pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/libretls
Module Name: pkgsrc
Committed By: schmonz
Date: Wed Nov 8 14:10:20 UTC 2023
Modified Files:
pkgsrc/security/libretls: Makefile distinfo
pkgsrc/security/libretls/patches: patch-tls.c
Log Message:
libretls: update to 3.8.1. LibreSSL changes:
3.8.1:
* Portable changes
- Applications bundled as part of the LibreSSL package internally,
nc(1) and openssl(1), now are linked statically if static libraries
are built.
- Internal compatibility function symbols are no longer exported from
libcrypto. Instead, the libcompat library is linked to libcrypto,
libssl, and libtls separately. This increases size a little, but
ensures that the libraries are not exporting symbols to programs
unintentionally.
- Selective removal of CET implementation on platforms where it is
not supported (macOS).
- Integrated four more tests.
- Added Windows ARM64 architecture to tested platforms.
- Removed Solaris 10 support, fixed Solaris 11.
- libtls no longer links statically to libcrypto / libssl unless
'--enable-libtls-only' is specified at configure time.
- Improved Windows compatibility library, namely handling of files vs
sockets, correcting an exception when operating on a closed socket.
- CMake builds no longer hardcode '-O2' into the compiler flags, instead
using flags from the CMake build type instead.
- Set the CMake default build type to 'Release'. This can be overridden
during configuration.
- Fixed broken ASM support with MinGW builds.
* Internal improvements
- Fixed alignment handling in SHA-512.
- Moved the verified_chain to the correct internal struct.
- Improved checks for commonName in libtls.
- Fixed error check for X509_get_ext_d2i() failure in libtls.
- Improved BIGNUM internals and performance.
- Significantly improved Montgomery multiplication performance.
- Initial cleanup passes for SHA-256 internals.
- Converted more libcrypto internals API using CBB and CBS.
- Removed code guarded by #ifdef ZLIB.
- Changed ASN1_item_sign_ctx() and ASN1_item_verify() to work with
Ed25519 and fixed a few bugs in there.
- Fixed various issues with EVP_PKEY_CTX_{new,dup}().
- Improved X.509 certificate version checks.
- Cleaned up handling of elliptic curve cofactors.
- Made BN_num_bits() independent of bn->top.
- Rewrote and simplified bn_sqr().
- Removed EC_GROUP precomp machinery.
- Ensure no X.509v3 extensions appear more than once in certificates.
- Cleaned up various ECDH, ECDSA and EC internals.
- Replaced ASN1_bn_print with a cleaner internal implementation.
- Simplified ASN1_item_sign_ctx().
- Rewrote OBJ_find_sigid_algs() and OBJ_find_sigid_by_algs().
- Various improvements in the 'simple' EC code.
- Fix OPENSSL_cpuid_setup() invocations on arm/aarch64.
- Reduced the dependency of hash implementations on many layers of
macros. This results in significant speedups since modern compilers
are now less confused.
- Significantly simplified the BN_BLINDING internals used in RSA.
* New features
* Compatibility changes
- X509_NAME_get_text_by_{NID,OBJ}() now only succeed if they contain
valid UTF-8 without embedded NUL.
- Moved libtls from ECDSA_METHOD to EC_KEY_METHOD.
- Removed support for ECDH_METHOD and ECDSA_METHOD.
- BN_is_prime{,_fasttest}_ex() refuse to check numbers larger than
32 kbits for primality. This mitigates various DoS vectors.
- Comp was removed.
- Dynamic loading of conf modules is no longer supported.
- DSO was removed and OPENSSL_NO_DSO is defined.
- ENGINE support was removed and OPENSSL_NO_ENGINE is set. In spite
of this, some stub functions are provided to avoid patching some
applications that do not honor OPENSSL_NO_ENGINE.
- It is no longer possible to make the library use your own error
stack or ex_data implementation.
* Bug fixes
- Fixed aliasing issue in BN_mod_inverse().
- Made CRYPTO_get_ex_new_index() not return 0 to allow applications
to use *_{get,set}_app_data() and *_{get,set}_ex_data() alongside
each other.
- Made EVP_PKEY_set1_hkdf_key() fail on a NULL key.
- Plugged leaks in BIO_chain_dup().
