Merge #156

156: Update to mbedtls 2.26.0 r=zugzwang a=raoulstrackx



Co-authored-by: Raoul Strackx <[email protected]>
Co-authored-by: Vardhan Thigle <[email protected]>

Author: 3 people

Cargo.lock

@@ -1,6 +1,6 @@
 [package]
 name = "mbedtls-sys-auto"
-version = "2.25.2"
+version = "2.26.0"
 authors = ["Jethro Beekman <[email protected]>"]
 build = "build/build.rs"
 license = "Apache-2.0/GPL-2.0+"

mbedtls-sys/Cargo.toml

@@ -132,6 +132,7 @@ const DEFAULT_DEFINES: &'static [CDefine] = &[
     ("MBEDTLS_ECDSA_SIGN_ALT",                            Undefined),
     ("MBEDTLS_ECDSA_GENKEY_ALT",                          Undefined),
     ("MBEDTLS_ECP_INTERNAL_ALT",                          Undefined),
+    ("MBEDTLS_ECP_NO_FALLBACK",                           Undefined),
     ("MBEDTLS_ECP_RANDOMIZE_JAC_ALT",                     Undefined),
     ("MBEDTLS_ECP_ADD_MIXED_ALT",                         Undefined),
     ("MBEDTLS_ECP_DOUBLE_JAC_ALT",                        Undefined),
@@ -202,7 +203,9 @@ const DEFAULT_DEFINES: &'static [CDefine] = &[
     ("MBEDTLS_PK_RSA_ALT_SUPPORT",                        Defined),
     ("MBEDTLS_PKCS1_V15",                                 Defined),
     ("MBEDTLS_PKCS1_V21",                                 Defined),
+    ("MBEDTLS_PSA_CRYPTO_CLIENT",                         Undefined),
     ("MBEDTLS_PSA_CRYPTO_DRIVERS",                        Undefined),
+    ("MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG",                   Undefined),
     ("MBEDTLS_PSA_CRYPTO_SPM",                            Undefined),
     ("MBEDTLS_PSA_INJECT_ENTROPY",                        Undefined),
     ("MBEDTLS_RSA_NO_CRT",                                Undefined),
@@ -374,6 +377,8 @@ const DEFAULT_DEFINES: &'static [CDefine] = &[
     ("MBEDTLS_PLATFORM_VSNPRINTF_MACRO",                  Undefined), // default: vsnprintf
     ("MBEDTLS_PLATFORM_NV_SEED_READ_MACRO",               Undefined), // default: mbedtls_platform_std_nv_seed_read
     ("MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO",              Undefined), // default: mbedtls_platform_std_nv_seed_write
+    ("MBEDTLS_PSA_HMAC_DRBG_MD_TYPE",                     Undefined), // default: see config.h
+    ("MBEDTLS_PSA_KEY_SLOT_COUNT",                        Undefined), // default: 32
     ("MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT",                 Undefined), // default: 86400
     ("MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES",             Undefined), // default: 50
     ("MBEDTLS_SSL_MAX_CONTENT_LEN",                       Undefined), // default: 16384

mbedtls-sys/build/config.rs

@@ -41,19 +41,21 @@ pub const ORDERED: &'static [(Option<&'static str>, &'static str)] = &[
     (None,                 "x509.h"),
     (None,                 "cipher.h"),
     (None,                 "x509_crl.h"),
+    (None,                 "aes.h"),
     (None,                 "ssl_ciphersuites.h"),
     (None,                 "x509_crt.h"),
     (None,                 "dhm.h"),
     (None,                 "ecdh.h"),
     (None,                 "oid.h"),
+    (None,                 "ctr_drbg.h"),
+    (None,                 "hmac_drbg.h"),
     (None,                 "ssl.h"),
     (None,                 "md5.h"),
     (None,                 "sha1.h"),
     (None,                 "sha256.h"),
     (None,                 "sha512.h"),
     (None,                 "ecjpake.h"),
     (None,                 "psa_util.h"),
-    (None,                 "aes.h"),
     (None,                 "net_sockets.h"),
     (None,                 "havege.h"),
     (None,                 "poly1305.h"),
@@ -81,7 +83,6 @@ pub const ORDERED: &'static [(Option<&'static str>, &'static str)] = &[
     (None,                 "md_internal.h"),
     (None,                 "md4.h"),
     (None,                 "md2.h"),
-    (None,                 "hmac_drbg.h"),
     (None,                 "hkdf.h"),
     (None,                 "gcm.h"),
     (None,                 "error.h"),
@@ -90,7 +91,6 @@ pub const ORDERED: &'static [(Option<&'static str>, &'static str)] = &[
     (None,                 "ecp_internal.h"),
     (None,                 "des.h"),
     (None,                 "debug.h"),
-    (None,                 "ctr_drbg.h"),
     (None,                 "cmac.h"),
     (None,                 "cipher_internal.h"),
     (None,                 "chachapoly.h"),

