Age | Commit message (Collapse) | Author | Files | Lines |
|
Noteworthy changes in version 2.2.37 (2022-08-24)
-------------------------------------------------
* gpg: In de-vs mode use SHA-256 instead of SHA-1 as implicit
preference. [T6043]
* gpg: Actually show symmetric+pubkey encrypted data as de-vs
compliant. Add extra compliance checks for symkey_enc packets.
[T6119]
* gpg: Request keygrip of key to be added via command-fd interface.
[T5771]
* gpg: Look up user ID to revoke by UID hash. [T5936]
* gpg: Fix wrong error message for "keytocard". [T6122]
* gpg: --card-status shows the application type for non-openpgp
cards again. [rG8e393e2592]
* gpg: The options --auto-key-import and --include-key-block are
again listed by gpgconf. [T6138]
* gpgsm: New option --compatibility-flags. [rG77b6896f7a]
* agent: New options --no-user-trustlist and --sys-trustlist-name.
[T5990]
* agent: Track and update the Display-S/N of cards so that the
"please insert card" prompt may now show more information. Use
"gpg --card-status" to update stored card meta data. [T6135]
* scd:openpgp: Fix problem with ECC algorithm attributes on
Yubikeys. [rG225c66f13b87]
* scd:openpgp: Fix problem with Yubikey 5.4 firmware. [T6070]
* dirmngr: Ask keyservers to provide the key fingerprints. [T5741]
* ssh: Allow authentication as used by OpenSSH's PQ crypto support.
[T5935]
* wkd: Fix path traversal attack in gpg-wks-server. Add the mail
address to the pending request data. [rGc1489ca0e1, T6098]
* gpgconf: Improve registry dumping. [rG6bc9592318]
* Silence warnings from AllowSetForegroundWindow. [rG6583abedf3]
|
|
where getentropy() is not present. Bump PKGREVISION.
|
|
Changes since 1.34.0:
2.11.0 (2022-08-18)
Features
add integration tests for configurable token lifespan (#1103) (124bae6)
Bug Fixes
Async certificate retrieving (#1101) (05f125d)
2.10.0 (2022-08-05)
Features
add integration tests for pluggable auth (#1073) (f8d776a)
support for configurable token lifetime (0dc6a9a)
support for configurable token lifetime (#1079) (0dc6a9a)
Bug Fixes
async certificate decoding (#1085) (741c6c6)
Async system tests were not unwrapping async_generators (#1086) (29d248a)
Fix IDTokenCredentials update bug (#1072) (b62c25c)
make expiration_time optional in response schema (#1091) (032fb8d)
refactor credential subclass parameters (#1095) (8d15f69)
2.9.1 (2022-07-12)
Bug Fixes
there was a raise missing for throwing exceptions (#1077) (d1f17b0)
2.9.0 (2022-06-28)
Features
pluggable auth support (#1045) (de14f4e)
2.8.0 (2022-06-14)
Features
add experimental GDCH support (#1044) (94fb5e2)
2.7.0 (2022-06-07)
Features
add experimental enterprise cert support (#1052) (dda7dda)
add experimental GDCH support (#1022) (5367aac)
Pluggable auth support (#995) (62daa73)
Bug Fixes
validate urls for external accounts (#1031) (61b1f15)
Reverts
pluggable auth support #995 (#1039) (513d999)
revert experimental GDCH support (#1022) (#1042) (c720995)
Documentation
fix changelog header to consistent size (#1046) (e64d084)
2.6.6 (2022-04-21)
Bug Fixes
silence TypeError during tear down stage (#1027) (952a6aa)
2.6.5 (2022-04-14)
Bug Fixes
add additional missing import in _default.py (#1018) (638331b)
2.6.4 (2022-04-12)
Bug Fixes
fix missing import in _default.py (#1015) (63f4e38)
2.6.3 (2022-04-06)
Bug Fixes
change requests lib import place (#1010) (c753c08)
clean up HTTP session and pool during tear down phase (#1007) (d057376)
pin click version and update sys test creds (#1008) (ae2804b)
2.6.2 (2022-03-16)
Bug Fixes
Rename aws imdsv2 url field and update token lifetime (#982) (818e6d2)
Miscellaneous Chores
let release-please finish the release (#991) (d2bdc9a)
2.6.1 (2022-02-09)
Bug Fixes
Add AWS session token to metadata requests (#958) (5c7f734)
2.6.0 (2022-01-31)
Features
ADC can load an impersonated service account credentials. (#962) (52c8ef9)
Bug Fixes
revert "feat: add api key support (#826)" (#964) (f9f23f4)
2.5.0 (2022-01-25)
Features
ADC can load an impersonated service account credentials. (#956) (a8eb4c8)
2.4.1 (2022-01-21)
Bug Fixes
urllib3 import (#953) (c8b5cae)
2.4.0 (2022-01-20)
Features
add 'py.typed' declaration (#919) (c993504)
add api key support (#826) (3b15092)
Bug Fixes
deps: allow cachetools 5.0 for python 3.7+ (#937) (1eae37d)
fix the message format for metadata server exception (#916) (e756f08)
Documentation
fix intersphinx link for 'requests-oauthlib' (#921) (967be4f)
note ValueError in verify_oauth2_token (#928) (82bc5f0)
2.3.3 (2021-11-01)
Bug Fixes
add fetch_id_token_credentials (#866) (8f1e9cf)
fix error in sign_bytes (#905) (ef31284)
use 'int.to_bytes' and 'int.from_bytes' for py3 (#904) (bd0ccc5)
2.3.2 (2021-10-26)
Bug Fixes
add clock_skew_in_seconds to verify_token functions (#894) (8e95c1e)
2.3.1 (2021-10-21)
Bug Fixes
add back python 2.7 for gcloud usage only (#892) (5bd5ccf)
Documentation
Fix formatting of GCE_METADATA_HOST (#890) (e2b3c98)
2.3.0 (2021-10-07)
Features
add support for Python 3.10 (#882) (19d41f8)
Bug Fixes
ADC with impersonated workforce pools (#877) (10bd9fb)
2.2.1 (2021-09-28)
Bug Fixes
disable self signed jwt for domain wide delegation (#873) (0cd15e2)
2.2.0 (2021-09-21)
Features
add support for workforce pool credentials (#868) (993bab2)
2.1.0 (2021-09-10)
Features
Improve handling of clock skew (#858) (45c4491)
Bug Fixes
add SAML challenge to reauth (#819) (13aed5f)
disable warning if quota project id provided to auth.default() (#856) (11ebaeb)
rename CLOCK_SKEW and separate client/server user case (#863) (738611b)
2.0.2 (2021-08-25)
Bug Fixes
use 'int.to_bytes' rather than deprecated crypto wrapper (#848) (b79b554)
use int.from_bytes (#846) (466aed9)
2.0.1 (2021-08-17)
Bug Fixes
normalize AWS paths correctly on windows (#842) (4e0fb1c)
2.0.0 (2021-08-16)
BREAKING CHANGES
drop support for Python 2.7 (#778) (560cf1e)
Features
service account is able to use a private token endpoint (#835) (20b817a)
Bug Fixes
downscoping documentation bugs (#830) (da8bb13)
Fix missing space in error message. (#821) (7b03988)
Documentation
update user guide/references for downscoped creds (#827) (d1840dc)
|
|
Changes since 0.4.6:
fix changelog header to consistent size.
