summaryrefslogtreecommitdiff
path: root/doc/TODO
diff options
context:
space:
mode:
authorfhajny <fhajny@pkgsrc.org>2016-06-16 14:17:03 +0000
committerfhajny <fhajny@pkgsrc.org>2016-06-16 14:17:03 +0000
commit65b403b3f2ef79574e2bf47696f7a493d30c57c8 (patch)
treef0ac39ee2b911d9305e2fc1241bd7a380ae27b25 /doc/TODO
parentcd9013857e730fb6c54fc44b5afb784a43c93200 (diff)
downloadpkgsrc-65b403b3f2ef79574e2bf47696f7a493d30c57c8.tar.gz
Update security/mbedtls to 2.2.1.
This breaks removes the legacy PolarSSL compatibility layer. For software that needs it, please use security/mbedtls1 instead. Change license to apache-2.0. Upstream changelog since 1.3.11 follows. = mbed TLS 2.2.1 released 2016-01-05 Security - Fix potential double free when mbedtls_asn1_store_named_data() fails to allocate memory. Only used for certificate generation, not triggerable remotely in SSL/TLS. - Disable MD5 handshake signatures in TLS 1.2 by default Bugfix - Fix over-restrictive length limit in GCM. - Fix bug in certificate validation that caused valid chains to be rejected when the first intermediate certificate has pathLenConstraint=0. - Removed potential leak in mbedtls_rsa_rsassa_pkcs1_v15_sign() - Fix suboptimal handling of unexpected records that caused interop issues with some peers over unreliable links. Avoid dropping an entire DTLS datagram if a single record in a datagram is unexpected, instead only drop the record and look at subsequent records (if any are present) in the same datagram. = mbed TLS 2.2.0 released 2015-11-04 Security - Fix potential double free if mbedtls_ssl_conf_psk() is called more than once and some allocation fails. Cannot be forced remotely. - Fix potential heap corruption on Windows when mbedtls_x509_crt_parse_path() is passed a path longer than 2GB. Cannot be triggered remotely. - Fix potential buffer overflow in some asn1_write_xxx() functions. Cannot be triggered remotely unless you create X.509 certificates based on untrusted input or write keys of untrusted origin. - The X509 max_pathlen constraint was not enforced on intermediate certificates. Features - Experimental support for EC J-PAKE as defined in Thread 1.0.0. Disabled by default as the specification might still change. - Added a key extraction callback to accees the master secret and key block. (Potential uses include EAP-TLS and Thread.) Bugfix - Self-signed certificates were not excluded from pathlen counting, resulting in some valid X.509 being incorrectly rejected. - Fix build error with configurations where ECDHE-PSK is the only key exchange. - Fix build error with configurations where RSA, RSA-PSK, ECDH-RSA or ECHD-ECDSA if the only key exchange. Multiple reports. - Fixed a bug causing some handshakes to fail due to some non-fatal alerts not being properly ignored. - mbedtls_x509_crt_verify(_with_profile)() now also checks the key type and size/curve against the profile. Before that, there was no way to set a minimum key size for end-entity certificates with RSA keys. - Fix failures in MPI on Sparc(64) due to use of bad assembly code. - Fix typo in name of the extKeyUsage OID. - Fix bug in ASN.1 encoding of booleans that caused generated CA certificates to be rejected by some applications, including OS X Keychain. Changes - Improved performance of mbedtls_ecp_muladd() when one of the scalars is or -1. = mbed TLS 2.1.2 released 2015-10-06 Security - Added fix for CVE-2015-5291 to prevent heap corruption due to buffer overflow of the hostname or session ticket. - Fix potential double-free if mbedtls_ssl_set_hs_psk() is called more than once in the same handhake and mbedtls_ssl_conf_psk() was used. - Fix stack buffer overflow in pkcs12 decryption (used by mbedtls_pk_parse_key(file)() when the password is > 129 bytes. - Fix potential buffer overflow in mbedtls_mpi_read_string(). - Fix potential random memory allocation in mbedtls_pem_read_buffer() on crafted PEM input data. - Fix possible heap buffer overflow in base64_encoded() when the input buffer is 512MB or larger on 32-bit platforms. - Fix potential double-free if mbedtls_conf_psk() is called repeatedly on the same mbedtls_ssl_config object and memory allocation fails. - Fix potential heap buffer overflow in servers that perform client