Merge remote-tracking branch 'origin/pr/2807' into development

* origin/pr/2807:
  platform: Include stdarg.h where needed
  Update Mbed Crypto to contain mbed-crypto#152
  CMake: Add a subdirectory build regression test
  README: Enable builds as a CMake subproject
  ChangeLog: Enable builds as a CMake subproject
  Remove use of CMAKE_SOURCE_DIR
  Update library version to 2.18.0

ChangeLog

@@ -2,6 +2,93 @@ mbed TLS ChangeLog (Sorted per branch, date)
 
 = mbed TLS x.x.x branch released xxxx-xx-xx
 
+Features
+   * Add new API functions mbedtls_ssl_session_save() and
+     mbedtls_ssl_session_load() to allow serializing a session, for example to
+     store it in non-volatile storage, and later using it for TLS session
+     resumption.
+   * Add a new API function mbedtls_ssl_check_record() to allow checking that
+     an incoming record is valid, authentic and has not been seen before. This
+     feature can be used alongside Connection ID and SSL context serialisation.
+     The feature is enabled at compile-time by MBEDTLS_SSL_RECORD_CHECKING
+     option.
+
+API Changes
+   * Add DER-encoded test CRTs to library/certs.c, allowing
+     the example programs ssl_server2 and ssl_client2 to be run
+     if MBEDTLS_FS_IO and MBEDTLS_PEM_PARSE_C are unset. Fixes #2254.
+   * The HAVEGE state type now uses uint32_t elements instead of int.
+
+Bugfix
+   * Fix missing bounds checks in X.509 parsing functions that could
+     lead to successful parsing of ill-formed X.509 CRTs. Fixes #2437.
+   * Fix multiple X.509 functions previously returning ASN.1 low-level error
+     codes to always wrap these codes into X.509 high level error codes before
+     returning. Fixes #2431.
+   * Fix to allow building test suites with any warning that detects unused
+     functions. Fixes #1628.
+   * Fix typo in net_would_block(). Fixes #528 reported by github-monoculture.
+   * Remove redundant include file in timing.c. Fixes #2640 reported by irwir.
+   * Fix build failure when building with mingw on Windows by including
+     stdarg.h where needed. Fixes #2656.
+   * Fix Visual Studio Release x64 build configuration by inheriting
+     PlatformToolset from the project configuration. Fixes #1430 reported by
+     irwir.
+   * Enable Suite B with subset of ECP curves. Make sure the code compiles even
+     if some curves are not defined. Fixes #1591 reported by dbedev.
+   * Fix misuse of signed arithmetic in the HAVEGE module. #2598
+   * Avoid use of statically sized stack buffers for certificate writing.
+     This previously limited the maximum size of DER encoded certificates
+     in mbedtls_x509write_crt_der() to 2Kb. Reported by soccerGB in #2631.
+   * Fix partial zeroing in x509_get_other_name. Found and fixed by ekse, #2716.
+   * Update test certificates that were about to expire. Reported by
+     Bernhard M. Wiedemann in #2357.
+   * Fix the build on ARMv5TE in ARM mode to not use assembly instructions
+     that are only available in Thumb mode. Fix contributed by Aurelien Jarno
+     in #2169.
+   * Fix propagation of restart contexts in restartable EC operations.
+     This could previously lead to segmentation faults in builds using an
+     address-sanitizer and enabling but not using MBEDTLS_ECP_RESTARTABLE.
+
+Changes
+   * Replace multiple uses of MD2 by SHA-256 in X.509 test suite. Fixes #821.
+   * Make it easier to define MBEDTLS_PARAM_FAILED as assert (which config.h
+     suggests). #2671
+   * Make `make clean` clean all programs always. Fixes #1862.
+   * Add a Dockerfile and helper scripts (all-in-docker.sh, basic-in-docker.sh,
+     docker-env.sh) to simplify running test suites on a Linux host. Contributed
+     by Peter Kolbus (Garmin).
+   * Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
+     Ashley Duncan in #2609.
+   * Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
+     test runs without variability. Contributed by Philippe Antoine (Catena
+     cyber) in #2681.
+   * Extended .gitignore to ignore Visual Studio artifacts. Fixed by ConfusedSushi.
+   * Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
+     Ashley Duncan in #2609.
+   * Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
+     test runs without variability. Contributed by Philippe Antoine (Catena
+     cyber) in #2681.
+   * Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
+     Ashley Duncan in #2609.
+   * Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
+     test runs without variability. Contributed by Philippe Antoine (Catena
+     cyber) in #2681.
+   * Adds fuzz targets, especially for continuous fuzzing with OSS-Fuzz.
+     Contributed by Philippe Antoine (Catena cyber).
+
+= mbed TLS 2.18.1 branch released 2019-07-12
+
+Bugfix
+   * Fix build failure when building with mingw on Windows by including
+     stdarg.h where needed. Fixes #2656.
+
+Changes
+   * Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
+     Ashley Duncan in #2609.
+
+= mbed TLS 2.18.0 branch released 2019-06-11
+
 Features
    * Add the Any Policy certificate policy oid, as defined in
      rfc 5280 section 4.2.1.4.
@@ -31,24 +118,11 @@ Features
      changed its IP or port. The feature is enabled at compile-time by setting
      MBEDTLS_SSL_DTLS_CONNECTION_ID (disabled by default), and at run-time
      through the new APIs mbedtls_ssl_conf_cid() and mbedtls_ssl_set_cid().
-   * Add new API functions mbedtls_ssl_session_save() and
-     mbedtls_ssl_session_load() to allow serializing a session, for example to
-     store it in non-volatile storage, and later using it for TLS session
-     resumption.
-   * Add a new API function mbedtls_ssl_check_record() to allow checking that
-     an incoming record is valid, authentic and has not been seen before. This
-     feature can be used alongside Connection ID and SSL context serialisation.
-     The feature is enabled at compile-time by MBEDTLS_SSL_RECORD_CHECKING
-     option.
 
