Revisions of mbedtls
Martin Pluskal (pluskalm)
committed
(revision 50)
- Update baselibs.conf
Martin Pluskal (pluskalm)
accepted
request 1164274
from
Guillaume GARDET (Guillaume_G)
(revision 49)
- Update to version 3.6.0 (new LTS)
Martin Pluskal (pluskalm)
committed
(revision 48)
- Update to version 3.5.2: * Update BRANCHES.md * Bump version * Assemble Changelog * Update Marvin fix Changelog entry * Add warning for PKCS 1.5 decryption * Fix typo * RSA: improve readability * RSA: remove unneeded temporaries * RSA: document Montgomery trick in unblind * Fix style * Make local function static * Add Changelog for the Marvin attack fix * Extend blinding to RSA result check * Make RSA unblinding constant flow * Add Changelog for #8687 * Add required dependency to the testcase * Remove unneeded testcase * Update test-data to use SIZE_MAX * Add missing newline at the end of test_suite_x509write.data * Update fix to be more platform-independent * Fix Issue #8687 * Add tests for Issue #8687 - Resolves CVE-2024-23170 boo#1219336
Martin Pluskal (pluskalm)
accepted
request 1140884
from
Lubos Kocman (lkocman)
(revision 47)
- Mbed TLS is now released under a dual Apache-2.0 OR GPL-2.0-or-later * legalreview already raised this
Martin Pluskal (pluskalm)
committed
(revision 46)
- Update to version 3.5.1: * Add docs re Everest license * Update Changelog with bugfix entry * Update BRANCHES * Bump version * Fix typos in changelog * Fix 3rdparty target names for custom config * assemble Changelog * README improvements to 3rdparty section * Update license for p256-m * Add Changelog for license * Update documentation * Fix some non-standard headers * Header updates
Martin Pluskal (pluskalm)
committed
(revision 45)
Martin Pluskal (pluskalm)
committed
(revision 44)
- Update to version 3.5.0 (resolves bsc#1216078 CVE-2023-45199 and bsc#1216076 CVE-2023-43615): * Updated BRANCHES.MD * Re-assemble changelog to add missing item, plus a couple of typo fixes. * Bump library so-crypto, so-x509, so-tls versions. * Ignore tests of built-in interfaces for driver-only testing parity * Renaming all MBEDTLS_HAVE for curves to MBEDTLS_ECP_HAVE * Auto-generated files for v3.5.0 * ChangeLog: Set release date * Prepare ChangeLog for 3.5.0 release * Bump version to 3.5.0 * check-generated-files: Added psa_crypto_driver_wrappers_no_static.c file * Changelog: Added entry for psa_crypto_driver_wrappers rename * Remove leftover local debug line * ChangeLog: Added .txt extension to log entries. * Avoid compiler warning about size comparison * Improve some debug messages and error codes * In TLS 1.2, only servers are affected * Changelog entry for xxdh_psa_peerkey size validation * Improve robustness of ECDH public key length validation * Fix buffer overflow in TLS 1.2 ClientKeyExchange parsing * Fix buffer overflow in TLS 1.3 ECDH public key parsing * Add custom config logic to 3rdparty modules * CMake: fix build with 3rdparty module enabled through a custom config * Changelog entry for #7298 * Fix ChangeLog entry for FFDH in PSA * Undo not-needed change * Remove redundant code * Assume get_num_ops cannot fail * Always call get_num_ops * Add MBEDTLS_TARGET_PREFIX to 3rdparty CMake
Martin Pluskal (pluskalm)
accepted
request 1102713
from
Paolo Stivanin (polslinux)
(revision 43)
- Update to version 3.4.1: * Update more test dependencies when using test-ca.key * Update test dependencies when using test-ca.key * Add _build/ and api/ to gitignore * Clean the breathe-apidoc files with make clean * Revert "Add exemption for make.bat in checks for tabs" * Remove make.bat for documentation * Improve docs Makefile to do full build * Improve positioning of GENERATE_XML option * Remove Exhale from requirements and regenerate * Add exemption for make.bat in checks for tabs * Ignore mbedtls macros causing warnings * Add configuration for Read The Docs * Add initial API doc configuration * Tell Doxygen to generate XML * Add space to appease doxygen bug * Announce a release for Friday * Prepare changelog for release * Bump version to 3.4.1 * Write changelog entry for the test data update * Update failing unit tests to use the moved data files * Copy test certificates files from development * Add changelog entry * Support compilation using CLang on Windows
