pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/mbedtls
Module Name: pkgsrc
Committed By: nia
Date: Thu Sep 3 20:30:56 UTC 2020
Modified Files:
pkgsrc/security/mbedtls: Makefile PLIST distinfo
Log Message:
mbedtls: Update to 2.24.0
= mbed TLS 2.24.0 branch released 2020-09-01
API changes
* In the PSA API, rename the types of elliptic curve and Diffie-Hellman
group families to psa_ecc_family_t and psa_dh_family_t, in line with the
PSA Crypto API specification version 1.0.0.
Rename associated macros as well:
PSA_ECC_CURVE_xxx renamed to PSA_ECC_FAMILY_xxx
PSA_DH_GROUP_xxx renamed to PSA_DH_FAMILY_xxx
PSA_KEY_TYPE_GET_CURVE renamed to to PSA_KEY_TYPE_ECC_GET_FAMILY
PSA_KEY_TYPE_GET_GROUP renamed to PSA_KEY_TYPE_DH_GET_FAMILY
Default behavior changes
* Stop storing persistent information about externally stored keys created
through PSA Crypto with a volatile lifetime. Reported in #3288 and
contributed by Steven Cooreman in #3382.
Features
* The new function mbedtls_ecp_write_key() exports private ECC keys back to
a byte buffer. It is the inverse of the existing mbedtls_ecp_read_key().
* Support building on e2k (Elbrus) architecture: correctly enable
-Wformat-signedness, and fix the code that causes signed-one-bit-field
and sign-compare warnings. Contributed by makise-homura (Igor Molchanov)
<akemi_homura%kurisa.ch@localhost>.
Security
* Fix a vulnerability in the verification of X.509 certificates when
matching the expected common name (the cn argument of
mbedtls_x509_crt_verify()) with the actual certificate name: when the
subjecAltName extension is present, the expected name was compared to any
name in that extension regardless of its type. This means that an
attacker could for example impersonate a 4-bytes or 16-byte domain by
getting a certificate for the corresponding IPv4 or IPv6 (this would
require the attacker to control that IP address, though). Similar attacks
using other subjectAltName name types might be possible. Found and
reported by kFYatek in #3498.
* When checking X.509 CRLs, a certificate was only considered as revoked if
its revocationDate was in the past according to the local clock if
available. In particular, on builds without MBEDTLS_HAVE_TIME_DATE,
certificates were never considered as revoked. On builds with
MBEDTLS_HAVE_TIME_DATE, an attacker able to control the local clock (for
example, an untrusted OS attacking a secure enclave) could prevent
revocation of certificates via CRLs. Fixed by no longer checking the
revocationDate field, in accordance with RFC 5280. Reported by
yuemonangong in #3340. Reported independently and fixed by
Raoul Strackx and Jethro Beekman in #3433.
* In (D)TLS record decryption, when using a CBC ciphersuites without the
Encrypt-then-Mac extension, use constant code flow memory access patterns
to extract and check the MAC. This is an improvement to the existing
countermeasure against Lucky 13 attacks. The previous countermeasure was
effective against network-based attackers, but less so against local
attackers. The new countermeasure defends against local attackers, even
if they have access to fine-grained measurements. In particular, this
fixes a local Lucky 13 cache attack found and reported by Tuba Yavuz,
Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler
(University of Florida) and Dave Tian (Purdue University).
* Fix side channel in RSA private key operations and static (finite-field)
Diffie-Hellman. An adversary with precise enough timing and memory access
information (typically an untrusted operating system attacking a secure
enclave) could bypass an existing counter-measure (base blinding) and
potentially fully recover the private key.
* Fix a 1-byte buffer overread in mbedtls_x509_crl_parse_der().
Credit to OSS-Fuzz for detecting the problem and to Philippe Antoine
for pinpointing the problematic code.
* Zeroising of plaintext buffers in mbedtls_ssl_read() to erase unused
application data from memory. Reported in #689 by
Johan Uppman Bruce of Sectra.
