Merge pull request #532 from sbutcher-arm/version-2.14.0

Bump Mbed TLS Version to 2.14.0

ChangeLog

@@ -1,19 +1,19 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
-= mbed TLS x.x.x branch released xxxx-xx-xx
+= mbed TLS 2.14.0 branch released 2018-11-19
 
 Security
    * Fix overly strict DN comparison when looking for CRLs belonging to a
-     particular CA. This previously lead to ignoring CRLs when the CRL's issuer
+     particular CA. This previously led to ignoring CRLs when the CRL's issuer
      name and the CA's subject name differed in their string encoding (e.g.,
      one using PrintableString and the other UTF8String) or in the choice of
      upper and lower case. Reported by Henrik Andersson of Bosch GmbH in issue
      #1784.
    * Fix a flawed bounds check in server PSK hint parsing. In case the
-     incoming message buffer was placed within the first 64KB of address
+     incoming message buffer was placed within the first 64KiB of address
      space and a PSK-(EC)DHE ciphersuite was used, this allowed an attacker
-     to trigger a memory access up to 64KB beyond the incoming message buffer,
+     to trigger a memory access up to 64KiB beyond the incoming message buffer,
-     potentially leading to application crash or information disclosure.
+     potentially leading to an application crash or information disclosure.
    * Fix mbedtls_mpi_is_prime() to use more rounds of probabilistic testing. The
      previous settings for the number of rounds made it practical for an
      adversary to construct non-primes that would be erroneously accepted as
@@ -28,11 +28,11 @@ Security
 
 Features
    * Add support for temporarily suspending expensive ECC computations after
-     some configurable amount of operations, to be used in single-threaded
+     some configurable amount of operations. This is intended to be used in
-     constrained systems where ECC is time consuming and blocking until
+     constrained, single-threaded systems where ECC is time consuming and can
-     completion cannot be tolerated. This is enabled by
+     block other operations until they complete. This is disabled by default,
-     MBEDTLS_ECP_RESTARTABLE at compile time (disabled by default) and
+     but can be enabled by MBEDTLS_ECP_RESTARTABLE at compile time and
-     configured by mbedtls_ecp_set_max_ops() at runtime. It applies to new
+     configured by mbedtls_ecp_set_max_ops() at runtime. It applies to the new
      xxx_restartable functions in ECP, ECDSA, PK and X.509 (CRL not supported
      yet), and to existing functions in ECDH and SSL (currently only
      implemented client-side, for ECDHE-ECDSA ciphersuites in TLS 1.2,
@@ -41,12 +41,11 @@ Features
      operations. On CPUs where the extensions are available, they can accelerate
      MPI multiplications used in ECC and RSA cryptography. Contributed by
      Aurelien Jarno.
-   * Extend RSASSA-PSS signature to allow slightly a smaller salt size.
+   * Extend RSASSA-PSS signature to allow a smaller salt size. Previously, PSS
-     Previously, PSS signature always used a salt with the same length as the
+     signature always used a salt with the same length as the hash, and returned
-     hash, and returned an error if this was not possible. Now the salt size
+     an error if this was not possible. Now the salt size may be up to two bytes
-     may be up to two bytes shorter. This allows the library to support all
+     shorter. This allows the library to support all hash and signature sizes
-     hash and signature sizes that comply with FIPS 186-4, including SHA-512
+     that comply with FIPS 186-4, including SHA-512 with a 1024-bit key.
-     with a 1024-bit key.
    * Add support for 128-bit keys in CTR_DRBG. Note that using keys shorter
      than 256 bits limits the security of generated material to 128 bits.
 

doxygen/input/doc_mainpage.h

@@ -24,7 +24,7 @@
  */
 
 /**
- * @mainpage mbed TLS v2.13.1 source code documentation
+ * @mainpage mbed TLS v2.14.0 source code documentation
  *
  * This documentation describes the internal structure of mbed TLS.  It was
  * automatically generated from specially formatted comment blocks in

doxygen/mbedtls.doxyfile

@@ -28,7 +28,7 @@ DOXYFILE_ENCODING      = UTF-8
 # identify the project. Note that if you do not use Doxywizard you need
 # to put quotes around the project name if it contains spaces.
 
-PROJECT_NAME           = "mbed TLS v2.13.1"
+PROJECT_NAME           = "mbed TLS v2.14.0"
 
 # The PROJECT_NUMBER tag can be used to enter a project or revision number.
 # This could be handy for archiving the generated documentation or

include/mbedtls/version.h

@@ -39,17 +39,17 @@
  * Major, Minor, Patchlevel
  */
 #define MBEDTLS_VERSION_MAJOR  2
-#define MBEDTLS_VERSION_MINOR  13
+#define MBEDTLS_VERSION_MINOR  14
-#define MBEDTLS_VERSION_PATCH  1
+#define MBEDTLS_VERSION_PATCH  0
 
 /**
  * The single version number has the following structure:
  *    MMNNPP00
  *    Major version | Minor version | Patch version
  */
-#define MBEDTLS_VERSION_NUMBER         0x020D0100
+#define MBEDTLS_VERSION_NUMBER         0x020E0000
-#define MBEDTLS_VERSION_STRING         "2.13.1"
+#define MBEDTLS_VERSION_STRING         "2.14.0"
-#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.13.1"
+#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.14.0"
 
 #if defined(MBEDTLS_VERSION_C)
 

library/CMakeLists.txt

@@ -159,15 +159,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
 
 if(USE_SHARED_MBEDTLS_LIBRARY)
     add_library(mbedcrypto SHARED ${src_crypto})
-    set_target_properties(mbedcrypto PROPERTIES VERSION 2.13.1 SOVERSION 3)
+    set_target_properties(mbedcrypto PROPERTIES VERSION 2.14.0 SOVERSION 3)
     target_link_libraries(mbedcrypto ${libs})
 
     add_library(mbedx509 SHARED ${src_x509})
-    set_target_properties(mbedx509 PROPERTIES VERSION 2.13.1 SOVERSION 0)
+    set_target_properties(mbedx509 PROPERTIES VERSION 2.14.0 SOVERSION 0)
     target_link_libraries(mbedx509 ${libs} mbedcrypto)
 
     add_library(mbedtls SHARED ${src_tls})
-    set_target_properties(mbedtls PROPERTIES VERSION 2.13.1 SOVERSION 12)
+    set_target_properties(mbedtls PROPERTIES VERSION 2.14.0 SOVERSION 12)
     target_link_libraries(mbedtls ${libs} mbedx509)
 
     install(TARGETS mbedtls mbedx509 mbedcrypto

tests/suites/test_suite_version.data

@@ -1,8 +1,8 @@
 Check compiletime library version
-check_compiletime_version:"2.13.1"
+check_compiletime_version:"2.14.0"
 
 Check runtime library version
-check_runtime_version:"2.13.1"
+check_runtime_version:"2.14.0"
 
 Check for MBEDTLS_VERSION_C
 check_feature:"MBEDTLS_VERSION_C":0