mbedtls bump to 2.7.9 (#2655)

No major fixes, but was looking anyway. Specifically, to https://github.com/ARMmbed/mbedtls.git 079e813949251be1e7a9d395abd20b2c63422787
2019-04-05 05:57:02 +01:00 · 2019-04-05 05:57:02 +01:00 · f0565ea576
parent ab61e9c03a
commit f0565ea576
12 changed files with 109 additions and 36 deletions
--- a/app/include/mbedtls/bn_mul.h
+++ b/app/include/mbedtls/bn_mul.h
@ -38,6 +38,12 @@
 #ifndef MBEDTLS_BN_MUL_H
 #define MBEDTLS_BN_MUL_H
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else
 #include MBEDTLS_CONFIG_FILE
 #endif
 #include "bignum.h"
 #if defined(MBEDTLS_HAVE_ASM)
@ -734,7 +740,7 @@
        "sw     $10, %2         \n\t"   \
        : "=m" (c), "=m" (d), "=m" (s)                      \
        : "m" (s), "m" (d), "m" (c), "m" (b)                \
-        : "$9", "$10", "$11", "$12", "$13", "$14", "$15"    \
+        : "$9", "$10", "$11", "$12", "$13", "$14", "$15", "lo", "hi" \
    );
 #endif /* MIPS */
--- a/app/include/mbedtls/check_config.h
+++ b/app/include/mbedtls/check_config.h
@ -122,6 +122,10 @@
 #error "MBEDTLS_ECP_C defined, but not all prerequisites"
 #endif
 #if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
 #error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites"
 #endif
 #if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) &&      \
                                    !defined(MBEDTLS_SHA256_C))
 #error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"
--- a/app/include/mbedtls/ctr_drbg.h
+++ b/app/include/mbedtls/ctr_drbg.h
@ -28,6 +28,12 @@
 #ifndef MBEDTLS_CTR_DRBG_H
 #define MBEDTLS_CTR_DRBG_H
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else
 #include MBEDTLS_CONFIG_FILE
 #endif
 #include "aes.h"
 #if defined(MBEDTLS_THREADING_C)
--- a/app/include/mbedtls/hmac_drbg.h
+++ b/app/include/mbedtls/hmac_drbg.h
@ -24,6 +24,12 @@
 #ifndef MBEDTLS_HMAC_DRBG_H
 #define MBEDTLS_HMAC_DRBG_H
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else
 #include MBEDTLS_CONFIG_FILE
 #endif
 #include "md.h"
 #if defined(MBEDTLS_THREADING_C)
--- a/app/include/mbedtls/pkcs12.h
+++ b/app/include/mbedtls/pkcs12.h
@ -24,6 +24,12 @@
 #ifndef MBEDTLS_PKCS12_H
 #define MBEDTLS_PKCS12_H
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else
 #include MBEDTLS_CONFIG_FILE
 #endif
 #include "md.h"
 #include "cipher.h"
 #include "asn1.h"
@ -46,6 +52,8 @@
 extern "C" {
 #endif
 #if defined(MBEDTLS_ASN1_PARSE_C)
 /**
 * \brief            PKCS12 Password Based function (encryption / decryption)
 *                   for pbeWithSHAAnd128BitRC4
@ -87,6 +95,8 @@ int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
                const unsigned char *input, size_t len,
                unsigned char *output );
 #endif /* MBEDTLS_ASN1_PARSE_C */
 /**
 * \brief            The PKCS#12 derivation function uses a password and a salt
 *                   to produce pseudo-random bits for a particular "purpose".
--- a/app/include/mbedtls/pkcs5.h
+++ b/app/include/mbedtls/pkcs5.h
@ -26,6 +26,12 @@
 #ifndef MBEDTLS_PKCS5_H
 #define MBEDTLS_PKCS5_H
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else
 #include MBEDTLS_CONFIG_FILE
 #endif
 #include "asn1.h"
 #include "md.h"
@ -44,6 +50,8 @@
 extern "C" {
 #endif
 #if defined(MBEDTLS_ASN1_PARSE_C)
 /**
 * \brief          PKCS#5 PBES2 function
 *
@ -62,6 +70,8 @@ int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
                 const unsigned char *data, size_t datalen,
                 unsigned char *output );
 #endif /* MBEDTLS_ASN1_PARSE_C */
 /**
 * \brief          PKCS#5 PBKDF2 using HMAC
 *
--- a/app/include/mbedtls/ssl.h
+++ b/app/include/mbedtls/ssl.h
@ -1618,6 +1618,14 @@ void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
 *                 whether it matches those preferences - the server can then
 *                 decide what it wants to do with it.
 *
 * \note           The provided \p pk_key needs to match the public key in the
 *                 first certificate in \p own_cert, or all handshakes using
 *                 that certificate will fail. It is your responsibility
 *                 to ensure that; this function will not perform any check.
 *                 You may use mbedtls_pk_check_pair() in order to perform
 *                 this check yourself, but be aware that this function can
 *                 be computationally expensive on some key types.
