Merge remote-tracking branch 'origin/pr/2765' into development
* origin/pr/2765: (28 commits)
Add set+get tests
Consolidate tests for set with/without values
config.py testing: also test the get command
Compatibility redirect: add copyright notice
Compatibility redirect: if python3 is not available, try python
Fix config.py output when a symbol has acquired or lost a value
Remove redundant test case
cmake: update interpreter requirement for the test suite generator
cmake: fix Python requirement
Test script for config.py
Documentation improvements
Fix "#define ... not found" error when using the default file name
Fix "--force set" without a value sneaking a None in
Fix --force requiring an argument
Fix Config.unset() making the name known
Also search config.h near the script
Report an error if switching to Python fails
Fix 'config.py set' without --force
Fix encoding errors
Print help when invoked with no arguments
...
diff --git a/ChangeLog b/ChangeLog
index f16c97e..973f213 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,16 @@
mbed TLS ChangeLog (Sorted per branch, date)
+= mbed TLS 2.19.1 branch released 2019-09-16
+
+Features
+ * Add nss_keylog to ssl_client2 and ssl_server2, enabling easier analysis of
+ TLS sessions with tools like Wireshark.
+
+API Changes
+ * Make client_random and server_random const in
+ mbedtls_ssl_export_keys_ext_t, so that the key exporter is discouraged
+ from modifying the client/server hello.
+
= mbed TLS 2.19.0 branch released 2019-09-06
Security
diff --git a/crypto b/crypto
index 92348d1..3f20efc 160000
--- a/crypto
+++ b/crypto
@@ -1 +1 @@
-Subproject commit 92348d1c4931f8c33c2d092928afca556f672c42
+Subproject commit 3f20efc03016b38f2677dadd476b21229c627c80
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index 1661a6f..d5ead37 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -24,7 +24,7 @@
*/
/**
- * @mainpage mbed TLS v2.19.0 source code documentation
+ * @mainpage mbed TLS v2.19.1 source code documentation
*
* This documentation describes the internal structure of mbed TLS. It was
* automatically generated from specially formatted comment blocks in
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index 7604c11..eb2d96e 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -28,7 +28,7 @@
# identify the project. Note that if you do not use Doxywizard you need
# to put quotes around the project name if it contains spaces.
-PROJECT_NAME = "mbed TLS v2.19.0"
+PROJECT_NAME = "mbed TLS v2.19.1"
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
# This could be handy for archiving the generated documentation or
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 458857f..655f59d 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -970,7 +970,8 @@
* tls_prf and random bytes. Should replace f_export_keys */
int (*f_export_keys_ext)( void *, const unsigned char *,
const unsigned char *, size_t, size_t, size_t,
- unsigned char[32], unsigned char[32], mbedtls_tls_prf_types );
+ const unsigned char[32], const unsigned char[32],
+ mbedtls_tls_prf_types );
void *p_export_keys; /*!< context for key export callback */
#endif
@@ -1925,8 +1926,8 @@
size_t maclen,
size_t keylen,
size_t ivlen,
- unsigned char client_random[32],
- unsigned char server_random[32],
+ const unsigned char client_random[32],
+ const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type );
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index f78e40a..ae694ee 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -40,16 +40,16 @@
*/
#define MBEDTLS_VERSION_MAJOR 2
#define MBEDTLS_VERSION_MINOR 19
-#define MBEDTLS_VERSION_PATCH 0
+#define MBEDTLS_VERSION_PATCH 1
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x02130000
-#define MBEDTLS_VERSION_STRING "2.19.0"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.19.0"
+#define MBEDTLS_VERSION_NUMBER 0x02130100
+#define MBEDTLS_VERSION_STRING "2.19.1"
+#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.19.1"
#if defined(MBEDTLS_VERSION_C)
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 774ef7d..5e36a5b 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -174,14 +174,14 @@
if(USE_SHARED_MBEDTLS_LIBRARY)
add_library(mbedx509 SHARED ${src_x509})
- set_target_properties(mbedx509 PROPERTIES VERSION 2.19.0 SOVERSION 1)
+ set_target_properties(mbedx509 PROPERTIES VERSION 2.19.1 SOVERSION 1)
target_link_libraries(mbedx509 ${libs} mbedcrypto)
target_include_directories(mbedx509
PUBLIC ${MBEDTLS_DIR}/include/
PUBLIC ${MBEDTLS_DIR}/crypto/include/)
add_library(mbedtls SHARED ${src_tls})
- set_target_properties(mbedtls PROPERTIES VERSION 2.19.0 SOVERSION 13)
+ set_target_properties(mbedtls PROPERTIES VERSION 2.19.1 SOVERSION 13)
target_link_libraries(mbedtls ${libs} mbedx509)
target_include_directories(mbedtls
PUBLIC ${MBEDTLS_DIR}/include/
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index f4bca87..a7facb8 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1427,9 +1427,8 @@
master, keyblk,
mac_key_len, keylen,
iv_copy_len,
- /* work around bug in exporter type */
- (unsigned char *) randbytes + 32,
- (unsigned char *) randbytes,
+ randbytes + 32,
+ randbytes,
tls_prf_get_type( tls_prf ) );
}
#endif
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 5e9ad3d..558fa28 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -526,8 +526,8 @@
size_t maclen,
size_t keylen,
size_t ivlen,
- unsigned char client_random[32],
- unsigned char server_random[32],
+ const unsigned char client_random[32],
+ const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type )
{
eap_tls_keys *keys = (eap_tls_keys *)p_expkey;
@@ -553,8 +553,8 @@
size_t maclen,
size_t keylen,
size_t ivlen,
- unsigned char client_random[32],
- unsigned char server_random[32],
+ const unsigned char client_random[32],
+ const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type )
{
char nss_keylog_line[ 200 ];
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 3683f3c..e27bbc6 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -637,8 +637,8 @@
size_t maclen,
size_t keylen,
size_t ivlen,
- unsigned char client_random[32],
- unsigned char server_random[32],
+ const unsigned char client_random[32],
+ const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type )
{
eap_tls_keys *keys = (eap_tls_keys *)p_expkey;
@@ -664,8 +664,8 @@
size_t maclen,
size_t keylen,
size_t ivlen,
- unsigned char client_random[32],
- unsigned char server_random[32],
+ const unsigned char client_random[32],
+ const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type )
{
char nss_keylog_line[ 200 ];
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 8e85ad1..b6dca23 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
Check compiletime library version
-check_compiletime_version:"2.19.0"
+check_compiletime_version:"2.19.1"
Check runtime library version
-check_runtime_version:"2.19.0"
+check_runtime_version:"2.19.1"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0
diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj
index 41906f5..45ae103 100644
--- a/visualc/VS2010/mbedTLS.vcxproj
+++ b/visualc/VS2010/mbedTLS.vcxproj
@@ -222,7 +222,6 @@
<ClCompile Include="..\..\crypto\library\md2.c" />
<ClCompile Include="..\..\crypto\library\md4.c" />
<ClCompile Include="..\..\crypto\library\md5.c" />
- <ClCompile Include="..\..\crypto\library\md_wrap.c" />
<ClCompile Include="..\..\crypto\library\memory_buffer_alloc.c" />
<ClCompile Include="..\..\crypto\library\nist_kw.c" />
<ClCompile Include="..\..\crypto\library\oid.c" />