avoid deprecated "out-of-band" authentication flow
deprecate OAuth out-of-band flow
|
|
|
|
|
|
0.17.0 (2022-05-11)
IMPROVEMENTS
* Added MissingRequiredStateErr error type to refer to 412s returned by
Vault 1.10 when the WAL index on the node does not match the index in the
Server-Side Consistent Token. This error type can be passed as a
parameter to #with_retries, and will also be retried automatically when
#with_retries is used with no parameters.
|
|
0.2.37 (2021-09-16)
* Land #42, Update Ubuntu version & Ruby setup
0.2.38 (2022-06-29)
* Land #44, Fix rex-text split string crash
0.2.39 (2022-08-08)
* Land #47, Run ubuntu 22.04 in test matrix
|
|
0.1.35 (2022-04-05)
* Land #42, Add ruby 3.1.1 to test matrix
0.1.36 (2022-05-03)
* Land #45, Allow explicitly setting peer hostname
0.1.37 (2022-05-03)
* Land #46, fixes a bug caused by a missing require statement
0.1.38 (2022-05-03)
* Land #44, Ignore trailing commas in range walker
0.1.39 (2022-05-09)
* Land #48, Fix typo in ssl_tcp.rb Fixes #47
0.1.40 (2022-06-13)
* Fix typo in README.md
0.1.41 (2022-08-02)
* Land #50, Run ubuntu 22.04 in test matrix
|
|
0.1.95 (2022-02-14)
* Land #39, Fix upgrading sessions on Windows
0.1.96 (2022-04-07)
* Land #40, Add ruby 3.1.1 to test matrix
|
|
0.1.7 (2022-03-07)
* Land #2, Fix Multipart Boundary Fingerprint Issue
|
|
0.1.29 (2022-03-07)
* Land #30, Add 'no_proto' option to wget/curl/lwp-request command stagers
0.1.30 (2022-04-05)
* Land #30, Add 'no_proto' option to wget/curl/lwp-request command stagers
0.1.31 (2022-07-01)
* Land #32, Add ruby 3.1.1 to test matrix
* Land #34, CmdStagerTFTP: Set payload filename; raise if tftphost is not
set
0.1.32 (2022-07-11)
* Land #35, add cmdstager tests
0.1.33 (2022-07-14)
* Land #33, add FtpHttp cmdstager
0.1.34 (2022-07-18)
* Land #37, Update spec tests
0.1.35 (2022-7-18)
* Land #38, Add missing Rex::Exploitation::ObfuscateJS tests
|
|
0.1.21 (2022-01-25)
* Land #21, Apply rubocop changes to socket_abstraction
0.1.22 (2022-01-26)
* Land #23, GitHub actions for running tests
0.1.23 (2022-01-26)
* Land #24, move verify.yml to workflows folder
0.1.24 (2022-01-26)
* Land #24, move verify.yml to workflows folder
0.1.25 (2022-01-26)
* Land #22, cherry pick of stream_server cleanup
0.1.26 (2022-02-15)
* Land #20, Fix metasploit-framework#15968 (Multiple Socket Abstraction
Bugs)
0.1.27 (2022-03-24)
* Land #25, Stop refs being cloned or duped
0.1.28 (2022-04-05)
* Land #26, Rex::Compat: open_browser: Prepend 'file://' to file URLs for
Android
|
|
4.1.6 (2022-01-07)
* To add a workflow for Simplecov Report
4.1.7 (2022-01-17)
* Add workstation team as code-owner
* Avoid loading all of chef-vault unless we're running the plugin (#385)
4.1.8 (2022-04-10)
* updated the HTTPServerException to HTTPClientException
* Merge pull request #391 from chef/nikhil/updating-ruby-3.0/3.1
4.1.9 (2022-04-12)
* Update chef-utils requirement from = 16.6.14 to 17.10.0 #394
(dependabot[bot])
* Update pry-stack_explorer requirement from ~> 0.4.0 to ~> 0.6.1 #395
(dependabot[bot])
4.1.10 (2022-04-18)
Merged Pull Requests
* To integrate test coverage % report in PR creation or merge #387
(snehaldwivedi)
|
|
1.0.0 (2022-08-23)
The first "Stable Release" in terms of Semantic Versioning.
The oldest supported Ruby, currently 2.7, will be dropped no later than
April 2025, and a new major version of this gem will be released to drop
Ruby 2.7 support (and possibly other stuff).
|
|
2.0.2 (2022-07-29)
* Fix calculation with openss3
|
|
1.2.3 (2022-07-29)
* Fix calculation with openssl3
|
|
Reallu update to 2.0.94 not 2.0.93.
|
|
2.0.75 (2022-02-23)
* Fix race condition when reading subprocess results
* Fail on invalid impersonation levels
2.0.76 (2022-03-01)
* Land #537, Fix race condition in pymet
2.0.77 (2022-03-01)
* Update mimikatz to 61cd1b9168
2.0.78 (2022-03-25)
* Build and ship debug builds for windows meterpreter
* Don't modify strings you don't own
* add AMD64 in get_system_arch
* add case insensivity
* Land #555, add AMD64 arch in get_system_arch()
2.0.79 (2022-04-01)
* Fix PHP Meterpreter crashing when trying to close a resource
* Land #553, Build and ship debug builds for windows meterpreter
2.0.80 (2022-04-01)
* Land #560, add build debug version to r7_all
2.0.81 (2022-04-05)
* Land #558, PHP Meterpreter v8.x Support - ensure already closed channels
are not reclosed
2.0.82 (2022-04-12)
* Fix AF_INET constants in PHP Meterpreter
* Land #557, Add debug logfile to Python Meterpreter
2.0.83 (2022-04-12)
* Land #559, Add logging prerequisites to PHP Meterpreter
2.0.84 (2022-04-26)
* Update the kiwi extension
* Various changes required for cross compilation
* Land #564, Remove unused extension network pug
2.0.85 (2022-04-29)
* Add REQUEST_IGNORE_BATTERY_OPTIMIZATIONS android permission
* Land #563, Add logging to file capabilities to windows Meterpreter
2.0.86 (2022-05-03)
* Land #566, Add REQUEST_IGNORE_BATTERY_OPTIMIZATIONS android permission
2.0.87 (2022-05-03)
* Land #565, update mimikatz (the kiwi extension)
2.0.88 (2022-05-04)
* Fix order of closing channels
* Update to include ReflectiveDllInjection#12
* Land #562, Fix AF_INET constants in PHP Meterpreter
2.0.89 (2022-05-05)
* Land #572, Fix argument order for array join
2.0.90 (2022-05-06)
* Land #570, Fix order of closing channels
2.0.91 (2022-05-11)
* Land #574, Remove logging artifacts that made their way into the release
build
2.0.92 (2022-05-16)
* Land #575, fix android meterpreter > play audio command
2.0.93 (2022-05-17)
* Land #571, Update ReflectiveDLLInjection to include #12 and remove a few
RWX memory sections.
2.0.94 (2022-06-23)
* Land #577, Add 6th getsystem technique EfsPotato
|
|
4.0.4 (20220-4-07)
* Add ruby 3.1.1 to test matrix
4.0.5 (2022-06-17)
* Add login status enum for incorrect public part
4.0.6 (2022-08-02)
* Run ubuntu 22.04 in test matrix
|
|
4.0.4 (2022-04-05)
* Add ruby 3.1.1 to test matrix.
|
|
3.1.17 (2022-05-14)
* Unlock GVL when calculating hashes and salts [GH #260]
* Fix compilation warnings in `ext/mri/bcrypt_ext.c` [GH #261]
3.1.18 (2022-05-16)
* Fix regex in validators to use \A and \z instead of ^ and $ [GH #121]
* Truncate secrets greater than 72 bytes in hash_secret [GH #255]
* Assorted test and doc improvements
|
|
1.4.1 (2022-07-23)
This is a gem housekeeping release. No user-facing changes.
