[mbedtls] Upgrade mbedTLS to version 3.6.0

This commit introduces the following changes along with the upgrade of
mbedTLS to version 3.6.0:
* updating the sonames of mbedTLS-produced libs;
* using the uploaded release asset from the release tag instead of the
  GitHub-generated one to avoid the involvement of Git submodules;
* updating the subproject name from `mbedtls-mbedtls-` to `mbedtls-` in
  accordance with the above asset change;
* initializing PSA crypto in `ra-tls-mbedtls` example and `secret-prov`
  libs, required for TLS 1.3 -- enabled by default since this mbedTLS
  version.

This mbedTLS version includes fixes for CVE-2024-28755, CVE-2024-28836
and CVE-2024-28960.

Signed-off-by: Kailun Qin <[email protected]>

CI-Examples/ra-tls-mbedtls/src/client.c

@@ -165,6 +165,14 @@ int main(int argc, char** argv) {
     mbedtls_x509_crt_init(&cacert);
     mbedtls_entropy_init(&entropy);
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
+    psa_status_t status = psa_crypto_init();
+    if (status != PSA_SUCCESS) {
+        mbedtls_printf("Failed to initialize PSA Crypto implementation: %d\n", (int)status);
+        return 1;
+    }
+#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
+
     if (argc < 2 ||
             (strcmp(argv[1], "native") && strcmp(argv[1], "epid") && strcmp(argv[1], "dcap"))) {
         mbedtls_printf("USAGE: %s native|epid|dcap [SGX measurements]\n", argv[0]);
@@ -478,5 +486,9 @@ int main(int argc, char** argv) {
     mbedtls_ctr_drbg_free(&ctr_drbg);
     mbedtls_entropy_free(&entropy);
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
+    mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
+
     return exit_code;
 }

CI-Examples/ra-tls-mbedtls/src/server.c

@@ -103,6 +103,14 @@ int main(int argc, char** argv) {
     mbedtls_entropy_init(&entropy);
     mbedtls_ctr_drbg_init(&ctr_drbg);
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
+    psa_status_t status = psa_crypto_init();
+    if (status != PSA_SUCCESS) {
+        mbedtls_printf("Failed to initialize PSA Crypto implementation: %d\n", (int)status);
+        return 1;
+    }
+#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
+
 #if defined(MBEDTLS_DEBUG_C)
     mbedtls_debug_set_threshold(DEBUG_LEVEL);
 #endif
@@ -405,6 +413,10 @@ int main(int argc, char** argv) {
     mbedtls_ctr_drbg_free(&ctr_drbg);
     mbedtls_entropy_free(&entropy);
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
+    mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
+
     free(der_key);
     free(der_crt);
 

meson.build

@@ -225,7 +225,7 @@ tomlc99_src = tomlc99_proj.get_variable('tomlc99_src')
 
 uthash_dep = subproject('uthash-2.1.0').get_variable('uthash_dep')
 
-mbedtls_proj = subproject('mbedtls-mbedtls-3.5.2')
+mbedtls_proj = subproject('mbedtls-3.6.0')
 mbedtls_static_dep = mbedtls_proj.get_variable('mbedtls_static_dep')
 mbedtls_pal_dep = mbedtls_proj.get_variable('mbedtls_pal_dep')
 

subprojects/mbedtls-3.6.0.wrap

@@ -0,0 +1,11 @@
+[wrap-file]
+directory = mbedtls-3.6.0
+source_url = https://github.com/Mbed-TLS/mbedtls/releases/download/v3.6.0/mbedtls-3.6.0.tar.bz2
+source_fallback_url = https://packages.gramineproject.io/distfiles/mbedtls-3.6.0.tar.bz2
+source_filename = mbedtls-3.6.0.tar.bz2
+source_hash = 3ecf94fcfdaacafb757786a01b7538a61750ebd85c4b024f56ff8ba1490fcd38
+
+patch_directory = mbedtls
+
+# this unpacks the sources to `mbedtls-3.6.0/mbedtls-3.6.0`
+lead_directory_missing = true

subprojects/packagefiles/curl-8.8.0/meson.build

@@ -13,7 +13,7 @@ curl = custom_target('curl',
         meson.build_root() / 'subprojects',
     ],
 
