Merge pull request #532 from sbutcher-arm/version-2.14.0
Bump Mbed TLS Version to 2.14.0
This commit is contained in:
commit
556d7d9e3b
6 changed files with 27 additions and 28 deletions
31
ChangeLog
31
ChangeLog
|
@ -1,19 +1,19 @@
|
|||
mbed TLS ChangeLog (Sorted per branch, date)
|
||||
|
||||
= mbed TLS x.x.x branch released xxxx-xx-xx
|
||||
= mbed TLS 2.14.0 branch released 2018-11-19
|
||||
|
||||
Security
|
||||
* Fix overly strict DN comparison when looking for CRLs belonging to a
|
||||
particular CA. This previously lead to ignoring CRLs when the CRL's issuer
|
||||
particular CA. This previously led to ignoring CRLs when the CRL's issuer
|
||||
name and the CA's subject name differed in their string encoding (e.g.,
|
||||
one using PrintableString and the other UTF8String) or in the choice of
|
||||
upper and lower case. Reported by Henrik Andersson of Bosch GmbH in issue
|
||||
#1784.
|
||||
* Fix a flawed bounds check in server PSK hint parsing. In case the
|
||||
incoming message buffer was placed within the first 64KB of address
|
||||
incoming message buffer was placed within the first 64KiB of address
|
||||
space and a PSK-(EC)DHE ciphersuite was used, this allowed an attacker
|
||||
to trigger a memory access up to 64KB beyond the incoming message buffer,
|
||||
potentially leading to application crash or information disclosure.
|
||||
to trigger a memory access up to 64KiB beyond the incoming message buffer,
|
||||
potentially leading to an application crash or information disclosure.
|
||||
* Fix mbedtls_mpi_is_prime() to use more rounds of probabilistic testing. The
|
||||
previous settings for the number of rounds made it practical for an
|
||||
adversary to construct non-primes that would be erroneously accepted as
|
||||
|
@ -28,11 +28,11 @@ Security
|
|||
|
||||
Features
|
||||
* Add support for temporarily suspending expensive ECC computations after
|
||||
some configurable amount of operations, to be used in single-threaded
|
||||
constrained systems where ECC is time consuming and blocking until
|
||||
completion cannot be tolerated. This is enabled by
|
||||
MBEDTLS_ECP_RESTARTABLE at compile time (disabled by default) and
|
||||
configured by mbedtls_ecp_set_max_ops() at runtime. It applies to new
|
||||
some configurable amount of operations. This is intended to be used in
|
||||
constrained, single-threaded systems where ECC is time consuming and can
|
||||
block other operations until they complete. This is disabled by default,
|
||||
but can be enabled by MBEDTLS_ECP_RESTARTABLE at compile time and
|
||||
configured by mbedtls_ecp_set_max_ops() at runtime. It applies to the new
|
||||
xxx_restartable functions in ECP, ECDSA, PK and X.509 (CRL not supported
|
||||
yet), and to existing functions in ECDH and SSL (currently only
|
||||
implemented client-side, for ECDHE-ECDSA ciphersuites in TLS 1.2,
|
||||
|
@ -41,12 +41,11 @@ Features
|
|||
operations. On CPUs where the extensions are available, they can accelerate
|
||||
MPI multiplications used in ECC and RSA cryptography. Contributed by
|
||||
Aurelien Jarno.
|
||||
* Extend RSASSA-PSS signature to allow slightly a smaller salt size.
|
||||
Previously, PSS signature always used a salt with the same length as the
|
||||
hash, and returned an error if this was not possible. Now the salt size
|
||||
may be up to two bytes shorter. This allows the library to support all
|
||||
hash and signature sizes that comply with FIPS 186-4, including SHA-512
|
||||
with a 1024-bit key.
|
||||
* Extend RSASSA-PSS signature to allow a smaller salt size. Previously, PSS
|
||||
signature always used a salt with the same length as the hash, and returned
|
||||
an error if this was not possible. Now the salt size may be up to two bytes
|
||||
shorter. This allows the library to support all hash and signature sizes
|
||||
that comply with FIPS 186-4, including SHA-512 with a 1024-bit key.