- Fixed numerous leaks and other minor bugs in RSA, DH, DSA and EC
ASN.1 methods. Unified the coding style.
- On socket errors in the poll loop, netcat could issue system calls
on invalidated file descriptors.
* Documentation improvements
- Made it very explicit that the verify callback should not be used.
- Called out that the CRL lastUpdate is standardized as thisUpdate.
* Testing and Proactive Security
- As always, new test coverage is added as bugs are fixed and subsystems
are cleaned up.
* Security fixes
- Disabled TLSv1.0 and TLSv1.1 in libssl so that they may no longer
be selected for use.
3.8.0:
* Portable changes
- Extended the endian.h compat header with hto* and *toh macros.
- Adapted more tests to the portable framework.
* Internal improvements
- Improved sieve of Eratosthenes script used for generating a table
of small primes.
- Started cleaning up and rewriting SHA internals.
- Replace internal use of BN_copy() with bn_copy() for consistency.
- Rewrote and improved BN_exp() and BN_copy().
- Add branch target information (BTI) support to arm64 assembly.
- Replaced BN_mod_sqrt() with a new implementation.
- Removed incomplete and dangerous BN_RECURSION code.
- Added endbr64 instructions to amd64 assembly.
- Imported RFC 5280 policy checking code from BoringSSL and used it
to replace the old exponential time code.
- Converted more of libcrypto to use CBB/CBS.
- Cleaned up and simplified the code dealing with builtin curves.
* New features
- Added support for truncated SHA-2 and for SHA-3.
- The BPSW primality test performs additional Miller-Rabin rounds
with random bases to reduce the likelihood of composites passing.
- Allow testing of ciphers and digests using badly aligned buffers
in openssl speed.
- Added a workaround for a poorly thought-out change in OpenSSL 3 that
broke privilege separation support in libtls.
* Compatibility changes
- Support for GF2m was removed: BIGNUM no longer supports binary extension
field arithmetic and all binary elliptic builtin curves were removed.
- Removed dangerous, "fast" NIST prime and elliptic curve implementations.
In particular, EC_GFp_nist_method() is no longer available.
- Removed most public symbols that were deprecated in OpenSSL 0.9.8.
- Removed the public X9.31 API (RSA_X931_PADDING is still available).
- Removed Cipher Text Stealing mode.
- Removed SXNET and NETSCAPE_CERT_SEQUENCE support including the
openssl(1) nseq command.
- Dropped proxy certificate (RFC 3820) support.
- The POLICY_TREE and its related structures and API were removed.
- The explicitText user notice uses UTF8String instead of VisibleString
to reduce the risk of emitting certificates with invalid DER-encoding.
- Initial fixes for RSA-PSS support to make the TLSv1.3 stack more
compliant with RFC 8446.
* Bug fixes
- Correctly handle negative input to various BIGNUM functions.
- Ensure ERR_load_ERR_strings() does not set errno unexpectedly.
- Fix error checking of i2d_ECDSA_SIG() in ossl_ecdsa_sign().
- Fixed detection of extended operations (XOP) on AMD hardware.
- Ensure Montgomery exponentiation is used for the initial RSA blinding.
- Policy is always checked in X509 validation. Critical policy extensions
are no longer silently ignored.
- Fixed error handling in tls_check_common_name().
- Add missing pointer invalidation in SSL_free().
- Fixed X509err() and X509V3err() and their internal versions.
- Ensure that OBJ_obj2txt() always returns a C string again.
- In X509_VERIFY_PARAM_inherit() copy hostflags independently of the
host list.
* Documentation improvements
- Improved documentation of BIO_ctrl(3), BIO_set_info_callback(3),
BIO_get_info_callback(3), BIO_method_type(3), and BIO_method_name(3).
- Marked BIO_CB_return(), BIO_cb_pre(), and BIO_cb_post() as intentionally
undocumented.
* Testing and Proactive Security
- Significantly improved test coverage of BN_mod_sqrt() and GCD.
- As always, new test coverage is added as bugs are fixed and subsystems
are cleaned up.
3.7.3:
* Bug fix
- Hostflags in the verify parameters would not propagate from an
SSL_CTX to newly created SSL.
* Reliability fix
- A double free or use after free could occur after SSL_clear(3).