Housekeeping
* Rename default branch to main (#140) @mattbrictson
* Include link to full diff in generated release notes (#144) @mattbrictson
* Replace Travis with CircleCI and add Ruby 3.0 and 3.1 to CI matrix (#138)
@mattbrictson
* Upgrade to modern version of coveralls gem (#143) @mattbrictson
* Update appveyor to use a more modern version of Ruby (2.6) (#142)
@mattbrictson
* Fix build failures on Ruby < 2.5 (#141) @mattbrictson
* Simplify release-drafter config (#139) @mattbrictson
|
|
- proxyprotocol cleanup
- v2 removed
- switched to buffer lib.
- man page fixed many typos
- tlswrapper-smtp update, added postgrey support
- randombytes based on getentropy() insted of /dev/urandom
- big cleanup in the code
|
|
0.5.0
This is an enhancement and bug-fix release, and all users are encouraged to
upgrade.
|
|
|
|
prelude is unmaintained in pkgsrc since 2009 and is several major
versions behind. This makes it useless for it's intended purpose as an
intrusion detection system. Can be revived if/when there is an interested
maintainer. But it's probably easier to start from scratch given how stale
these packages were.
|
|
|
|
Changes since 2.4.1:
Version 2.6.7 (released 2021-05-01)
pam_oath: Support variables in usersfile string parameter. the
usersfile string in the pam_oath configuration file. The placeholder values
allow the user credentials file to be stored in a file path that is relative
to the user, and mimics similar behavior found in
google-authenticator-libpam.
The motivation for these changes is to allow for non-privileged processes to
use pam_oath (e.g., for 2FA with xscreensaver). Non-privileged and non-suid
programs are unable to use pam_oath. These changes are a proposed
alternative to a suid helper binary as well.
Thanks to Jason Graham for the patch. See
https://gitlab.com/oath-toolkit/oath-toolkit/-/merge_requests/12.
doc: Fix project URL in man pages. Thanks to Jason Graham
for the patch. Fixes
https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/19.
build: Drop use of libxml's AM_PATH_XML2 in favor of pkg-config.
build: Modernize autotools usage. Most importantly, no longer use
-Werror with AM_INIT_AUTOMAKE to make rebuilding from source more safe with
future automake versions.
Updated gnulib files.
Version 2.6.6 (released 2021-01-20)
oathtool: Handle HOTP --counter values larger than 0x7FFFFFFFFFFFFFFF.
Thanks to Jason Lai for report.
doc: GTK-DOC manual improvements.
Updated gnulib files. Fixes test-parse-datetime self-check. Fixes
https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/20.
Version 2.6.5 (released 2020-12-29)
oathtool: Support for reading KEY and OTP from standard input or
filename. KEY and OTP may now be given as - to mean stdin, or @FILE to read
from a particular file. This is recommended on multi-user systems, since
secrets as command line parameters leak. Based on a patch from Ian Jackson.
Fixes #6.
pam_oath: Fix unlikely logic fail on out of memory conditions. Patch
from Matthias Gerstner.
Doc fixes.
Version 2.6.4 (released 2020-11-11)
libpskc: New --with-xmlsec-crypto-engine to hard-code crypto engine.
Fixes https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/16. Use it like
--with-xmlsec-crypto-engine=gnutls or --with-xmlsec-crypto-engine=openssl if
the default dynamic loading fails because of runtime linker search path
issues.
oathtool --totp --verbose now prints TOTP hash mode. Fixes
https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/4.
oathtool: Hash names (e.g., SHA256) for --totp are now upper case.
Fixes https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/3. Lower/mixed
case hash names are supported for compatibility.
pam_oath: Fail gracefully for missing users. Fixes
https://savannah.nongnu.org/support/index.php?109111. This allows you to
incrementally add support for OATH authentication instead of forcing it on
all users. See updated pam_oath/README on the [user_unknown=ignore
success=ok] parameter that can now be supplied to PAM configuration. Patch
by Antoine Beaupra
Fix libpskc memory corruption bug. Fixes
https://savannah.nongnu.org/support/?108736. Thanks to David Woodhouse and
Jaroslav A karvada for report, self check and patch.
Fix man pages. Fixes https://savannah.nongnu.org/support/?108312.
Thanks to Jaroslav A karvada for the patch.
Build fixes.
Version 2.6.3 (released 2020-11-07)
pam_oath: Fix self-tests.
build: Update gnulib. Fix compiler warnings.
Doc fixes.
Version 2.6.2 (released 2016-08-27)
doc: Version controlled source code repository moved to GitLab.
Version 2.6.1 (released 2015-07-31)
liboath: Fix make check on 32-bit systems. Report and patch by
Christian Hesse.
Version 2.6.0 (released 2015-05-19)
liboath: Support TOTP with HMAC-SHA256 and HMAC-SHA512. This adds new
APIs oath_totp_generate2, oath_totp_validate4 and
oath_totp_validate4_callback.
oathtool: The --totp parameter now take an optional argument to specify
MAC. For example use --totp=sha256 to use HMAC-SHA256. When --totp is used
the default HMAC-SHA1 is used, as before.
pam_oath: Mention in README that you shouldn???t use insecure keys.
Suggested by Robin.
pam_oath: Check return value from strdup. Patch by Eero Hakkinen.
The files gdoc and expect.oath are now included in the tarball.
Suggested by Jaroslav A karvada.
|
|
|
|
Release 2.12.0 (10 Aug 2022)
----------------------------
* Added top-level functions run_client() and run_server() which allow
you to begin running an SSH client or server on an already-connected
socket. This capability is also available via a new "sock" argument
in the existing connect(), connect_reverse(), get_server_host_key(),
and get_server_auth_methods() functions.
* Added "sock" argument to listen() and listen_reverse() functions
which takes an already-bound listening socket instead of a host
and port to bind a new socket to.
* Added support for forwarding break, signal, and terminal size updates
when redirection of stdin is set up between two SSHProcess instances.
* Added support for sntrup761x25519-sha512@openssh.com post-quantum
key exchange algorithm. For this to be available, the Open Quantum
Safe (liboqs) dynamic library must be installed.
* Added "sig_alg" argument to set a signature algorithm when creating
OpenSSH certificates, allowing a choice between ssh-rsa, rsa-sha2-256,
and rsa-sha2-512 for certificates signed by RSA keys.
* Added new read_parallel() method in SFTPClientFile which allows
parallel reads to be performed from a remote file, delivering
incremental results as these reads complete. Previously, large
reads would automatically be parallelized, but a result was only
returned after all reads completed.
* Added definition of __all__ for public symbols in AsyncSSH to make
pyright autocompletion work better. Thanks go to Nicolas Riebesel
for providing this change.
* Updated SFTP and SCP glob and copy functions to use scandir() instead
of listdir() to improve efficiency.
* Updated default for "ignore_encrypted" client connection option to
ignore encrypted keys specified in an OpenSSH config file when no
passphrase is provided, similar to what was previosuly done for
keys with default names.
* Fixed an issue when using an SSH agent with RSA keys and an X.509
certificate while requesting SHA-2 signatures.
