diff --git a/ChangeLog b/ChangeLog index 408a0b7e2..695d623ce 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,93 @@ Security about 1 bit of information on average and could cause the value to be 1 byte too large for the output buffer. +Features + * Add new API functions mbedtls_ssl_session_save() and + mbedtls_ssl_session_load() to allow serializing a session, for example to + store it in non-volatile storage, and later using it for TLS session + resumption. + * Add a new API function mbedtls_ssl_check_record() to allow checking that + an incoming record is valid, authentic and has not been seen before. This + feature can be used alongside Connection ID and SSL context serialisation. + The feature is enabled at compile-time by MBEDTLS_SSL_RECORD_CHECKING + option. + +API Changes + * Add DER-encoded test CRTs to library/certs.c, allowing + the example programs ssl_server2 and ssl_client2 to be run + if MBEDTLS_FS_IO and MBEDTLS_PEM_PARSE_C are unset. Fixes #2254. + * The HAVEGE state type now uses uint32_t elements instead of int. + +Bugfix + * Fix missing bounds checks in X.509 parsing functions that could + lead to successful parsing of ill-formed X.509 CRTs. Fixes #2437. + * Fix multiple X.509 functions previously returning ASN.1 low-level error + codes to always wrap these codes into X.509 high level error codes before + returning. Fixes #2431. + * Fix to allow building test suites with any warning that detects unused + functions. Fixes #1628. + * Fix typo in net_would_block(). Fixes #528 reported by github-monoculture. + * Remove redundant include file in timing.c. Fixes #2640 reported by irwir. + * Fix build failure when building with mingw on Windows by including + stdarg.h where needed. Fixes #2656. + * Fix Visual Studio Release x64 build configuration by inheriting + PlatformToolset from the project configuration. Fixes #1430 reported by + irwir. + * Enable Suite B with subset of ECP curves. Make sure the code compiles even + if some curves are not defined. Fixes #1591 reported by dbedev. + * Fix misuse of signed arithmetic in the HAVEGE module. #2598 + * Avoid use of statically sized stack buffers for certificate writing. + This previously limited the maximum size of DER encoded certificates + in mbedtls_x509write_crt_der() to 2Kb. Reported by soccerGB in #2631. + * Fix partial zeroing in x509_get_other_name. Found and fixed by ekse, #2716. + * Update test certificates that were about to expire. Reported by + Bernhard M. Wiedemann in #2357. + * Fix the build on ARMv5TE in ARM mode to not use assembly instructions + that are only available in Thumb mode. Fix contributed by Aurelien Jarno + in #2169. + * Fix propagation of restart contexts in restartable EC operations. + This could previously lead to segmentation faults in builds using an + address-sanitizer and enabling but not using MBEDTLS_ECP_RESTARTABLE. + +Changes + * Replace multiple uses of MD2 by SHA-256 in X.509 test suite. Fixes #821. + * Make it easier to define MBEDTLS_PARAM_FAILED as assert (which config.h + suggests). #2671 + * Make `make clean` clean all programs always. Fixes #1862. + * Add a Dockerfile and helper scripts (all-in-docker.sh, basic-in-docker.sh, + docker-env.sh) to simplify running test suites on a Linux host. Contributed + by Peter Kolbus (Garmin). + * Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by + Ashley Duncan in #2609. + * Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable + test runs without variability. Contributed by Philippe Antoine (Catena + cyber) in #2681. + * Extended .gitignore to ignore Visual Studio artifacts. Fixed by ConfusedSushi. + * Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by + Ashley Duncan in #2609. + * Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable + test runs without variability. Contributed by Philippe Antoine (Catena + cyber) in #2681. + * Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by + Ashley Duncan in #2609. + * Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable + test runs without variability. Contributed by Philippe Antoine (Catena + cyber) in #2681. + * Adds fuzz targets, especially for continuous fuzzing with OSS-Fuzz. + Contributed by Philippe Antoine (Catena cyber). + += mbed TLS 2.18.1 branch released 2019-07-12 + +Bugfix + * Fix build failure when building with mingw on Windows by including + stdarg.h where needed. Fixes #2656. + +Changes + * Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by + Ashley Duncan in #2609. + += mbed TLS 2.18.0 branch released 2019-06-11 + Features * Add the Any Policy certificate policy oid, as defined in rfc 5280 section 4.2.1.4. @@ -38,24 +125,11 @@ Features changed its IP or port. The feature is enabled at compile-time by setting MBEDTLS_SSL_DTLS_CONNECTION_ID (disabled by default), and at run-time through the new APIs mbedtls_ssl_conf_cid() and mbedtls_ssl_set_cid(). - * Add new API functions mbedtls_ssl_session_save() and - mbedtls_ssl_session_load() to