Merge remote-tracking branch 'origin/pr/2807' into development

* origin/pr/2807:
  platform: Include stdarg.h where needed
  Update Mbed Crypto to contain mbed-crypto#152
  CMake: Add a subdirectory build regression test
  README: Enable builds as a CMake subproject
  ChangeLog: Enable builds as a CMake subproject
  Remove use of CMAKE_SOURCE_DIR
  Update library version to 2.18.0
This commit is contained in:
Jaeden Amero 2019-08-29 12:24:47 +01:00
commit 3ec504738e
7 changed files with 100 additions and 79 deletions

155
ChangeLog
View File

@ -2,6 +2,93 @@ mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS x.x.x branch released xxxx-xx-xx
Features
* Add new API functions mbedtls_ssl_session_save() and
mbedtls_ssl_session_load() to allow serializing a session, for example to
store it in non-volatile storage, and later using it for TLS session
resumption.
* Add a new API function mbedtls_ssl_check_record() to allow checking that
an incoming record is valid, authentic and has not been seen before. This
feature can be used alongside Connection ID and SSL context serialisation.
The feature is enabled at compile-time by MBEDTLS_SSL_RECORD_CHECKING
option.
API Changes
* Add DER-encoded test CRTs to library/certs.c, allowing
the example programs ssl_server2 and ssl_client2 to be run
if MBEDTLS_FS_IO and MBEDTLS_PEM_PARSE_C are unset. Fixes #2254.
* The HAVEGE state type now uses uint32_t elements instead of int.
Bugfix
* Fix missing bounds checks in X.509 parsing functions that could
lead to successful parsing of ill-formed X.509 CRTs. Fixes #2437.
* Fix multiple X.509 functions previously returning ASN.1 low-level error
codes to always wrap these codes into X.509 high level error codes before
returning. Fixes #2431.
* Fix to allow building test suites with any warning that detects unused
functions. Fixes #1628.
* Fix typo in net_would_block(). Fixes #528 reported by github-monoculture.
* Remove redundant include file in timing.c. Fixes #2640 reported by irwir.
* Fix build failure when building with mingw on Windows by including
stdarg.h where needed. Fixes #2656.
* Fix Visual Studio Release x64 build configuration by inheriting
PlatformToolset from the project configuration. Fixes #1430 reported by
irwir.
* Enable Suite B with subset of ECP curves. Make sure the code compiles even
if some curves are not defined. Fixes #1591 reported by dbedev.
* Fix misuse of signed arithmetic in the HAVEGE module. #2598
* Avoid use of statically sized stack buffers for certificate writing.
This previously limited the maximum size of DER encoded certificates
in mbedtls_x509write_crt_der() to 2Kb. Reported by soccerGB in #2631.
* Fix partial zeroing in x509_get_other_name. Found and fixed by ekse, #2716.
* Update test certificates that were about to expire. Reported by
Bernhard M. Wiedemann in #2357.
* Fix the build on ARMv5TE in ARM mode to not use assembly instructions
that are only available in Thumb mode. Fix contributed by Aurelien Jarno
in #2169.
* Fix propagation of restart contexts in restartable EC operations.
This could previously lead to segmentation faults in builds using an
address-sanitizer and enabling but not using MBEDTLS_ECP_RESTARTABLE.
Changes
* Replace multiple uses of MD2 by SHA-256 in X.509 test suite. Fixes #821.
* Make it easier to define MBEDTLS_PARAM_FAILED as assert (which config.h
suggests). #2671
* Make `make clean` clean all programs always. Fixes #1862.
* Add a Dockerfile and helper scripts (all-in-docker.sh, basic-in-docker.sh,
docker-env.sh) to simplify running test suites on a Linux host. Contributed
by Peter Kolbus (Garmin).
* Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
Ashley Duncan in #2609.
* Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
test runs without variability. Contributed by Philippe Antoine (Catena
cyber) in #2681.
* Extended .gitignore to ignore Visual Studio artifacts. Fixed by ConfusedSushi.
* Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
Ashley Duncan in #2609.
* Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
test runs without variability. Contributed by Philippe Antoine (Catena
cyber) in #2681.
* Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
Ashley Duncan in #2609.
* Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
test runs without variability. Contributed by Philippe Antoine (Catena
cyber) in #2681.
* Adds fuzz targets, especially for continuous fuzzing with OSS-Fuzz.
Contributed by Philippe Antoine (Catena cyber).
= mbed TLS 2.18.1 branch released 2019-07-12
Bugfix
* Fix build failure when building with mingw on Windows by including
stdarg.h where needed. Fixes #2656.
Changes
* Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
Ashley Duncan in #2609.
= mbed TLS 2.18.0 branch released 2019-06-11
Features
* Add the Any Policy certificate policy oid, as defined in