* Fixed an issue with use of expanduser() in unit tests on newer versions
of Python. Thanks go to Georg Sauthoff for providing an initial version
of this fix.
* Fixed an issue with fallback to a Pageant agent not working properly
on Windows when no agent_path or SSH_AUTH_SOCK was set.
* Fixed improper escaping in readuntil(), causing certain punctuation in
separator to not match properly. Thanks go to Github user MazokuMaxy
for reporting this issue.
* Fixed the connection close handler to properly mark channels as fully
closed when the peer unexpected closes the connection, allowing
exceptions to fire if an application continues to try and use
the channel. Thanks go to Taha Jahangir for reporting this issue and
suggesting a possible fix.
* Eliminated unit testing against OpenSSH for tests involving DSA and
RSA keys using SHA-1 signatures, since this support is being dropped
in some distributions of OpenSSH. These tests are still performed, but
using only AsyncSSH code. Thanks go to Ken Dreyer and Georg Sauthoff
for reporting this issue and helping me to reproduce it.
|
|
|
|
|
|
[0.9.1] - 2022-08-18
Added
Support setting the detail level via config or args (#44)
Changed
Enable GitHub Sponsors for funding
Apply clippy lints for tests
Bump dependencies
Set MSRV to 1.57.0
Fixed
Apply clippy lints
Update test preparation script about gpg directories
Removed
Remove broken link from README.md
|
|
|
|
Noteworthy changes in version 1.18.0 (2022-08-10)
-------------------------------------------------
* New keylist mode to force refresh via external methods. [T5951]
* The keylist operations now create an import result to report the
result of the locate keylist modes. [T5951]
* core: Return BAD_PASSPHRASE error code on symmetric decryption
failure. [T5939]
* cpp, qt: Do not export internal symbols anymore. [T5906]
* cpp, qt: Support revocation of own OpenPGP keys. [T5904]
* qt: The file name of (signed and) encrypted data can now be set. [T6056]
* cpp, qt: Support setting the primary user ID. [T5938]
* python: Fix segv(NULL) when inspecting contect after exeception. [T6060]
|
|
compatible with upstream Bitwarden password manager clients.
It is well-suited for self-hosted deployment, where running the
official resource-heavy service might not be ideal.
|
|
|
|
|
|
|
|
mbed TLS (formerly known as PolarSSL) makes it trivially easy for
developers to include cryptographic and SSL/TLS capabilities in
their (embedded) products, facilitating this functionality with a
minimal coding footprint.
This contains major version 3 of the library, which is not backwards
compatible to version 2.
|
|
|
|
|
|
= Mbed TLS 2.28.1 branch released 2022-07-11
Default behavior changes
* mbedtls_cipher_set_iv will now fail with ChaCha20 and ChaCha20+Poly1305
for IV lengths other than 12. The library was silently overwriting this
length with 12, but did not inform the caller about it. Fixes #4301.
Features
* When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you may list the PSA crypto
feature requirements in the file named by the new macro
MBEDTLS_PSA_CRYPTO_CONFIG_FILE instead of the default psa/crypto_config.h.
Furthermore you may name an additional file to include after the main
file with the macro MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE.
Security
* Zeroize dynamically-allocated buffers used by the PSA Crypto key storage
module before freeing them. These buffers contain secret key material, and
could thus potentially leak the key through freed heap.
* Fix a potential heap buffer overread in TLS 1.2 server-side when
MBEDTLS_USE_PSA_CRYPTO is enabled, an opaque key (created with
mbedtls_pk_setup_opaque()) is provisioned, and a static ECDH ciphersuite
is selected. This may result in an application crash or potentially an
information leak.
* Fix a buffer overread in DTLS ClientHello parsing in servers with
MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled. An unauthenticated client
or a man-in-the-middle could cause a DTLS server to read up to 255 bytes
after the end of the SSL input buffer. The buffer overread only happens
when MBEDTLS_SSL_IN_CONTENT_LEN is less than a threshold that depends on
the exact configuration: 258 bytes if using mbedtls_ssl_cookie_check(),
and possibly up to 571 bytes with a custom cookie check function.
Reported by the Cybeats PSI Team.
Bugfix
* Fix a memory leak if mbedtls_ssl_config_defaults() is called twice.
* Fix several bugs (warnings, compiler and linker errors, test failures)
in reduced configurations when MBEDTLS_USE_PSA_CRYPTO is enabled.
* Fix a bug in (D)TLS curve negotiation: when MBEDTLS_USE_PSA_CRYPTO was
enabled and an ECDHE-ECDSA or ECDHE-RSA key exchange was used, the
client would fail to check that the curve selected by the server for
ECDHE was indeed one that was offered. As a result, the client would
accept any curve that it supported, even if that curve was not allowed
according to its configuration. Fixes #5291.
* Fix unit tests that used 0 as the file UID. This failed on some
implementations of PSA ITS. Fixes #3838.
* Fix API violation in mbedtls_md_process() test by adding a call to
mbedtls_md_starts(). Fixes #2227.
* Fix compile errors when MBEDTLS_HAVE_TIME is not defined. Add tests
to catch bad uses of time.h.
* Fix the library search path when building a shared library with CMake
on Windows.
* Fix bug in the alert sending function mbedtls_ssl_send_alert_message()
potentially leading to corrupted alert messages being sent in case
the function needs to be re-called after initially returning
MBEDTLS_SSL_WANT_WRITE. Fixes #1916.
* In configurations with MBEDTLS_SSL_DTLS_CONNECTION_ID enabled but none of
MBEDTLS_SSL_HW_RECORD_ACCEL, MBEDTLS_SSL_EXPORT_KEYS or MBEDTLS_DEBUG_C,
DTLS handshakes using CID would crash due to a null pointer dereference.
Fix this. Fixes #3998.
* Fix incorrect documentation of mbedtls_x509_crt_profile. The previous
documentation stated that the `allowed_pks` field applies to signatures
only, but in fact it does apply to the public key type of the end entity
certificate, too. Fixes #1992.
* Fix PSA cipher multipart operations using ARC4. Previously, an IV was
required but discarded. Now, an IV is rejected, as it should be.
* Fix undefined behavior in mbedtls_asn1_find_named_data(), where val is
not NULL and val_len is zero.
* psa_raw_key_agreement() now returns PSA_ERROR_BUFFER_TOO_SMALL when
applicable. Fixes #5735.
* Fix a bug in the x25519 example program where the removal of
MBEDTLS_ECDH_LEGACY_CONTEXT caused the program not to run. Fixes #4901 and
#3191.
* Encode X.509 dates before 1/1/2000 as UTCTime rather than
GeneralizedTime. Fixes #5465.
* Fix order value of curve x448.
* Fix string representation of DNs when outputting values containing commas
and other special characters, conforming to RFC 1779. Fixes #769.
* Silence a warning from GCC 12 in the selftest program. Fixes #5974.
* Fix mbedtls_asn1_write_mpi() writing an incorrect encoding of 0.
* Fix resource leaks in mbedtls_pk_parse_public_key() in low
memory conditions.
* Fix server connection identifier setting for outgoing encrypted records
on DTLS 1.2 session resumption. After DTLS 1.2 session resumption with
connection identifier, the Mbed TLS client now properly sends the server
connection identifier in encrypted record headers. Fix #5872.
* Fix a null pointer dereference when performing some operations on zero
represented with 0 limbs (specifically mbedtls_mpi_mod_int() dividing
by 2, and mbedtls_mpi_write_string() in base 2).
