Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade mbedtls to 3.5.0-alpha.1+0b3de6f #213

Merged
merged 13 commits into from
Jun 27, 2023
Merged

Upgrade mbedtls to 3.5.0-alpha.1+0b3de6f #213

merged 13 commits into from
Jun 27, 2023

Conversation

Taowyoo
Copy link
Collaborator

@Taowyoo Taowyoo commented Nov 4, 2022
edited
Loading

This PR is based on #278

Overview

This PR introduces some major changes:

  • Update vendor mbedtls code from version 3.4.0 to a commit at development version: 0b3de6fce
    • Please checkout C mbedtls migration guide for 3.X here 3.0-migration-guide.md to
    • The vendor code at this commit includes the TLS server side version negotiation which implements the requirements for rfc844 4.2.1
    • This is a temporary approach at current time point since upstream has not released major version ( 3.5.0 ) that contains the Server Side Version Negotiation, we need to upgrade to 3.5.0 once it's released, its estimated release date is 2023-09-30, Ref: https://github.com/orgs/Mbed-TLS/projects/1#column-19402885
  • Update the build code for mbedtls-sys-auto crate to sync up with vendor code change:
    • Bump crate version to 3.5.0-alpha.1+0b3de6f to represent we are using a deveoplent version of upstream code

Breaking Changes:

Note: entries with 💥 are ensured that they will break the downstream.

Changes in mbedtls-sys-auto

Vendor code changes

Upstream changes:

  • 💥 Upgrade vendor mbeldtls code to 3.5.0-alpha.1+0b3de6f, which is at commit in developent branch: 0b3de6fce : this is needed to be able to use a functional complete TLS 1.3 stack implementation. Here I use the pre-release version value since upstream has not release 3.5.0 yet, see: https://doc.rust-lang.org/cargo/reference/semver.html

rust code changes

Dependencies:

  • 💥 Bump mbedtls-sys version to 3.5.0-alpha.1+0b3de6f

Changes in mbedtls

Dependencies:

  • 💥 Bump dependency mbedtls-sys-auto version to 3.5.0-alpha.1+0b3de6f

@Taowyoo Taowyoo self-assigned this Nov 4, 2022
@Taowyoo Taowyoo marked this pull request as draft November 4, 2022 00:26
@Taowyoo Taowyoo force-pushed the yx/upgrade-mbedtls branch from 47f638e to 875d785 Compare November 4, 2022 21:22
@Taowyoo Taowyoo marked this pull request as ready for review November 4, 2022 21:24
@raoulstrackx

This comment was marked as outdated.

Sign in to view
@raoulstrackx

This comment was marked as outdated.

Sign in to view
@raoulstrackx raoulstrackx requested a review from zugzwang November 7, 2022 08:58
@Taowyoo Taowyoo linked an issue Nov 7, 2022 that may be closed by this pull request
Upgrade rust-mbedtls to use 3.X mbedtls #215
Closed
@Taowyoo

This comment was marked as resolved.

Sign in to view
@Taowyoo

This comment was marked as resolved.

Sign in to view
@Taowyoo Taowyoo force-pushed the yx/upgrade-mbedtls branch from 410eb29 to c6a7bd6 Compare November 8, 2022 19:45
@Taowyoo Taowyoo marked this pull request as draft December 13, 2022 09:05
@Taowyoo Taowyoo force-pushed the yx/upgrade-mbedtls branch 2 times, most recently from 0251431 to fb565a2 Compare December 21, 2022 17:54
@Taowyoo Taowyoo changed the title Upgrade rust-mbedtls to version 3.x Upgrade mbedtls to version 3.2.1 and related staff in rust-mbedtls Jan 3, 2023
@Taowyoo Taowyoo changed the title Upgrade mbedtls to version 3.2.1 and related staff in rust-mbedtls Upgrade mbedtls to version 3.2.1 and related stuff in rust-mbedtls Jan 3, 2023
@Taowyoo Taowyoo marked this pull request as ready for review January 3, 2023 18:33
@Taowyoo

This comment was marked as outdated.

Sign in to view
zugzwang

This comment was marked as outdated.