Bugfix
* Library files installed after a CMake build no longer have execute
permission.
* Use local labels in mbedtls_padlock_has_support() to fix an invalid symbol
redefinition if the function is inlined.
Reported in #3451 and fix contributed in #3452 by okhowang.
* Fix the endianness of Curve25519 keys imported/exported through the PSA
APIs. psa_import_key and psa_export_key will now correctly expect/output
Montgomery keys in little-endian as defined by RFC7748. Contributed by
Steven Cooreman in #3425.
* Fix build errors when the only enabled elliptic curves are Montgomery
curves. Raised by signpainter in #941 and by Taiki-San in #1412. This
also fixes missing declarations reported by Steven Cooreman in #1147.
* Fix self-test failure when the only enabled short Weierstrass elliptic
curve is secp192k1. Fixes #2017.
* PSA key import will now correctly import a Curve25519/Curve448 public key
instead of erroring out. Contributed by Steven Cooreman in #3492.
* Use arc4random_buf on NetBSD instead of rand implementation with cyclical
lower bits. Fix contributed in #3540.
* Fix a memory leak in mbedtls_md_setup() when using HMAC under low memory
conditions. Reported and fix suggested by Guido Vranken in #3486.
* Fix bug in redirection of unit test outputs on platforms where stdout is
defined as a macro. First reported in #2311 and fix contributed in #3528.
Changes
* Only pass -Wformat-signedness to versions of GCC that support it. Reported
in #3478 and fix contributed in #3479 by okhowang.
* Reduce the stack consumption of mbedtls_x509write_csr_der() which
previously could lead to stack overflow on constrained devices.
Contributed by Doru Gucea and Simon Leet in #3464.
* Undefine the ASSERT macro before defining it locally, in case it is defined
in a platform header. Contributed by Abdelatif Guettouche in #3557.
* Update copyright notices to use Linux Foundation guidance. As a result,
the copyright of contributors other than Arm is now acknowledged, and the
years of publishing are no longer tracked in the source files. This also
eliminates the need for the lines declaring the files to be part of
MbedTLS. Fixes #3457.
* Add the command line parameter key_pwd to the ssl_client2 and ssl_server2
example applications which allows to provide a password for the key file
specified through the existing key_file argument. This allows the use of
these applications with password-protected key files. Analogously but for
ssl_server2 only, add the command line parameter key_pwd2 which allows to
set a password for the key file provided through the existing key_file2
argument.
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 pkgsrc/security/mbedtls/Makefile
cvs rdiff -u -r1.7 -r1.8 pkgsrc/security/mbedtls/PLIST
cvs rdiff -u -r1.13 -r1.14 pkgsrc/security/mbedtls/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/mbedtls/Makefile
diff -u pkgsrc/security/mbedtls/Makefile:1.18 pkgsrc/security/mbedtls/Makefile:1.19
--- pkgsrc/security/mbedtls/Makefile:1.18 Tue Jul 7 11:16:38 2020