* Fix record sizes larger than 16384 being sometimes accepted despite being
non-compliant. This could not lead to a buffer overflow. In particular,
application data size was already checked correctly.
Changes
* Assume source files are in UTF-8 when using MSVC with CMake.
= mbed TLS 2.28.0 branch released 2021-12-17
API changes
* Some fields of mbedtls_ssl_session and mbedtls_ssl_config are in a
different order. This only affects applications that define such
structures directly or serialize them.
Requirement changes
* Sign-magnitude and one's complement representations for signed integers are
not supported. Two's complement is the only supported representation.
Removals
* Remove config option MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES,
which allowed SHA-1 in the default TLS configuration for certificate
signing. It was intended to facilitate the transition in environments
with SHA-1 certificates. SHA-1 is considered a weak message digest and
its use constitutes a security risk.
* Remove the partial support for running unit tests via Greentea on Mbed OS,
which had been unmaintained since 2018.
Features
* The identifier of the CID TLS extension can be configured by defining
MBEDTLS_TLS_EXT_CID at compile time.
* Warn if errors from certain functions are ignored. This is currently
supported on GCC-like compilers and on MSVC and can be configured through
the macro MBEDTLS_CHECK_RETURN. The warnings are always enabled
(where supported) for critical functions where ignoring the return
value is almost always a bug. Enable the new configuration option
MBEDTLS_CHECK_RETURN_WARNING to get warnings for other functions. This
is currently implemented in the AES, DES and md modules, and will be
extended to other modules in the future.
* Add missing PSA macros declared by PSA Crypto API 1.0.0:
PSA_ALG_IS_SIGN_HASH, PSA_ALG_NONE, PSA_HASH_BLOCK_LENGTH, PSA_KEY_ID_NULL.
* Add new API mbedtls_ct_memcmp for constant time buffer comparison.
* Add PSA API definition for ARIA.
Security
* Zeroize several intermediate variables used to calculate the expected
value when verifying a MAC or AEAD tag. This hardens the library in
case the value leaks through a memory disclosure vulnerability. For
example, a memory disclosure vulnerability could have allowed a
man-in-the-middle to inject fake ciphertext into a DTLS connection.
* In psa_cipher_generate_iv() and psa_cipher_encrypt(), do not read back
from the output buffer. This fixes a potential policy bypass or decryption
oracle vulnerability if the output buffer is in memory that is shared with
an untrusted application.
* Fix a double-free that happened after mbedtls_ssl_set_session() or
mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED
(out of memory). After that, calling mbedtls_ssl_session_free()
and mbedtls_ssl_free() would cause an internal session buffer to
be free()'d twice.
Bugfix
* Stop using reserved identifiers as local variables. Fixes #4630.
* The GNU makefiles invoke python3 in preference to python except on Windows.
The check was accidentally not performed when cross-compiling for Windows
on Linux. Fix this. Fixes #4774.
* Prevent divide by zero if either of PSA_CIPHER_ENCRYPT_OUTPUT_SIZE() or
PSA_CIPHER_UPDATE_OUTPUT_SIZE() were called using an asymmetric key type.
* Fix a parameter set but unused in psa_crypto_cipher.c. Fixes #4935.
* Don't use the obsolete header path sys/fcntl.h in unit tests.
These header files cause compilation errors in musl.
Fixes #4969.
* Fix missing constraints on x86_64 and aarch64 assembly code
for bignum multiplication that broke some bignum operations with
(at least) Clang 12.
Fixes #4116, #4786, #4917, #4962.
* Fix mbedtls_cipher_crypt: AES-ECB when MBEDTLS_USE_PSA_CRYPTO is enabled.
* Failures of alternative implementations of AES or DES single-block
functions enabled with MBEDTLS_AES_ENCRYPT_ALT, MBEDTLS_AES_DECRYPT_ALT,
MBEDTLS_DES_CRYPT_ECB_ALT or MBEDTLS_DES3_CRYPT_ECB_ALT were ignored.
This does not concern the implementation provided with Mbed TLS,
where this function cannot fail, or full-module replacements with
MBEDTLS_AES_ALT or MBEDTLS_DES_ALT. Reported by Armelle Duboc in #1092.
* Some failures of HMAC operations were ignored. These failures could only
happen with an alternative implementation of the underlying hash module.
* Fix the error returned by psa_generate_key() for a public key. Fixes #4551.
* Fix the build of sample programs when neither MBEDTLS_ERROR_C nor
MBEDTLS_ERROR_STRERROR_DUMMY is enabled.
* Fix PSA_ALG_RSA_PSS verification accepting an arbitrary salt length.
This algorithm now accepts only the same salt length for verification
that it produces when signing, as documented. Use the new algorithm
PSA_ALG_RSA_PSS_ANY_SALT to accept any salt length. Fixes #4946.
* The existing predicate macro name PSA_ALG_IS_HASH_AND_SIGN is now reserved
for algorithm values that fully encode the hashing step, as per the PSA
Crypto API specification. This excludes PSA_ALG_RSA_PKCS1V15_SIGN_RAW and
PSA_ALG_ECDSA_ANY. The new predicate macro PSA_ALG_IS_SIGN_HASH covers
all algorithms that can be used with psa_{sign,verify}_hash(), including
these two.
* Fix issue in Makefile on Linux with SHARED=1, that caused shared libraries
not to list other shared libraries they need.
* Fix a bug in mbedtls_gcm_starts() when the bit length of the iv
exceeds 2^32. Fixes #4884.
* Fix an uninitialized variable warning in test_suite_ssl.function with GCC
version 11.
* Fix the build when no SHA2 module is included. Fixes #4930.
* Fix the build when only the bignum module is included. Fixes #4929.
* Fix a potential invalid pointer dereference and infinite loop bugs in
pkcs12 functions when the password is empty. Fix the documentation to
better describe the inputs to these functions and their possible values.
Fixes #5136.
* The key usage flags PSA_KEY_USAGE_SIGN_MESSAGE now allows the MAC
operations psa_mac_compute() and psa_mac_sign_setup().
* The key usage flags PSA_KEY_USAGE_VERIFY_MESSAGE now allows the MAC
operations psa_mac_verify() and psa_mac_verify_setup().
Changes
* Set config option MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE to be
disabled by default.
* Improve the performance of base64 constant-flow code. The result is still
slower than the original non-constant-flow implementation, but much faster
than the previous constant-flow implementation. Fixes #4814.
* Indicate in the error returned if the nonce length used with
ChaCha20-Poly1305 is invalid, and not just unsupported.
* The mbedcrypto library includes a new source code module constant_time.c,
containing various functions meant to resist timing side channel attacks.
This module does not have a separate configuration option, and functions
from this module will be included in the build as required. Currently
most of the interface of this module is private and may change at any
time.
= mbed TLS 2.27.0 branch released 2021-07-07
API changes
* Update AEAD output size macros to bring them in line with the PSA Crypto
API version 1.0 spec. This version of the spec parameterizes them on the
key type used, as well as the key bit-size in the case of
PSA_AEAD_TAG_LENGTH.