3.7.2:
* Portable changes
- Moved official Github project to https://github.com/libressl/.
- Build support for Apple Silicon.
- Installed opensslconf.h is now architecture-specific.
- Removed internal defines from opensslconf.h.
- Support reproducible builds on tagged commits in main branch.
* Internal improvements
- Initial overhaul of the BIGNUM code:
- Added a new framework that allows architecture-dependent
replacement implementations for bignum primitives.
- Imported various s2n-bignum's constant time assembly primitives
and switched amd64 to them.
- Lots of cleanup, simplification and bug fixes.
- Changed Perl assembly generators to move constants into .rodata,
allowing code to run with execute-only permissions.
- Capped the number of iterations in DSA and ECDSA signing (avoiding
infinite loops), added additional sanity checks to DSA.
- ASN.1 parsing improvements.
- Made UI_destroy_method() NULL safe.
- Various improvements to nc(1).
- Always clear EC groups and points on free.
- Cleanup and improvements in EC code.
- Various openssl(1) improvements.
- Remove dependency on system timegm() and gmtime() by replacing
traditional Julian date conversion with POSIX epoch-seconds date
conversion from BoringSSL.
- Clean old and unused BN code dealing with primes.
- Start rewriting name constraints code using CBS.
- Remove support for the HMAC PRIVATE KEY.
- Rework DSA signing and verifying internals.
- Internal headers coming from OpenSSL are all called *_local.h now.
- Rewrite TLSv1.2 key exporter.
- Cleaned up and refactored various aspects of the legacy TLS stack.
* Bug fixes
- Fixed a memory leak, a double free and various other issues in
BIO_new_NDEF().
- Fixed various crashes in the openssl(1) testing utility.
- Do not check policies by default in the new X.509 verifier.
- Added missing error checking in PKCS7.
- Call CRYPTO_cleanup_all_ex_data() from OPENSSL_cleanup().
- Add EVP_chacha20_poly1305() to the list of all ciphers.
- Fix potential leaks of EVP_PKEY in various printing functions
- Fix potential leak in OBJ_NAME_add().
- Avoid signed overflow in i2c_ASN1_BIT_STRING().
- Clean up EVP_PKEY_ASN1_METHOD related tables and code.
- Fix long standing bugs BN_GF2m_poly2arr() and BN_GF2m_mod().
- Fix segfaults in BN_{dec,hex}2bn().
- Fix NULL dereference in x509_constraints_uri_host() reachable only
in the process of generating certificates.
- Fixed a variety of memory corruption issues in BIO chains coming
from poor old and new API: BIO_push(), BIO_pop(), BIO_set_next().
- Avoid potential divide by zero in BIO_dump_indent_cb()
* New features
- Added UI_null()
- Added X509_STORE_*check_issued()
- Added X509_CRL_get0_tbs_sigalg() and X509_get0_uids() accessors.
- Added EVP_CIPHER_meth_*() setter API.
- BIO_read() and BIO_write() now behave more closely to OpenSSL 3 in
various corner cases. More work is needed here.
- Added Ed25519 support both as a primitive and via OpenSSL's EVP
interfaces.
- X25519 is now also supported via EVP.
- The OpenSSL 1.1 raw public and private key API is available with
support for EVP_PKEY_ED25519, EVP_PKEY_HMAC and EVP_PKEY_X25519.
Poly1305 is not currently supported via this interface.
* Documentation improvements
- Marked BIO_s_log(3) BIO_nread0(3), BIO_nread(3), BIO_nwrite0(3), BIO_nwrite(3),
BIO_dump_cb(3) and BIO_dump_indent_cb(3) as intentionally undocumented.
- Document BIO_number_read(3), BIO_number_written(3),
BIO_set_retry_read(3), BIO_set_retry_write(3),
BIO_set_retry_special(3), BIO_clear_retry_flags(3),
BIO_get_retry_flags(3), BIO_dup_chain(3), BIO_set_flags(3),
BIO_clear_flags(3), BIO_test_flags(3), BIO_get_flags(3).
BIO_callback_fn_ex(3), BIO_set_callback_ex(3), BIO_get_callback_ex(3),
BIO_callback_fn(3), and the BIO_FLAGS_* constants
- Correct the prototypes of BIO_get_conn_ip(3) and BIO_get_conn_int_port(3).