 API Changes
    * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes,
      and the used tls-prf.
    * Add public API for tls-prf function, according to requested enum.
-   * Add DER-encoded test CRTs to library/certs.c, allowing
-     the example programs ssl_server2 and ssl_client2 to be run
-     if MBEDTLS_FS_IO and MBEDTLS_PEM_PARSE_C are unset. Fixes #2254.
-   * The HAVEGE state type now uses uint32_t elements instead of int.
 
 Bugfix
    * Fix private key DER output in the key_app_writer example. File contents
@@ -76,35 +150,7 @@ Bugfix
    * Set the next sequence of the subject_alt_name to NULL when deleting
      sequence on failure. Found and fix suggested by Philippe Antoine.
      Credit to OSS-Fuzz.
-   * Fix missing bounds checks in X.509 parsing functions that could
+
-     lead to successful parsing of ill-formed X.509 CRTs. Fixes #2437.
-   * Fix multiple X.509 functions previously returning ASN.1 low-level error
-     codes to always wrap these codes into X.509 high level error codes before
-     returning. Fixes #2431.
-   * Fix to allow building test suites with any warning that detects unused
-     functions. Fixes #1628.
-   * Fix typo in net_would_block(). Fixes #528 reported by github-monoculture.
-   * Remove redundant include file in timing.c. Fixes #2640 reported by irwir.
-   * Fix build failure when building with mingw on Windows by including
-     stdarg.h where needed. Fixes #2656.
-   * Fix Visual Studio Release x64 build configuration by inheriting
-     PlatformToolset from the project configuration. Fixes #1430 reported by
-     irwir.
-   * Enable Suite B with subset of ECP curves. Make sure the code compiles even
-     if some curves are not defined. Fixes #1591 reported by dbedev.
-   * Fix misuse of signed arithmetic in the HAVEGE module. #2598
-   * Avoid use of statically sized stack buffers for certificate writing.
-     This previously limited the maximum size of DER encoded certificates
-     in mbedtls_x509write_crt_der() to 2Kb. Reported by soccerGB in #2631.
-   * Fix partial zeroing in x509_get_other_name. Found and fixed by ekse, #2716.
-   * Update test certificates that were about to expire. Reported by
-     Bernhard M. Wiedemann in #2357.
-   * Fix the build on ARMv5TE in ARM mode to not use assembly instructions
-     that are only available in Thumb mode. Fix contributed by Aurelien Jarno
-     in #2169.
-   * Fix propagation of restart contexts in restartable EC operations.
-     This could previously lead to segmentation faults in builds using an
-     address-sanitizer and enabling but not using MBEDTLS_ECP_RESTARTABLE.
 Changes
    * Server's RSA certificate in certs.c was SHA-1 signed. In the default
      mbedTLS configuration only SHA-2 signed certificates are accepted.
@@ -121,31 +167,6 @@ Changes
      Contributed by Peter Kolbus (Garmin).
    * Change wording in the `mbedtls_ssl_conf_max_frag_len()`'s documentation to
      improve clarity. Fixes #2258.
-   * Replace multiple uses of MD2 by SHA-256 in X.509 test suite. Fixes #821.
-   * Make it easier to define MBEDTLS_PARAM_FAILED as assert (which config.h
-     suggests). #2671
-   * Make `make clean` clean all programs always. Fixes #1862.
-   * Add a Dockerfile and helper scripts (all-in-docker.sh, basic-in-docker.sh,
-     docker-env.sh) to simplify running test suites on a Linux host. Contributed
-     by Peter Kolbus (Garmin).
-   * Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
-     Ashley Duncan in #2609.
-   * Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
-     test runs without variability. Contributed by Philippe Antoine (Catena
-     cyber) in #2681.
-   * Extended .gitignore to ignore Visual Studio artifacts. Fixed by ConfusedSushi.
-   * Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
-     Ashley Duncan in #2609.
-   * Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
-     test runs without variability. Contributed by Philippe Antoine (Catena
-     cyber) in #2681.
-   * Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
-     Ashley Duncan in #2609.
-   * Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
-     test runs without variability. Contributed by Philippe Antoine (Catena
-     cyber) in #2681.
-   * Adds fuzz targets, especially for continuous fuzzing with OSS-Fuzz.
-     Contributed by Philippe Antoine (Catena cyber).
 
