mir/palera1n
2
0
Fork 0
mirror of https://github.com/palera1n/palera1n synced 2025-08-22 01:49:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Revert MBedTLS changes

Browse Source
This commit is contained in:
Nick Chan 2024-05-26 17:11:17 +08:00
parent 1e72458985
commit 76b2695e9d
3 changed files with 43 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
.github/workflows/build.yml vendored
View File

@ -74,7 +74,7 @@ jobs:
minos: 7.0
runs-on: macos-12
env:
MBEDTLS_VERSION: 3.6.0
MBEDTLS_VERSION: 3.5.2
READLINE_VERSION: 8.2
steps:
@ -98,10 +98,10 @@ jobs:
- name: Download dependencies (source code)
run: |
curl -LOOOOOO \
https://github.com/Mbed-TLS/mbedtls/releases/download/v${{ env.MBEDTLS_VERSION }}/mbedtls-${{ env.MBEDTLS_VERSION }}.tar.bz2 \
https://github.com/Mbed-TLS/mbedtls/archive/refs/tags/v${{ env.MBEDTLS_VERSION }}.tar.gz \
https://mirror-hk.koddos.net/gnu/readline/readline-${{ env.READLINE_VERSION }}.tar.gz
tar -xjf mbedtls-${{ env.MBEDTLS_VERSION }}.tar.bz2
tar -xf v${{ env.MBEDTLS_VERSION }}.tar.gz
tar -xf readline-${{ env.READLINE_VERSION }}.tar.gz
git clone --depth=1 https://github.com/libimobiledevice/libplist
git clone --depth=1 https://github.com/libimobiledevice/libimobiledevice-glue
@ -176,6 +176,7 @@ jobs:
- name: Build Mbed TLS
run: |
cd mbedtls-${{ env.MBEDTLS_VERSION }}
cat ../patches/mbedtls/0001-Allow-empty-x509-cert-issuer.patch | patch -sN -d . -p1
mkdir build
cd build
SDKROOT="${{ env.SDK }}" cmake .. \
@ -249,7 +250,6 @@ jobs:
- name: Build libimobiledevice
run: |
cd libimobiledevice
cat ../patches/libimobiledevice/*.patch | patch -sN -d . -p1
autoreconf -fiv
./configure ${{ env.CONFIGURE_ARGS }} --with-mbedtls --enable-debug
echo -e 'all:\ninstall:' > tools/Makefile
@ -477,7 +477,7 @@ jobs:
- aarch64-linux-musl
runs-on: ubuntu-latest
env:
MBEDTLS_VERSION: 3.6.0
MBEDTLS_VERSION: 3.5.2
LIBUSB_VERSION: 1.0.27
READLINE_VERSION: 8.2
GPM_VERSION: 1.20.7
@ -548,13 +548,13 @@ jobs:
- name: Download dependencies (source code)
run: |
curl -LOOOO \
https://github.com/Mbed-TLS/mbedtls/releases/download/v${{ env.MBEDTLS_VERSION }}/mbedtls-${{ env.MBEDTLS_VERSION }}.tar.bz2 \
curl -LOOOOOOO \
https://github.com/Mbed-TLS/mbedtls/archive/refs/tags/v${{ env.MBEDTLS_VERSION }}.tar.gz \
https://github.com/libusb/libusb/releases/download/v${{ env.LIBUSB_VERSION }}/libusb-${{ env.LIBUSB_VERSION }}.tar.bz2 \
https://mirror-hk.koddos.net/gnu/readline/readline-${{ env.READLINE_VERSION }}.tar.gz \
https://github.com/telmich/gpm/archive/refs/tags/${{ env.GPM_VERSION }}.tar.gz
tar -xjf mbedtls-${{ env.MBEDTLS_VERSION }}.tar.bz2
tar -xf v${{ env.MBEDTLS_VERSION }}.tar.gz
tar -xjf libusb-${{ env.LIBUSB_VERSION }}.tar.bz2
tar -xf readline-${{ env.READLINE_VERSION }}.tar.gz
tar -xf ${{ env.GPM_VERSION }}.tar.gz
@ -568,6 +568,7 @@ jobs:
- name: Build Mbed TLS
run: |
cd mbedtls-${{ env.MBEDTLS_VERSION }}
cat ../patches/mbedtls/0001-Allow-empty-x509-cert-issuer.patch | patch -sN -d . -p1
mkdir build
if [ "${{ matrix.triple }}" = "i486-linux-musl" ]; then sed -i '/define MBEDTLS_AESNI_C/d' include/mbedtls/mbedtls_config.h; fi
cd build
@ -658,7 +659,6 @@ jobs:
- name: Build libimobiledevice
run: |
cd libimobiledevice
cat ../patches/libimobiledevice/*.patch | patch -sN -d . -p1
autoreconf -fiv
./configure ${{ env.CONFIGURE_ARGS }} --with-mbedtls --enable-debug
echo -e 'all:\ninstall:' > tools/Makefile