mbedtls-sys/build/headers.rs

@@ -0,0 +1,41 @@
+Note: This is just a template, so feel free to use/remove the unnecessary things
+
+### Description
+- Type: Bug | Enhancement\Feature Request
+- Priority: Blocker | Major | Minor
+
+---------------------------------------------------------------
+## Bug
+
+**OS**  
+Mbed OS|linux|windows|
+
+**mbed TLS build:**  
+Version: x.x.x or git commit id  
+OS version: x.x.x  
+Configuration: please attach config.h file where possible  
+Compiler and options (if you used a pre-built binary, please indicate how you obtained it):  
+Additional environment information:  
+
+**Peer device TLS stack and version**  
+OpenSSL|GnuTls|Chrome|NSS(Firefox)|SecureChannel (IIS/Internet Explorer/Edge)|Other  
+Version:  
+
+**Expected behavior**   
+
+**Actual behavior**  
+
+**Steps to reproduce**  
+
+----------------------------------------------------------------
+## Enhancement\Feature Request
+
+**Justification - why does the library need this feature?**  
+
+**Suggested enhancement**  
+
+-----------------------------------------------------------------
+
+## Question
+
+**Please first check for answers in the [Mbed TLS knowledge Base](https://tls.mbed.org/kb). If you can't find the answer you're looking for then please use the [Mbed TLS mailing list](https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls)**

mbedtls-sys/vendor/.github/issue_template.md

@@ -0,0 +1,36 @@
+Notes:
+* Pull requests cannot be accepted until the PR follows the [contributing guidelines](../CONTRIBUTING.md). In particular, each commit must have at least one `Signed-off-by:` line from the committer to certify that the contribution is made under the terms of the [Developer Certificate of Origin](../dco.txt).
+* This is just a template, so feel free to use/remove the unnecessary things
+## Description
+A few sentences describing the overall goals of the pull request's commits.
+
+
+## Status
+**READY/IN DEVELOPMENT/HOLD**
+
+## Requires Backporting
+When there is a bug fix, it should be backported to all maintained and supported branches.
+Changes do not have to be backported if:
+- This PR is a new feature\enhancement
+- This PR contains changes in the API. If this is true, and there is a need for the fix to be backported, the fix should be handled differently in the legacy branch
+
+Yes | NO  
+Which branch?
+
+## Migrations
+If there is any API change, what's the incentive and logic for it.
+
+YES | NO
+
+## Additional comments
+Any additional information that could be of interest
+
+## Todos
+- [ ] Tests
+- [ ] Documentation
+- [ ] Changelog updated
+- [ ] Backported
+
+
+## Steps to test or reproduce
+Outline the steps to test or reproduce the PR here.

mbedtls-sys/vendor/.github/pull_request_template.md

@@ -0,0 +1,58 @@
+# Random seed file created by test scripts and sample programs
+seedfile
+
+# CMake build artifacts:
+CMakeCache.txt
+CMakeFiles
+CTestTestfile.cmake
+cmake_install.cmake
+Testing
+# CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those:
+*.dir/
+# MSVC files generated by CMake:
+/*.sln
+/*.vcxproj
+/*.filters
+
+# Test coverage build artifacts:
+Coverage
+*.gcno
+*.gcda
+
+# generated by scripts/memory.sh
+massif-*
+
+# MSVC build artifacts:
+*.exe
+*.pdb
+*.ilk
+*.lib
+
+# Python build artifacts:
+*.pyc
+
+# CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those:
+*.dir/
+
+# Microsoft CMake extension for Visual Studio Code generates a build directory by default
+/build/
+
+# Visual Studio artifacts
+/visualc/VS2010/.localhistory/
+/visualc/VS2010/.vs/
+/visualc/VS2010/Debug/
+/visualc/VS2010/Release/
+/visualc/VS2010/*.vcxproj.filters
+/visualc/VS2010/*.vcxproj.user
+
+# Generated documentation:
+/apidoc
+
+# Editor navigation files:
+/GPATH
+/GRTAGS
+/GSYMS
+/GTAGS
+/TAGS
+/cscope*.out
+/tags

mbedtls-sys/vendor/.gitignore

@@ -0,0 +1,3 @@
+default:\
+    :langmap=c\:.c.h.function:\
+

mbedtls-sys/vendor/.globalrc

@@ -0,0 +1,4 @@
+[mypy]
+mypy_path = scripts
+namespace_packages = True
+warn_unused_configs = True