Martin Pluskal (pluskalm)
accepted
request 1089650
from
Arjen de Korte (adkorte)
(revision 42)
- Remove obsolete CMake options as these are not used in 3.0+ (USE_PKCS11_HELPER_LIBRARY, ENABLE_ZLIB_SUPPORT) - Enable MBEDTLS_THREADING_C and MBEDTLS_THREADING_PTHREAD (boo#1211810) + mbedtls-enable-pthread.patch - Parallel execution of ctest works just fine (no need to limit to one job)
Martin Pluskal (pluskalm)
accepted
request 1085353
from
Mariusz Fik (Fisiu)
(revision 41)
- Enable THREADING with PTHREAD.
Martin Pluskal (pluskalm)
committed
(revision 40)
Martin Pluskal (pluskalm)
committed
(revision 39)
- Update to version 3.4.0: * psa_util: fix for correctly computing elements in array * Add generated files * Update BRANCHES.md * Bump library, libcrypto and libx509 versions * Assemble Changelog for 3.4.0 release * Add security entry to ChangeLog for AES-NI * Add security entry to ChangeLog for AES-CE * Add TLS1.2 Opaque ECJPAKE changelog entry - Switch to scm service
Martin Pluskal (pluskalm)
committed
(revision 38)
- Build AVX2 enabled hwcaps library for x86_64-v3
Martin Pluskal (pluskalm)
accepted
request 1044072
from
Alexander Bergmann (abergmann)
(revision 37)
- Update to 2.28.2: (bsc#1206576, CVE-2022-46393) Security: * Fix potential heap buffer overread and overwrite in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX. old: security:tls/mbedtls new: home:abergmann:branches:security:tls/mbedtls rev None Index: mbedtls.changes =================================================================== --- mbedtls.changes (revision 36) +++ mbedtls.changes (revision 2) @@ -1,4 +1,75 @@ ------------------------------------------------------------------- +Wed Dec 21 11:10:10 UTC 2022 - Alexander Bergmann <abergmann@suse.com> + +- Update to 2.28.2: (bsc#1206576, CVE-2022-46393) + + Security: + * Fix potential heap buffer overread and overwrite in DTLS if + MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and + MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX. + * An adversary with access to precise enough information about memory + accesses (typically, an untrusted operating system attacking a secure + enclave) could recover an RSA private key after observing the victim + performing a single private-key operation if the window size used for the + exponentiation was 3 or smaller. Found and reported by Zili KOU, + Wenjian HE, Sharad Sinha, and Wei ZHANG. See "Cache Side-channel Attacks + and Defenses of the Sliding Window Algorithm in TEEs" - Design, Automation + and Test in Europe 2023. + + Bugfix: + * Fix a long-standing build failure when building x86 PIC code with old + gcc (4.x). The code will be slower, but will compile. We do however + recommend upgrading to a more recent compiler instead. Fixes #1910. + * Fix support for little-endian Microblaze when MBEDTLS_HAVE_ASM is defined. + Contributed by Kazuyuki Kimura to fix #2020. + * Use double quotes to include private header file psa_crypto_cipher.h. + Fixes 'file not found with include' error when building with Xcode. + * Fix handling of broken symlinks when loading certificates using + mbedtls_x509_crt_parse_path(). Instead of returning an error as soon as a + broken link is encountered, skip the broken link and continue parsing + other certificate files. Contributed by Eduardo Silva in #2602. + * Fix a compilation error when using CMake with an IAR toolchain. + Fixes #5964. + * Fix bugs and missing dependencies when building and testing + configurations with only one encryption type enabled in TLS 1.2. + * Provide the missing definition of mbedtls_setbuf() in some configurations + with MBEDTLS_PLATFORM_C disabled. Fixes #6118, #6196. + * Fix compilation errors when trying to build with + PSA drivers for AEAD (GCM, CCM, Chacha20-Poly1305). + * Fix memory leak in