Merge remote-tracking branch 'origin/pr/2526' into mbedtls-2.16
* origin/pr/2526:
Update library version to 2.16.1
diff --git a/ChangeLog b/ChangeLog
index 66ecf97..f387690 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,28 @@
= mbed TLS 2.x.x branch released xxxx-xx-xx
+Bugfix
+ * Server's RSA certificate in certs.c was SHA-1 signed. In the default
+ mbedTLS configuration only SHA-2 signed certificates are accepted.
+ This certificate is used in the demo server programs, which lead the
+ client programs to fail at the peer's certificate verification
+ due to an unacceptable hash signature. The certificate has been
+ updated to one that is SHA-256 signed. Fix contributed by
+ Illya Gerasymchuk.
+ * Fix private key DER output in the key_app_writer example. File contents
+ were shifted by one byte, creating an invalid ASN.1 tag. Fixed by
+ Christian Walther in #2239.
+
+Changes
+ * Return from various debugging routines immediately if the
+ provided SSL context is unset.
+ * Remove dead code from bignum.c in the default configuration.
+ Found by Coverity, reported and fixed by Peter Kolbus (Garmin). Fixes #2309.
+ * Add test for minimal value of MBEDTLS_MPI_WINDOW_SIZE to all.sh.
+ Contributed by Peter Kolbus (Garmin).
+
+= mbed TLS 2.16.1 branch released 2019-03-19
+
Features
* Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites
from the default list (enabled by default). See
@@ -37,16 +59,6 @@
extensions in CSRs and CRTs that caused these bitstrings to not be encoded
correctly as trailing zeroes were not accounted for as unused bits in the
leading content octet. Fixes #1610.
- * Server's RSA certificate in certs.c was SHA-1 signed. In the default
- mbedTLS configuration only SHA-2 signed certificates are accepted.
- This certificate is used in the demo server programs, which lead the
- client programs to fail at the peer's certificate verification
- due to an unacceptable hash signature. The certificate has been
- updated to one that is SHA-256 signed. Fix contributed by
- Illya Gerasymchuk.
- * Fix private key DER output in the key_app_writer example. File contents
- were shifted by one byte, creating an invalid ASN.1 tag. Fixed by
- Christian Walther in #2239.
Changes
* Include configuration file in all header files that use configuration,
@@ -62,12 +74,6 @@
been disabled for lack of a sufficiently recent version of GnuTLS on the CI.
* Ciphersuites based on 3DES now have the lowest priority by default when
they are enabled.
- * Return from various debugging routines immediately if the
- provided SSL context is unset.
- * Remove dead code from bignum.c in the default configuration.
- Found by Coverity, reported and fixed by Peter Kolbus (Garmin). Fixes #2309.
- * Add test for minimal value of MBEDTLS_MPI_WINDOW_SIZE to all.sh.
- Contributed by Peter Kolbus (Garmin).
= mbed TLS 2.16.0 branch released 2018-12-21
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index ffc3cec..6345ddc 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -24,7 +24,7 @@
*/
/**
- * @mainpage mbed TLS v2.16.0 source code documentation
+ * @mainpage mbed TLS v2.16.1 source code documentation
*
* This documentation describes the internal structure of mbed TLS. It was
* automatically generated from specially formatted comment blocks in
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index 574db8d..d1c81d8 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -28,7 +28,7 @@
# identify the project. Note that if you do not use Doxywizard you need
# to put quotes around the project name if it contains spaces.
-PROJECT_NAME = "mbed TLS v2.16.0"
+PROJECT_NAME = "mbed TLS v2.16.1"
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
# This could be handy for archiving the generated documentation or
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index 56e7398..cc736e1 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -40,16 +40,16 @@
*/
#define MBEDTLS_VERSION_MAJOR 2
#define MBEDTLS_VERSION_MINOR 16
-#define MBEDTLS_VERSION_PATCH 0
+#define MBEDTLS_VERSION_PATCH 1
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x02100000
-#define MBEDTLS_VERSION_STRING "2.16.0"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.0"
+#define MBEDTLS_VERSION_NUMBER 0x02100100
+#define MBEDTLS_VERSION_STRING "2.16.1"
+#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.1"
#if defined(MBEDTLS_VERSION_C)
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index f3c8044..720c7fa 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -165,15 +165,15 @@
if(USE_SHARED_MBEDTLS_LIBRARY)
add_library(mbedcrypto SHARED ${src_crypto})
- set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.0 SOVERSION 3)
+ set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.1 SOVERSION 3)
target_link_libraries(mbedcrypto ${libs})
add_library(mbedx509 SHARED ${src_x509})
- set_target_properties(mbedx509 PROPERTIES VERSION 2.16.0 SOVERSION 0)
+ set_target_properties(mbedx509 PROPERTIES VERSION 2.16.1 SOVERSION 0)
target_link_libraries(mbedx509 ${libs} mbedcrypto)
add_library(mbedtls SHARED ${src_tls})
- set_target_properties(mbedtls PROPERTIES VERSION 2.16.0 SOVERSION 12)
+ set_target_properties(mbedtls PROPERTIES VERSION 2.16.1 SOVERSION 12)
target_link_libraries(mbedtls ${libs} mbedx509)
install(TARGETS mbedtls mbedx509 mbedcrypto
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 62bb782..40fc923 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
Check compiletime library version
-check_compiletime_version:"2.16.0"
+check_compiletime_version:"2.16.1"
Check runtime library version
-check_runtime_version:"2.16.0"
+check_runtime_version:"2.16.1"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0