- Document ED25519_keypair(3), ED25519_sign(3), and ED25519_verify(3).
- Document EVP_PKEY_new_raw_private_key(3),
EVP_PKEY_new_raw_public_key(3), EVP_PKEY_get_raw_private_key(3), and
EVP_PKEY_get_raw_public_key(3).
- Document ASN1_buf_print(3).
- Document DH_get0_*, DSA_get0_*, ECDSA_SIG_get0_{r,s}() and RSA_get0_*.
- Merged documentation of UI_null() from OpenSSL 1.1
- Various spelling and other documentation improvements.
- Numerous improvements and additions for ASN.1, BIO, BN, and X.509.
- The BN documentation is now considered to be complete.
* Testing and Proactive Security
- As always, new test coverage is added as bugs are fixed and subsystems
are cleaned up.
- New Wycheproof tests added.
- OpenSSL 3.0 Interop tests added.
- Many old tests rewritten, cleaned up and extended.
* Security fixes
- A malicious certificate revocation list or timestamp response token
would allow an attacker to read arbitrary memory.
3.7.1:
* Internal improvements
- Initial overhaul of the BIGNUM code:
- Added a new framework that allows architecture-dependent
replacement implementations for bignum primitives.
- Imported various s2n-bignum's constant time assembly primitives
and switched amd64 to them.
- Lots of cleanup, simplification and bug fixes.
- Changed Perl assembly generators to move constants into .rodata,
allowing code to run with execute-only permissions.
- Capped the number of iterations in DSA and ECDSA signing (avoiding
infinite loops), added additional sanity checks to DSA.
- ASN.1 parsing improvements.
- Made UI_destroy_method() NULL safe.
- Various improvements to nc(1).
- Always clear EC groups and points on free.
- Cleanup and improvements in EC code.
- Various openssl(1) improvements.
* Bug fixes
- Fixed a memory leak, a double free and various other issues in
BIO_new_NDEF().
- Fixed various crashes in the openssl(1) testing utility.
- Do not check policies by default in the new X.509 verifier.
- Avoid crash with ASN.1 BOOLEANS in openssl(1) asn1parse.
- Added missing error checking in PKCS7.
- Call CRYPTO_cleanup_all_ex_data() from OPENSSL_cleanup().
* Compatibility changes
- Correct the prototypes of BIO_get_conn_ip(3) and
BIO_get_conn_int_port(3).
* New features
- Added UI_null()
- Added X509_STORE_*check_issued()
- Added X509_CRL_get0_sigalg() and X509_get0_uids() accessors.
- Added EVP_CIPHER_meth_*() setter API.
* Documentation improvements
- Marked BIO_s_log(3) BIO_nread0(3), BIO_nread(3), BIO_nwrite0(3), BIO_nwrite(3),
BIO_dump_cb(3) and BIO_dump_indent_cb(3) as intentionally undocumented.
- Merged documentation of UI_null() from OpenSSL 1.1
- Document BIO_number_read(3), BIO_number_written(3),
BIO_set_retry_read(3), BIO_set_retry_write(3),
BIO_set_retry_special(3), BIO_clear_retry_flags(3),
BIO_get_retry_flags(3), BIO_dup_chain(3), BIO_set_flags(3),
BIO_clear_flags(3), BIO_test_flags(3), BIO_get_flags(3).
BIO_callback_fn_ex(3), BIO_set_callback_ex(3), BIO_get_callback_ex(3),
BIO_callback_fn(3), and the BIO_FLAGS_* constants
- Document ED25519_keypair(3), ED25519_sign(3), and ED25519_verify(3).
- Document EVP_PKEY_new_raw_private_key(3),
EVP_PKEY_new_raw_public_key(3), EVP_PKEY_get_raw_private_key(3), and
EVP_PKEY_get_raw_public_key(3).
- Document ASN1_buf_print(3).
- Document ECDSA_SIG_get0_{r,s}().
- Document DH_get0_* for individual DH members.
- Document DSA_get0_* for individual DSA members
- Document RSA_get0_* for individual RSA members.
- Various spelling and other documentation improvements.