ssl_parse_certificate_request() caused by + mbedtls_x509_get_name() not freeing allocated objects in case of error. + Change mbedtls_x509_get_name() to clean up allocated objects on error. + * Fix checks on PK in check_config.h for builds with PSA and RSA. This does + not change which builds actually work, only moving a link-time error to + an early check. + * Fix ECDSA verification, where it was not always validating the + public key. This bug meant that it was possible to verify a + signature with an invalid public key, in some cases. Reported by + Guido Vranken using Cryptofuzz in #4420. + * Fix a possible null pointer dereference if a memory allocation fails + in TLS PRF code. Reported by Michael Madsen in #6516. + * Fix a bug in which mbedtls_x509_crt_info() would produce non-printable + bytes when parsing certificates containing a binary RFC 4108 + HardwareModuleName as a Subject Alternative Name extension. Hardware + serial numbers are now rendered in hex format. Fixes #6262. + * Fix bug in error reporting in dh_genprime.c where upon failure, + the error code returned by mbedtls_mpi_write_file() is overwritten + and therefore not printed. + * In the bignum module, operations of the form (-A) - (+A) or (-A) - (-A) + with A > 0 created an unintended representation of the value 0 which was + not processed correctly by some bignum operations. Fix this. This had no + consequence on cryptography code, but might affect applications that call + bignum directly and use negative numbers. + * Fix undefined behavior (typically harmless in practice) of + mbedtls_mpi_add_mpi(), mbedtls_mpi_add_abs() and mbedtls_mpi_add_int() + when both operands are 0 and the left operand is represented with 0 limbs. + * Fix undefined behavior (typically harmless in practice) when some bignum + functions receive the most negative value of mbedtls_mpi_sint. Credit + to OSS-Fuzz. Fixes #6597. + * Fix undefined behavior (typically harmless in practice) in PSA ECB + encryption and decryption. + +------------------------------------------------------------------- Fri Nov 4 16:53:36 UTC 2022 - Mia Herkt <mia@0x0.st> - Update to 2.28.1: (CVE-2022-35409) Index: mbedtls.spec =================================================================== --- mbedtls.spec (revision 36) +++ mbedtls.spec (revision 2) @@ -20,7 +20,7 @@ %define lib_crypto libmbedcrypto7 %define lib_x509 libmbedx509-1 Name: mbedtls -Version: 2.28.1 +Version: 2.28.2 Release: 0 Summary: Libraries for crypto and SSL/TLS protocols License: Apache-2.0 Index: mbedtls-2.28.2.tar.gz =================================================================== Binary file mbedtls-2.28.2.tar.gz (revision 2) added Index: mbedtls-2.28.1.tar.gz =================================================================== Binary file mbedtls-2.28.1.tar.gz (revision 36) deleted
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 1033587
from
Mia Herkt (mia)
(revision 36)
- Update to 2.28.1: (CVE-2022-35409) Default behavior changes * mbedtls_cipher_set_iv will now fail with ChaCha20 and ChaCha20+Poly1305 for IV lengths other than 12. The library was silently overwriting this length with 12, but did not inform the caller about it. gh#Mbed-TLS/mbedtls#4301 Features * When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you may list the PSA crypto feature requirements in the file named by the new macro MBEDTLS_PSA_CRYPTO_CONFIG_FILE instead of the default psa/crypto_config.h. Furthermore you may name an additional file to include after the main file with the macro MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE. Security * Zeroize dynamically-allocated buffers used by the PSA Crypto key storage module before freeing them. These buffers contain secret key material, and could thus potentially leak the key through freed heap. * Fix a potential heap buffer overread in TLS 1.2 server-side when MBEDTLS_USE_PSA_CRYPTO is enabled, an opaque key (created with mbedtls_pk_setup_opaque()) is provisioned, and a static ECDH ciphersuite is selected. This may result in an