36
patches/libimobiledevice/0001-set-subject-issuer-name.patch
View File

@ -1,36 +0,0 @@
diff -urN a/common/userpref.c b/common/userpref.c
--- a/common/userpref.c 2024-05-26 14:30:03
+++ b/common/userpref.c 2024-05-26 14:34:24
@@ -870,6 +870,10 @@
/* set key validity */
mbedtls_x509write_crt_set_validity(&cert, notbefore, notafter);
+ /* set subject and issuer name */
+ mbedtls_x509write_crt_set_subject_name(&cert, (const char *)"CN=in.palera.cli.subject,O=palera1n CLI Subject,C=TW");
+ mbedtls_x509write_crt_set_issuer_name(&cert, (const char *)"CN=in.palera.cli.issuer,O=palera1n CLI Issuer,C=TW");
+
/* sign root cert with root private key */
mbedtls_x509write_crt_set_issuer_key(&cert, &root_pkey);
mbedtls_x509write_crt_set_md_alg(&cert, MBEDTLS_MD_SHA1);
@@ -929,6 +933,10 @@
/* set key validity */
mbedtls_x509write_crt_set_validity(&cert, notbefore, notafter);
+ /* set subject and issuer name */
+ mbedtls_x509write_crt_set_subject_name(&cert, (const char *)"CN=in.palera.cli.subject,O=palera1n CLI Subject,C=TW");
+ mbedtls_x509write_crt_set_issuer_name(&cert, (const char *)"CN=in.palera.cli.issuer,O=palera1n CLI Issuer,C=TW");
+
/* sign host cert with root private key */
mbedtls_x509write_crt_set_issuer_key(&cert, &root_pkey);
mbedtls_x509write_crt_set_md_alg(&cert, MBEDTLS_MD_SHA1);
@@ -988,6 +996,10 @@
/* set key validity */
mbedtls_x509write_crt_set_validity(&cert, notbefore, notafter);
+
+ /* set subject and issuer name */
+ mbedtls_x509write_crt_set_subject_name(&cert, (const char *)"CN=in.palera.cli.subject,O=palera1n CLI Subject,C=TW");
+ mbedtls_x509write_crt_set_issuer_name(&cert, (const char *)"CN=in.palera.cli.issuer,O=palera1n CLI Issuer,C=TW");
/* sign device certificate with root private key */
mbedtls_x509write_crt_set_issuer_key(&cert, &root_pkey);

34
patches/mbedtls/0001-Allow-empty-x509-cert-issuer.patch Normal file
View File

@ -0,0 +1,34 @@
From a2d012f3ba459f6debe636b576ad9aeab7b3c2aa Mon Sep 17 00:00:00 2001
From: Nick Chan <towinchenmi@gmail.com>
Date: Sat, 27 May 2023 23:50:23 +0800
Subject: [PATCH] Allow empty x509 cert issuer
---
library/x509_crt.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/library/x509_crt.c b/library/x509_crt.c
index cf62532f2..ef25b3d77 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1061,13 +1061,13 @@ static int x509_crt_parse_der_core(mbedtls_x509_crt *crt,
if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
- mbedtls_x509_crt_free(crt);
- return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
+ /*mbedtls_x509_crt_free(crt);
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);*/
}
if ((ret = mbedtls_x509_get_name(&p, p + len, &crt->issuer)) != 0) {
- mbedtls_x509_crt_free(crt);
- return ret;
+ /*mbedtls_x509_crt_free(crt);
+ return ret;*/
}
crt->issuer_raw.len = p - crt->issuer_raw.p;
--
2.39.1