Merge pull request #1214 from Mbed-TLS/mbedtls-2.28.8rc0-pr

Mbedtls 2.28.8 Release Candidate

ChangeLog

@@ -1,5 +1,57 @@
 Mbed TLS ChangeLog (Sorted per branch, date)
 
+= Mbed TLS 2.28.8 branch released 2024-03-28
+
+Features
+   * AES-NI is now supported in Windows builds with clang and clang-cl.
+     Resolves #8372.
+   * Add pc files for pkg-config, e.g.:
+     pkg-config --cflags --libs (mbedtls|mbedcrypto|mbedx509)
+
+Security
+   * Passing buffers that are stored in untrusted memory as arguments
+     to PSA functions is now secure by default.
+     The PSA core now protects against modification of inputs or exposure
+     of intermediate outputs during operations. This is currently implemented
+     by copying buffers.
+     This feature increases code size and memory usage. If buffers passed to
+     PSA functions are owned exclusively by the PSA core for the duration of
+     the function call (i.e. no buffer parameters are in shared memory),
+     copying may be disabled by setting MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS.
+     Note that setting this option will cause input-output buffer overlap to
+     be only partially supported (#3266).
+     Fixes CVE-2024-28960.
+
+Bugfix
+   * Fix the build with CMake when Everest is enabled through
+     a user configuration file or the compiler command line. Fixes #8165.
+   * Fix an inconsistency between implementations and usages of `__cpuid`,
+     which mainly causes failures when building Windows target using
+     mingw or clang. Fixes #8334 & #8332.
+   * Correct initial capacities for key derivation algorithms: TLS12_PRF,
+     TLS12_PSK_TO_MS.
+   * Fix mbedtls_pk_get_bitlen() for RSA keys whose size is not a
+     multiple of 8. Fixes #868.
+   * Avoid segmentation fault caused by releasing not initialized
+     entropy resource in gen_key example. Fixes #8809.
+   * Fix missing bitflags in SSL session serialization headers. Their absence
+     allowed SSL sessions saved in one configuration to be loaded in a
+     different, incompatible configuration.
+   * Fix the restoration of the ALPN when loading serialized connection with
+     the mbedtls_ssl_context_load() API.
+   * Fully support arbitrary overlap between inputs and outputs of PSA
+     functions. Note that overlap is still only partially supported when
+     MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS is set (#3266).
+
+Changes
+   * Use heap memory to allocate DER encoded public/private key.
+     This reduces stack usage significantly for writing a public/private
+     key to a PEM string.
+   * cmake: Use GnuInstallDirs to customize install directories
+     Replace custom LIB_INSTALL_DIR variable with standard CMAKE_INSTALL_LIBDIR
+     variable. For backward compatibility, set CMAKE_INSTALL_LIBDIR if
+     LIB_INSTALL_DIR is set.
+
 = Mbed TLS 2.28.7 branch released 2024-01-26
 
 Security

doxygen/input/doc_mainpage.h

@@ -10,7 +10,7 @@
  */
 
 /**
- * @mainpage Mbed TLS v2.28.7 API Documentation
+ * @mainpage Mbed TLS v2.28.8 API Documentation
  *
  * This documentation describes the internal structure of Mbed TLS.  It was
  * automatically generated from specially formatted comment blocks in

doxygen/mbedtls.doxyfile

@@ -1,4 +1,4 @@
-PROJECT_NAME           = "Mbed TLS v2.28.7"
+PROJECT_NAME           = "Mbed TLS v2.28.8"
 OUTPUT_DIRECTORY       = ../apidoc/
 FULL_PATH_NAMES        = NO
 OPTIMIZE_OUTPUT_FOR_C  = YES

include/mbedtls/config.h

@@ -1570,6 +1570,26 @@
  */
 //#define MBEDTLS_PSA_INJECT_ENTROPY
 
+/**
+ * \def MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
+ *
+ * Assume all buffers passed to PSA functions are owned exclusively by the
+ * PSA function and are not stored in shared memory.
+ *
+ * This option may be enabled if all buffers passed to any PSA function reside
+ * in memory that is accessible only to the PSA function during its execution.
+ *
+ * This option MUST be disabled whenever buffer arguments are in memory shared
+ * with an untrusted party, for example where arguments to PSA calls are passed
+ * across a trust boundary.
+ *
+ * \note Enabling this option reduces memory usage and code size.
+ *
+ * \note Enabling this option causes overlap of input and output buffers
+ *       not to be supported by PSA functions.
+ */
+//#define MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
+
 /**
  * \def MBEDTLS_RSA_NO_CRT
  *

include/mbedtls/version.h

@@ -26,16 +26,16 @@
  */
 #define MBEDTLS_VERSION_MAJOR  2
 #define MBEDTLS_VERSION_MINOR  28
-#define MBEDTLS_VERSION_PATCH  7
+#define MBEDTLS_VERSION_PATCH  8
 