application crash or potentially an information leak. * Fix a buffer overread in DTLS ClientHello parsing in servers with MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled. An unauthenticated client or a man-in-the-middle could cause a DTLS server to read up to 255 bytes after the end of the SSL input buffer. The buffer overread only happens when MBEDTLS_SSL_IN_CONTENT_LEN is less than a threshold that depends on the exact configuration: 258 bytes if using mbedtls_ssl_cookie_check(), and possibly up to 571 bytes with a custom cookie check function. Reported by the Cybeats PSI Team. Bugfix * Fix a memory leak if mbedtls_ssl_config_defaults() is called twice. * Fix several bugs (warnings, compiler and linker errors, test failures) in reduced configurations when MBEDTLS_USE_PSA_CRYPTO is enabled. * Fix a bug in (D)TLS curve negotiation: when MBEDTLS_USE_PSA_CRYPTO was enabled and an ECDHE-ECDSA or ECDHE-RSA key exchange was used, the client would fail to check that the curve selected by the server for ECDHE was indeed one that was offered. As a result, the client would accept any curve that it supported, even if that curve was not allowed according to its configuration. gh#Mbed-TLS/mbedtls#5291 * Fix unit tests that used 0 as the file UID. This failed on some implementations of PSA ITS. gh#Mbed-TLS/mbedtls#3838 * Fix API violation in mbedtls_md_process() test by adding a call to mbedtls_md_starts(). gh#Mbed-TLS/mbedtls#2227 * Fix compile errors when MBEDTLS_HAVE_TIME is not defined. Add tests to catch bad uses of time.h. * Fix bug in the alert sending function mbedtls_ssl_send_alert_message() potentially leading to corrupted alert messages being sent in case the function needs to be re-called after initially returning MBEDTLS_SSL_WANT_WRITE. gh#Mbed-TLS/mbedtls#1916 * In configurations with MBEDTLS_SSL_DTLS_CONNECTION_ID enabled but none of MBEDTLS_SSL_HW_RECORD_ACCEL, MBEDTLS_SSL_EXPORT_KEYS or MBEDTLS_DEBUG_C, DTLS handshakes using CID would crash due to a null pointer dereference. Fix this. gh#Mbed-TLS/mbedtls#3998 * Fix incorrect documentation of mbedtls_x509_crt_profile. The previous documentation stated that the allowed_pks field applies to signatures only, but in fact it does apply to the public key type of the end entity certificate, too. gh#Mbed-TLS/mbedtls#1992 * Fix PSA cipher multipart operations using ARC4. Previously, an IV was required but discarded. Now, an IV is rejected, as it should be. * Fix undefined behavior in mbedtls_asn1_find_named_data(), where val is not NULL and val_len is zero. psa_raw_key_agreement() now returns PSA_ERROR_BUFFER_TOO_SMALL when applicable. gh#Mbed-TLS/mbedtls#5735 * Fix a bug in the x25519 example program where the removal of MBEDTLS_ECDH_LEGACY_CONTEXT caused the program not to run. gh#Mbed-TLS/mbedtls#4901 gh#Mbed-TLS/mbedtls#3191 * Encode X.509 dates before 1/1/2000 as UTCTime rather than GeneralizedTime. gh#Mbed-TLS/mbedtls#5465 * Fix order value of curve x448. * Fix string representation of DNs when outputting values containing commas and other special characters, conforming to RFC 1779. gh#Mbed-TLS/mbedtls#769 * Silence a warning from GCC 12 in the selftest program. gh#Mbed-TLS/mbedtls#5974 * Fix mbedtls_asn1_write_mpi() writing an incorrect encoding of 0. * Fix resource leaks in mbedtls_pk_parse_public_key() in low memory conditions. * Fix server connection identifier setting for outgoing encrypted records on DTLS 1.2 session resumption. After DTLS 1.2 session resumption with connection identifier, the Mbed TLS client now properly sends the server connection identifier in encrypted record headers. gh#Mbed-TLS/mbedtls#5872 * Fix a null pointer dereference when performing some operations on zero represented with 0 limbs (specifically mbedtls_mpi_mod_int() dividing by 2, and mbedtls_mpi_write_string() in base 2). * Fix record sizes larger than 16384 being sometimes accepted despite being non-compliant. This could not lead to a buffer overflow. In particular, application data size was already checked correctly.
