.h nettle/hmac.h]) saved_LIBS=$LIBS Modified: vendor/libarchive/dist/libarchive/archive.h ============================================================================== --- vendor/libarchive/dist/libarchive/archive.h Sun Jan 5 01:00:11 2020 (r356364) +++ vendor/libarchive/dist/libarchive/archive.h Sun Jan 5 01:30:41 2020 (r356365) @@ -36,7 +36,7 @@ * assert that ARCHIVE_VERSION_NUMBER >= 2012108. */ /* Note: Compiler will complain if this does not match archive_entry.h! */ -#define ARCHIVE_VERSION_NUMBER 3004001 +#define ARCHIVE_VERSION_NUMBER 3004002 #include #include /* for wchar_t */ @@ -155,7 +155,7 @@ __LA_DECL int archive_version_number(void); /* * Textual name/version of the library, useful for version displays. */ -#define ARCHIVE_VERSION_ONLY_STRING "3.4.1" +#define ARCHIVE_VERSION_ONLY_STRING "3.4.2dev" #define ARCHIVE_VERSION_STRING "libarchive " ARCHIVE_VERSION_ONLY_STRING __LA_DECL const char * archive_version_string(void); Modified: vendor/libarchive/dist/libarchive/archive_cryptor.c ============================================================================== --- vendor/libarchive/dist/libarchive/archive_cryptor.c Sun Jan 5 01:00:11 2020 (r356364) +++ vendor/libarchive/dist/libarchive/archive_cryptor.c Sun Jan 5 01:30:41 2020 (r356365) @@ -85,6 +85,35 @@ pbkdf2_sha1(const char *pw, size_t pw_len, const uint8 return (BCRYPT_SUCCESS(status)) ? 0: -1; } +#elif defined(HAVE_LIBMBEDCRYPTO) && defined(HAVE_MBEDTLS_PKCS5_H) + +static int +pbkdf2_sha1(const char *pw, size_t pw_len, const uint8_t *salt, + size_t salt_len, unsigned rounds, uint8_t *derived_key, + size_t derived_key_len) +{ + mbedtls_md_context_t ctx; + const mbedtls_md_info_t *info; + int ret; + + mbedtls_md_init(&ctx); + info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1); + if (info == NULL) { + mbedtls_md_free(&ctx); + return (-1); + } + ret = mbedtls_md_setup(&ctx, info, 1); + if (ret != 0) { + mbedtls_md_free(&ctx); + return (-1); + } + ret = mbedtls_pkcs5_pbkdf2_hmac(&ctx, (const unsigned char *)pw, + pw_len, salt, salt_len, rounds, derived_key_len, derived_key); + + mbedtls_md_free(&ctx); + return (ret); +} + #elif defined(HAVE_LIBNETTLE) && defined(HAVE_NETTLE_PBKDF2_H) static int @@ -265,6 +294,38 @@ aes_ctr_release(archive_crypto_ctx *ctx) HeapFree(GetProcessHeap(), 0, ctx->keyObj); ctx->keyObj = NULL; } + memset(ctx, 0, sizeof(*ctx)); + return 0; +} + +#elif defined(HAVE_LIBMBEDCRYPTO) && defined(HAVE_MBEDTLS_AES_H) +static int +aes_ctr_init(archive_crypto_ctx *ctx, const uint8_t *key, size_t key_len) +{ + mbedtls_aes_init(&ctx->ctx); + ctx->key_len = key_len; + memcpy(ctx->key, key, key_len); + memset(ctx->nonce, 0, sizeof(ctx->nonce)); + ctx->encr_pos = AES_BLOCK_SIZE; + return 