Skip to content

Commit

Permalink
Merge pull request #83721 from Faless/mbedtls/2.18.5
Browse files Browse the repository at this point in the history
mbedTLS: Update to version 2.18.5
  • Loading branch information
akien-mga committed Oct 21, 2023
2 parents 7d69516 + 5333365 commit f71f4b8
Show file tree
Hide file tree
Showing 56 changed files with 810 additions and 294 deletions.
31 changes: 19 additions & 12 deletions thirdparty/mbedtls/include/mbedtls/aesni.h
Original file line number Diff line number Diff line change
Expand Up @@ -36,16 +36,20 @@
#define MBEDTLS_AESNI_AES 0x02000000u
#define MBEDTLS_AESNI_CLMUL 0x00000002u

/* Can we do AESNI with inline assembly?
* (Only implemented with gas syntax, only for 64-bit.)
*/
#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && \
(defined(__amd64__) || defined(__x86_64__)) && \
!defined(MBEDTLS_HAVE_X86_64)
#if !defined(MBEDTLS_HAVE_X86_64) && \
(defined(__amd64__) || defined(__x86_64__) || \
defined(_M_X64) || defined(_M_AMD64)) && \
!defined(_M_ARM64EC)
#define MBEDTLS_HAVE_X86_64
#endif

#if defined(MBEDTLS_AESNI_C)
#if !defined(MBEDTLS_HAVE_X86) && \
(defined(__i386__) || defined(_M_IX86))
#define MBEDTLS_HAVE_X86
#endif

#if defined(MBEDTLS_AESNI_C) && \
(defined(MBEDTLS_HAVE_X86_64) || defined(MBEDTLS_HAVE_X86))

/* Can we do AESNI with intrinsics?
* (Only implemented with certain compilers, only for certain targets.)
Expand All @@ -54,10 +58,9 @@
* macros that may change in future releases.
*/
#undef MBEDTLS_AESNI_HAVE_INTRINSICS
#if defined(_MSC_VER) && (defined(_M_AMD64) || defined(_M_IX86))
#if defined(_MSC_VER)
/* Visual Studio supports AESNI intrinsics since VS 2008 SP1. We only support
* VS 2013 and up for other reasons anyway, so no need to check the version.
* Only supported on x64 and x86. */
* VS 2013 and up for other reasons anyway, so no need to check the version. */
#define MBEDTLS_AESNI_HAVE_INTRINSICS
#endif
/* GCC-like compilers: currently, we only support intrinsics if the requisite
Expand All @@ -73,7 +76,11 @@
* favor the assembly-based implementation if it's available. We intend to
* revise this in a later release of Mbed TLS 3.x. In the long run, we will
* likely remove the assembly implementation. */
#if defined(MBEDTLS_HAVE_X86_64)
#if defined(MBEDTLS_HAVE_ASM) && \
defined(__GNUC__) && defined(MBEDTLS_HAVE_X86_64)
/* Can we do AESNI with inline assembly?
* (Only implemented with gas syntax, only for 64-bit.)
*/
#define MBEDTLS_AESNI_HAVE_CODE 1 // via assembly
#elif defined(MBEDTLS_AESNI_HAVE_INTRINSICS)
#define MBEDTLS_AESNI_HAVE_CODE 2 // via intrinsics
Expand Down Expand Up @@ -169,6 +176,6 @@ int mbedtls_aesni_setkey_enc(unsigned char *rk,
#endif

#endif /* MBEDTLS_AESNI_HAVE_CODE */
#endif /* MBEDTLS_AESNI_C */
#endif /* MBEDTLS_AESNI_C && (MBEDTLS_HAVE_X86_64 || MBEDTLS_HAVE_X86) */

#endif /* MBEDTLS_AESNI_H */
21 changes: 21 additions & 0 deletions thirdparty/mbedtls/include/mbedtls/asn1write.h
Original file line number Diff line number Diff line change
Expand Up @@ -158,6 +158,27 @@ int mbedtls_asn1_write_algorithm_identifier(unsigned char **p,
const char *oid, size_t oid_len,
size_t par_len);

/**
* \brief Write an AlgorithmIdentifier sequence in ASN.1 format.
*
* \note This function works backwards in data buffer.
*
* \param p The reference to the current position pointer.
* \param start The start of the buffer, for bounds-checking.
* \param oid The OID of the algorithm to write.
* \param oid_len The length of the algorithm's OID.
* \param par_len The length of the parameters, which must be already written.
* \param has_par If there are any parameters. If 0, par_len must be 0. If 1
* and \p par_len is 0, NULL parameters are added.
*
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
int mbedtls_asn1_write_algorithm_identifier_ext(unsigned char **p,
unsigned char *start,
const char *oid, size_t oid_len,
size_t par_len, int has_par);