allow serializing a session, for example to - store it in non-volatile storage, and later using it for TLS session - resumption. - * Add a new API function mbedtls_ssl_check_record() to allow checking that - an incoming record is valid, authentic and has not been seen before. This - feature can be used alongside Connection ID and SSL context serialisation. - The feature is enabled at compile-time by MBEDTLS_SSL_RECORD_CHECKING - option. API Changes * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes, and the used tls-prf. * Add public API for tls-prf function, according to requested enum. - * Add DER-encoded test CRTs to library/certs.c, allowing - the example programs ssl_server2 and ssl_client2 to be run - if MBEDTLS_FS_IO and MBEDTLS_PEM_PARSE_C are unset. Fixes #2254. - * The HAVEGE state type now uses uint32_t elements instead of int. Bugfix * Fix private key DER output in the key_app_writer example. File contents @@ -83,35 +157,7 @@ Bugfix * Set the next sequence of the subject_alt_name to NULL when deleting sequence on failure. Found and fix suggested by Philippe Antoine. Credit to OSS-Fuzz. - * Fix missing bounds checks in X.509 parsing functions that could - lead to successful parsing of ill-formed X.509 CRTs. Fixes #2437. - * Fix multiple X.509 functions previously returning ASN.1 low-level error - codes to always wrap these codes into X.509 high level error codes before - returning. Fixes #2431. - * Fix to allow building test suites with any warning that detects unused - functions. Fixes #1628. - * Fix typo in net_would_block(). Fixes #528 reported by github-monoculture. - * Remove redundant include file in timing.c. Fixes #2640 reported by irwir. - * Fix build failure when building with mingw on Windows by including - stdarg.h where needed. Fixes #2656. - * Fix Visual Studio Release x64 build configuration by inheriting - PlatformToolset from the project configuration. Fixes #1430 reported by - irwir. - * Enable Suite B with subset of ECP curves. Make sure the code compiles even - if some curves are not defined. Fixes #1591 reported by dbedev. - * Fix misuse of signed arithmetic in the HAVEGE module. #2598 - * Avoid use of statically sized stack buffers for certificate writing. - This previously limited the maximum size of DER encoded certificates - in mbedtls_x509write_crt_der() to 2Kb. Reported by soccerGB in #2631. - * Fix partial zeroing in x509_get_other_name. Found and fixed by ekse, #2716. - * Update test certificates that were about to expire. Reported by - Bernhard M. Wiedemann in #2357. - * Fix the build on ARMv5TE in ARM mode to not use assembly instructions - that are only available in Thumb mode. Fix contributed by Aurelien Jarno - in #2169. - * Fix propagation of restart contexts in restartable EC operations. - This could previously lead to segmentation faults in builds using an - address-sanitizer and enabling but not using MBEDTLS_ECP_RESTARTABLE. + Changes * Server's RSA certificate in certs.c was SHA-1 signed. In the default mbedTLS configuration only SHA-2 signed certificates are accepted. @@ -128,31 +174,6 @@ Changes Contributed by Peter Kolbus (Garmin). * Change wording in the `mbedtls_ssl_conf_max_frag_len()`'s documentation to improve clarity. Fixes #2258. - * Replace multiple uses of MD2 by SHA-256 in X.509 test suite. Fixes #821. - * Make it easier to define MBEDTLS_PARAM_FAILED as assert (which config.h - suggests). #2671 - * Make `make clean` clean all programs always. Fixes #1862. - * Add a Dockerfile and helper scripts (all-in-docker.sh, basic-in-docker.sh, - docker-env.sh) to simplify running test suites on a Linux host. Contributed - by Peter Kolbus (Garmin). - * Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by - Ashley Duncan in #2609. - * Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable - test runs without variability. Contributed by Philippe Antoine (Catena - cyber) in #2681. - * Extended .gitignore to ignore Visual Studio artifacts. Fixed by ConfusedSushi. - * Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by - Ashley Duncan in #2609. - * Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable - test runs without variability. Contributed by Philippe Antoine (Catena - cyber) in #2681. - * Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by - Ashley Duncan in #2609. - * Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable - test runs without variability. Contributed by Philippe Antoine (Catena - cyber) in #2681. - * Adds fuzz targets, especially for continuous fuzzing with OSS-Fuzz. - Contributed by Philippe Antoine (Catena cyber). = mbed TLS 2.17.0 branch released 2019-03-19 diff --git a/crypto b/crypto index 89e765569..21db2a94a 160000 --- a/crypto +++ b/crypto @@ -1 +1 @@ -Subproject commit 89e76556910c2704313fe23b174f2742702a3a29 +Subproject commit 21db2a94a482689e4e4f4e5473d4b5723c5394e4 diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index 4eff83692..487faf8d2 