-    depends: subproject('mbedtls-mbedtls-3.5.2').get_variable('mbedtls_curl_libs'),
+    depends: subproject('mbedtls-3.6.0').get_variable('mbedtls_curl_libs'),
     output: curl_libs_output,
 )
 

subprojects/packagefiles/mbedtls/gramine.patch

@@ -2,10 +2,10 @@
 # progress via issue https://github.com/ARMmbed/mbedtls/issues/3141.
 
 diff --git a/library/ssl_tls.c b/library/ssl_tls.c
-index cfb27981821363b83ea957e776b0f04e9e38100b..adaa87df3a74a346f03578f6e63e21517a81572d 100644
+index c5e06491c1122002ab35af693cf12f5e0388f502..2a43046d0b9eb85f468e2277757f8011a2f04e77 100644
 --- a/library/ssl_tls.c
 +++ b/library/ssl_tls.c
-@@ -4392,11 +4392,13 @@ int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl,
+@@ -5072,11 +5072,13 @@ int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl,
          MBEDTLS_SSL_DEBUG_MSG(1, ("There is pending outgoing data"));
          return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
      }
@@ -19,7 +19,7 @@ index cfb27981821363b83ea957e776b0f04e9e38100b..adaa87df3a74a346f03578f6e63e2151
      /* Version must be 1.2 */
      if (ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_2) {
          MBEDTLS_SSL_DEBUG_MSG(1, ("Only version 1.2 supported"));
-@@ -4530,6 +4532,14 @@ int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl,
+@@ -5210,6 +5212,14 @@ int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl,
      }
  #endif /* MBEDTLS_SSL_ALPN */
 
@@ -34,7 +34,7 @@ index cfb27981821363b83ea957e776b0f04e9e38100b..adaa87df3a74a346f03578f6e63e2151
      /*
       * Done
       */
-@@ -4541,7 +4551,19 @@ int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl,
+@@ -5221,7 +5231,19 @@ int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl,
 
      MBEDTLS_SSL_DEBUG_BUF(4, "saved context", buf, used);
 
@@ -54,7 +54,7 @@ index cfb27981821363b83ea957e776b0f04e9e38100b..adaa87df3a74a346f03578f6e63e2151
  }
 
  /*
-@@ -4582,7 +4604,9 @@ static int ssl_context_load(mbedtls_ssl_context *ssl,
+@@ -5262,7 +5284,9 @@ static int ssl_context_load(mbedtls_ssl_context *ssl,
  #if defined(MBEDTLS_SSL_RENEGOTIATION)
          ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED ||
  #endif
@@ -64,7 +64,7 @@ index cfb27981821363b83ea957e776b0f04e9e38100b..adaa87df3a74a346f03578f6e63e2151
          ssl->conf->max_tls_version < MBEDTLS_SSL_VERSION_TLS1_2 ||
          ssl->conf->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2
          ) {
-@@ -4792,6 +4816,14 @@ static int ssl_context_load(mbedtls_ssl_context *ssl,
+@@ -5472,6 +5496,14 @@ static int ssl_context_load(mbedtls_ssl_context *ssl,
      ssl->in_epoch = 1;
  #endif
 
@@ -80,19 +80,19 @@ index cfb27981821363b83ea957e776b0f04e9e38100b..adaa87df3a74a346f03578f6e63e2151
       * which we don't want - otherwise we'd end up freeing the wrong transform
       * by calling mbedtls_ssl_handshake_wrapup_free_hs_transform()
 diff --git a/library/Makefile b/library/Makefile
-index 8e94f73f14c9714a556ce00549227af7d88dc2b7..b085e87fabc7631033610f0813e0d24dc378b489 100644
+index a5e023e1782c164a6ba7a05efd184ab7c8b100ec..5e481a056abf1f80b6bedd9137370e1b71e0b24c 100644
 --- a/library/Makefile
 +++ b/library/Makefile
-@@ -55,6 +55,8 @@ SOEXT_TLS?=so.20
- SOEXT_X509?=so.6
- SOEXT_CRYPTO?=so.15
+@@ -78,6 +78,8 @@ SOEXT_TLS?=so.21
+ SOEXT_X509?=so.7
+ SOEXT_CRYPTO?=so.16
 