rfc 5280 section 4.2.1.4.
@ -31,24 +118,11 @@ Features
changed its IP or port. The feature is enabled at compile-time by setting
MBEDTLS_SSL_DTLS_CONNECTION_ID (disabled by default), and at run-time
through the new APIs mbedtls_ssl_conf_cid() and mbedtls_ssl_set_cid().
* Add new API functions mbedtls_ssl_session_save() and
mbedtls_ssl_session_load() to allow serializing a session, for example to
store it in non-volatile storage, and later using it for TLS session
resumption.
* Add a new API function mbedtls_ssl_check_record() to allow checking that
an incoming record is valid, authentic and has not been seen before. This
feature can be used alongside Connection ID and SSL context serialisation.
The feature is enabled at compile-time by MBEDTLS_SSL_RECORD_CHECKING
option.
API Changes
* Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes,
and the used tls-prf.
* Add public API for tls-prf function, according to requested enum.
* Add DER-encoded test CRTs to library/certs.c, allowing
the example programs ssl_server2 and ssl_client2 to be run
if MBEDTLS_FS_IO and MBEDTLS_PEM_PARSE_C are unset. Fixes #2254.
* The HAVEGE state type now uses uint32_t elements instead of int.
Bugfix
* Fix private key DER output in the key_app_writer example. File contents
@ -76,35 +150,7 @@ Bugfix
* Set the next sequence of the subject_alt_name to NULL when deleting
sequence on failure. Found and fix suggested by Philippe Antoine.
Credit to OSS-Fuzz.
* Fix missing bounds checks in X.509 parsing functions that could
lead to successful parsing of ill-formed X.509 CRTs. Fixes #2437.
* Fix multiple X.509 functions previously returning ASN.1 low-level error
codes to always wrap these codes into X.509 high level error codes before
returning. Fixes #2431.
* Fix to allow building test suites with any warning that detects unused
functions. Fixes #1628.
* Fix typo in net_would_block(). Fixes #528 reported by github-monoculture.
* Remove redundant include file in timing.c. Fixes #2640 reported by irwir.
* Fix build failure when building with mingw on Windows by including
stdarg.h where needed. Fixes #2656.
* Fix Visual Studio Release x64 build configuration by inheriting
PlatformToolset from the project configuration. Fixes #1430 reported by
irwir.
* Enable Suite B with subset of ECP curves. Make sure the code compiles even
if some curves are not defined. Fixes #1591 reported by dbedev.
* Fix misuse of signed arithmetic in the HAVEGE module. #2598
* Avoid use of statically sized stack buffers for certificate writing.
This previously limited the maximum size of DER encoded certificates
in mbedtls_x509write_crt_der() to 2Kb. Reported by soccerGB in #2631.
* Fix partial zeroing in x509_get_other_name. Found and fixed by ekse, #2716.
* Update test certificates that were about to expire. Reported by
Bernhard M. Wiedemann in #2357.
* Fix the build on ARMv5TE in ARM mode to not use assembly instructions
that are only available in Thumb mode. Fix contributed by Aurelien Jarno
in #2169.
* Fix propagation of restart contexts in restartable EC operations.
This could previously lead to segmentation faults in builds using an
address-sanitizer and enabling but not using MBEDTLS_ECP_RESTARTABLE.
Changes
* Server's RSA certificate in certs.c was SHA-1 signed. In the default
mbedTLS configuration only SHA-2 signed certificates are accepted.
@ -121,31 +167,6 @@ Changes
Contributed by Peter Kolbus (Garmin).
* Change wording in the `mbedtls_ssl_conf_max_frag_len()`'s documentation to
improve clarity. Fixes #2258.
* Replace multiple uses of MD2 by SHA-256 in X.509 test suite. Fixes #821.
* Make it easier to define MBEDTLS_PARAM_FAILED as assert (which config.h
suggests). #2671
* Make `make clean` clean all programs always. Fixes #1862.
* Add a Dockerfile and helper scripts (all-in-docker.sh, basic-in-docker.sh,
docker-env.sh) to simplify running test suites on a Linux host. Contributed
by Peter Kolbus (Garmin).
* Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
Ashley Duncan in #2609.
* Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
test runs without variability. Contributed by Philippe Antoine (Catena
cyber) in #2681.
* Extended .gitignore to ignore Visual Studio artifacts. Fixed by ConfusedSushi.
* Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
Ashley Duncan in #2609.
* Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
test runs without variability. Contributed by Philippe Antoine (Catena
cyber) in #2681.
* Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
Ashley Duncan in #2609.
* Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
test runs without variability. Contributed by Philippe Antoine (Catena
cyber) in #2681.
* Adds fuzz targets, especially for continuous fuzzing with OSS-Fuzz.
Contributed by Philippe Antoine (Catena cyber).
= mbed TLS 2.17.0 branch released 2019-03-19