mbedtls-sys/vendor/.mypy.ini

@@ -0,0 +1,75 @@
+[MASTER]
+init-hook='import sys; sys.path.append("scripts")'
+
+[BASIC]
+# We're ok with short funtion argument names.
+# [invalid-name]
+argument-rgx=[a-z_][a-z0-9_]*$
+
+# Allow filter and map.
+# [bad-builtin]
+bad-functions=input
+
+# We prefer docstrings, but we don't require them on all functions.
+# Require them only on long functions (for some value of long).
+# [missing-docstring]
+docstring-min-length=10
+
+# No upper limit on method names. Pylint <2.1.0 has an upper limit of 30.
+# [invalid-name]
+method-rgx=[a-z_][a-z0-9_]{2,}$
+
+# Allow module names containing a dash (but no underscore or uppercase letter).
+# They are whole programs, not meant to be included by another module.
+# [invalid-name]
+module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+)|[a-z][-0-9a-z]+)$
+
+# Some functions don't need docstrings.
+# [missing-docstring]
+no-docstring-rgx=(run_)?main$
+
+# We're ok with short local or global variable names.
+# [invalid-name]
+variable-rgx=[a-z_][a-z0-9_]*$
+
+[DESIGN]
+# Allow more than the default 7 attributes.
+# [too-many-instance-attributes]
+max-attributes=15
+
+[FORMAT]
+# Allow longer modules than the default recommended maximum.
+# [too-many-lines]
+max-module-lines=2000
+
+[MESSAGES CONTROL]
+# * locally-disabled, locally-enabled: If we disable or enable a message
+#   locally, it's by design. There's no need to clutter the Pylint output
+#   with this information.
+# * logging-format-interpolation: Pylint warns about things like
+#   ``log.info('...'.format(...))``. It insists on ``log.info('...', ...)``.
+#   This is of minor utility (mainly a performance gain when there are
+#   many messages that use formatting and are below the log level).
+#   Some versions of Pylint (including 1.8, which is the version on
+#   Ubuntu 18.04) only recognize old-style format strings using '%',
+#   and complain about something like ``log.info('{}', foo)`` with
+#   logging-too-many-args (Pylint supports new-style formatting if
+#   declared globally with logging_format_style under [LOGGING] but
+#   this requires Pylint >=2.2).
+# * no-else-return: Allow the perfectly reasonable idiom
+#    if condition1:
+#        return value1
+#    else:
+#        return value2
+# * unnecessary-pass: If we take the trouble of adding a line with "pass",
+#   it's because we think the code is clearer that way.
+disable=locally-disabled,locally-enabled,logging-format-interpolation,no-else-return,unnecessary-pass
+
+[REPORTS]
+# Don't diplay statistics. Just the facts.
+reports=no
+
+[VARIABLES]
+# Allow unused variables if their name starts with an underscore.
+# [unused-argument]
+dummy-variables-rgx=_.*

mbedtls-sys/vendor/.pylintrc

@@ -0,0 +1,69 @@
+language: c
+compiler: gcc
+sudo: false
+cache: ccache
+
+jobs:
+  include:
+    - name: basic checks and reference configurations
+      addons:
+        apt:
+          packages:
+          - gnutls-bin
+          - doxygen
+          - graphviz
+          - gcc-arm-none-eabi
+          - libnewlib-arm-none-eabi
+      language: python # Needed to get pip for Python 3
+      python: 3.5 # version from Ubuntu 16.04
+      install:
+        - pip install mypy==0.780 pylint==2.4.4
+      script:
+        - tests/scripts/all.sh -k 'check_*'
+        - tests/scripts/all.sh -k test_default_out_of_box
+        - tests/scripts/test-ref-configs.pl
+        - tests/scripts/all.sh -k build_arm_none_eabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus
+
+    - name: full configuration
+      script:
+        - tests/scripts/all.sh -k test_full_cmake_gcc_asan
+
+    - name: macOS
+      os: osx
+      compiler: clang
+      script:
+        - tests/scripts/all.sh -k test_default_out_of_box
+
+    - name: Windows
+      os: windows
+      before_install:
+        - choco install python --version=3.5.4
+      env:
+        # Add the directory where the Choco package goes
+        - PATH=/c/Python35:/c/Python35/Scripts:$PATH
+      script:
+        - type python; python --version
+        - python scripts/generate_psa_constants.py
+        # Logs appear out of sequence on Windows. Give time to catch up.
+        - sleep 5
+        - scripts/windows_msbuild.bat v141 # Visual Studio 2017
+
+after_failure:
+- tests/scripts/travis-log-failure.sh
+
+env:
+  global:
+    - SEED=1
+    - secure: "FrI5d2s+ckckC17T66c8jm2jV6i2DkBPU5nyWzwbedjmEBeocREfQLd/x8yKpPzLDz7ghOvr+/GQvsPPn0dVkGlNzm3Q+hGHc/ujnASuUtGrcuMM+0ALnJ3k4rFr9xEvjJeWb4SmhJO5UCAZYvTItW4k7+bj9L+R6lt3TzQbXzg="
+
+addons:
+  apt:
+    packages:
+    - gnutls-bin
+  coverity_scan:
+    project:
+      name: "ARMmbed/mbedtls"
+    notification_email: [email protected]
+    build_command_prepend:
+    build_command: make
+    branch_pattern: coverity_scan