Merge pull request #3639 from okhowang/android
Use socklen_t on Android
diff --git a/ChangeLog.d/00README.md b/ChangeLog.d/00README.md
index b559e23..d2ea73d 100644
--- a/ChangeLog.d/00README.md
+++ b/ChangeLog.d/00README.md
@@ -3,6 +3,29 @@
This directory contains changelog entries that have not yet been merged
to the changelog file ([`../ChangeLog`](../ChangeLog)).
+## What requires a changelog entry?
+
+Write a changelog entry if there is a user-visible change. This includes:
+
+* Bug fixes in the library or in sample programs: fixing a security hole,
+ fixing broken behavior, fixing the build in some configuration or on some
+ platform, etc.
+* New features in the library, new sample programs, or new platform support.
+* Changes in existing behavior. These should be rare. Changes in features
+ that are documented as experimental may or may not be announced, depending
+ on the extent of the change and how widely we expect the feature to be used.
+
+We generally don't include changelog entries for:
+
+* Documentation improvements.
+* Performance improvements, unless they are particularly significant.
+* Changes to parts of the code base that users don't interact with directly,
+ such as test code and test data.
+
+Until Mbed TLS 2.24.0, we required changelog entries in more cases.
+Looking at older changelog entries is good practice for how to write a
+changelog entry, but not for deciding whether to write one.
+
## Changelog entry file format
A changelog entry file must have the extension `*.txt` and must have the
@@ -33,8 +56,7 @@
Bugfix
Changes
-Use “Changes” for anything that doesn't fit in the other categories, such as
-performance, documentation and test improvements.
+Use “Changes” for anything that doesn't fit in the other categories.
## How to write a changelog entry
@@ -49,8 +71,7 @@
Mbed TLS issue. Add other external references such as CVE numbers where
applicable.
-Credit the author of the contribution if the contribution is not a member of
-the Mbed TLS development team. Also credit bug reporters where applicable.
+Credit bug reporters where applicable.
**Explain why, not how**. Remember that the audience is the users of the
library, not its developers. In particular, for a bug fix, explain the
diff --git a/ChangeLog.d/comment_typo_in_mbedtls_ssl_set_bio.txt b/ChangeLog.d/comment_typo_in_mbedtls_ssl_set_bio.txt
deleted file mode 100644
index 2f94c16..0000000
--- a/ChangeLog.d/comment_typo_in_mbedtls_ssl_set_bio.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Changes
- * Fix comment typo in documentation of mbedtls_ssl_set_bio.
diff --git a/ChangeLog.d/fix-rsa-blinding.txt b/ChangeLog.d/fix-rsa-blinding.txt
new file mode 100644
index 0000000..a13572c
--- /dev/null
+++ b/ChangeLog.d/fix-rsa-blinding.txt
@@ -0,0 +1,6 @@
+Bugfix
+ * Fix rsa_prepare_blinding() to retry when the blinding value is not
+ invertible (mod N), instead of returning MBEDTLS_ERR_RSA_RNG_FAILED. This
+ addresses a regression but is rare in practice (approx. 1 in 2/sqrt(N)).
+ Found by Synopsys Coverity, fix contributed by Peter Kolbus (Garmin).
+ Fixes #3647.
diff --git a/ChangeLog.d/fix-typo.txt b/ChangeLog.d/fix-typo.txt
deleted file mode 100644
index 8e961d2..0000000
--- a/ChangeLog.d/fix-typo.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Changes
- * Fixes a typo in the example code located in
- program/pkey/ecdh_curve25519.c
diff --git a/ChangeLog.d/getrandom.txt b/ChangeLog.d/getrandom.txt
new file mode 100644
index 0000000..87a3a6c
--- /dev/null
+++ b/ChangeLog.d/getrandom.txt
@@ -0,0 +1,2 @@
+Changes
+ Use glibc's getrandom() instead of syscall when glibc > 2.25.
diff --git a/library/entropy_poll.c b/library/entropy_poll.c
index 4bf660e..0f992f3 100644
--- a/library/entropy_poll.c
+++ b/library/entropy_poll.c
@@ -18,9 +18,15 @@
*/
#if defined(__linux__)
+#if !defined(_GNU_SOURCE)
/* Ensure that syscall() is available even when compiling with -std=c99 */
#define _GNU_SOURCE
#endif
+#include <features.h>
+#if __GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 25)
+#define HAVE_SYS_RANDOM 1
+#endif
+#endif
#include "common.h"
@@ -86,10 +92,16 @@
/*
* Test for Linux getrandom() support.
- * Since there is no wrapper in the libc yet, use the generic syscall wrapper
+ * When the C library is GNU libc and its version is greater than 2.25,
+ * include sys/random.h to use getrandom(),
+ * otherwise use the generic use the generic syscall wrapper
* available in GNU libc and compatible libc's (eg uClibc).
*/
-#if ((defined(__linux__) && defined(__GLIBC__)) || defined(__midipix__))
+#if HAVE_SYS_RANDOM
+#include <sys/random.h>
+#include <errno.h>
+#define HAVE_GETRANDOM
+#elif (defined(__linux__) && defined(__GLIBC__)) || defined(__midipix__)
#include <unistd.h>
#include <sys/syscall.h>
#if defined(SYS_getrandom)
@@ -155,7 +167,11 @@
((void) data);
#if defined(HAVE_GETRANDOM)
+#if HAVE_SYS_RANDOM
+ ret = getrandom(output, len, 0);
+#else
ret = getrandom_wrapper( output, len, 0 );
+#endif
if( ret >= 0 )
{
*olen = ret;
diff --git a/library/rsa.c b/library/rsa.c
index 84d87de..d6abd65 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -811,15 +811,14 @@
* which one, we just loop and choose new values for both of them.
* (Each iteration succeeds with overwhelming probability.) */
ret = mbedtls_mpi_inv_mod( &ctx->Vi, &ctx->Vi, &ctx->N );
- if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
- continue;
- if( ret != 0 )
+ if( ret != 0 && ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
goto cleanup;
- /* Finish the computation of Vf^-1 = R * (R Vf)^-1 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &R ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) );
- } while( 0 );
+ } while( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
+
+ /* Finish the computation of Vf^-1 = R * (R Vf)^-1 */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &R ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) );
/* Blinding value: Vi = Vf^(-e) mod N
* (Vi already contains Vf^-1 at this point) */