The old versions of these macros were renamed and deprecated as follows:
- PSA_AEAD_TAG_LENGTH -> PSA_AEAD_TAG_LENGTH_1_ARG
- PSA_AEAD_ENCRYPT_OUTPUT_SIZE -> PSA_AEAD_ENCRYPT_OUTPUT_SIZE_2_ARG
- PSA_AEAD_DECRYPT_OUTPUT_SIZE -> PSA_AEAD_DECRYPT_OUTPUT_SIZE_2_ARG
- PSA_AEAD_UPDATE_OUTPUT_SIZE -> PSA_AEAD_UPDATE_OUTPUT_SIZE_2_ARG
- PSA_AEAD_FINISH_OUTPUT_SIZE -> PSA_AEAD_FINISH_OUTPUT_SIZE_1_ARG
- PSA_AEAD_VERIFY_OUTPUT_SIZE -> PSA_AEAD_VERIFY_OUTPUT_SIZE_1_ARG
* Implement one-shot cipher functions, psa_cipher_encrypt and
psa_cipher_decrypt, according to the PSA Crypto API 1.0.0
specification.
Requirement changes
* The library now uses the %zu format specifier with the printf() family of
functions, so requires a toolchain that supports it. This change does not
affect the maintained LTS branches, so when contributing changes please
bear this in mind and do not add them to backported code.
Features
* Add mbedtls_rsa_rsassa_pss_sign_ext() function allowing to generate a
signature with a specific salt length. This function allows to validate
test cases provided in the NIST's CAVP test suite. Contributed by Cédric
Meuter in PR #3183.
* Added support for built-in driver keys through the PSA opaque crypto
driver interface. Refer to the documentation of
MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS for more information.
* Implement psa_sign_message() and psa_verify_message().
* The new function mbedtls_mpi_random() generates a random value in a
given range uniformly.
* Implement psa_mac_compute() and psa_mac_verify() as defined in the
PSA Cryptograpy API 1.0.0 specification.
* MBEDTLS_ECP_MAX_BITS is now determined automatically from the configured
curves and no longer needs to be configured explicitly to save RAM.
Security
* Fix a bias in the generation of finite-field Diffie-Hellman-Merkle (DHM)
private keys and of blinding values for DHM and elliptic curves (ECP)
computations. Reported by FlorianF89 in #4245.
* Fix a potential side channel vulnerability in ECDSA ephemeral key generation.
An adversary who is capable of very precise timing measurements could
learn partial information about the leading bits of the nonce used for the
signature, allowing the recovery of the private key after observing a
large number of signature operations. This completes a partial fix in
Mbed TLS 2.20.0.
* It was possible to configure MBEDTLS_ECP_MAX_BITS to a value that is
too small, leading to buffer overflows in ECC operations. Fail the build
in such a case.
* An adversary with access to precise enough information about memory
accesses (typically, an untrusted operating system attacking a secure
enclave) could recover an RSA private key after observing the victim
performing a single private-key operation. Found and reported by
Zili KOU, Wenjian HE, Sharad Sinha, and Wei ZHANG.
* An adversary with access to precise enough timing information (typically, a
co-located process) could recover a Curve25519 or Curve448 static ECDH key
after inputting a chosen public key and observing the victim performing the
corresponding private-key operation. Found and reported by Leila Batina,
Lukas Chmielewski, Björn Haase, Niels Samwel and Peter Schwabe.
Bugfix
* Add printf function attributes to mbedtls_debug_print_msg to ensure we
get printf format specifier warnings.
* Fix premature fopen() call in mbedtls_entropy_write_seed_file which may
lead to seed file corruption in the case where the path to the seed file is
equal to MBEDTLS_PLATFORM_STD_NV_SEED_FILE. Contributed by Victor
Krasnoshchok in #3616.
* PSA functions other than psa_open_key now return PSA_ERROR_INVALID_HANDLE
rather than PSA_ERROR_DOES_NOT_EXIST for an invalid handle, bringing them
in line with version 1.0.0 of the specification. Fix #4162.
* PSA functions creating a key now return PSA_ERROR_INVALID_ARGUMENT rather
than PSA_ERROR_INVALID_HANDLE when the identifier specified for the key
to create is not valid, bringing them in line with version 1.0.0 of the
specification. Fix #4271.
* Fix some cases in the bignum module where the library constructed an
unintended representation of the value 0 which was not processed
correctly by some bignum operations. This could happen when
mbedtls_mpi_read_string() was called on "-0", or when
mbedtls_mpi_mul_mpi() and mbedtls_mpi_mul_int() was called with one of
the arguments being negative and the other being 0. Fixes #4643.
* Fix a bug in ECDSA that would cause it to fail when the hash is all-bits
zero. Fixes #1792
* Fix a compilation error when MBEDTLS_ECP_RANDOMIZE_MXZ_ALT is
defined. Fixes #4217.
* Fix an incorrect error code when parsing a PKCS#8 private key.
* In a TLS client, enforce the Diffie-Hellman minimum parameter size
set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the
minimum size was rounded down to the nearest multiple of 8.
* In library/net_sockets.c, _POSIX_C_SOURCE and _XOPEN_SOURCE are
defined to specific values. If the code is used in a context
where these are already defined, this can result in a compilation
error. Instead, assume that if they are defined, the values will
be adequate to build Mbed TLS.
* The cipher suite TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 was not available
when SHA-1 was disabled and was offered when SHA-1 was enabled but SHA-384
was disabled. Fix the dependency. Fixes #4472.
* Do not offer SHA384 cipher suites when SHA-384 is disabled. Fixes #4499.
* With MBEDTLS_PSA_CRYPTO_C disabled, some functions were getting built
nonetheless, resulting in undefined reference errors when building a
shared library. Reported by Guillermo Garcia M. in #4411.
* Fix test suite code on platforms where int32_t is not int, such as
Arm Cortex-M. Fixes #4530.
* Fix some issues affecting MBEDTLS_ARIA_ALT implementations: a misplaced
directive in a header and a missing initialization in the self-test.
* Fix a missing initialization in the Camellia self-test, affecting
MBEDTLS_CAMELLIA_ALT implementations.
* Restore the ability to configure PSA via Mbed TLS options to support RSA
key pair operations but exclude RSA key generation. When MBEDTLS_GENPRIME
is not defined PSA will no longer attempt to use mbedtls_rsa_gen_key().
Fixes #4512.
* Fix a regression introduced in 2.24.0 which broke (D)TLS CBC ciphersuites
(when the encrypt-then-MAC extension is not in use) with some ALT
implementations of the underlying hash (SHA-1, SHA-256, SHA-384), causing
the affected side to wrongly reject valid messages. Fixes #4118.
* Remove outdated check-config.h check that prevented implementing the
timing module on Mbed OS. Fixes #4633.
* Fix PSA_ALG_TLS12_PRF and PSA_ALG_TLS12_PSK_TO_MS being too permissive
about missing inputs.
* Fix mbedtls_net_poll() and mbedtls_net_recv_timeout() often failing with
MBEDTLS_ERR_NET_POLL_FAILED on Windows. Fixes #4465.
* Fix a resource leak in a test suite with an alternative AES
implementation. Fixes #4176.
* Fix a crash in mbedtls_mpi_debug_mpi on a bignum having 0 limbs. This
could notably be triggered by setting the TLS debug level to 3 or above
and using a Montgomery curve for the key exchange. Reported by lhuang04
in #4578. Fixes #4608.
* psa_verify_hash() was relying on implementation-specific behavior of
mbedtls_rsa_rsassa_pss_verify() and was causing failures in some _ALT
implementations. This reliance is now removed. Fixes #3990.
* Disallow inputs of length different from the corresponding hash when
signing or verifying with PSA_ALG_RSA_PSS (The PSA Crypto API mandates
that PSA_ALG_RSA_PSS uses the same hash throughout the algorithm.)