+++ pkgsrc/security/mbedtls/Makefile Thu Sep 3 20:30:56 2020
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.18 2020/07/07 11:16:38 nia Exp $
+# $NetBSD: Makefile,v 1.19 2020/09/03 20:30:56 nia Exp $
-DISTNAME= mbedtls-2.23.0
+DISTNAME= mbedtls-2.24.0
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_GITHUB:=ARMmbed/}
GITHUB_TAG= ${DISTNAME}
Index: pkgsrc/security/mbedtls/PLIST
diff -u pkgsrc/security/mbedtls/PLIST:1.7 pkgsrc/security/mbedtls/PLIST:1.8
--- pkgsrc/security/mbedtls/PLIST:1.7 Tue Jul 7 11:16:10 2020
+++ pkgsrc/security/mbedtls/PLIST Thu Sep 3 20:30:56 2020
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.7 2020/07/07 11:16:10 nia Exp $
+@comment $NetBSD: PLIST,v 1.8 2020/09/03 20:30:56 nia Exp $
bin/mbedtls_aescrypt2
bin/mbedtls_benchmark
bin/mbedtls_cert_app
@@ -12,6 +12,8 @@ bin/mbedtls_dh_genprime
bin/mbedtls_dh_server
bin/mbedtls_dtls_client
bin/mbedtls_dtls_server
+bin/mbedtls_ecdh_curve25519
+bin/mbedtls_ecdsa
bin/mbedtls_gen_entropy
bin/mbedtls_gen_key
bin/mbedtls_gen_random_ctr_drbg
@@ -19,6 +21,7 @@ bin/mbedtls_gen_random_havege
bin/mbedtls_generic_sum
bin/mbedtls_hello
bin/mbedtls_key_app
+bin/mbedtls_key_app_writer
bin/mbedtls_key_ladder_demo
bin/mbedtls_key_ladder_demo.sh
bin/mbedtls_mini_client
@@ -35,16 +38,21 @@ bin/mbedtls_rsa_decrypt
bin/mbedtls_rsa_encrypt
bin/mbedtls_rsa_genkey
bin/mbedtls_rsa_sign
+bin/mbedtls_rsa_sign_pss
bin/mbedtls_rsa_verify
+bin/mbedtls_rsa_verify_pss
bin/mbedtls_selftest
bin/mbedtls_ssl_client1
bin/mbedtls_ssl_client2
+bin/mbedtls_ssl_context_info
bin/mbedtls_ssl_fork_server
bin/mbedtls_ssl_mail_client
bin/mbedtls_ssl_pthread_server
bin/mbedtls_ssl_server
+bin/mbedtls_ssl_server2
bin/mbedtls_strerror
bin/mbedtls_udp_proxy
+bin/mbedtls_zeroize
include/mbedtls/aes.h
include/mbedtls/aesni.h
include/mbedtls/arc4.h
Index: pkgsrc/security/mbedtls/distinfo
diff -u pkgsrc/security/mbedtls/distinfo:1.13 pkgsrc/security/mbedtls/distinfo:1.14
--- pkgsrc/security/mbedtls/distinfo:1.13 Tue Jul 7 11:16:10 2020
+++ pkgsrc/security/mbedtls/distinfo Thu Sep 3 20:30:56 2020
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.13 2020/07/07 11:16:10 nia Exp $
+$NetBSD: distinfo,v 1.14 2020/09/03 20:30:56 nia Exp $
-SHA1 (mbedtls-2.23.0.tar.gz) = 5b0f0f71e96dfbdf93b8f9582df76cbd63faaacf
-RMD160 (mbedtls-2.23.0.tar.gz) = 1b5fc17ec0b8df90c8dc8f5e6bef2ddd7fc4d477
-SHA512 (mbedtls-2.23.0.tar.gz) = c2a04f659bf63522f10f6660c2d196d7f39a057ff5a382734ba3b839f463ead4e5c9bc0d21fb909d56fcd2ee4c711248be14861f388cd383385484d364247634
-Size (mbedtls-2.23.0.tar.gz) = 3877508 bytes
+SHA1 (mbedtls-2.24.0.tar.gz) = 1bd2b5f5b8b8f970331a6da0065d64b424abdbed
+RMD160 (mbedtls-2.24.0.tar.gz) = 2cc3e3460d75ec4a6c8f11e524c4afff5f78cb40
+SHA512 (mbedtls-2.24.0.tar.gz) = 5437ea57eb8b8af9446a796876aa2bfe3c59c88f926b1638c7e8a021a8bef9f4bc6cb1b254e7387e2afe095bd27c518060719726bbaf5478582a56c34315cfb8
+Size (mbedtls-2.24.0.tar.gz) = 3912697 bytes
Home |
Main Index |
Thread Index |
Old Index