 +SUFFIX ?=
 +
  # Set AR_DASH= (empty string) to use an ar implementation that does not accept
  # the - prefix for command line options (e.g. llvm-ar)
  AR_DASH ?= -
-@@ -208,10 +210,11 @@ else
+@@ -233,10 +235,11 @@ else
  all: shared static
  endif
 
@@ -106,7 +106,7 @@ index 8e94f73f14c9714a556ce00549227af7d88dc2b7..b085e87fabc7631033610f0813e0d24d
 
  # Windows builds under Mingw can fail if make tries to create archives in the same
  # directory at the same time - see https://bugs.launchpad.net/gcc-arm-embedded/+bug/1848002.
-@@ -222,7 +225,7 @@ libmbedx509.a: | libmbedcrypto.a
+@@ -247,7 +250,7 @@ libmbedx509.a: | libmbedcrypto.a
  endif
 
  # tls
@@ -115,7 +115,7 @@ index 8e94f73f14c9714a556ce00549227af7d88dc2b7..b085e87fabc7631033610f0813e0d24d
  	echo "  AR    $@"
  	$(AR) $(ARFLAGS) $@ $(OBJS_TLS)
  ifdef APPLE_BUILD
-@@ -232,12 +235,12 @@ ifneq ($(APPLE_BUILD),0)
+@@ -257,12 +260,12 @@ ifneq ($(APPLE_BUILD),0)
  endif
  endif
 
@@ -131,7 +131,7 @@ index 8e94f73f14c9714a556ce00549227af7d88dc2b7..b085e87fabc7631033610f0813e0d24d
  	echo "  LN    $@ -> $<"
  	ln -sf $< $@
  endif
-@@ -251,7 +254,7 @@ libmbedtls.dll: $(OBJS_TLS) libmbedx509.dll
+@@ -276,7 +279,7 @@ libmbedtls.dll: $(OBJS_TLS) libmbedx509.dll
  	$(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,[email protected] -o $@ $(OBJS_TLS) -lws2_32 -lwinmm -lgdi32 -L. -lmbedx509 -lmbedcrypto -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS)
 
  # x509
@@ -140,7 +140,7 @@ index 8e94f73f14c9714a556ce00549227af7d88dc2b7..b085e87fabc7631033610f0813e0d24d
  	echo "  AR    $@"
  	$(AR) $(ARFLAGS) $@ $(OBJS_X509)
  ifdef APPLE_BUILD
-@@ -261,12 +264,12 @@ ifneq ($(APPLE_BUILD),0)
+@@ -286,12 +289,12 @@ ifneq ($(APPLE_BUILD),0)
  endif
  endif
 
@@ -156,7 +156,7 @@ index 8e94f73f14c9714a556ce00549227af7d88dc2b7..b085e87fabc7631033610f0813e0d24d
  	echo "  LN    $@ -> $<"
  	ln -sf $< $@
  endif
-@@ -280,7 +283,7 @@ libmbedx509.dll: $(OBJS_X509) libmbedcrypto.dll
+@@ -305,7 +308,7 @@ libmbedx509.dll: $(OBJS_X509) libmbedcrypto.dll
  	$(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,[email protected] -o $@ $(OBJS_X509) -lws2_32 -lwinmm -lgdi32 -L. -lmbedcrypto -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS)
 
