ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

tls: Update to Mbed TLS 2.19.0

pull/11476/head
Jaeden Amero 2019-09-06 15:02:55 +01:00 committed by adbridge
parent fc13550647
commit fd67fdf70a
12 changed files with 85 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
features/mbedtls/VERSION.txt
View File

@ -1 +1 @@
mbedtls-2.19.0d0 mbedtls-2.19.0

2
features/mbedtls/importer/Makefile
View File

@ -27,7 +27,7 @@
# #
# Set the mbed TLS release to import (this can/should be edited before import) # Set the mbed TLS release to import (this can/should be edited before import)
MBED_TLS_RELEASE ?= mbedtls-2.19.0d0 MBED_TLS_RELEASE ?= mbedtls-2.19.0
MBED_TLS_REPO_URL ?= git@github.com:ARMmbed/mbedtls-restricted.git MBED_TLS_REPO_URL ?= git@github.com:ARMmbed/mbedtls-restricted.git
# Translate between mbed TLS namespace and mbed namespace # Translate between mbed TLS namespace and mbed namespace

11
features/mbedtls/inc/mbedtls/check_config.h
View File

@ -130,11 +130,16 @@
#error "MBEDTLS_ECP_RESTARTABLE defined, but not MBEDTLS_ECDH_LEGACY_CONTEXT" #error "MBEDTLS_ECP_RESTARTABLE defined, but not MBEDTLS_ECDH_LEGACY_CONTEXT"
#endif #endif
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) && \
defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
#error "MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED defined, but MBEDTLS_ECDH_LEGACY_CONTEXT not disabled"
#endif
#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C) #if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)
#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites" #error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
#endif #endif
#if defined(MBEDTLS_ECP_C) && ( !defined(MBEDTLS_BIGNUM_C) || ( \ #if defined(MBEDTLS_ECP_C) && ( !defined(MBEDTLS_BIGNUM_C) || ( \
!defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && \ !defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && \ !defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \ !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \
@ -145,7 +150,9 @@
!defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) && \ !defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) && \ !defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) && \ !defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) ) ) !defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && \
!defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) ) )
#error "MBEDTLS_ECP_C defined, but not all prerequisites" #error "MBEDTLS_ECP_C defined, but not all prerequisites"
#endif #endif

9
features/mbedtls/inc/mbedtls/config.h
View File

@ -3592,6 +3592,15 @@
*/ */
//#define MBEDTLS_PLATFORM_GMTIME_R_ALT //#define MBEDTLS_PLATFORM_GMTIME_R_ALT
/**
* Enable the verified implementations of ECDH primitives from Project Everest
* (currently only Curve25519). This feature changes the layout of ECDH
* contexts and therefore is a compatibility break for applications that access
* fields of a mbedtls_ecdh_context structure directly. See also
* MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h.
*/
//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
/* \} name SECTION: Customisation configuration options */ /* \} name SECTION: Customisation configuration options */
/* Target and application specific configurations /* Target and application specific configurations

7
features/mbedtls/inc/mbedtls/net_sockets.h
View File

@ -257,6 +257,13 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len );
int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len, int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
uint32_t timeout ); uint32_t timeout );
/**
* \brief Closes down the connection and free associated data
*
* \param ctx The context to close
*/
void mbedtls_net_close( mbedtls_net_context *ctx );
/** /**
* \brief Gracefully shutdown the connection and free associated data * \brief Gracefully shutdown the connection and free associated data
* *

8
features/mbedtls/inc/mbedtls/version.h
View File

@ -39,7 +39,7 @@
* Major, Minor, Patchlevel * Major, Minor, Patchlevel
*/ */
#define MBEDTLS_VERSION_MAJOR 2 #define MBEDTLS_VERSION_MAJOR 2
#define MBEDTLS_VERSION_MINOR 18 #define MBEDTLS_VERSION_MINOR 19
#define MBEDTLS_VERSION_PATCH 0 #define MBEDTLS_VERSION_PATCH 0
/** /**
@ -47,9 +47,9 @@
* MMNNPP00 * MMNNPP00
* Major version | Minor version | Patch version * Major version | Minor version | Patch version
*/ */
#define MBEDTLS_VERSION_NUMBER 0x02120000 #define MBEDTLS_VERSION_NUMBER 0x02130000
#define MBEDTLS_VERSION_STRING "2.18.0" #define MBEDTLS_VERSION_STRING "2.19.0"
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.18.0" #define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.19.0"
#if defined(MBEDTLS_VERSION_C) #if defined(MBEDTLS_VERSION_C)