* Fix a null pointer dereference when mbedtls_mpi_exp_mod() was called with
A=0 represented with 0 limbs. Up to and including Mbed TLS 2.26, this bug
could not be triggered by code that constructed A with one of the
mbedtls_mpi_read_xxx functions (including in particular TLS code) since
those always built an mpi object with at least one limb.
Credit to OSS-Fuzz. Fixes #4641.
* Fix mbedtls_mpi_gcd(G,A,B) when the value of B is zero. This had no
effect on Mbed TLS's internal use of mbedtls_mpi_gcd(), but may affect
applications that call mbedtls_mpi_gcd() directly. Fixes #4642.
* The PSA API no longer allows the creation or destruction of keys with a
read-only lifetime. The persistence level PSA_KEY_PERSISTENCE_READ_ONLY
can now only be used as intended, for keys that cannot be modified through
normal use of the API.
* When MBEDTLS_PSA_CRYPTO_SPM is enabled, crypto_spe.h was not included
in all the right places. Include it from crypto_platform.h, which is
the natural place. Fixes #4649.
* mbedtls_pk_sign() and mbedtls_pk_verify() and their extended and
restartable variants now always honor the specified hash length if
nonzero. Before, for RSA, hash_len was ignored in favor of the length of
the specified hash algorithm.
* Fix which alert is sent in some cases to conform to the
applicable RFC: on an invalid Finished message value, an
invalid max_fragment_length extension, or an
unsupported extension used by the server.
* Correct (change from 12 to 13 bytes) the value of the macro describing the
maximum nonce length returned by psa_aead_generate_nonce().
Changes
* Add extra printf compiler warning flags to builds.
* Fix memsan build false positive in x509_crt.c with Clang 11
* Fix the setting of the read timeout in the DTLS sample programs.
* Remove the AES sample application programs/aes/aescrypt2 which shows
bad cryptographic practice. Fix #1906.
* Alternative implementations of CMAC may now opt to not support 3DES as a
CMAC block cipher, and still pass the CMAC self test.
* Remove configs/config-psa-crypto.h, which was identical to the default
configuration except for having some extra cryptographic mechanisms
enabled and for unintended differences. This configuration was primarily
intended to demonstrate the PSA API, and lost most of its usefulness when
MBEDTLS_PSA_CRYPTO_C became enabled by default.
* When building the test suites with GNU make, invoke python3 or python, not
python2, which is no longer supported upstream.
* When using session cache based session resumption on the server,
double-check that custom session cache implementations return
sessions which are consistent with the negotiated ciphersuite
and compression method.
* Fix build failure on MinGW toolchain when __USE_MING_ANSI_STDIO is on.
When that flag is on, standard GNU C printf format specifiers
should be used.
* Reduce the default value of MBEDTLS_ECP_WINDOW_SIZE. This reduces RAM usage
during ECC operations at a negligible performance cost.
* mbedtls_mpi_read_binary(), mbedtls_mpi_read_binary_le() and
mbedtls_mpi_read_string() now construct an mbedtls_mpi object with 0 limbs
when their input has length 0. Note that this is an implementation detail
and can change at any time, so this change should be transparent, but it
may result in mbedtls_mpi_write_binary() or mbedtls_mpi_write_string()
now writing an empty string where it previously wrote one or more
zero digits when operating from values constructed with an mpi_read
function and some mpi operations.
* Implicitly add PSA_KEY_USAGE_SIGN_MESSAGE key usage policy flag when
PSA_KEY_USAGE_SIGN_HASH flag is set and PSA_KEY_USAGE_VERIFY_MESSAGE flag
when PSA_KEY_USAGE_VERIFY_HASH flag is set. This usage flag extension
is also applied when loading a key from storage.
|
|
The package changed with the addition of its libepoll-shim dependency.
Otherwise, we can get:
ERROR: libepoll-shim>=0.0.20210418 is not installed; can't buildlink files.
|
|
Catch up to clamav 0.103.7.
|
|
0.103.7 (2022-07-26)
ClamAV 0.103.7 is a critical patch release with the following fixes:
* Upgrade the vendored UnRAR library to version 6.1.7.
* Fix logical signature "Intermediates" feature.
* Relax constraints on slightly malformed zip archives that contain
overlapping file entries.
|
|
Release 0.18.0 (09 Jul 2022)
New API:
* `curve_by_name` in `curves` module to get a `Curve` object by providing curve
name.
Bug fix:
* Make the `VerifyingKey` encoded with explicit parameters use the same
kind of point encoding for public key and curve generator.
* Better handling of malformed curve parameters (as in CVE-2022-0778);
make python-ecdsa raise `MalformedPointError` instead of `AssertionError`.
Doc fix:
* Publish the documentation on https://ecdsa.readthedocs.io/,
include explanation of basics of handling of ECC data formats and how to use
the library for elliptic curve arithmetic.
* Make object names more consistent, make them into hyperlinks on the
readthedocs documentation.
* Make security note more explicit (Ian Rodney)
* Fix the `explicit` vs `named_curve` confusion in `VerifyingKey` docs.
Maintenance:
* Updated black version; slight changes to formatting
* Include interoperability tests for Ed25519 and Ed448 with OpenSSL.
|
|
This is now handled centrally via OPSYS_EXPLICIT_LIBDEPS support in libiconv
and gettext-lib.
|
|
Changes since v5.3.0:
wolfSSL Release 5.4.0 (July 11, 2022)
Note:
** Future releases of wolfSSL will turn off TLS 1.1 by default
** Release 5.4.0 made SP math the default math implementation. To make an
equivalent build as –disable-fastmath from previous versions of wolfSSL, now
requires using the configure option –enable-heapmath instead.
Release 5.4.0 of wolfSSL embedded TLS has bug fixes and new features including:
Vulnerabilities
* [High] Potential for DTLS DoS attack. In wolfSSL versions before 5.4.0 the
return-routability check is wrongly skipped in a specific edge case. The check
on the return-routability is there for stopping attacks that either consume
excessive resources on the server, or try to use the server as an amplifier
sending an excessive amount of messages to a victim IP. If using DTLS 1.0/1.2
on the server side users should update to avoid the potential DoS
attack. CVE-2022-34293
* [Medium] Ciphertext side channel attack on ECC and DH operations. Users on
systems where rogue agents can monitor memory use should update the version of
wolfSSL and change private ECC keys. Thanks to Sen Deng from Southern
University of Science and Technology (SUSTech) for the report.
* [Medium] Public disclosure of a side channel vulnerability that has been fixed
since wolfSSL version 5.1.0. When running on AMD there is the potential to
leak private key information with ECDSA operations due to a ciphertext side
channel attack. Users on AMD doing ECDSA operations with wolfSSL versions less
than 5.1.0 should update their wolfSSL version used. Thanks to professor
Yinqian Zhang from Southern University of Science and Technology (SUSTech),
his Ph.D. student Mengyuan Li from The Ohio State University, and his M.S
students Sen Deng and Yining Tang from SUStech along with other collaborators;
Luca Wilke, Jan Wichelmann and Professor Thomas Eisenbarth from the University
of Lubeck, Professor Shuai Wang from Hong Kong University of Science and
Technology, Professor Radu Teodorescu from The Ohio State University, Huibo
Wang, Kang Li and Yueqiang Cheng from Baidu Security and Shoumeng Yang from
Ant Financial Services Group.