|
||||
* Add support for 128-bit keys in CTR_DRBG. Note that using keys shorter
|
||||
than 256 bits limits the security of generated material to 128 bits.
|
||||
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
*/
|
||||
|
||||
/**
|
||||
* @mainpage mbed TLS v2.13.1 source code documentation
|
||||
* @mainpage mbed TLS v2.14.0 source code documentation
|
||||
*
|
||||
* This documentation describes the internal structure of mbed TLS. It was
|
||||
* automatically generated from specially formatted comment blocks in
|
||||
|
|
|
@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8
|
|||
# identify the project. Note that if you do not use Doxywizard you need
|
||||
# to put quotes around the project name if it contains spaces.
|
||||
|
||||
PROJECT_NAME = "mbed TLS v2.13.1"
|
||||
PROJECT_NAME = "mbed TLS v2.14.0"
|
||||
|
||||
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
|
||||
# This could be handy for archiving the generated documentation or
|
||||
|
|
|
@ -39,17 +39,17 @@
|
|||
* Major, Minor, Patchlevel
|
||||
*/
|
||||
#define MBEDTLS_VERSION_MAJOR 2
|
||||
#define MBEDTLS_VERSION_MINOR 13
|
||||
#define MBEDTLS_VERSION_PATCH 1
|
||||
#define MBEDTLS_VERSION_MINOR 14
|
||||
#define MBEDTLS_VERSION_PATCH 0
|
||||
|
||||
/**
|
||||
* The single version number has the following structure:
|
||||
* MMNNPP00
|
||||
* Major version | Minor version | Patch version
|
||||
*/
|
||||
#define MBEDTLS_VERSION_NUMBER 0x020D0100
|
||||
#define MBEDTLS_VERSION_STRING "2.13.1"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.13.1"
|
||||
#define MBEDTLS_VERSION_NUMBER 0x020E0000
|
||||
#define MBEDTLS_VERSION_STRING "2.14.0"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.14.0"
|
||||
|
||||
#if defined(MBEDTLS_VERSION_C)
|
||||
|
||||
|
|
|
@ -159,15 +159,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
|
|||
|
||||
if(USE_SHARED_MBEDTLS_LIBRARY)
|
||||
add_library(mbedcrypto SHARED ${src_crypto})
|
||||
set_target_properties(mbedcrypto PROPERTIES VERSION 2.13.1 SOVERSION 3)
|
||||
set_target_properties(mbedcrypto PROPERTIES VERSION 2.14.0 SOVERSION 3)
|
||||
target_link_libraries(mbedcrypto ${libs})
|
||||
|
||||
add_library(mbedx509 SHARED ${src_x509})
|
||||
set_target_properties(mbedx509 PROPERTIES VERSION 2.13.1 SOVERSION 0)
|
||||
set_target_properties(mbedx509 PROPERTIES VERSION 2.14.0 SOVERSION 0)
|
||||
target_link_libraries(mbedx509 ${libs} mbedcrypto)
|
||||
|
||||
add_library(mbedtls SHARED ${src_tls})
|
||||
set_target_properties(mbedtls PROPERTIES VERSION 2.13.1 SOVERSION 12)
|
||||
set_target_properties(mbedtls PROPERTIES VERSION 2.14.0 SOVERSION 12)
|
||||
target_link_libraries(mbedtls ${libs} mbedx509)
|
||||
|
||||
install(TARGETS mbedtls mbedx509 mbedcrypto
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
Check compiletime library version
|
||||
check_compiletime_version:"2.13.1"
|
||||
check_compiletime_version:"2.14.0"
|
||||
|
||||
Check runtime library version
|
||||
check_runtime_version:"2.13.1"
|
||||
check_runtime_version:"2.14.0"
|
||||
|
||||
Check for MBEDTLS_VERSION_C
|
||||
check_feature:"MBEDTLS_VERSION_C":0
|
||||
|
|
Loading…
Reference in a new issue