0; +} + +static int +aes_ctr_encrypt_counter(archive_crypto_ctx *ctx) +{ + if (mbedtls_aes_setkey_enc(&ctx->ctx, ctx->key, + ctx->key_len * 8) != 0) + return (-1); + if (mbedtls_aes_crypt_ecb(&ctx->ctx, MBEDTLS_AES_ENCRYPT, ctx->nonce, + ctx->encr_buf) != 0) + return (-1); + return 0; +} + +static int +aes_ctr_release(archive_crypto_ctx *ctx) +{ + mbedtls_aes_free(&ctx->ctx); memset(ctx, 0, sizeof(*ctx)); return 0; } Modified: vendor/libarchive/dist/libarchive/archive_cryptor_private.h ============================================================================== --- vendor/libarchive/dist/libarchive/archive_cryptor_private.h Sun Jan 5 01:00:11 2020 (r356364) +++ vendor/libarchive/dist/libarchive/archive_cryptor_private.h Sun Jan 5 01:30:41 2020 (r356365) @@ -83,6 +83,23 @@ typedef struct { unsigned encr_pos; } archive_crypto_ctx; +#elif defined(HAVE_LIBMBEDCRYPTO) && defined(HAVE_MBEDTLS_AES_H) +#include +#include +#include + +#define AES_MAX_KEY_SIZE 32 +#define AES_BLOCK_SIZE 16 + +typedef struct { + mbedtls_aes_context ctx; + uint8_t key[AES_MAX_KEY_SIZE]; + unsigned key_len; + uint8_t nonce[AES_BLOCK_SIZE]; + uint8_t encr_buf[AES_BLOCK_SIZE]; + unsigned encr_pos; +} archive_crypto_ctx; + #elif defined(HAVE_LIBNETTLE) && defined(HAVE_NETTLE_AES_H) #if defined(HAVE_NETTLE_PBKDF2_H) #include Modified: vendor/libarchive/dist/libarchive/archive_digest.c ============================================================================== --- vendor/libarchive/dist/libarchive/archive_digest.c Sun Jan 5 01:00:11 2020 (r356364) +++ vendor/libarchive/dist/libarchive/archive_digest.c Sun Jan 5 01:30:41 2020 (r356365) @@ -178,6 +178,40 @@ __archive_libsystem_md5final(archive_md5_ctx *ctx, voi return (ARCHIVE_OK); } +#elif defined(ARCHIVE_CRYPTO_MD5_MBEDTLS) + +static int +__archive_mbedtls_md5init(archive_md5_ctx *ctx) +{ + mbedtls_md5_init(ctx); + if (mbedtls_md5_starts_ret(ctx) == 0) + return (ARCHIVE_OK); + else + return (ARCHIVE_FATAL); +} + +static int +__archive_mbedtls_md5update(archive_md5_ctx *ctx, const void *indata, + size_t insize) +{ + if (mbedtls_md5_update_ret(ctx, indata, insize) == 0) + return (ARCHIVE_OK); + else + return (ARCHIVE_FATAL); +} + +static int +__archive_mbedtls_md5final(archive_md5_ctx *ctx, void *md) +{ + if (mbedtls_md5_finish_ret(ctx, md) == 0) { + mbedtls_md5_free(ctx); + return (ARCHIVE_OK); + } else { + mbedtls_md5_free(ctx); + return (ARCHIVE_FATAL); + } +} + #elif defined(ARCHIVE_CRYPTO_MD5_NETTLE) static int @@ -335,6 +369,40 @@ __archive_libmd_ripemd160final(archive_rmd160_ctx *ctx return (ARCHIVE_OK); } +#elif defined(ARCHIVE_CRYPTO_RMD160_MBEDTLS) + +static int +__archive_mbedtls_ripemd160init(archive_rmd160_ctx *ctx) +{ + mbedtls_ripemd160_init(ctx); + if (mbedtls_ripemd160_starts_ret(ctx) == 0) + return (ARCHIVE_OK); + else + return (ARCHIVE_FATAL); +} + +static int +__archive_mbedtls_ripemd160update(archive_rmd160_ctx *ctx, const void *indata, + size_t insize) +{ + if (mbedtls_ripemd160_update_ret(ctx, indata, insize) == 0) + return (ARCHIVE_OK); + else + return (ARCHIVE_FATAL); +} + +static int +__archive_mbedtls_ripemd160final(archive_rmd160_ctx *ctx, void *md) +{ + if (mbedtls_ripemd160_finish_ret(ctx, md) == 0) { + mbedtls_ripemd160_free(ctx); + return (ARCHIVE_OK); + } else { + mbedtls_ripemd160_free(ctx); + return (ARCHIVE_FATAL); + } +} + #elif defined(ARCHIVE_CRYPTO_RMD160_NETTLE) static int @@ -491,6 +559,40 @@ __archive_libsystem_sha1final(archive_sha1_ctx *ctx, v return (ARCHIVE_OK); } +#elif defined(ARCHIVE_CRYPTO_SHA1_MBEDTLS) + +static int +__archive_mbedtls_sha1init(archive_sha1_ctx *ctx) +{ + mbedtls_sha1_init(ctx); + if (mbedtls_sha1_starts_ret(ctx) == 0) + return (ARCHIVE_OK); + else + return (ARCHIVE_FATAL); +} + +static int +__archive_mbedtls_sha1update(archive_sha1_ctx *ctx, const void *indata, + size_t insize) +{ + if (mbedtls_sha1_update_ret(ctx, indata, insize) == 0) + return (ARCHIVE_OK); + else + return (ARCHIVE_FATAL); +} + +static int +__archive_mbedtls_sha1final(archive_sha1_ctx *ctx, void *md) +{ + if (mbedtls_sha1_finish_ret(ctx, md) == 0) { + mbedtls_sha1_free(ctx); + return (ARCHIVE_OK); + } else { + mbedtls_sha1_free(ctx); + return (ARCHIVE_FATAL); + } +} + #elif defined(ARCHIVE_CRYPTO_SHA1_NETTLE) static int @@ -720,6 +822,40 @@ __archive_libsystem_sha256final(archive_sha256_ctx *ct return (ARCHIVE_OK); } +#elif defined(ARCHIVE_CRYPTO_SHA256_MBEDTLS) + +static int +__archive_mbedtls_sha256init(archive_sha256_ctx *ctx) +{ + mbedtls_sha256_init(ctx); + if (mbedtls_sha256_starts_ret(ctx, 0) == 0) + return (ARCHIVE_OK); + else + return (ARCHIVE_FATAL); +} + +static int +__archive_mbedtls_sha256update(archive_sha256_ctx *ctx, const void *indata, + size_t insize) +{ + if (mbedtls_sha256_update_ret(ctx, indata, insize) == 0) + return (ARCHIVE_OK); + else + return (ARCHIVE_FATAL); +} + +static int +__archive_mbedtls_sha256final(archive_sha256_ctx *ctx, void *md) +{ + if (mbedtls_sha256_finish_ret(ctx, md) == 0) { + mbedtls_sha256_free(ctx); + return (ARCHIVE_OK); + } else { + mbedtls_sha256_free(ctx); + return (ARCHIVE_FATAL); + } +} + #elif defined(ARCHIVE_CRYPTO_SHA256_NETTLE) static int @@ -921,6 +1057,40 @@ __archive_libsystem_sha384final(archive_sha384_ctx *ct return (ARCHIVE_OK); } +#elif defined(ARCHIVE_CRYPTO_SHA384_MBEDTLS) + +static int +__archive_mbedtls_sha384init(archive_sha384_ctx *ctx) +{ + mbedtls_sha512_init(ctx); + if (mbedtls_sha512_starts_ret(ctx, 1) == 0) + return (ARCHIVE_OK); + else + return (ARCHIVE_FATAL); +} + +static int +__archive_mbedtls_sha384update(archive_sha384_ctx *ctx, const void *indata, + size_t insize) +{ + if (mbedtls_sha512_update_ret(ctx, indata, insize) == 0) + return (ARCHIVE_OK); + else + return (ARCHIVE_FATAL); +} + +static int +__archive_mbedtls_sha384final(archive_sha384_ctx *ctx, void *md) +{ + if (mbedtls_sha512_finish_ret(ctx, md) == 0) { + mbedtls_sha512_free(ctx); + return (ARCHIVE_OK); + } else { + mbedtls_sha512_free(ctx); + return (ARCHIVE_FATAL); + } +} + #elif defined(ARCHIVE_CRYPTO_SHA384_NETTLE) static int @@ -1146,6 +1316,40 @@ __archive_libsystem_sha512final(archive_sha512_ctx *ct return (ARCHIVE_OK); } +#elif defined(ARCHIVE_CRYPTO_SHA512_MBEDTLS) + +static int +__archive_mbedtls_sha512init(archive_sha512_ctx *ctx) +{ + mbedtls_sha512_init(ctx); + if (mbedtls_sha512_starts_ret(ctx, 0) == 0) + return (ARCHIVE_OK); + else + return (ARCHIVE_FATAL); +} + +static int +__archive_mbedtls_sha512update(archive_sha512_ctx *ctx, const void *indata, + size_t insize) +{ + if (mbedtls_sha512_update_ret(ctx, indata, insize) == 0) + return (ARCHIVE_OK); + else + return (ARCHIVE_FATAL); +} + +static int +__archive_mbedtls_sha512final(archive_sha512_ctx *ctx, void *md) +{ + if (mbedtls_sha512_finish_ret(ctx, md) == 0) { + mbedtls_sha512_free(ctx); + return (ARCHIVE_OK); + } else { + mbedtls_sha512_free(ctx); + return (ARCHIVE_FATAL); + } +} + #elif defined(ARCHIVE_CRYPTO_SHA512_NETTLE) static int @@ -1276,6 +1480,10 @@ const struct archive_digest __archive_digest = &__archive_libsystem_md5init, &__archive_libsystem_md5update, &__archive_libsystem_md5final, +#elif defined(ARCHIVE_CRYPTO_MD5_MBEDTLS) + &__archive_mbedtls_md5init, + &__archive_mbedtls_md5update, + &__archive_mbedtls_md5final, #elif defined(ARCHIVE_CRYPTO_MD5_NETTLE) &__archive_nettle_md5init, &__archive_nettle_md5update, @@ -1303,6 +1511,10 @@ const struct archive_digest __archive_digest = &__archive_libmd_ripemd160init, &__archive_libmd_ripemd160update, &__archive_libmd_ripemd160final, +#elif defined(ARCHIVE_CRYPTO_RMD160_MBEDTLS) + &__archive_mbedtls_ripemd160init, + &__archive_mbedtls_ripemd160update, + &__archive_mbedtls_ripemd160final, #elif defined(ARCHIVE_CRYPTO_RMD160_NETTLE) &__archive_nettle_ripemd160init, &__archive_nettle_ripemd160update, @@ -1330,6 +1542,10 @@ const struct archive_digest __archive_digest = &__archive_libsystem_sha1init, &__archive_libsystem_sha1update, &__archive_libsystem_sha1final, +#elif defined(ARCHIVE_CRYPTO_SHA1_MBEDTLS) + &__archive_mbedtls_sha1init, + &__archive_mbedtls_sha1update, + &__archive_mbedtls_sha1final, #elif defined(ARCHIVE_CRYPTO_SHA1_NETTLE) &__archive_nettle_sha1init, &__archive_nettle_sha1update, @@ -1369,6 +1585,10 @@ const struct archive_digest __archive_digest = &__archive_libsystem_sha256init, &__archive_libsystem_sha256update, &__archive_libsystem_sha256final, +#elif defined(ARCHIVE_CRYPTO_SHA256_MBEDTLS) + &__archive_mbedtls_sha256init, + &__archive_mbedtls_sha256update, + &__archive_mbedtls_sha256final, #elif defined(ARCHIVE_CRYPTO_SHA256_NETTLE) &__archive_nettle_sha256init, &__archive_nettle_sha256update, @@ -1404,6 +1624,10 @@ const struct archive_digest __archive_digest = &__archive_libsystem_sha384init, &__archive_libsystem_sha384update, &__archive_libsystem_sha384final, +#elif defined(ARCHIVE_CRYPTO_SHA384_MBEDTLS) + &__archive_mbedtls_sha384init, + &__archive_mbedtls_sha384update, + &__archive_mbedtls_sha384final, #elif defined(ARCHIVE_CRYPTO_SHA384_NETTLE) &__archive_nettle_sha384init, &__archive_nettle_sha384update, @@ -1443,6 +1667,10 @@ const struct archive_digest __archive_digest = &__archive_libsystem_sha512init, &__archive_libsystem_sha512update, &__archive_libsystem_sha512final +#elif defined(ARCHIVE_CRYPTO_SHA512_MBEDTLS) + &__archive_mbedtls_sha512init, + &__archive_mbedtls_sha512update, + &__archive_mbedtls_sha512final #elif defined(ARCHIVE_CRYPTO_SHA512_NETTLE) &__archive_nettle_sha512init, &__archive_nettle_sha512update, Modified: vendor/libarchive/dist/libarchive/archive_digest_private.h ============================================================================== --- vendor/libarchive/dist/libarchive/archive_digest_private.h Sun Jan 5 01:00:11 2020 (r356364) +++ vendor/libarchive/dist/libarchive/archive_digest_private.h Sun Jan 5 01:30:41 2020 (r356365) @@ -112,6 +112,24 @@ #include #endif +/* mbed TLS crypto headers */ +#if defined(ARCHIVE_CRYPTO_MD5_MBEDTLS) +#include +#endif +#if defined(ARCHIVE_CRYPTO_RMD160_MBEDTLS) +#include +#endif +#if defined(ARCHIVE_CRYPTO_SHA1_MBEDTLS) +#include +#endif +#if defined(ARCHIVE_CRYPTO_SHA256_MBEDTLS) +#include +#endif +#if defined(ARCHIVE_CRYPTO_SHA384_MBEDTLS) ||\ + defined(ARCHIVE_CRYPTO_SHA512_MBEDTLS) +#include +#endif + /* Nettle crypto headers */ #if defined(ARCHIVE_CRYPTO_MD5_NETTLE) #include @@ -159,6 +177,8 @@ typedef MD5_CTX archive_md5_ctx; typedef MD5_CTX archive_md5_ctx; #elif defined(ARCHIVE_CRYPTO_MD5_LIBSYSTEM) typedef CC_MD5_CTX archive_md5_ctx; +#elif defined(ARCHIVE_CRYPTO_MD5_MBEDTLS) +typedef mbedtls_md5_context archive_md5_ctx; #elif defined(ARCHIVE_CRYPTO_MD5_NETTLE) typedef struct md5_ctx archive_md5_ctx; #elif defined(ARCHIVE_CRYPTO_MD5_OPENSSL) @@ -173,6 +193,8 @@ typedef unsigned char archive_md5_ctx; typedef RMD160_CTX archive_rmd160_ctx; #elif defined(ARCHIVE_CRYPTO_RMD160_LIBMD) typedef RIPEMD160_CTX archive_rmd160_ctx; +#elif defined(ARCHIVE_CRYPTO_RMD160_MBEDTLS) +typedef