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -24,7 +24,7 @@ */ /** - * @mainpage mbed TLS v2.17.0 source code documentation + * @mainpage mbed TLS v2.18.0 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 0cb092e37..f582f9b38 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.17.0" +PROJECT_NAME = "mbed TLS v2.18.0" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index fd7783044..ea01f1d0e 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -39,7 +39,7 @@ * Major, Minor, Patchlevel */ #define MBEDTLS_VERSION_MAJOR 2 -#define MBEDTLS_VERSION_MINOR 17 +#define MBEDTLS_VERSION_MINOR 18 #define MBEDTLS_VERSION_PATCH 0 /** @@ -47,9 +47,9 @@ * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02110000 -#define MBEDTLS_VERSION_STRING "2.17.0" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.17.0" +#define MBEDTLS_VERSION_NUMBER 0x02120000 +#define MBEDTLS_VERSION_STRING "2.18.0" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.18.0" #if defined(MBEDTLS_VERSION_C) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 7f0819ef6..c82784ee1 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -172,14 +172,14 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.17.0 SOVERSION 0) + set_target_properties(mbedx509 PROPERTIES VERSION 2.18.0 SOVERSION 1) target_link_libraries(mbedx509 ${libs} mbedcrypto) target_include_directories(mbedx509 PUBLIC ${MBEDTLS_DIR}/include/ PUBLIC ${MBEDTLS_DIR}/crypto/include/) add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.17.0 SOVERSION 12) + set_target_properties(mbedtls PROPERTIES VERSION 2.18.0 SOVERSION 13) target_link_libraries(mbedtls ${libs} mbedx509) target_include_directories(mbedtls PUBLIC ${MBEDTLS_DIR}/include/ diff --git a/library/Makefile b/library/Makefile index 8b2e572aa..af472ad93 100644 --- a/library/Makefile +++ b/library/Makefile @@ -35,8 +35,8 @@ LOCAL_CFLAGS += -fPIC -fpic endif endif -SOEXT_TLS=so.12 -SOEXT_X509=so.0 +SOEXT_TLS=so.13 +SOEXT_X509=so.1 SOEXT_CRYPTO=so.3 # Set AR_DASH= (empty string) to use an ar implementation that does not accept diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 99d306533..e06c06d34 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -689,6 +689,52 @@ exit: #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_USE_PSA_CRYPTO) + +static psa_status_t setup_psa_key_derivation( psa_key_derivation_operation_t* derivation, + psa_key_handle_t slot, + psa_algorithm_t alg, + const unsigned char* seed, size_t seed_length, + const unsigned char* label, size_t label_length, + size_t capacity ) +{ + psa_status_t status; + + status = psa_key_derivation_setup( derivation, alg ); + if( status != PSA_SUCCESS ) + return( status ); + + if( PSA_ALG_IS_TLS12_PRF( alg ) || PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) ) + { + status = psa_key_derivation_input_bytes( derivation, + PSA_KEY_DERIVATION_INPUT_SEED, + seed, seed_length ); + if( status != PSA_SUCCESS ) + return( status ); + + status = psa_key_derivation_input_key( derivation, + PSA_KEY_DERIVATION_INPUT_SECRET, + slot ); + if( status != PSA_SUCCESS ) + return( status ); + + status = psa_key_derivation_input_bytes( derivation, + PSA_KEY_DERIVATION_INPUT_LABEL, + label, label_length ); + if( status != PSA_SUCCESS ) + return( status ); + } + else + { + return( PSA_ERROR_NOT_SUPPORTED ); + } + + status = psa_key_derivation_set_capacity( derivation, capacity ); + if( status != PSA_SUCCESS ) + return( status ); + + return( PSA_SUCCESS ); +} + static int tls_prf_generic( mbedtls_md_type_t md_type, const unsigned char *secret, size_t slen, const char *label, @@ -716,12 +762,12 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, if( status != PSA_SUCCESS ) return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); - status = psa_key_derivation( &derivation, - master_slot, alg, - random, rlen, - (unsigned char const *) label, - (size_t) strlen( label ), - dlen ); + status = setup_psa_key_derivation( &derivation, + master_slot, alg, + random, rlen, + (unsigned char const *) label, + (size_t) strlen( label ), + dlen ); if( status != PSA_SUCCESS ) { psa_key_derivation_abort( &derivation ); @@ -1695,11 +1741,11 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, else alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); - status = psa_key_derivation( &derivation, psk, alg, - salt, salt_len, - (unsigned char const *) lbl, - (size_t) strlen( lbl ), - master_secret_len ); + status = setup_psa_key_derivation( &derivation, psk, alg, + salt, salt_len, + (unsigned char const *) lbl, + (size_t) strlen( lbl ), + master_secret_len ); if( status != PSA_SUCCESS ) { psa_key_derivation_abort( &derivation ); diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index a4575ab00..f83b8d3ff 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.17.0" +check_compiletime_version:"2.18.0" Check runtime library version -check_runtime_version:"2.17.0" +check_runtime_version:"2.18.0" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0