From a591985c62a9354db3027b4895c24377712b9620 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 19 Feb 2020 11:17:23 +0000 Subject: [PATCH 1/4] Update submodule * #365 Change PSA compatibility API to inline functions * #367 Fix pk_parse_key()'s use of rsa_complete() * #370 Bump version to Mbed TLS 2.21.0 --- crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto b/crypto index 4d8c836cd..cf4a40ba0 160000 --- a/crypto +++ b/crypto @@ -1 +1 @@ -Subproject commit 4d8c836cdc4559d862337c5b2ecc9ca5d1e7810f +Subproject commit cf4a40ba0a3086cabb5a8227245191161fd26383 From d1692ee07a32ea44ad53b77055bea50664fc8bdc Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 19 Feb 2020 11:23:55 +0000 Subject: [PATCH 2/4] Update ChangeLog for crypto changes from a591985c62a9354db3027b4895c24377712b9620 Add ChangeLog entries for changes brought by the submodule update in the previous commit. --- ChangeLog | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ChangeLog b/ChangeLog index 4bbf8f16f..d234de02e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -44,6 +44,11 @@ Bugfix contributed by apple-ihack-geek in #2663. * Fix a possible error code mangling in psa_mac_verify_finish() when a cryptographic accelerator fails. ARMmbed/mbed-crypto#345 + * Fix a bug in mbedtls_pk_parse_key() that would cause it to accept some + RSA keys that would later be rejected by functions expecting private + keys. Found by Catena cyber using oss-fuzz (issue 20467). + * Fix a bug in mbedtls_pk_parse_key() that would cause it to + accept some RSA keys with invalid values by silently fixing those values. = mbed TLS 2.20.0 branch released 2020-01-15 From 84d2fd4ee2d7f838d01d213f9f81703a47d15aa7 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 19 Feb 2020 14:34:30 +0000 Subject: [PATCH 3/4] Bump version to Mbed TLS 2.21.0 --- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/version.h | 8 ++++---- library/CMakeLists.txt | 4 ++-- tests/suites/test_suite_version.data | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index 5b5aefbcf..8e2539de0 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -24,7 +24,7 @@ */ /** - * @mainpage mbed TLS v2.20.0 source code documentation + * @mainpage mbed TLS v2.21.0 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 47a9740f6..7db91bce5 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.20.0" +PROJECT_NAME = "mbed TLS v2.21.0" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index d4e5d5410..35af4cc43 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -39,7 +39,7 @@ * Major, Minor, Patchlevel */ #define MBEDTLS_VERSION_MAJOR 2 -#define MBEDTLS_VERSION_MINOR 20 +#define MBEDTLS_VERSION_MINOR 21 #define MBEDTLS_VERSION_PATCH 0 /** @@ -47,9 +47,9 @@ * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02140000 -#define MBEDTLS_VERSION_STRING "2.20.0" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.20.0" +#define MBEDTLS_VERSION_NUMBER 0x02150000 +#define MBEDTLS_VERSION_STRING "2.21.0" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.21.0" #if defined(MBEDTLS_VERSION_C) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 15443259b..ed244a705 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -175,14 +175,14 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.20.0 SOVERSION 1) + set_target_properties(mbedx509 PROPERTIES VERSION 2.21.0 SOVERSION 1) target_link_libraries(mbedx509 ${libs} mbedcrypto) target_include_directories(mbedx509 PUBLIC ${MBEDTLS_DIR}/include/ PUBLIC ${MBEDTLS_DIR}/crypto/include/) add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.20.0 SOVERSION 13) + set_target_properties(mbedtls PROPERTIES VERSION 2.21.0 SOVERSION 13) target_link_libraries(mbedtls ${libs} mbedx509) target_include_directories(mbedtls PUBLIC ${MBEDTLS_DIR}/include/ diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index ff0612b3b..868fe06d5 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.20.0" +check_compiletime_version:"2.21.0" Check runtime library version -check_runtime_version:"2.20.0" +check_runtime_version:"2.21.0" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 From 138c2eac5599d25f4bd244d9b37a9975170e2e0c Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 19 Feb 2020 14:32:24 +0000 Subject: [PATCH 4/4] Add release info to ChangeLog --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index d234de02e..a4660acbe 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS X.X.X branch released XXXX-XX-XX += mbed TLS 2.21.0 branch released 2020-02-20 New deprecations * Deprecate MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO that enables parsing