* Testing and Proactive Security
- As always, new test coverage is added as bugs are fixed and subsystems
are cleaned up.
- New Wycheproof tests added.
- OpenSSL 3.0 Interop tests added.
- Many old tests rewritten, cleaned up and extended.
* Security fixes
- A malicious certificate revocation list or timestamp response token
would allow an attacker to read arbitrary memory.
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 pkgsrc/security/libretls/Makefile
cvs rdiff -u -r1.11 -r1.12 pkgsrc/security/libretls/distinfo
cvs rdiff -u -r1.1 -r1.2 pkgsrc/security/libretls/patches/patch-tls.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/libretls/Makefile
diff -u pkgsrc/security/libretls/Makefile:1.9 pkgsrc/security/libretls/Makefile:1.10
--- pkgsrc/security/libretls/Makefile:1.9 Tue Oct 24 22:10:51 2023
+++ pkgsrc/security/libretls/Makefile Wed Nov 8 14:10:20 2023
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.9 2023/10/24 22:10:51 wiz Exp $
+# $NetBSD: Makefile,v 1.10 2023/11/08 14:10:20 schmonz Exp $
-DISTNAME= libretls-3.7.0
-PKGREVISION= 1
+DISTNAME= libretls-3.8.1
CATEGORIES= security
MASTER_SITES= https://causal.agency/libretls/
Index: pkgsrc/security/libretls/distinfo
diff -u pkgsrc/security/libretls/distinfo:1.11 pkgsrc/security/libretls/distinfo:1.12
--- pkgsrc/security/libretls/distinfo:1.11 Sun Sep 3 06:23:41 2023
+++ pkgsrc/security/libretls/distinfo Wed Nov 8 14:10:20 2023
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.11 2023/09/03 06:23:41 vins Exp $
+$NetBSD: distinfo,v 1.12 2023/11/08 14:10:20 schmonz Exp $
-BLAKE2s (libretls-3.7.0.tar.gz) = a41162dc3ed4515da87d053d745e5b35468357dd7f64bbaca2cec0eba17c585f
-SHA512 (libretls-3.7.0.tar.gz) = 18987d09ee804883e2c3cfae1209494b7020d976cc7137ba39540c18e0dc23d25034a46c6c64955201b425ca981e03cbe629f9ff979fd4a72d3dcfbd51efdf84
-Size (libretls-3.7.0.tar.gz) = 427980 bytes
-SHA1 (patch-tls.c) = 9ec66891d3a16fcfccb365b77ee0cc711ea4a067
+BLAKE2s (libretls-3.8.1.tar.gz) = 970400ab9046223c8b3516925cc4386768c770df2970337d5d0a26bc63d9e326
+SHA512 (libretls-3.8.1.tar.gz) = bbf4854622401bfc8662016a73202467714b603425dea2012e72846f0a22412018448fda8befa777d67c5dae44839b81e3b039130cf4970a4026c178d3a43ce2
+Size (libretls-3.8.1.tar.gz) = 432142 bytes
+SHA1 (patch-tls.c) = d5a90a98267be74311e1fa6806d798668b4a35df
Index: pkgsrc/security/libretls/patches/patch-tls.c
diff -u pkgsrc/security/libretls/patches/patch-tls.c:1.1 pkgsrc/security/libretls/patches/patch-tls.c:1.2
--- pkgsrc/security/libretls/patches/patch-tls.c:1.1 Sun Sep 3 06:23:41 2023
+++ pkgsrc/security/libretls/patches/patch-tls.c Wed Nov 8 14:10:20 2023
@@ -1,8 +1,8 @@
-$NetBSD: patch-tls.c,v 1.1 2023/09/03 06:23:41 vins Exp $
+$NetBSD: patch-tls.c,v 1.2 2023/11/08 14:10:20 schmonz Exp $
Portability fix for OpenSSL 3.x.
-With OpenSSL 3.x the EVP_PKEY_get1_RSA returns a cashed copy of the
+With OpenSSL 3.x the EVP_PKEY_get1_RSA returns a cached copy of the
provider's key, so changing it is meaningless, since other get1/get0
calls will return the previously cached copy. Instead, we have to
re-assign the changed rsa after the edit.
Home |
Main Index |
Thread Index |
Old Index