 = mbed TLS 2.17.0 branch released 2019-03-19
 

doxygen/input/doc_mainpage.h

@@ -24,7 +24,7 @@
  */
 
 /**
- * @mainpage mbed TLS v2.17.0 source code documentation
+ * @mainpage mbed TLS v2.18.0 source code documentation
  *
  * This documentation describes the internal structure of mbed TLS.  It was
  * automatically generated from specially formatted comment blocks in

doxygen/mbedtls.doxyfile

@@ -28,7 +28,7 @@ DOXYFILE_ENCODING      = UTF-8
 # identify the project. Note that if you do not use Doxywizard you need
 # to put quotes around the project name if it contains spaces.
 
-PROJECT_NAME           = "mbed TLS v2.17.0"
+PROJECT_NAME           = "mbed TLS v2.18.0"
 
 # The PROJECT_NUMBER tag can be used to enter a project or revision number.
 # This could be handy for archiving the generated documentation or

include/mbedtls/version.h

@@ -39,7 +39,7 @@
  * Major, Minor, Patchlevel
  */
 #define MBEDTLS_VERSION_MAJOR  2
-#define MBEDTLS_VERSION_MINOR  17
+#define MBEDTLS_VERSION_MINOR  18
 #define MBEDTLS_VERSION_PATCH  0
 
 /**
@@ -47,9 +47,9 @@
  *    MMNNPP00
  *    Major version | Minor version | Patch version
  */
-#define MBEDTLS_VERSION_NUMBER         0x02110000
+#define MBEDTLS_VERSION_NUMBER         0x02120000
-#define MBEDTLS_VERSION_STRING         "2.17.0"
+#define MBEDTLS_VERSION_STRING         "2.18.0"
-#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.17.0"
+#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.18.0"
 
 #if defined(MBEDTLS_VERSION_C)
 

library/CMakeLists.txt

@@ -172,14 +172,14 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
 if(USE_SHARED_MBEDTLS_LIBRARY)
 
     add_library(mbedx509 SHARED ${src_x509})
-    set_target_properties(mbedx509 PROPERTIES VERSION 2.17.0 SOVERSION 0)
+    set_target_properties(mbedx509 PROPERTIES VERSION 2.18.0 SOVERSION 1)
     target_link_libraries(mbedx509 ${libs} mbedcrypto)
     target_include_directories(mbedx509
         PUBLIC ${MBEDTLS_DIR}/include/
         PUBLIC ${MBEDTLS_DIR}/crypto/include/)
 
     add_library(mbedtls SHARED ${src_tls})
-    set_target_properties(mbedtls PROPERTIES VERSION 2.17.0 SOVERSION 12)
+    set_target_properties(mbedtls PROPERTIES VERSION 2.18.0 SOVERSION 13)
     target_link_libraries(mbedtls ${libs} mbedx509)
     target_include_directories(mbedtls
         PUBLIC ${MBEDTLS_DIR}/include/

library/Makefile

@@ -35,8 +35,8 @@ LOCAL_CFLAGS += -fPIC -fpic
 endif
 endif
 
-SOEXT_TLS=so.12
+SOEXT_TLS=so.13
-SOEXT_X509=so.0
+SOEXT_X509=so.1
 SOEXT_CRYPTO=so.3
 
 # Set AR_DASH= (empty string) to use an ar implementation that does not accept

tests/suites/test_suite_version.data

@@ -1,8 +1,8 @@
 Check compiletime library version
-check_compiletime_version:"2.17.0"
+check_compiletime_version:"2.18.0"
 
 Check runtime library version
-check_runtime_version:"2.17.0"
+check_runtime_version:"2.18.0"
 
 Check for MBEDTLS_VERSION_C
 check_feature:"MBEDTLS_VERSION_C":0