 *
 * \param conf     SSL configuration
 * \param own_cert own public certificate chain
 * \param pk_key   own private key
--- a/app/include/mbedtls/version.h
+++ b/app/include/mbedtls/version.h
@ -40,16 +40,16 @@
 */
 #define MBEDTLS_VERSION_MAJOR  2
 #define MBEDTLS_VERSION_MINOR  7
-#define MBEDTLS_VERSION_PATCH  8
+#define MBEDTLS_VERSION_PATCH  9
 /**
 * The single version number has the following structure:
 *    MMNNPP00
 *    Major version | Minor version | Patch version
 */
-#define MBEDTLS_VERSION_NUMBER         0x02070800
+#define MBEDTLS_VERSION_NUMBER         0x02070900
-#define MBEDTLS_VERSION_STRING         "2.7.8"
+#define MBEDTLS_VERSION_STRING         "2.7.9"
-#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.7.8"
+#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.7.9"
 #if defined(MBEDTLS_VERSION_C)
--- a/app/mbedtls/library/asn1write.c
+++ b/app/mbedtls/library/asn1write.c
@ -331,14 +331,36 @@ int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start,
    return( (int) len );
 }
-mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **head,
+
 /* This is a copy of the ASN.1 parsing function mbedtls_asn1_find_named_data(),
 * which is replicated to avoid a dependency ASN1_WRITE_C on ASN1_PARSE_C. */
 static mbedtls_asn1_named_data *asn1_find_named_data(
                                               mbedtls_asn1_named_data *list,
                                               const char *oid, size_t len )
 {
    while( list != NULL )
    {
        if( list->oid.len == len &&
            memcmp( list->oid.p, oid, len ) == 0 )
        {
            break;
        }
        list = list->next;
    }
    return( list );
 }
 mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(
                                        mbedtls_asn1_named_data **head,
                                        const char *oid, size_t oid_len,
                                        const unsigned char *val,
                                        size_t val_len )
 {
    mbedtls_asn1_named_data *cur;
-    if( ( cur = mbedtls_asn1_find_named_data( *head, oid, oid_len ) ) == NULL )
+    if( ( cur = asn1_find_named_data( *head, oid, oid_len ) ) == NULL )
    {
        // Add new entry if not present yet based on OID
        //
--- a/app/mbedtls/library/bignum.c
+++ b/app/mbedtls/library/bignum.c
@ -500,26 +500,38 @@ cleanup:
 }
 /*
- * Helper to write the digits high-order first
+ * Helper to write the digits high-order first.
 */
-static int mpi_write_hlp( mbedtls_mpi *X, int radix, char **p )
+static int mpi_write_hlp( mbedtls_mpi *X, int radix,
                          char **p, const size_t buflen )
 {
    int ret;
    mbedtls_mpi_uint r;
    size_t length = 0;
    char *p_end = *p + buflen;
-    if( radix < 2 || radix > 16 )
+    do
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+    {
        if( length >= buflen )
        {
            return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
        }
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, radix ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, radix ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_div_int( X, NULL, X, radix ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_div_int( X, NULL, X, radix ) );
        /*
         * Write the residue in the current position, as an ASCII character.
         */
        if( r < 0xA )
            *(--p_end) = (char)( '0' + r );
        else
            *(--p_end) = (char)( 'A' + ( r - 0xA ) );
-    if( mbedtls_mpi_cmp_int( X, 0 ) != 0 )
+        length++;
-        MBEDTLS_MPI_CHK( mpi_write_hlp( X, radix, p ) );
+    } while( mbedtls_mpi_cmp_int( X, 0 ) != 0 );
-    if( r < 10 )
+    memmove( *p, p_end, length );
-        *(*p)++ = (char)( r + 0x30 );
+    *p += length;
    else
        *(*p)++ = (char)( r + 0x37 );
 cleanup:
@ -589,7 +601,7 @@ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
        if( T.s == -1 )
            T.s = 1;
-        MBEDTLS_MPI_CHK( mpi_write_hlp( &T, radix, &p ) );
+        MBEDTLS_MPI_CHK( mpi_write_hlp( &T, radix, &p, buflen ) );
    }
    *p++ = '\0';
--- a/app/mbedtls/library/pkcs12.c
+++ b/app/mbedtls/library/pkcs12.c
@ -52,6 +52,8 @@ static void mbedtls_zeroize( void *v, size_t n ) {
    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
 }
 #if defined(MBEDTLS_ASN1_PARSE_C)
 static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params,
                                    mbedtls_asn1_buf *salt, int *iterations )
 {
@ -230,6 +232,8 @@ exit:
    return( ret );
 }
 #endif /* MBEDTLS_ASN1_PARSE_C */
 static void pkcs12_fill_buffer( unsigned char *data, size_t data_len,
                                const unsigned char *filler, size_t fill_len )
 {
--- a/app/mbedtls/library/pkcs5.c
+++ b/app/mbedtls/library/pkcs5.c
@ -54,22 +54,7 @@
 #define mbedtls_printf printf
 #endif
-#if !defined(MBEDTLS_ASN1_PARSE_C)
+#if defined(MBEDTLS_ASN1_PARSE_C)
 int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
                 const unsigned char *pwd,  size_t pwdlen,
                 const unsigned char *data, size_t datalen,
                 unsigned char *output )
 {
    ((void) pbe_params);
    ((void) mode);
    ((void) pwd);
    ((void) pwdlen);
    ((void) data);
    ((void) datalen);
    ((void) output);
    return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
 }
 #else
 static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params,
                                      mbedtls_asn1_buf *salt, int *iterations,
                                      int *keylen, mbedtls_md_type_t *md_type )