Merge pull request #872 from ARMmbed/mbedtls-2.16.12_merge_into_releasearchive/mbedtls-2.16

Mbedtls 2.16.12 merge into release

19 files changed, 73 insertions, 68 deletions

diff --git a/ChangeLog b/ChangeLog
index 47e2b5a..9a21e90 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,60 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS 2.16.12 branch released 2021-12-17
+
+Security
+   * Zeroize several intermediate variables used to calculate the expected
+     value when verifying a MAC or AEAD tag. This hardens the library in
+     case the value leaks through a memory disclosure vulnerability. For
+     example, a memory disclosure vulnerability could have allowed a
+     man-in-the-middle to inject fake ciphertext into a DTLS connection.
+   * Fix a double-free that happened after mbedtls_ssl_set_session() or
+     mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED
+     (out of memory). After that, calling mbedtls_ssl_session_free()
+     and mbedtls_ssl_free() would cause an internal session buffer to
+     be free()'d twice.
+
+Bugfix
+   * Stop using reserved identifiers as local variables. Fixes #4630.
+   * The GNU makefiles invoke python3 in preference to python except on Windows.
+     The check was accidentally not performed when cross-compiling for Windows
+     on Linux. Fix this. Fixes #4774.
+   * Mark basic constraints critical as appropriate. Note that the previous
+     entry for this fix in the 2.16.10 changelog was in error, and it was not
+     included in the 2.16.10 release as was stated.
+     Make 'mbedtls_x509write_crt_set_basic_constraints' consistent with RFC
+     5280 4.2.1.9 which says: "Conforming CAs MUST include this extension in
+     all CA certificates that contain public keys used to validate digital
+     signatures on certificates and MUST mark the extension as critical in
+     such certificates." Previous to this change, the extension was always
+     marked as non-critical. This was fixed by #4044.
+   * Fix missing constraints on x86_64 assembly code for bignum multiplication
+     that broke some bignum operations with (at least) Clang 12.
+     Fixes #4116, #4786, #4917.
+   * Failures of alternative implementations of AES or DES single-block
+     functions enabled with MBEDTLS_AES_ENCRYPT_ALT, MBEDTLS_AES_DECRYPT_ALT,
+     MBEDTLS_DES_CRYPT_ECB_ALT or MBEDTLS_DES3_CRYPT_ECB_ALT were ignored.
+     This does not concern the implementation provided with Mbed TLS,
+     where this function cannot fail, or full-module replacements with
+     MBEDTLS_AES_ALT or MBEDTLS_DES_ALT. Reported by Armelle Duboc in #1092.
+   * Some failures of HMAC operations were ignored. These failures could only
+     happen with an alternative implementation of the underlying hash module.
+   * Fix the build of sample programs when neither MBEDTLS_ERROR_C nor
+     MBEDTLS_ERROR_STRERROR_DUMMY is enabled.
+   * Fix a bug in mbedtls_gcm_starts() when the bit length of the iv
+     exceeds 2^32. Fixes #4884.
+   * Fix the build when no SHA2 module is included. Fixes #4930.
+   * Fix the build when only the bignum module is included. Fixes #4929.
+   * Fix a potential invalid pointer dereference and infinite loop bugs in
+     pkcs12 functions when the password is empty. Fix the documentation to
+     better describe the inputs to these functions and their possible values.
+     Fixes #5136.
+
+Changes
+   * Improve the performance of base64 constant-flow code. The result is still
+     slower than the original non-constant-flow implementation, but much faster
+     than the previous constant-flow implementation. Fixes #4814.
+
 = mbed TLS 2.16.11 branch released 2021-07-07
 