  # crypto
@@ -165,7 +165,7 @@ index 8e94f73f14c9714a556ce00549227af7d88dc2b7..b085e87fabc7631033610f0813e0d24d
  	echo "  AR    $@"
  	$(AR) $(ARFLAGS) $@ $(OBJS_CRYPTO)
  ifdef APPLE_BUILD
-@@ -290,12 +293,12 @@ ifneq ($(APPLE_BUILD),0)
+@@ -315,12 +318,12 @@ ifneq ($(APPLE_BUILD),0)
  endif
  endif
 

subprojects/packagefiles/mbedtls/include/mbedtls/config-pal.h

@@ -3,10 +3,21 @@
  * Copyright (C) 2021 Intel Corp.
  */
 
-/* This mbedTLS config is for v3.5.2 and assumes Intel x86-64 CPU with AESNI and SSE2 support */
+/* This mbedTLS config is for v3.6.0 and assumes Intel x86-64 CPU with AESNI and SSE2 support */
 
 #pragma once
 
+/* mbedTLS v3.6.0 by default enables the following TLS 1.3 features:
+ *
+ * #define MBEDTLS_SSL_PROTO_TLS1_3
+ * #define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+ * #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+ *
+ * These features are currently *not* enabled in mbedTLS version used for internal Gramine PAL
+ * crypto/TLS.
+ * TODO: analyze their impact and add the applicable ones
+ */
+
 #define MBEDTLS_AES_USE_HARDWARE_ONLY
 #define MBEDTLS_AESNI_C
 #define MBEDTLS_AES_C

subprojects/packagefiles/mbedtls/meson.build

@@ -1,16 +1,16 @@
-project('mbedtls', 'c', version: '3.5.2')
+project('mbedtls', 'c', version: '3.6.0')
 
 cc = meson.get_compiler('c')
 host_has_glibc = cc.get_define('__GLIBC__', prefix: '#include <features.h>') != ''
 
 pkgconfig = import('pkgconfig')
 
 mbedtls_libs_output = [
-    'libmbedcrypto_gramine.so.15',
+    'libmbedcrypto_gramine.so.16',
     'libmbedcrypto_gramine.so',
-    'libmbedtls_gramine.so.20',
+    'libmbedtls_gramine.so.21',
     'libmbedtls_gramine.so',
-    'libmbedx509_gramine.so.6',
+    'libmbedx509_gramine.so.7',
     'libmbedx509_gramine.so',
     'libmbedcrypto_gramine.a',
     'libmbedtls_gramine.a',
@@ -23,7 +23,7 @@ mbedtls_libs = custom_target('mbedtls',
     command: [
         find_program('compile-gramine.sh'),
         '@CURRENT_SOURCE_DIR@',
-        '@CURRENT_SOURCE_DIR@/mbedtls-mbedtls-3.5.2',
+        '@CURRENT_SOURCE_DIR@/mbedtls-3.6.0',
         meson.current_build_dir(),
         '@PRIVATE_DIR@',
         '@OUTPUT@',
@@ -32,7 +32,7 @@ mbedtls_libs = custom_target('mbedtls',
         'SHARED=1',
     ],
 
-    input: ['mbedtls-mbedtls-3.5.2/Makefile', 'gramine.patch'],
+    input: ['mbedtls-3.6.0/Makefile', 'gramine.patch'],
 
     # NOTE we need real sonames here (.so.N, not .so), please keep synced with
     # mbedtls/library/Makefile, variables SOEXT_{TLS,X509,CRYPTO}
@@ -69,22 +69,22 @@ endif
 
 # We rely on the fact that for `mbedtls_gramine` package, we don't need any changes in the default
 # mbedTLS headers
-install_subdir('mbedtls-mbedtls-3.5.2/include/mbedtls', install_dir: get_option('includedir') / 'gramine')
-install_subdir('mbedtls-mbedtls-3.5.2/include/psa', install_dir: get_option('includedir') / 'gramine')
+install_subdir('mbedtls-3.6.0/include/mbedtls', install_dir: get_option('includedir') / 'gramine')
+install_subdir('mbedtls-3.6.0/include/psa', install_dir: get_option('includedir') / 'gramine')
 
 mbedtls_pal_libs = custom_target('mbedtls_pal',
     command: [
         find_program('compile-pal.sh'),
         '@CURRENT_SOURCE_DIR@',
-        '@CURRENT_SOURCE_DIR@/mbedtls-mbedtls-3.5.2',
+        '@CURRENT_SOURCE_DIR@/mbedtls-3.6.0',
         meson.current_build_dir(),
         '@PRIVATE_DIR@',
         '@OUTPUT@',
         '--',
         'SUFFIX=_pal',
     ],
 
