diff --git a/ChangeLog b/ChangeLog index bae12c95ca..af7ee46e79 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,28 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.7.x branch released xxxx-xx-xx +Bugfix + * Server's RSA certificate in certs.c was SHA-1 signed. In the default + mbedTLS configuration only SHA-2 signed certificates are accepted. + This certificate is used in the demo server programs, which lead the + client programs to fail at the peer's certificate verification + due to an unacceptable hash signature. The certificate has been + updated to one that is SHA-256 signed. Fix contributed by + Illya Gerasymchuk. + * Fix private key DER output in the key_app_writer example. File contents + were shifted by one byte, creating an invalid ASN.1 tag. Fixed by + Christian Walther in #2239. + +Changes + * Return from various debugging routines immediately if the + provided SSL context is unset. + * Remove dead code from bignum.c in the default configuration. + Found by Coverity, reported and fixed by Peter Kolbus (Garmin). Fixes #2309. + * Add test for minimal value of MBEDTLS_MPI_WINDOW_SIZE to all.sh. + Contributed by Peter Kolbus (Garmin). + += mbed TLS 2.7.10 branch released 2019-03-19 + Features * Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites from the default list (enabled by default). See @@ -20,16 +42,6 @@ Bugfix extensions in CSRs and CRTs that caused these bitstrings to not be encoded correctly as trailing zeroes were not accounted for as unused bits in the leading content octet. Fixes #1610. - * Server's RSA certificate in certs.c was SHA-1 signed. In the default - mbedTLS configuration only SHA-2 signed certificates are accepted. - This certificate is used in the demo server programs, which lead the - client programs to fail at the peer's certificate verification - due to an unacceptable hash signature. The certificate has been - updated to one that is SHA-256 signed. Fix contributed by - Illya Gerasymchuk. - * Fix private key DER output in the key_app_writer example. File contents - were shifted by one byte, creating an invalid ASN.1 tag. Fixed by - Christian Walther in #2239. Changes * Include configuration file in all header files that use configuration, @@ -46,12 +58,6 @@ Changes underlying OS actually guarantees. * Ciphersuites based on 3DES now have the lowest priority by default when they are enabled. - * Return from various debugging routines immediately if the - provided SSL context is unset. - * Remove dead code from bignum.c in the default configuration. - Found by Coverity, reported and fixed by Peter Kolbus (Garmin). Fixes #2309. - * Add test for minimal value of MBEDTLS_MPI_WINDOW_SIZE to all.sh. - Contributed by Peter Kolbus (Garmin). = mbed TLS 2.7.9 branch released 2018-12-21 diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index 0038615fef..c37ff6f125 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -24,7 +24,7 @@ */ /** - * @mainpage mbed TLS v2.7.9 source code documentation + * @mainpage mbed TLS v2.7.10 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 54e446398c..eb8f134444 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.7.9" +PROJECT_NAME = "mbed TLS v2.7.10" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index 36feff0d82..715bf21a76 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -40,16 +40,16 @@ */ #define MBEDTLS_VERSION_MAJOR 2 #define MBEDTLS_VERSION_MINOR 7 -#define MBEDTLS_VERSION_PATCH 9 +#define MBEDTLS_VERSION_PATCH 10 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02070900 -#define MBEDTLS_VERSION_STRING "2.7.9" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.7.9" +#define MBEDTLS_VERSION_NUMBER 0x02070A00 +#define MBEDTLS_VERSION_STRING "2.7.10" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.7.10" #if defined(MBEDTLS_VERSION_C) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 3afdcc53c4..abe74fd3e2 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -147,15 +147,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedcrypto SHARED ${src_crypto}) - set_target_properties(mbedcrypto PROPERTIES VERSION 2.7.9 SOVERSION 2) + set_target_properties(mbedcrypto PROPERTIES VERSION 2.7.10 SOVERSION 2) target_link_libraries(mbedcrypto ${libs}) add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.7.9 SOVERSION 0) + set_target_properties(mbedx509 PROPERTIES VERSION 2.7.10 SOVERSION 0) target_link_libraries(mbedx509 ${libs} mbedcrypto) add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.7.9 SOVERSION 10) + set_target_properties(mbedtls PROPERTIES VERSION 2.7.10 SOVERSION 10) target_link_libraries(mbedtls ${libs} mbedx509) install(TARGETS mbedtls mbedx509 mbedcrypto diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index eafceb3e84..fe807fe2ec 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.7.9" +check_compiletime_version:"2.7.10" Check runtime library version -check_runtime_version:"2.7.9" +check_runtime_version:"2.7.10" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0