 Security
diff --git a/ChangeLog.d/base64-ranges.txt b/ChangeLog.d/base64-ranges.txt
deleted file mode 100644
index e3f3862..0000000
--- a/ChangeLog.d/base64-ranges.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Changes
-   * Improve the performance of base64 constant-flow code. The result is still
-     slower than the original non-constant-flow implementation, but much faster
-     than the previous constant-flow implementation. Fixes #4814.
diff --git a/ChangeLog.d/bugfix-for-gcm-long-iv-size.txt b/ChangeLog.d/bugfix-for-gcm-long-iv-size.txt
deleted file mode 100644
index 0e46ad3..0000000
--- a/ChangeLog.d/bugfix-for-gcm-long-iv-size.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
-   * Fix a bug in mbedtls_gcm_starts() when bits of iv are longer than 2^32.
-   * Fix #4884.
diff --git a/ChangeLog.d/build-without-sha.txt b/ChangeLog.d/build-without-sha.txt
deleted file mode 100644
index 78ba276..0000000
--- a/ChangeLog.d/build-without-sha.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
-   * Fix the build when no SHA2 module is included. Fixes #4930.
-   * Fix the build when only the bignum module is included. Fixes #4929.
diff --git a/ChangeLog.d/check-return.txt b/ChangeLog.d/check-return.txt
deleted file mode 100644
index 6eb1629..0000000
--- a/ChangeLog.d/check-return.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-Bugfix
-   * Failures of alternative implementations of AES or DES single-block
-     functions enabled with MBEDTLS_AES_ENCRYPT_ALT, MBEDTLS_AES_DECRYPT_ALT,
-     MBEDTLS_DES_CRYPT_ECB_ALT or MBEDTLS_DES3_CRYPT_ECB_ALT were ignored.
-     This does not concern the implementation provided with Mbed TLS,
-     where this function cannot fail, or full-module replacements with
-     MBEDTLS_AES_ALT or MBEDTLS_DES_ALT. Reported by Armelle Duboc in #1092.
-   * Some failures of HMAC operations were ignored. These failures could only
-     happen with an alternative implementation of the underlying hash module.
-
diff --git a/ChangeLog.d/fix-pkcs12-null-password.txt b/ChangeLog.d/fix-pkcs12-null-password.txt
deleted file mode 100644
index fae8195..0000000
--- a/ChangeLog.d/fix-pkcs12-null-password.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
-   * Fix a potential invalid pointer dereference and infinite loop bugs in
-     pkcs12 functions when the password is empty. Fix the documentation to
-     better describe the inputs to these functions and their possible values.
-     Fixes #5136.
diff --git a/ChangeLog.d/issue4630.txt b/ChangeLog.d/issue4630.txt
deleted file mode 100644
index 0bc4b99..0000000
--- a/ChangeLog.d/issue4630.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
-   * Stop using reserved identifiers as local variables. Fixes #4630.
diff --git a/ChangeLog.d/issue4870.txt b/ChangeLog.d/issue4870.txt
deleted file mode 100644
index 213a824..0000000
--- a/ChangeLog.d/issue4870.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-Bugfix
-   * Mark basic constraints critical as appropriate. Note that the previous
-     entry for this fix in the 2.16.10 changelog was in error, and it was not
-     included in the 2.16.10 release as was stated.
-     Make 'mbedtls_x509write_crt_set_basic_constraints' consistent with RFC
-     5280 4.2.1.9 which says: "Conforming CAs MUST include this extension in
-     all CA certificates that contain public keys used to validate digital
-     signatures on certificates and MUST mark the extension as critical in
-     such certificates." Previous to this change, the extension was always
-     marked as non-critical. This was fixed by #4044.
diff --git a/ChangeLog.d/mac-zeroize.txt b/ChangeLog.d/mac-zeroize.txt
deleted file mode 100644
index a43e34f..0000000
--- a/ChangeLog.d/mac-zeroize.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Security
-   * Zeroize several intermediate variables used to calculate the expected
-     value when verifying a MAC or AEAD tag. This hardens the library in
-     case the value leaks through a memory disclosure vulnerability. For
-     example, a memory disclosure vulnerability could have allowed a
-     man-in-the-middle to inject fake ciphertext into a DTLS connection.
diff --git a/ChangeLog.d/makefile-python-windows.txt b/ChangeLog.d/makefile-python-windows.txt
deleted file mode 100644
index 57ccc1a..0000000
--- a/ChangeLog.d/makefile-python-windows.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
-   * The GNU makefiles invoke python3 in preference to python except on Windows.
-     The check was accidentally not performed when cross-compiling for Windows
-     on Linux. Fix this. Fixes #4774.
diff --git a/ChangeLog.d/muladdc-amd64-memory.txt b/ChangeLog.d/muladdc-amd64-memory.txt
deleted file mode 100644
index b834331..0000000
--- a/ChangeLog.d/muladdc-amd64-memory.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
-   * Fix missing constraints on x86_64 assembly code for bignum multiplication
-     that broke some bignum operations with (at least) Clang 12.
-     Fixes #4116, #4786, #4917.
diff --git a/ChangeLog.d/no-strerror.txt b/ChangeLog.d/no-strerror.txt
deleted file mode 100644
index 69743a8..0000000
--- a/ChangeLog.d/no-strerror.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
-   * Fix the build of sample programs when neither MBEDTLS_ERROR_C nor
-     MBEDTLS_ERROR_STRERROR_DUMMY is enabled.
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index ff3af46..4ada8c9 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -49,7 +49,7 @@
  */
 
 /**
- * @mainpage mbed TLS v2.16.11 source code documentation
+ * @mainpage mbed TLS v2.16.12 source code documentation
  *
  * This documentation describes the internal structure of mbed TLS.  It was
  * automatically generated from specially formatted comment blocks in
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index 43b9b7b..eb20774 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -28,7 +28,7 @@ DOXYFILE_ENCODING      = UTF-8
 # identify the project. Note that if you do not use Doxywizard you need
 # to put quotes around the project name if it contains spaces.
 