Martin Pluskal (pluskalm)
accepted
request 946956
from
Guillaume GARDET (Guillaume_G)
(revision 35)
- Fix baselib.conf
Martin Pluskal (pluskalm)
accepted
request 946391
from
Guillaume GARDET (Guillaume_G)
(revision 34)
- Update to 2.28.0: (bsc#1193979, CVE-2021-45450)
Martin Pluskal (pluskalm)
committed
(revision 33)
osc copypac from project:home:pmonrealgonzalez:branches:security:tls package:mbedtls revision:2
Pedro Monreal Gonzalez (pmonrealgonzalez)
committed
(revision 32)
- Update to 2.26.0: [bsc#1189589, CVE-2021-24119]
Martin Pluskal (pluskalm)
accepted
request 907287
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 31)
- Update to 2.27.0: API changes: * Update AEAD output size macros to bring them in line with the PSA Crypto API version 1.0 spec. This version of the spec parameterizes them on the key type used, as well as the key bit-size in the case of PSA_AEAD_TAG_LENGTH. The old versions of these macros were renamed and deprecated as follows: - PSA_AEAD_TAG_LENGTH -> PSA_AEAD_TAG_LENGTH_1_ARG - PSA_AEAD_ENCRYPT_OUTPUT_SIZE -> PSA_AEAD_ENCRYPT_OUTPUT_SIZE_2_ARG - PSA_AEAD_DECRYPT_OUTPUT_SIZE -> PSA_AEAD_DECRYPT_OUTPUT_SIZE_2_ARG - PSA_AEAD_UPDATE_OUTPUT_SIZE -> PSA_AEAD_UPDATE_OUTPUT_SIZE_2_ARG - PSA_AEAD_FINISH_OUTPUT_SIZE -> PSA_AEAD_FINISH_OUTPUT_SIZE_1_ARG - PSA_AEAD_VERIFY_OUTPUT_SIZE -> PSA_AEAD_VERIFY_OUTPUT_SIZE_1_ARG * Implement one-shot cipher functions, psa_cipher_encrypt and psa_cipher_decrypt, according to the PSA Crypto API 1.0.0 specification. Features: * Add mbedtls_rsa_rsassa_pss_sign_ext() function allowing to generate a signature with a specific salt length. This function allows to validate test cases provided in the NIST's CAVP test suite. * Added support for built-in driver keys through the PSA opaque crypto driver interface. Refer to the documentation of MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS for more information. * Implement psa_sign_message() and psa_verify_message(). * The new function mbedtls_mpi_random() generates a random value in a given range uniformly. * Implement psa_mac_compute() and psa_mac_verify() as defined in the PSA Cryptograpy API 1.0.0 specification. * MBEDTLS_ECP_MAX_BITS is now determined automatically from the configured curves and no longer needs to be configured explicitly to save RAM.
Displaying revisions 1 - 20 of 50