/**
* \brief Write a boolean tag (#MBEDTLS_ASN1_BOOLEAN) and value
* in ASN.1 format.
Expand Down
2 changes: 1 addition & 1 deletion thirdparty/mbedtls/include/mbedtls/check_config.h
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@
*/
#include <limits.h>
#if CHAR_BIT != 8
#error "mbed TLS requires a platform with 8-bit chars"
#error "Mbed TLS requires a platform with 8-bit chars"
#endif

#if defined(_WIN32)
Expand Down
49 changes: 44 additions & 5 deletions thirdparty/mbedtls/include/mbedtls/cipher.h
Original file line number Diff line number Diff line change
Expand Up @@ -446,10 +446,29 @@ void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx);


/**
* \brief This function initializes a cipher context for
* \brief This function prepares a cipher context for
* use with the given cipher primitive.
*
* \param ctx The context to initialize. This must be initialized.
* \warning In CBC mode, if mbedtls_cipher_set_padding_mode() is not called:
* - If MBEDTLS_CIPHER_PADDING_PKCS7 is enabled, the
* context will use PKCS7 padding.
* - Otherwise the context uses no padding and the input
* must be a whole number of blocks.
*
* \note After calling this function, you should call
* mbedtls_cipher_setkey() and, if the mode uses padding,
* mbedtls_cipher_set_padding_mode(), then for each
* message to encrypt or decrypt with this key, either:
* - mbedtls_cipher_crypt() for one-shot processing with
* non-AEAD modes;
* - mbedtls_cipher_auth_encrypt_ext() or
* mbedtls_cipher_auth_decrypt_ext() for one-shot
* processing with AEAD modes or NIST_KW;
* - for multi-part processing, see the documentation of
* mbedtls_cipher_reset().
*
* \param ctx The context to prepare. This must be initialized by
* a call to mbedtls_cipher_init() first.
* \param cipher_info The cipher to use.
*
* \return \c 0 on success.
Expand Down Expand Up @@ -663,8 +682,6 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx,
* \brief This function sets the padding mode, for cipher modes
* that use padding.
*
* The default passing mode is PKCS7 padding.
*
* \param ctx The generic cipher context. This must be initialized and
* bound to a cipher information structure.
* \param mode The padding mode.
Expand Down Expand Up @@ -704,7 +721,29 @@ int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx,
/**
* \brief This function resets the cipher state.
*
* \param ctx The generic cipher context. This must be initialized.
* \note With non-AEAD ciphers, the order of calls for each message
* is as follows:
* 1. mbedtls_cipher_set_iv() if the mode uses an IV/nonce.
* 2. mbedtls_cipher_reset()
* 3. mbedtls_cipher_update() one or more times
* 4. mbedtls_cipher_finish()
* .
* This sequence can be repeated to encrypt or decrypt multiple
* messages with the same key.
*
* \note With AEAD ciphers, the order of calls for each message
* is as follows:
* 1. mbedtls_cipher_set_iv() if the mode uses an IV/nonce.
* 2. mbedtls_cipher_reset()
* 3. mbedtls_cipher_update_ad()
* 4. mbedtls_cipher_update() one or more times
* 5. mbedtls_cipher_check_tag() (for decryption) or
* mbedtls_cipher_write_tag() (for encryption).
* .
* This sequence can be repeated to encrypt or decrypt multiple
* messages with the same key.
*
* \param ctx The generic cipher context. This must be bound to a key.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
Expand Down
6 changes: 5 additions & 1 deletion thirdparty/mbedtls/include/mbedtls/cmac.h
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,11 @@ extern "C" {
#define MBEDTLS_AES_BLOCK_SIZE 16
#define MBEDTLS_DES3_BLOCK_SIZE 8

#if defined(MBEDTLS_AES_C)

/* Although the CMAC module does not support ARIA or CAMELLIA, we adjust the value of
* MBEDTLS_CIPHER_BLKSIZE_MAX to reflect these ciphers.
* This is done to avoid confusion, given the general-purpose name of the macro. */
#if defined(MBEDTLS_AES_C) || defined(MBEDTLS_ARIA_C) || defined(MBEDTLS_CAMELLIA_C)
#define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /**< The longest block used by CMAC is that of AES. */
#else
#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /**< The longest block used by CMAC is that of 3DES. */
Expand Down
2 changes: 1 addition & 1 deletion thirdparty/mbedtls/include/mbedtls/compat-1.3.h
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
/**
* \file compat-1.3.h
*
* \brief Compatibility definitions for using mbed TLS with client code written
* \brief Compatibility definitions for using Mbed TLS with client code written
* for the PolarSSL naming conventions.
*
* \deprecated Use the new names directly instead
Expand Down
Loading

0 comments on commit f71f4b8

Please sign in to comment.