-PROJECT_NAME           = "mbed TLS v2.16.11"
+PROJECT_NAME           = "mbed TLS v2.16.12"
 
 # The PROJECT_NUMBER tag can be used to enter a project or revision number.
 # This could be handy for archiving the generated documentation or
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index 49cbeb0..35955a6 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -65,16 +65,16 @@
  */
 #define MBEDTLS_VERSION_MAJOR  2
 #define MBEDTLS_VERSION_MINOR  16
-#define MBEDTLS_VERSION_PATCH  11
+#define MBEDTLS_VERSION_PATCH  12
 
 /**
  * The single version number has the following structure:
  *    MMNNPP00
  *    Major version | Minor version | Patch version
  */
-#define MBEDTLS_VERSION_NUMBER         0x02100B00
-#define MBEDTLS_VERSION_STRING         "2.16.11"
-#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.16.11"
+#define MBEDTLS_VERSION_NUMBER         0x02100C00
+#define MBEDTLS_VERSION_STRING         "2.16.12"
+#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.16.12"
 
 #if defined(MBEDTLS_VERSION_C)
 
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 0afdde7..e147776 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -165,15 +165,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
 
 if(USE_SHARED_MBEDTLS_LIBRARY)
     add_library(mbedcrypto SHARED ${src_crypto})
-    set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.11 SOVERSION 3)
+    set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.12 SOVERSION 3)
     target_link_libraries(mbedcrypto ${libs})
 
     add_library(mbedx509 SHARED ${src_x509})
-    set_target_properties(mbedx509 PROPERTIES VERSION 2.16.11 SOVERSION 0)
+    set_target_properties(mbedx509 PROPERTIES VERSION 2.16.12 SOVERSION 0)
     target_link_libraries(mbedx509 ${libs} mbedcrypto)
 
     add_library(mbedtls SHARED ${src_tls})
-    set_target_properties(mbedtls PROPERTIES VERSION 2.16.11 SOVERSION 12)
+    set_target_properties(mbedtls PROPERTIES VERSION 2.16.12 SOVERSION 12)
     target_link_libraries(mbedtls ${libs} mbedx509)
 
     install(TARGETS mbedtls mbedx509 mbedcrypto
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ae8f34e..1272764 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -301,6 +301,10 @@ static int ssl_session_copy( mbedtls_ssl_session *dst, const mbedtls_ssl_session
     mbedtls_ssl_session_free( dst );
     memcpy( dst, src, sizeof( mbedtls_ssl_session ) );
 
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+    dst->ticket = NULL;
+#endif
+
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
     if( src->peer_cert != NULL )
     {
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 9d7e74d..ccd6193 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1725,12 +1725,12 @@ support_test_cmake_out_of_source () {
 
     # Attempt to parse lsb-release to find out distribution and version. If not
     # found this should fail safe (test is supported).
-    if [[ -f /etc/lsb-release ]]; then
+    if [ -f /etc/lsb-release ]; then
 
         while read -r lsb_line; do
             case "$lsb_line" in
-                "DISTRIB_ID"*) distrib_id=${lsb_line/#DISTRIB_ID=};;
-                "DISTRIB_RELEASE"*) distrib_ver=${lsb_line/#DISTRIB_RELEASE=};;
+                "DISTRIB_ID"*) distrib_id=${lsb_line#DISTRIB_ID=};;
+                "DISTRIB_RELEASE"*) distrib_ver=${lsb_line#DISTRIB_RELEASE=};;
             esac
         done < /etc/lsb-release
 
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 3aa2523..a8a997b 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
 Check compiletime library version
-check_compiletime_version:"2.16.11"
+check_compiletime_version:"2.16.12"
 
 Check runtime library version
-check_runtime_version:"2.16.11"
+check_runtime_version:"2.16.12"
 
 Check for MBEDTLS_VERSION_C
 check_feature:"MBEDTLS_VERSION_C":0