authentication against a crafted CA cert. Cannot be triggered remotely unless you allow third parties to pick trust CAs for client auth. Bugfix - Fix compile error in net.c with musl libc. - Fix macroization of 'inline' keyword when building as C++. Changes - Added checking of hostname length in mbedtls_ssl_set_hostname() to ensure domain names are compliant with RFC 1035. - Fixed paths for check_config.h in example config files. = mbed TLS 2.1.1 released 2015-09-17 Security - Add countermeasure against Lenstra's RSA-CRT attack for PKCS#1 v1.5 signatures. - Fix possible client-side NULL pointer dereference (read) when the client tries to continue the handshake after it failed (a misuse of the API). Bugfix - Fix warning when using a 64bit platform. - Fix off-by-one error in parsing Supported Point Format extension that caused some handshakes to fail. Changes - Made X509 profile pointer const in mbedtls_ssl_conf_cert_profile() to allow use of mbedtls_x509_crt_profile_next. - When a client initiates a reconnect from the same port as a live connection, if cookie verification is available (MBEDTLS_SSL_DTLS_HELLO_VERIFY defined in config.h, and usable cookie callbacks set with mbedtls_ssl_conf_dtls_cookies()), this will be detected and mbedtls_ssl_read() will return MBEDTLS_ERR_SSL_CLIENT_RECONNECT - it is then possible to start a new handshake with the same context. (See RFC 6347 section 4.2.8.) = mbed TLS 2.1.0 released 2015-09-04 Features - Added support for yotta as a build system. - Primary open source license changed to Apache 2.0 license. Bugfix - Fix segfault in the benchmark program when benchmarking DHM. - Fix build error with CMake and pre-4.5 versions of GCC - Fix bug when parsing a ServerHello without extensions - Fix bug in CMake lists that caused libmbedcrypto.a not to be installed - Fix bug in Makefile that caused libmbedcrypto and libmbedx509 not to be installed - Fix compile error with armcc 5 with --gnu option. - Fix bug in Makefile that caused programs not to be installed correctly - Fix bug in Makefile that prevented from installing without building the tests - Fix missing -static-libgcc when building shared libraries for Windows with make. - Fix link error when building shared libraries for Windows with make. - Fix error when loading libmbedtls.so. - Fix bug in mbedtls_ssl_conf_default() that caused the default preset to be always used - Fix bug in mbedtls_rsa_public() and mbedtls_rsa_private() that could result trying to unlock an unlocked mutex on invalid input - Fix -Wshadow warnings - Fix memory corruption on client with overlong PSK identity, around SSL_MAX_CONTENT_LEN or higher - not triggerrable remotely - Fix unused function warning when using MBEDTLS_MDx_ALT or MBEDTLS_SHAxxx_ALT - Fix memory corruption in pkey programs Changes - The PEM parser now accepts a trailing space at end of lines - It is now possible to #include a user-provided configuration file at the end of the default config.h by defining MBEDTLS_USER_CONFIG_FILE on the compiler's command line. - When verifying a certificate chain, if an intermediate certificate is trusted, no later cert is checked. - Prepend a "thread identifier" to debug messages - Add mbedtls_ssl_get_max_frag_len() to query the current maximum fragment length. = mbed TLS 2.0.0 released 2015-07-13 Features - Support for DTLS 1.0 and 1.2 (RFC 6347). - Ability to override core functions from MDx, SHAx, AES and DES modules with custom implementation (eg hardware accelerated), complementing the ability to override the whole module. - New server-side implementation of session tickets that rotate keys to preserve forward secrecy, and allows sharing across multiple contexts. - Added a concept of X.509 cerificate verification profile that controls which algorithms and key sizes (curves for ECDSA) are acceptable. - Expanded configurability of security parameters in the SSL module with mbedtls_ssl_conf_dhm_min_bitlen() and mbedtls_ssl_conf_sig_hashes(). - Introduced a concept of presets for SSL security-relevant configuration parameters. API Changes - The library has been split into libmbedcrypto, libmbedx509, libmbedtls. You now need to link to all of them if you use TLS for example. - All public identifiers moved