mbedtls_ripemd160_context archive_rmd160_ctx; #elif defined(ARCHIVE_CRYPTO_RMD160_NETTLE) typedef struct ripemd160_ctx archive_rmd160_ctx; #elif defined(ARCHIVE_CRYPTO_RMD160_OPENSSL) @@ -187,6 +209,8 @@ typedef SHA1_CTX archive_sha1_ctx; typedef SHA1_CTX archive_sha1_ctx; #elif defined(ARCHIVE_CRYPTO_SHA1_LIBSYSTEM) typedef CC_SHA1_CTX archive_sha1_ctx; +#elif defined(ARCHIVE_CRYPTO_SHA1_MBEDTLS) +typedef mbedtls_sha1_context archive_sha1_ctx; #elif defined(ARCHIVE_CRYPTO_SHA1_NETTLE) typedef struct sha1_ctx archive_sha1_ctx; #elif defined(ARCHIVE_CRYPTO_SHA1_OPENSSL) @@ -207,6 +231,8 @@ typedef SHA2_CTX archive_sha256_ctx; typedef SHA256_CTX archive_sha256_ctx; #elif defined(ARCHIVE_CRYPTO_SHA256_LIBSYSTEM) typedef CC_SHA256_CTX archive_sha256_ctx; +#elif defined(ARCHIVE_CRYPTO_SHA256_MBEDTLS) +typedef mbedtls_sha256_context archive_sha256_ctx; #elif defined(ARCHIVE_CRYPTO_SHA256_NETTLE) typedef struct sha256_ctx archive_sha256_ctx; #elif defined(ARCHIVE_CRYPTO_SHA256_OPENSSL) @@ -225,6 +251,8 @@ typedef SHA384_CTX archive_sha384_ctx; typedef SHA2_CTX archive_sha384_ctx; #elif defined(ARCHIVE_CRYPTO_SHA384_LIBSYSTEM) typedef CC_SHA512_CTX archive_sha384_ctx; +#elif defined(ARCHIVE_CRYPTO_SHA384_MBEDTLS) +typedef mbedtls_sha512_context archive_sha384_ctx; #elif defined(ARCHIVE_CRYPTO_SHA384_NETTLE) typedef struct sha384_ctx archive_sha384_ctx; #elif defined(ARCHIVE_CRYPTO_SHA384_OPENSSL) @@ -245,6 +273,8 @@ typedef SHA2_CTX archive_sha512_ctx; typedef SHA512_CTX archive_sha512_ctx; #elif defined(ARCHIVE_CRYPTO_SHA512_LIBSYSTEM) typedef CC_SHA512_CTX archive_sha512_ctx; +#elif defined(ARCHIVE_CRYPTO_SHA512_MBEDTLS) +typedef mbedtls_sha512_context archive_sha512_ctx; #elif defined(ARCHIVE_CRYPTO_SHA512_NETTLE) typedef struct sha512_ctx archive_sha512_ctx; #elif defined(ARCHIVE_CRYPTO_SHA512_OPENSSL) @@ -259,6 +289,7 @@ typedef unsigned char archive_sha512_ctx; #if defined(ARCHIVE_CRYPTO_MD5_LIBC) ||\ defined(ARCHIVE_CRYPTO_MD5_LIBMD) || \ defined(ARCHIVE_CRYPTO_MD5_LIBSYSTEM) ||\ + defined(ARCHIVE_CRYPTO_MD5_MBEDTLS) ||\ defined(ARCHIVE_CRYPTO_MD5_NETTLE) ||\ defined(ARCHIVE_CRYPTO_MD5_OPENSSL) ||\ defined(ARCHIVE_CRYPTO_MD5_WIN) @@ -272,6 +303,7 @@ typedef unsigned char archive_sha512_ctx; __archive_digest.md5update(ctx, buf, n) #if defined(ARCHIVE_CRYPTO_RMD160_LIBC) ||\ + defined(ARCHIVE_CRYPTO_RMD160_MBEDTLS) ||\ defined(ARCHIVE_CRYPTO_RMD160_NETTLE) ||\ defined(ARCHIVE_CRYPTO_RMD160_OPENSSL) #define ARCHIVE_HAS_RMD160 @@ -286,6 +318,7 @@ typedef unsigned char archive_sha512_ctx; #if defined(ARCHIVE_CRYPTO_SHA1_LIBC) ||\ defined(ARCHIVE_CRYPTO_SHA1_LIBMD) || \ defined(ARCHIVE_CRYPTO_SHA1_LIBSYSTEM) ||\ + defined(ARCHIVE_CRYPTO_SHA1_MBEDTLS) ||\ defined(ARCHIVE_CRYPTO_SHA1_NETTLE) ||\ defined(ARCHIVE_CRYPTO_SHA1_OPENSSL) ||\ defined(ARCHIVE_CRYPTO_SHA1_WIN) @@ -303,6 +336,7 @@ typedef unsigned char archive_sha512_ctx; defined(ARCHIVE_CRYPTO_SHA256_LIBC3) ||\ defined(ARCHIVE_CRYPTO_SHA256_LIBMD) ||\ defined(ARCHIVE_CRYPTO_SHA256_LIBSYSTEM) ||\ + defined(ARCHIVE_CRYPTO_SHA256_MBEDTLS) ||\ defined(ARCHIVE_CRYPTO_SHA256_NETTLE) ||\ defined(ARCHIVE_CRYPTO_SHA256_OPENSSL) ||\ defined(ARCHIVE_CRYPTO_SHA256_WIN) @@ -319,6 +353,7 @@ typedef unsigned char archive_sha512_ctx; defined(ARCHIVE_CRYPTO_SHA384_LIBC2) ||\ defined(ARCHIVE_CRYPTO_SHA384_LIBC3) ||\ defined(ARCHIVE_CRYPTO_SHA384_LIBSYSTEM) ||\ + defined(ARCHIVE_CRYPTO_SHA384_MBEDTLS) ||\ defined(ARCHIVE_CRYPTO_SHA384_NETTLE) ||\ defined(ARCHIVE_CRYPTO_SHA384_OPENSSL) ||\ defined(ARCHIVE_CRYPTO_SHA384_WIN) @@ -336,6 +371,7 @@ typedef unsigned char archive_sha512_ctx; defined(ARCHIVE_CRYPTO_SHA512_LIBC3) ||\ defined(ARCHIVE_CRYPTO_SHA512_LIBMD) ||\ defined(ARCHIVE_CRYPTO_SHA512_LIBSYSTEM) ||\ + defined(ARCHIVE_CRYPTO_SHA512_MBEDTLS) ||\ defined(ARCHIVE_CRYPTO_SHA512_NETTLE) ||\ defined(ARCHIVE_CRYPTO_SHA512_OPENSSL) ||\ defined(ARCHIVE_CRYPTO_SHA512_WIN) Modified: vendor/libarchive/dist/libarchive/archive_entry.h ============================================================================== --- vendor/libarchive/dist/libarchive/archive_entry.h Sun Jan 5 01:00:11 2020 (r356364) +++ vendor/libarchive/dist/libarchive/archive_entry.h Sun Jan 5 01:30:41 2020 (r356365) @@ -30,7 +30,7 @@ #define ARCHIVE_ENTRY_H_INCLUDED /* Note: Compiler will complain if this does not match archive.h! */ -#define ARCHIVE_VERSION_NUMBER 3004001 +#define ARCHIVE_VERSION_NUMBER 3004002 /* * Note: archive_entry.h is for use outside of libarchive; the Modified: vendor/libarchive/dist/libarchive/archive_hmac.c ============================================================================== --- vendor/libarchive/dist/libarchive/archive_hmac.c Sun Jan 5 01:00:11 2020 (r356364) +++ vendor/libarchive/dist/libarchive/archive_hmac.c Sun Jan 5 01:30:41 2020 (r356365) @@ -150,6 +150,52 @@ __hmac_sha1_cleanup(archive_hmac_sha1_ctx *ctx) } } +#elif defined(HAVE_LIBMBEDCRYPTO) && defined(HAVE_MBEDTLS_MD_H) +static int +__hmac_sha1_init(archive_hmac_sha1_ctx *ctx, const uint8_t *key, size_t key_len) +{ + const mbedtls_md_info_t *info; + int ret; + + mbedtls_md_init(ctx); + info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1); + if (info == NULL) { + mbedtls_md_free(ctx); + return (-1); + } + ret = mbedtls_md_setup(ctx, info, 1); + if (ret != 0) { + mbedtls_md_free(ctx); + return (-1); + } + ret = mbedtls_md_hmac_starts(ctx, key, key_len); + if (ret != 0) { + mbedtls_md_free(ctx); + return (-1); + } + return 0; +} + +static void +__hmac_sha1_update(archive_hmac_sha1_ctx *ctx, const uint8_t *data, + size_t data_len) +{ + mbedtls_md_hmac_update(ctx, data, data_len); +} + +static void __hmac_sha1_final(archive_hmac_sha1_ctx *ctx, uint8_t *out, size_t *out_len) +{ + (void)out_len; /* UNUSED */ + + mbedtls_md_hmac_finish(ctx, out); +} + +static void __hmac_sha1_cleanup(archive_hmac_sha1_ctx *ctx) +{ + mbedtls_md_free(ctx); + memset(ctx, 0, sizeof(*ctx)); +} + #elif defined(HAVE_LIBNETTLE) && defined(HAVE_NETTLE_HMAC_H) static int @@ -201,6 +247,7 @@ static void __hmac_sha1_final(archive_hmac_sha1_ctx *ctx, uint8_t *out, size_t *out_len) { unsigned int len = (unsigned int)*out_len; + HMAC_Final(*ctx, out, &len); *out_len = len; } Modified: vendor/libarchive/dist/libarchive/archive_hmac_private.h ============================================================================== --- vendor/libarchive/dist/libarchive/archive_hmac_private.h Sun Jan 5 01:00:11 2020 (r356364) +++ vendor/libarchive/dist/libarchive/archive_hmac_private.h Sun Jan 5 01:30:41 2020 (r356365) @@ -64,6 +64,11 @@ typedef struct { } archive_hmac_sha1_ctx; +#elif defined(HAVE_LIBMBEDCRYPTO) && defined(HAVE_MBEDTLS_MD_H) +#include + +typedef mbedtls_md_context_t archive_hmac_sha1_ctx; + #elif defined(HAVE_LIBNETTLE) && defined(HAVE_NETTLE_HMAC_H) #include Modified: vendor/libarchive/dist/libarchive/archive_write.c ============================================================================== --- vendor/libarchive/dist/libarchive/archive_write.c Sun Jan 5 01:00:11 2020 (r356364) +++ vendor/libarchive/dist/libarchive/archive_write.c Sun Jan 5 01:30:41 2020 (r356365) @@ -449,6 +449,30 @@ archive_write_client_write(struct archive_write_filter } static int +archive_write_client_free(struct archive_write_filter *f) +{ + struct archive_write *a = (struct archive_write *)f->archive; + struct archive_none *state = (struct archive_none *)f->data; + + if (state != NULL) { + free(state->buffer); + free(state); + state = NULL; + } + + a->client_data = NULL; + /* Clear passphrase. */ + if (a->passphrase != NULL) { + memset(a->passphrase, 0, strlen(a->passphrase)); + free(a->passphrase); + a->passphrase = NULL; + } + + return (ARCHIVE_OK); +} + + +static int archive_write_client_close(struct archive_write_filter *f) { struct archive_write *a = (struct archive_write *)f->archive; @@ -484,17 +508,9 @@ archive_write_client_close(struct archive_write_filter } if (a->client_closer) (*a->client_closer)(&a->archive, a->client_data); - free(state->buffer); - free(state); + /* Clear the close handler myself not to be called again. */ f->state = ARCHIVE_WRITE_FILTER_STATE_CLOSED; - a->client_data = NULL; - /* Clear passphrase. */ *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***