Merge remote-tracking branch 'upstream-public/pr/2728' into development
diff --git a/ChangeLog b/ChangeLog
index 45f6e8e..d847692 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -32,6 +32,15 @@
MBEDTLS_SSL_DTLS_CONNECTION_ID (disabled by default), and at run-time
through the new APIs mbedtls_ssl_conf_cid() and mbedtls_ssl_set_cid().
+API Changes
+ * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes,
+ and the used tls-prf.
+ * Add public API for tls-prf function, according to requested enum.
+ * Add DER-encoded test CRTs to library/certs.c, allowing
+ the example programs ssl_server2 and ssl_client2 to be run
+ if MBEDTLS_FS_IO and MBEDTLS_PEM_PARSE_C are unset. Fixes #2254.
+ * The HAVEGE state type now uses uint32_t elements instead of int.
+
Bugfix
* Fix private key DER output in the key_app_writer example. File contents
were shifted by one byte, creating an invalid ASN.1 tag. Fixed by
@@ -81,15 +90,12 @@
* Fix partial zeroing in x509_get_other_name. Found and fixed by ekse, #2716.
* Update test certificates that were about to expire. Reported by
Bernhard M. Wiedemann in #2357.
-
-API Changes
- * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes,
- and the used tls-prf.
- * Add public API for tls-prf function, according to requested enum.
- * Add DER-encoded test CRTs to library/certs.c, allowing
- the example programs ssl_server2 and ssl_client2 to be run
- if MBEDTLS_FS_IO and MBEDTLS_PEM_PARSE_C are unset. Fixes #2254.
- * The HAVEGE state type now uses uint32_t elements instead of int.
+ * Fix the build on ARMv5TE in ARM mode to not use assembly instructions
+ that are only available in Thumb mode. Fix contributed by Aurelien Jarno
+ in #2169.
+ * Fix propagation of restart contexts in restartable EC operations.
+ This could previously lead to segmentation faults in builds using an
+ address-sanitizer and enabling but not using MBEDTLS_ECP_RESTARTABLE.
Changes
* Server's RSA certificate in certs.c was SHA-1 signed. In the default
diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h
index c33bd8d..748975e 100644
--- a/include/mbedtls/bn_mul.h
+++ b/include/mbedtls/bn_mul.h
@@ -642,7 +642,8 @@
"r6", "r7", "r8", "r9", "cc" \
);
-#elif defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1)
+#elif (__ARM_ARCH >= 6) && \
+ defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1)
#define MULADDC_INIT \
asm(
diff --git a/library/ecdsa.c b/library/ecdsa.c
index dc19384..58e1a5f 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -172,11 +172,11 @@
}
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
-#define ECDSA_RS_ECP &rs_ctx->ecp
+#define ECDSA_RS_ECP ( rs_ctx == NULL ? NULL : &rs_ctx->ecp )
/* Utility macro for checking and updating ops budget */
#define ECDSA_BUDGET( ops ) \
- MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, &rs_ctx->ecp, ops ) );
+ MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, ECDSA_RS_ECP, ops ) );
/* Call this when entering a function that needs its own sub-context */
#define ECDSA_RS_ENTER( SUB ) do { \
diff --git a/tests/compat.sh b/tests/compat.sh
index 80c2d31..54bc0b7 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -216,14 +216,13 @@
G_CIPHERS=$( filter "$G_CIPHERS" )
fi
- # OpenSSL 1.0.1h doesn't support DTLS 1.2
- if [ `minor_ver "$MODE"` -ge 3 ] && is_dtls "$MODE"; then
+ # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check what OpenSSL
+ # supports from the s_server help. (The s_client help isn't
+ # accurate as of 1.0.2g: it supports DTLS 1.2 but doesn't list it.
+ # But the s_server help seems to be accurate.)
+ if ! $OPENSSL_CMD s_server -help 2>&1 | grep -q "^ *-$MODE "; then
+ M_CIPHERS=""
O_CIPHERS=""
- case "$PEER" in
- [Oo]pen*)
- M_CIPHERS=""
- ;;
- esac
fi
# For GnuTLS client -> mbed TLS server,
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 6a1d194..6017680 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1108,6 +1108,17 @@
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib
}
+component_build_arm_none_eabi_gcc_arm5vte () {
+ msg "build: arm-none-eabi-gcc -march=arm5vte, make" # ~ 10s
+ scripts/config.pl baremetal
+ # Build for a target platform that's close to what Debian uses
+ # for its "armel" distribution (https://wiki.debian.org/ArmEabiPort).
+ # See https://github.com/ARMmbed/mbedtls/pull/2169 and comments.
+ # It would be better to build with arm-linux-gnueabi-gcc but
+ # we don't have that on our CI at this time.
+ make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib
+}
+
component_build_arm_none_eabi_gcc_no_udbl_division () {
msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s
scripts/config.pl baremetal