to the mbedtls_* or MBEDTLS_* namespace. Some names have been further changed to make them more consistent. Migration helpers scripts/rename.pl and include/mbedlts/compat-1.3.h are provided. Full list of renamings in scripts/data_files/rename-1.3-2.0.txt - Renamings of fields inside structures, not covered by the previous list: mbedtls_cipher_info_t.key_length -> key_bitlen mbedtls_cipher_context_t.key_length -> key_bitlen mbedtls_ecp_curve_info.size -> bit_size - Headers are now found in the 'mbedtls' directory (previously 'polarssl'). - The following _init() functions that could return errors have been split into an _init() that returns void and another function that should generally be the first function called on this context after init: mbedtls_ssl_init() -> mbedtls_ssl_setup() mbedtls_ccm_init() -> mbedtls_ccm_setkey() mbedtls_gcm_init() -> mbedtls_gcm_setkey() mbedtls_hmac_drbg_init() -> mbedtls_hmac_drbg_seed(_buf)() mbedtls_ctr_drbg_init() -> mbedtls_ctr_drbg_seed() Note that for mbedtls_ssl_setup(), you need to be done setting up the ssl_config structure before calling it. - Most ssl_set_xxx() functions (all except ssl_set_bio(), ssl_set_hostname(), ssl_set_session() and ssl_set_client_transport_id(), plus ssl_legacy_renegotiation()) have been renamed to mbedtls_ssl_conf_xxx() (see rename.pl and compat-1.3.h above) and their first argument's type changed from ssl_context to ssl_config. - ssl_set_bio() changed signature (contexts merged, order switched, one additional callback for read-with-timeout). - The following functions have been introduced and must be used in callback implementations (SNI, PSK) instead of their *conf counterparts: mbedtls_ssl_set_hs_own_cert() mbedtls_ssl_set_hs_ca_chain() mbedtls_ssl_set_hs_psk() - mbedtls_ssl_conf_ca_chain() lost its last argument (peer_cn), now set using mbedtls_ssl_set_hostname(). - mbedtls_ssl_conf_session_cache() changed prototype (only one context pointer, parameters reordered). - On server, mbedtls_ssl_conf_session_tickets_cb() must now be used in place of mbedtls_ssl_conf_session_tickets() to enable session tickets. - The SSL debug callback gained two new arguments (file name, line number). - Debug modes were removed. - mbedtls_ssl_conf_truncated_hmac() now returns void. - mbedtls_memory_buffer_alloc_init() now returns void. - X.509 verification flags are now an uint32_t. Affect the signature of: mbedtls_ssl_get_verify_result() mbedtls_x509_ctr_verify_info() mbedtls_x509_crt_verify() (flags, f_vrfy -> needs to be updated) mbedtls_ssl_conf_verify() (f_vrfy -> needs to be updated) - The following functions changed prototype to avoid an in-out length parameter: mbedtls_base64_encode() mbedtls_base64_decode() mbedtls_mpi_write_string() mbedtls_dhm_calc_secret() - In the NET module, all "int" and "int *" arguments for file descriptors changed type to "mbedtls_net_context *". - net_accept() gained new arguments for the size of the client_ip buffer. - In the threading layer, mbedtls_mutex_init() and mbedtls_mutex_free() now return void. - ecdsa_write_signature() gained an addtional md_alg argument and ecdsa_write_signature_det() was deprecated. - pk_sign() no longer accepts md_alg == POLARSSL_MD_NONE with ECDSA. - Last argument of x509_crt_check_key_usage() and mbedtls_x509write_crt_set_key_usage() changed from int to unsigned. - test_ca_list (from certs.h) is renamed to test_cas_pem and is only available if POLARSSL_PEM_PARSE_C is defined (it never worked without). - Test certificates in certs.c are no longer guaranteed to be nul-terminated strings; use the new *_len variables instead of strlen(). - Functions mbedtls_x509_xxx_parse(), mbedtls_pk_parse_key(), mbedtls_pk_parse_public_key() and mbedtls_dhm_parse_dhm() now expect the length parameter to include the terminating null byte for PEM input. - Signature of mpi_mul_mpi() changed to make the last argument unsigned - calloc() is now used instead of malloc() everywhere. API of platform layer and the memory_buffer_alloc module changed accordingly. - Change SSL_DISABLE_RENEGOTIATION config.h flag to SSL_RENEGOTIATION (support for renegotiation now needs explicit enabling in config.h). - Split MBEDTLS_HAVE_TIME into MBEDTLS_HAVE_TIME and MBEDTLS_HAVE_TIME_DATE