Merge remote-tracking branch 'public/pr/1797' into mbedtls-2.7
diff --git a/ChangeLog b/ChangeLog
index 6cecd5b..3fcf745 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,19 @@
= mbed TLS 2.7.x branch released xxxx-xx-xx
Bugfix
+ * Run the AD too long test only if MBEDTLS_CCM_ALT is not defined.
+ Raised as a comment in #1996.
+ * Fix returning the value 1 when mbedtls_ecdsa_genkey failed.
+ * Remove a duplicate #include in a sample program. Fixed by Masashi Honma #2326.
+
+Changes
+ * Include configuration file in all header files that use configuration,
+ instead of relying on other header files that they include.
+ Inserted as an enhancement for #1371
+
+= mbed TLS 2.7.9 branch released 2018-12-21
+
+Bugfix
* Fix for Clang, which was reporting a warning for the bignum.c inline
assembly for AMD64 targets creating string literals greater than those
permitted by the ISO C99 standard. Found by Aaron Jones. Fixes #482.
@@ -15,11 +28,8 @@
* Add explicit integer to enumeration type casts to example program
programs/pkey/gen_key which previously led to compilation failure
on some toolchains. Reported by phoenixmcallister. Fixes #2170.
-
-Changes
- * Include configuration file in all header files that use configuration,
- instead of relying on other header files that they include.
- Inserted as an enhancement for #1371
+ * Clarify documentation of mbedtls_ssl_set_own_cert() regarding the absence
+ of check for certificate/key matching. Reported by Attila Molnar, #507.
= mbed TLS 2.7.8 branch released 2018-11-30
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index bd125df..0038615 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -24,7 +24,7 @@
*/
/**
- * @mainpage mbed TLS v2.7.8 source code documentation
+ * @mainpage mbed TLS v2.7.9 source code documentation
*
* This documentation describes the internal structure of mbed TLS. It was
* automatically generated from specially formatted comment blocks in
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index 61ca2d1..54e4463 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -28,7 +28,7 @@
# identify the project. Note that if you do not use Doxywizard you need
# to put quotes around the project name if it contains spaces.
-PROJECT_NAME = "mbed TLS v2.7.8"
+PROJECT_NAME = "mbed TLS v2.7.9"
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
# This could be handy for archiving the generated documentation or
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index db8b85f..5593a52 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1618,6 +1618,14 @@
* whether it matches those preferences - the server can then
* decide what it wants to do with it.
*
+ * \note The provided \p pk_key needs to match the public key in the
+ * first certificate in \p own_cert, or all handshakes using
+ * that certificate will fail. It is your responsibility
+ * to ensure that; this function will not perform any check.
+ * You may use mbedtls_pk_check_pair() in order to perform
+ * this check yourself, but be aware that this function can
+ * be computationally expensive on some key types.
+ *
* \param conf SSL configuration
* \param own_cert own public certificate chain
* \param pk_key own private key
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index d54d56f..36feff0 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -40,16 +40,16 @@
*/
#define MBEDTLS_VERSION_MAJOR 2
#define MBEDTLS_VERSION_MINOR 7
-#define MBEDTLS_VERSION_PATCH 8
+#define MBEDTLS_VERSION_PATCH 9
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x02070800
-#define MBEDTLS_VERSION_STRING "2.7.8"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.7.8"
+#define MBEDTLS_VERSION_NUMBER 0x02070900
+#define MBEDTLS_VERSION_STRING "2.7.9"
+#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.7.9"
#if defined(MBEDTLS_VERSION_C)
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index aeb5bd8..59df958 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -141,15 +141,15 @@
if(USE_SHARED_MBEDTLS_LIBRARY)
add_library(mbedcrypto SHARED ${src_crypto})
- set_target_properties(mbedcrypto PROPERTIES VERSION 2.7.8 SOVERSION 2)
+ set_target_properties(mbedcrypto PROPERTIES VERSION 2.7.9 SOVERSION 2)
target_link_libraries(mbedcrypto ${libs})
add_library(mbedx509 SHARED ${src_x509})
- set_target_properties(mbedx509 PROPERTIES VERSION 2.7.8 SOVERSION 0)
+ set_target_properties(mbedx509 PROPERTIES VERSION 2.7.9 SOVERSION 0)
target_link_libraries(mbedx509 ${libs} mbedcrypto)
add_library(mbedtls SHARED ${src_tls})
- set_target_properties(mbedtls PROPERTIES VERSION 2.7.8 SOVERSION 10)
+ set_target_properties(mbedtls PROPERTIES VERSION 2.7.9 SOVERSION 10)
target_link_libraries(mbedtls ${libs} mbedx509)
install(TARGETS mbedtls mbedx509 mbedcrypto
diff --git a/library/ecdsa.c b/library/ecdsa.c
index 17a88bd..ab75620 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -420,8 +420,13 @@
int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
- return( mbedtls_ecp_group_load( &ctx->grp, gid ) ||
- mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) );
+ int ret = 0;
+ ret = mbedtls_ecp_group_load( &ctx->grp, gid );
+ if( ret != 0 )
+ return( ret );
+
+ return( mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d,
+ &ctx->Q, f_rng, p_rng ) );
}
#endif /* MBEDTLS_ECDSA_GENKEY_ALT */
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index b0b0f7e..e1c8ef6 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -54,7 +54,6 @@
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/md.h"
#include "mbedtls/rsa.h"
-#include "mbedtls/md.h"
#include "mbedtls/x509.h"
#include <stdio.h>
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index eef41c7..755c3ea 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -144,6 +144,7 @@
if( *out_stream == NULL )
{
+ close( stdout_fd );
return -1;
}
diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data
index 90ba42d..65dc382 100644
--- a/tests/suites/test_suite_ccm.data
+++ b/tests/suites/test_suite_ccm.data
@@ -36,6 +36,7 @@
ccm_lengths:5:10:5:7:MBEDTLS_ERR_CCM_BAD_INPUT
CCM lenghts #7 AD too long (2^16 - 2^8 + 1)
+depends_on:!MBEDTLS_CCM_ALT
ccm_lengths:5:10:65281:8:MBEDTLS_ERR_CCM_BAD_INPUT
CCM lengths #8 msg too long for this IV length (2^16, q = 2)
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 3dee1fe..eafceb3 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
Check compiletime library version
-check_compiletime_version:"2.7.8"
+check_compiletime_version:"2.7.9"
Check runtime library version
-check_runtime_version:"2.7.8"
+check_runtime_version:"2.7.9"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0