14
features/mbedtls/src/Makefile
View File

@ -80,6 +80,12 @@ OBJS_TLS= debug.o net_sockets.o \
ssl_srv.o ssl_ticket.o \ ssl_srv.o ssl_ticket.o \
ssl_tls.o ssl_tls.o
INCLUDING_FROM_MBEDTLS:=1
include ../crypto/3rdparty/Makefile.inc
LOCAL_CFLAGS += $(patsubst -I../3rdparty/%, -I../crypto/3rdparty/%, $(THIRDPARTY_INCLUDES))
OBJS_CRYPTO += $(patsubst ../3rdparty/%, ../crypto/3rdparty/%, $(THIRDPARTY_CRYPTO_OBJECTS))
.SILENT: .SILENT:
.PHONY: all static shared clean .PHONY: all static shared clean
@ -153,11 +159,13 @@ libmbedcrypto.%:
.c.o: .c.o:
echo " CC $<" echo " CC $<"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) -c $< $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $<
clean: clean:
ifndef WINDOWS ifndef WINDOWS
rm -f *.o libmbed* rm -f *.o libmbed* $(OBJS_CRYPTO)
else else
del /Q /F *.o libmbed* if exist *.o del /Q /F *.o
if exist libmbed* del /Q /F libmbed*
if exist $(OBJS_CRYPTO) del /Q /F $(OBJS_CRYPTO)
endif endif

13
features/mbedtls/src/net_sockets.c
View File

@ -651,6 +651,19 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len )
return( ret ); return( ret );
} }
/*
* Close the connection
*/
void mbedtls_net_close( mbedtls_net_context *ctx )
{
if( ctx->fd == -1 )
return;
close( ctx->fd );
ctx->fd = -1;
}
/* /*
* Gracefully close the connection * Gracefully close the connection
*/ */

4
features/mbedtls/src/ssl_tls.c
View File

@ -11950,6 +11950,10 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3; ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
ssl->minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; ssl->minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
/* Adjust pointers for header fields of outgoing records to
* the given transform, accounting for explicit IV and CID. */
ssl_update_out_pointers( ssl, ssl->transform );
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
ssl->in_epoch = 1; ssl->in_epoch = 1;
#endif #endif

10
features/mbedtls/src/x509_crt.c
View File

@ -2611,15 +2611,13 @@ check_signature:
continue; continue;
} }
*r_parent = parent;
*r_signature_is_good = signature_is_good;
break; break;
} }
if( parent != NULL ) if( parent == NULL )
{
*r_parent = parent;
*r_signature_is_good = signature_is_good;
}
else
{ {
*r_parent = fallback_parent; *r_parent = fallback_parent;
*r_signature_is_good = fallback_signature_is_good; *r_signature_is_good = fallback_signature_is_good;

12
features/mbedtls/src/x509write_crt.c
View File

@ -45,6 +45,16 @@
#include "mbedtls/pem.h" #include "mbedtls/pem.h"
#endif /* MBEDTLS_PEM_WRITE_C */ #endif /* MBEDTLS_PEM_WRITE_C */
/*
* For the currently used signature algorithms the buffer to store any signature
* must be at least of size MAX(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE)
*/
#if MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_MPI_MAX_SIZE
#define SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
#else
#define SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
#endif
void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx ) void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx )
{ {
memset( ctx, 0, sizeof( mbedtls_x509write_cert ) ); memset( ctx, 0, sizeof( mbedtls_x509write_cert ) );
@ -337,7 +347,7 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx,
size_t sig_oid_len = 0; size_t sig_oid_len = 0;
unsigned char *c, *c2; unsigned char *c, *c2;
unsigned char hash[64]; unsigned char hash[64];
unsigned char sig[MBEDTLS_MPI_MAX_SIZE]; unsigned char sig[SIGNATURE_MAX_SIZE];
size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len; size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len;
size_t len = 0; size_t len = 0;
mbedtls_pk_type_t pk_alg; mbedtls_pk_type_t pk_alg;

12
features/mbedtls/src/x509write_csr.c
View File

@ -49,6 +49,16 @@
#include "mbedtls/pem.h" #include "mbedtls/pem.h"
#endif #endif
/*
* For the currently used signature algorithms the buffer to store any signature
* must be at least of size MAX(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE)
*/
#if MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_MPI_MAX_SIZE
#define SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
#else
#define SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
#endif
void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx ) void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx )
{ {
memset( ctx, 0, sizeof( mbedtls_x509write_csr ) ); memset( ctx, 0, sizeof( mbedtls_x509write_csr ) );
@ -138,7 +148,7 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s
size_t sig_oid_len = 0; size_t sig_oid_len = 0;
unsigned char *c, *c2; unsigned char *c, *c2;
unsigned char hash[64]; unsigned char hash[64];
unsigned char sig[MBEDTLS_MPI_MAX_SIZE]; unsigned char sig[SIGNATURE_MAX_SIZE];
unsigned char tmp_buf[2048]; unsigned char tmp_buf[2048];
size_t pub_len = 0, sig_and_oid_len = 0, sig_len; size_t pub_len = 0, sig_and_oid_len = 0, sig_len;
size_t len = 0; size_t len = 0;