in config.h - net_connect() and net_bind() have a new 'proto' argument to choose between TCP and UDP, using the macros NET_PROTO_TCP or NET_PROTO_UDP. Their 'port' argument type is changed to a string. - Some constness fixes Removals - Removed mbedtls_ecp_group_read_string(). Only named groups are supported. - Removed mbedtls_ecp_sub() and mbedtls_ecp_add(), use mbedtls_ecp_muladd(). - Removed individual mdX_hmac, shaX_hmac, mdX_file and shaX_file functions (use generic functions from md.h) - Removed mbedtls_timing_msleep(). Use mbedtls_net_usleep() or a custom waiting function. - Removed test DHM parameters from the test certs module. - Removed the PBKDF2 module (use PKCS5). - Removed POLARSSL_ERROR_STRERROR_BC (use mbedtls_strerror()). - Removed compat-1.2.h (helper for migrating from 1.2 to 1.3). - Removed openssl.h (very partial OpenSSL compatibility layer). - Configuration options POLARSSL_HAVE_LONGLONG was removed (now always on). - Configuration options POLARSSL_HAVE_INT8 and POLARSSL_HAVE_INT16 have been removed (compiler is required to support 32-bit operations). - Configuration option POLARSSL_HAVE_IPV6 was removed (always enabled). - Removed test program o_p_test, the script compat.sh does more. - Removed test program ssl_test, superseded by ssl-opt.sh. - Removed helper script active-config.pl New deprecations - md_init_ctx() is deprecated in favour of md_setup(), that adds a third argument (allowing memory savings if HMAC is not used) Semi-API changes (technically public, morally private) - Renamed a few headers to include _internal in the name. Those headers are not supposed to be included by users. - Changed md_info_t into an opaque structure (use md_get_xxx() accessors). - Changed pk_info_t into an opaque structure. - Changed cipher_base_t into an opaque structure. - Removed sig_oid2 and rename sig_oid1 to sig_oid in x509_crt and x509_crl. - x509_crt.key_usage changed from unsigned char to unsigned int. - Removed r and s from ecdsa_context - Removed mode from des_context and des3_context Default behavior changes - The default minimum TLS version is now TLS 1.0. - RC4 is now blacklisted by default in the SSL/TLS layer, and excluded from the default ciphersuite list returned by ssl_list_ciphersuites() - Support for receiving SSLv2 ClientHello is now disabled by default at compile time. - The default authmode for SSL/TLS clients is now REQUIRED. - Support for RSA_ALT contexts in the PK layer is now optional. Since is is enabled in the default configuration, this is only noticeable if using a custom config.h - Default DHM parameters server-side upgraded from 1024 to 2048 bits. - A minimum RSA key size of 2048 bits is now enforced during ceritificate chain verification. - Negotiation of truncated HMAC is now disabled by default on server too. - The following functions are now case-sensitive: mbedtls_cipher_info_from_string() mbedtls_ecp_curve_info_from_name() mbedtls_md_info_from_string() mbedtls_ssl_ciphersuite_from_string() mbedtls_version_check_feature() Requirement changes - The minimum MSVC version required is now 2010 (better C99 support). - The NET layer now unconditionnaly relies on getaddrinfo() and select(). - Compiler is required to support C99 types such as long long and uint32_t. API changes from the 1.4 preview branch - ssl_set_bio_timeout() was removed, split into mbedtls_ssl_set_bio() with new prototype, and mbedtls_ssl_set_read_timeout(). - The following functions now return void: mbedtls_ssl_conf_transport() mbedtls_ssl_conf_max_version() mbedtls_ssl_conf_min_version() - DTLS no longer hard-depends on TIMING_C, but uses a callback interface instead, see mbedtls_ssl_set_timer_cb(), with the Timing module providing an example implementation, see mbedtls_timing_delay_context and mbedtls_timing_set/get_delay(). - With UDP sockets, it is no longer necessary to call net_bind() again after a successful net_accept(). Changes - mbedtls_ctr_drbg_random() and mbedtls_hmac_drbg_random() are now thread-safe if MBEDTLS_THREADING_C is enabled. - Reduced ROM fooprint of SHA-256 and added an option to reduce it even more (at the expense of performance) MBEDTLS_SHA256_SMALLER.
Diffstat (limited to 'doc/TODO')
0 files changed, 0 insertions, 0 deletions