Make numerous improvements

- Python static hello world now 1.8mb - Python static fully loaded now 10mb - Python HTTPS client now uses MbedTLS - Python REPL now completes import stmts - Increase stack size for Python for now - Begin synthesizing posixpath and ntpath - Restore Python \N{UNICODE NAME} support - Restore Python NFKD symbol normalization - Add optimized code path for Intel SHA-NI - Get more Python unit tests passing faster - Get Python help() pagination working on NT - Python hashlib now supports MbedTLS PBKDF2 - Make memcpy/memmove/memcmp/bcmp/etc. faster - Add Mersenne Twister and Vigna to LIBC_RAND - Provide privileged __printf() for error code - Fix zipos opendir() so that it reports ENOTDIR - Add basic chmod() implementation for Windows NT - Add Cosmo's best functions to Python cosmo module - Pin function trace indent depth to that of caller - Show memory diagram on invalid access in MODE=dbg - Differentiate stack overflow on crash in MODE=dbg - Add stb_truetype and tools for analyzing font files - Upgrade to UNICODE 13 and reduce its binary footprint - COMPILE.COM now logs resource usage of build commands - Start implementing basic poll() support on bare metal - Set getauxval(AT_EXECFN) to GetModuleFileName() on NT - Add descriptions to strerror() in non-TINY build modes - Add COUNTBRANCH() macro to help with micro-optimizations - Make error / backtrace / asan / memory code more unbreakable - Add fast perfect C implementation of μ-Law and a-Law audio codecs - Make strtol() functions consistent with other libc implementations - Improve Linenoise implementation (see also github.com/jart/bestline) - COMPILE.COM now suppresses stdout/stderr of successful build commands
2025-08-03 08:20:28 +00:00 · 2021-09-27 22:58:51 -07:00 · 2021-09-27 22:58:51 -07:00 · 39bf41f4eb
commit 39bf41f4eb
parent fa7b4f5bd1
806 changed files with 77494 additions and 63859 deletions
--- a/third_party/mbedtls/x509_crt.c
+++ b/third_party/mbedtls/x509_crt.c
@ -245,7 +245,7 @@ static int x509_string_cmp( const mbedtls_x509_buf *a, const mbedtls_x509_buf *b
 {
    if( a->tag == b->tag &&
        a->len == b->len &&
-        memcmp( a->p, b->p, b->len ) == 0 )
+        timingsafe_bcmp( a->p, b->p, b->len ) == 0 )
    {
        return 0;
    }
@ -279,7 +279,7 @@ int mbedtls_x509_name_cmp( const mbedtls_x509_name *a, const mbedtls_x509_name *
        /* type */
        if( a->oid.tag != b->oid.tag ||
            a->oid.len != b->oid.len ||
-            memcmp( a->oid.p, b->oid.p, b->oid.len ) )
+            timingsafe_bcmp( a->oid.p, b->oid.p, b->oid.len ) )
        {
            return -1;
        }
@ -1106,11 +1106,11 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt,
        return ret;
    }
    if( crt->sig_oid.len != sig_oid2.len ||
-        memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) ||
+        timingsafe_bcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) ||
        sig_params1.tag != sig_params2.tag ||
        sig_params1.len != sig_params2.len ||
        ( sig_params1.len &&
-          memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) ) )
+          timingsafe_bcmp( sig_params1.p, sig_params2.p, sig_params1.len ) ) )
    {
        mbedtls_x509_crt_free( crt );
        return( MBEDTLS_ERR_X509_SIG_MISMATCH );
@ -2182,7 +2182,7 @@ int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
    {
        const mbedtls_x509_buf *cur_oid = &cur->buf;
        if( cur_oid->len == usage_len &&
-            memcmp( cur_oid->p, usage_oid, usage_len ) == 0 )
+            timingsafe_bcmp( cur_oid->p, usage_oid, usage_len ) == 0 )
        {
            return 0;
        }
@ -2207,7 +2207,7 @@ int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509
    while( cur && cur->serial.len )
    {
        if( crt->serial.len == cur->serial.len &&
-            memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 )
+            timingsafe_bcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 )
        {
            return( 1 );
        }
@ -2575,7 +2575,7 @@ static int x509_crt_check_ee_locally_trusted(
    for( cur = trust_ca; cur; cur = cur->next )
    {
        if( crt->raw.len == cur->raw.len &&
-            memcmp( crt->raw.p, cur->raw.p, crt->raw.len ) == 0 )
+            timingsafe_bcmp( crt->raw.p, cur->raw.p, crt->raw.len ) == 0 )
        {
            return 0;
        }
@ -2890,16 +2890,17 @@ static int x509_crt_merge_flags_with_cb(
 * of trusted signers, and `ca_crl` will be use as the static list
 * of CRLs.
 */
-static int x509_crt_verify_restartable_ca_cb( mbedtls_x509_crt *crt,
-                     mbedtls_x509_crt *trust_ca,
-                     mbedtls_x509_crl *ca_crl,
-                     mbedtls_x509_crt_ca_cb_t f_ca_cb,
-                     void *p_ca_cb,
-                     const mbedtls_x509_crt_profile *profile,
-                     const char *cn, uint32_t *flags,
-                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-                     void *p_vrfy,
-                     mbedtls_x509_crt_restart_ctx *rs_ctx )
+static int x509_crt_verify_restartable_ca_cb(
+    mbedtls_x509_crt *crt,
+    mbedtls_x509_crt *trust_ca,
+    mbedtls_x509_crl *ca_crl,
+    mbedtls_x509_crt_ca_cb_t f_ca_cb,
+    void *p_ca_cb,
+    const mbedtls_x509_crt_profile *profile,
+    const char *cn, uint32_t *flags,
+    int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+    void *p_vrfy,
+    mbedtls_x509_crt_restart_ctx *rs_ctx )
 {
    int ret = MBEDTLS_ERR_THIS_CORRUPTION;
    mbedtls_pk_type_t pk_type;