 /**
  * The single version number has the following structure:
  *    MMNNPP00
  *    Major version | Minor version | Patch version
  */
-#define MBEDTLS_VERSION_NUMBER         0x021C0700
-#define MBEDTLS_VERSION_STRING         "2.28.7"
-#define MBEDTLS_VERSION_STRING_FULL    "Mbed TLS 2.28.7"
+#define MBEDTLS_VERSION_NUMBER         0x021C0800
+#define MBEDTLS_VERSION_STRING         "2.28.8"
+#define MBEDTLS_VERSION_STRING_FULL    "Mbed TLS 2.28.8"
 
 #if defined(MBEDTLS_VERSION_C)
 

library/CMakeLists.txt

@@ -204,15 +204,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
 if(USE_SHARED_MBEDTLS_LIBRARY)
     set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR})
     add_library(${mbedcrypto_target} SHARED ${src_crypto})
-    set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 2.28.7 SOVERSION 7)
+    set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 2.28.8 SOVERSION 7)
     target_link_libraries(${mbedcrypto_target} PUBLIC ${libs})
 
     add_library(${mbedx509_target} SHARED ${src_x509})
-    set_target_properties(${mbedx509_target} PROPERTIES VERSION 2.28.7 SOVERSION 1)
+    set_target_properties(${mbedx509_target} PROPERTIES VERSION 2.28.8 SOVERSION 1)
     target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target})
 
     add_library(${mbedtls_target} SHARED ${src_tls})
-    set_target_properties(${mbedtls_target} PROPERTIES VERSION 2.28.7 SOVERSION 14)
+    set_target_properties(${mbedtls_target} PROPERTIES VERSION 2.28.8 SOVERSION 14)
     target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target})
 endif(USE_SHARED_MBEDTLS_LIBRARY)
 
@@ -226,7 +226,9 @@ foreach(target IN LISTS target_libraries)
         PUBLIC ${MBEDTLS_DIR}/include/
         PUBLIC ${thirdparty_inc_public}
         PRIVATE ${MBEDTLS_DIR}/library/
-        PRIVATE ${thirdparty_inc})
+        PRIVATE ${thirdparty_inc}
+        # Needed to include psa_crypto_driver_wrappers.h
+        ${CMAKE_CURRENT_BINARY_DIR})
     target_compile_definitions(${target}
         PRIVATE ${thirdparty_def})
     # Pass-through MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE

library/gcm.c

@@ -241,7 +241,7 @@ int mbedtls_gcm_starts(mbedtls_gcm_context *ctx,
     uint64_t iv_bits;
 
     GCM_VALIDATE_RET(ctx != NULL);
-    GCM_VALIDATE_RET(iv != NULL);
+    GCM_VALIDATE_RET(iv_len == 0 || iv != NULL);
     GCM_VALIDATE_RET(add_len == 0 || add != NULL);
 
     /* IV and AD are limited to 2^64 bits, so 2^61 bytes */
@@ -433,7 +433,7 @@ int mbedtls_gcm_crypt_and_tag(mbedtls_gcm_context *ctx,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     GCM_VALIDATE_RET(ctx != NULL);
-    GCM_VALIDATE_RET(iv != NULL);
+    GCM_VALIDATE_RET(iv_len == 0 || iv != NULL);
     GCM_VALIDATE_RET(add_len == 0 || add != NULL);
     GCM_VALIDATE_RET(length == 0 || input != NULL);
     GCM_VALIDATE_RET(length == 0 || output != NULL);
@@ -470,7 +470,7 @@ int mbedtls_gcm_auth_decrypt(mbedtls_gcm_context *ctx,
     int diff;
 
     GCM_VALIDATE_RET(ctx != NULL);
-    GCM_VALIDATE_RET(iv != NULL);
+    GCM_VALIDATE_RET(iv_len == 0 || iv != NULL);
     GCM_VALIDATE_RET(add_len == 0 || add != NULL);
     GCM_VALIDATE_RET(tag != NULL);
     GCM_VALIDATE_RET(length == 0 || input != NULL);