-    input: ['mbedtls-mbedtls-3.5.2/Makefile', 'gramine.patch'],
+    input: ['mbedtls-3.6.0/Makefile', 'gramine.patch'],
 
     output: [
         'libmbedcrypto_pal.a',
@@ -99,14 +99,14 @@ mbedtls_curl_libs = custom_target('mbedtls_curl',
     command: [
         find_program('compile-curl.sh'),
         '@CURRENT_SOURCE_DIR@',
-        '@CURRENT_SOURCE_DIR@/mbedtls-mbedtls-3.5.2',
+        '@CURRENT_SOURCE_DIR@/mbedtls-3.6.0',
         meson.current_build_dir(),
         '@PRIVATE_DIR@',
         meson.build_root() / 'subprojects',
         '@OUTPUT@',
     ],
 
-    input: ['mbedtls-mbedtls-3.5.2/Makefile', 'gramine.patch'],
+    input: ['mbedtls-3.6.0/Makefile', 'gramine.patch'],
 
     output: [
         'libmbedcrypto.a',
@@ -117,7 +117,7 @@ mbedtls_curl_libs = custom_target('mbedtls_curl',
     build_by_default: true,
 )
 
-mbedtls_inc = include_directories('include', 'mbedtls-mbedtls-3.5.2/include')
+mbedtls_inc = include_directories('include', 'mbedtls-3.6.0/include')
 
 mbedtls_static_dep = declare_dependency(
     link_with: [mbedtls_libs[6], mbedtls_libs[7], mbedtls_libs[8]],

tools/sgx/ra-tls/secret_prov_attest.c

@@ -150,6 +150,15 @@ int secret_provision_start(const char* in_servers, const char* in_ca_chain_path,
     mbedtls_ssl_config_init(conf);
     mbedtls_ssl_init(ssl);
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
+    psa_status_t status = psa_crypto_init();
+    if (status != PSA_SUCCESS) {
+        ERROR("Failed to initialize PSA Crypto implementation: %d\n", (int)status);
+        ret = -EPERM;
+        goto out;
+    }
+#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
+
     const char* pers = "secret-provisioning";
     ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
                                 (const uint8_t*)pers, strlen(pers));
@@ -358,6 +367,10 @@ int secret_provision_start(const char* in_servers, const char* in_ca_chain_path,
     mbedtls_entropy_free(&entropy);
     mbedtls_ctr_drbg_free(&ctr_drbg);
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
+    mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
+
     free(servers);
     free(ca_chain_path);
     return ret;

tools/sgx/ra-tls/secret_prov_verify.c

@@ -207,6 +207,15 @@ int secret_provision_start_server(uint8_t* secret, size_t secret_size, const cha
     mbedtls_net_init(&client_fd);
     mbedtls_net_init(&listen_fd);
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
+    psa_status_t status = psa_crypto_init();
+    if (status != PSA_SUCCESS) {
+        ERROR("Failed to initialize PSA Crypto implementation: %d\n", (int)status);
+        ret = -EPERM;
+        goto out;
+    }
+#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
+
     const char* pers = "secret-provisioning-server";
     ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
                                 (const uint8_t*)pers, strlen(pers));
@@ -329,6 +338,10 @@ int secret_provision_start_server(uint8_t* secret, size_t secret_size, const cha
     mbedtls_ctr_drbg_free(&ctr_drbg);
     mbedtls_entropy_free(&entropy);
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
+    mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
+
     pthread_mutex_destroy(&g_handshake_lock);
     return ret;
 }