Sign in to view

@Taowyoo Taowyoo changed the title Upgrade mbedtls to version 3.2.1 and related stuff in rust-mbedtls Upgrade mbedtls to version 3.2.X and related stuff in rust-mbedtls May 2, 2023
@Taowyoo Taowyoo marked this pull request as draft May 2, 2023 20:18
@Taowyoo Taowyoo force-pushed the yx/upgrade-mbedtls branch from 5eb8ce9 to 022fdfd Compare May 2, 2023 20:18
@Taowyoo Taowyoo changed the title Upgrade mbedtls to version 3.2.X and related stuff in rust-mbedtls Upgrade C mbedtls to version 3.4.0 with TLS server side version negotiation May 2, 2023
@Taowyoo Taowyoo force-pushed the yx/upgrade-mbedtls branch from 022fdfd to 426d740 Compare May 3, 2023 00:21
@Taowyoo Taowyoo linked an issue May 8, 2023 that may be closed by this pull request
Mbedtls 3.4.0 #261
Closed
@Taowyoo Taowyoo force-pushed the yx/upgrade-mbedtls branch 2 times, most recently from c20b146 to ac30080 Compare May 10, 2023 19:14
@Taowyoo Taowyoo changed the base branch from yx/upgrade-mbedtls_3.4.0 to master June 26, 2023 20:56
@Taowyoo
vender change: upgrade C mbedtls version
cb89ef7 
Upgrade to c-mbedtls commit: `0b3de6fce`, where:
- pull request #7288 is merged
- #7288: TLS: TLS 1.2 / 1.3 version negotiation on server side

Signed-off-by: Yuxiang Cao <[email protected]>
@Taowyoo Taowyoo force-pushed the yx/upgrade-mbedtls branch from 6393d86 to 78090be Compare June 26, 2023 22:25
Vardhan Thigle and others added 8 commits June 26, 2023 16:10
@Taowyoo
Vendor Change:-
d0613ec 
1. Added conditional compilation flags "MBEDTLS_FORCE_AESNI" and "MBEDTLS_FORCE_PADLOCK"
2. This allows us to supress cpuid based feature detection on sgx platforms.
3. "MBEDTLS_FORCE_AESNI" gets set if "force_aesni_support" flag is enabled.
4. Please refer to the previous commit for rust side changes.
@raoulstrackx @Taowyoo
vendor change: Adding mpi_force_c_code feature
0a2772e
@Taowyoo
vendor change: fix time call in tls13 client&server
b00fc59
@Taowyoo
build: strict the static function wrapper generation
152d0c1
@Taowyoo
fix(platform-support): add mbedtls_ms_time
238f3d0
@Taowyoo
build: bump version
8c9f9c6 
- Bump mbedtls-sys version to 3.5.0-alpha.1+0b3de6f
- Bump version to distinguish with 3.4.0 mbedtls
@Taowyoo
docs: update 3.X-migration-guide.md
9826aa1
@Taowyoo
test: add and fix tests
7a1e697 
- add server mix version tests
- add test_import_pkcs8_encrypted_rsa_key
- fix ssl_conf_ca_cb.rs
- add bench test for pbkdf2_hmac
@Taowyoo Taowyoo force-pushed the yx/upgrade-mbedtls branch from 78090be to 7a1e697 Compare June 26, 2023 23:11
xinyufort
xinyufort reviewed Jun 27, 2023
View reviewed changes
3.X-migration-guide.md Outdated Show resolved Hide resolved
xinyufort
xinyufort reviewed Jun 27, 2023
View reviewed changes
3.X-migration-guide.md Outdated Show resolved Hide resolved
@Taowyoo Taowyoo mentioned this pull request Jun 27, 2023
Merged
@xinyufort xinyufort self-requested a review June 27, 2023 19:11
xinyufort
xinyufort approved these changes Jun 27, 2023
View reviewed changes
Copy link

@xinyufort xinyufort left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As discussed, so far so good. Yuxiang to make followup PRs for any lingering issues

@Taowyoo Taowyoo added this pull request to the merge queue Jun 27, 2023
@Taowyoo Taowyoo removed this pull request from the merge queue due to a manual request Jun 27, 2023
@Taowyoo Taowyoo added this pull request to the merge queue Jun 27, 2023
Merged via the queue into master with commit f294f19 Jun 27, 2023
@Taowyoo Taowyoo mentioned this pull request Jul 18, 2023
Open
@Taowyoo Taowyoo deleted the yx/upgrade-mbedtls branch October 20, 2023 16:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zugzwang zugzwang zugzwang left review comments

@xinyufort xinyufort xinyufort approved these changes

@raoulstrackx raoulstrackx Awaiting requested review from raoulstrackx

@MihirLuthra MihirLuthra Awaiting requested review from MihirLuthra

@jhagborgftx jhagborgftx Awaiting requested review from jhagborgftx

@jethrogb jethrogb Awaiting requested review from jethrogb

Assignees

@Taowyoo Taowyoo

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Mbedtls 3.4.0 Upgrade rust-mbedtls to use 3.X mbedtls
7 participants
@Taowyoo @raoulstrackx @jhagborgftx @jethrogb @egrimley-arm @zugzwang @xinyufort