View File

@ -24,7 +24,7 @@
*/
/**
* @mainpage mbed TLS v2.17.0 source code documentation
* @mainpage mbed TLS v2.18.0 source code documentation
*
* This documentation describes the internal structure of mbed TLS. It was
* automatically generated from specially formatted comment blocks in

View File

@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8
# identify the project. Note that if you do not use Doxywizard you need
# to put quotes around the project name if it contains spaces.
PROJECT_NAME = "mbed TLS v2.17.0"
PROJECT_NAME = "mbed TLS v2.18.0"
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
# This could be handy for archiving the generated documentation or

View File

@ -39,7 +39,7 @@
* Major, Minor, Patchlevel
*/
#define MBEDTLS_VERSION_MAJOR 2
#define MBEDTLS_VERSION_MINOR 17
#define MBEDTLS_VERSION_MINOR 18
#define MBEDTLS_VERSION_PATCH 0
/**
@ -47,9 +47,9 @@
* MMNNPP00
* Major version | Minor version | Patch version
*/
#define MBEDTLS_VERSION_NUMBER 0x02110000
#define MBEDTLS_VERSION_STRING "2.17.0"
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.17.0"
#define MBEDTLS_VERSION_NUMBER 0x02120000
#define MBEDTLS_VERSION_STRING "2.18.0"
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.18.0"
#if defined(MBEDTLS_VERSION_C)

View File

@ -172,14 +172,14 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
if(USE_SHARED_MBEDTLS_LIBRARY)
add_library(mbedx509 SHARED ${src_x509})
set_target_properties(mbedx509 PROPERTIES VERSION 2.17.0 SOVERSION 0)
set_target_properties(mbedx509 PROPERTIES VERSION 2.18.0 SOVERSION 1)
target_link_libraries(mbedx509 ${libs} mbedcrypto)
target_include_directories(mbedx509
PUBLIC ${MBEDTLS_DIR}/include/
PUBLIC ${MBEDTLS_DIR}/crypto/include/)
add_library(mbedtls SHARED ${src_tls})
set_target_properties(mbedtls PROPERTIES VERSION 2.17.0 SOVERSION 12)
set_target_properties(mbedtls PROPERTIES VERSION 2.18.0 SOVERSION 13)
target_link_libraries(mbedtls ${libs} mbedx509)
target_include_directories(mbedtls
PUBLIC ${MBEDTLS_DIR}/include/

View File

@ -35,8 +35,8 @@ LOCAL_CFLAGS += -fPIC -fpic
endif
endif
SOEXT_TLS=so.12
SOEXT_X509=so.0
SOEXT_TLS=so.13
SOEXT_X509=so.1
SOEXT_CRYPTO=so.3
# Set AR_DASH= (empty string) to use an ar implementation that does not accept

View File

@ -1,8 +1,8 @@
Check compiletime library version
check_compiletime_version:"2.17.0"
check_compiletime_version:"2.18.0"
Check runtime library version
check_runtime_version:"2.17.0"
check_runtime_version:"2.18.0"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0