CVE-2020-12966
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1013
CVE-2021-46744
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1033
New Feature Additions
DTLS 1.3
* Support for using the new DTLSv1.3 protocol was added
* Enhancements to bundled examples for an event driven server with DTLS 1.3 was
added
Ports
* Update for the version of VxWorks supported, adding in support for version 6.x
* Support for new DPP and EAP-TEAP/EAP-FAST in wpa_supplicant
* Update for TSIP version support, adding support for version 1.15 for RX65N and
RX72N
* Improved TSIP build to handle having the options WOLFSSL_AEAD_ONLY defined or
NO_AES_CBC defined
* Added support for offloading TLS1.3 operations to Renesas RX boards with TSIP
Misc.
* Constant time improvements due to development of new constant time tests
* Initial translation of API headers to Japanese and expansion of Japanese help
message support in example applications
* Add support for some FPKI (Federal PKI) certificate cases, UUID, FASC-N, PIV
extension for use with smart cards
* Add support for parsing additional CSR attributes such as unstructured name
and content type
* Add support for Linux getrandom() when defining the macro WOLFSSL_GETRANDOM
* Add TLS 1.2 ciphersuite ECDHE_PSK_WITH_AES_128_GCM_SHA256 from RFC 8442
* Expand CAAM support with QNX to include i.MX8 boards and add AES-CTR support
* Enhanced glitching protection by hardening the TLS encrypt operations
Math and Performance
SP Math Additions
* Support for ARMv3, ARMv6 and ARMv7a
- Changes and improvements to get SP building for armv7-a
- Updated assembly for moving large immediate values on ARMv6
- Support for architectures with no ldrd/strd and clz
* Reworked generation using common asm ruby code for 32bit ARM
* Enable wolfSSL SP math all by default (sp_int.c)
* Update SP math all to not use sp_int_word when SQR_MUL_ASM is available
SP Math Fixes
* Fixes for constant time with div function
* Fix casting warnings for Windows builds and assembly changes to support
XMM6-15 being non-volatile
* Fix for div_word when not using div function
* Fixes for user settings with SP ASM and ED/Curve25519 small
* Additional Wycheproof tests ran and fixes
* Fix for SP math ECC non-blocking to always check `hashLen`
* Fix for SP math handling edge case with submod
Improvements and Optimizations
Compatibility Layer
* Provide access to "Finished" messages outside of compatibility layer builds
* Remove unneeded FIPS guard on wolfSSL_EVP_PKEY_derive
* Fix control command issues with AES-GCM, control command EVP_CTRL_GCM_IV_GEN
* Add support for importing private only EC key to a WOLFSSL_EVP_PKEY struct
* Add support for more extensions to wolfSSL_X509_print_ex
* Update for internal to DER (i2d) AIPs to move the buffer pointer when passed
in and the operation is successful
* Return subject and issuer X509_NAME object even when not set
Ports
* Renesas RA6M4 example update and fixes
* Support multi-threaded use cases with Renesas SCE protected mode and TSIP
* Add a global variable for heap-hint for use with TSIP
* Changes to support v5.3.0 cube pack for STM32
* Use the correct mutex type for embOS
* ESP-IDF build cleanup and enhancements, adding in note regarding ESP-IDF
Version
* Support for SEGGER embOS and emNET
* Fix to handle WOLFSSL_DTLS macro in Micrium build
Build Options
* Support for verify only and no-PSS builds updated
* Add the enable options wolfssh (mapped to the existing –enable-ssh)
* Remove WOLFSSL_ALT_NAMES restriction on notBefore/notAfter use in Cert struct
* Move several more definitions outside the BUILDING_WOLFSSL gate with linux
kernel module build
* Modify --enable-openssh to not enable non-FIPS algos for FIPS builds
* Remove the Python wrappers from wolfSSL source (use pip install instead of
using wolfSSL with Python and our separate Python repository)
* Add --enable-openldap option to configure.ac for building the OpenLDAP port
* Resolve DTLS build to handle not having –enable-hrrcookie when not needed
* Add an --enable-strongswan option to configure.ac for building the Strongswan
port
* Improve defaults for 64-bit BSDs in configure
* Crypto only build can now be used openssl extra
* Update ASN template build to properly handle WOLFSSL_CERT_EXT and
HAVE_OID_ENCODING
* Allow using 3DES and MD5 with FIPS 140-3, as they fall outside of the FIPS
boundary
* Add the build option --enable-dh=const which replaces setting the macro
WOLFSSL_DH_CONST and now conditionally link to -lm as needed
* Add the macro WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY which is used to verify
hostname/ip address using alternate name (SAN) only and does not use the
common name
* WOLFSSL_DTLS_NO_HVR_ON_RESUME macro added (off by default to favor more
security). If defined, a DTLS server will not do a cookie exchange on
successful client resumption: the resumption will be faster (one RTT less) and
will consume less bandwidth (one ClientHello and one HelloVerifyRequest
less). On the other hand, if a valid SessionID is collected, forged
clientHello messages will consume resources on the server.
* Misc.
* Refactoring of some internal TLS functions to reduce the memory usage
* Make old less secure TimingPadVerify implementation available
* Add support for aligned data with clang LLVM
* Remove subject/issuer email from the list of alt. Email names in the
DecodedCerts struct
* Zeroizing of pre-master secret buffer in TLS 1.3
* Update to allow TLS 1.3 application server to send session ticket
* Improve the sniffer asynchronous test case to support multiple concurrent
streams
* Clean up wolfSSL_clear() and add more logging
* Update to not error out on bad CRL next date if using NO_VERIFY when parsing
* Add an example C# PSK client
* Add ESP-IDF WOLFSSL_ESP8266 setting for ESP8266 devices
* Support longer sigalg list for post quantum use cases and inter-op with OQS's
OpenSSL fork
* Improve AES-GCM word implementation of GMULT to be constant time
* Additional sanity check with Ed25519/Ed448, now defaults to assume public key
is not trusted
* Support PSK ciphersuites in benchmark apps
* FIPS in core hash using SHA2-256 and SHA2-384
* Add ability to store issuer name components when parsing a certificate
* Make the critical extension flags in DecodedCert always available
* Updates to the default values for basic constraint with X509’s
* Support using RSA OAEP with no malloc and add additional sanity checks
* Leverage async code paths to support WANT_WRITE while sending packet fragments
* New azsphere example for continuous integration testing
* Update RSA key generation function to handle pairwise consistency tests with
static memory pools used
* Resolve build time warning by passing in and checking output length with
internal SetCurve function
* Support DTLS bidirectional shutdown in the examples
* Improve DTLS version negotiation and downgrade capability
General Fixes
* Fixes for STM32 Hash/PKA, add some missing mutex frees, and add an additional
benchmark
* Fix missing return checks in KSDK ED25519 code
* Fix compilation warnings from IAR
* Fixes for STM32U5/H7 hash/crypto support
* Fix for using track memory feature with FreeRTOS
* Fixup XSTR processing for MICRIUM
* Update Zephyr fs.h path
* DTLS fixes with WANT_WRITE simulations
* Fixes for BER use with PKCS7 to have additional sanity checks and guards on
edge cases
* Fix to handle exceptional edge case with TFM mp_exptmod_ex
* Fix for stack and heap measurements of a 32-bit build
* Fix to allow enabling AES key wrap (direct) with KCAPI
* Fix --enable-openssh FIPS detection syntax in configure.ac
* Fix to move wolfSSL_ERR_clear_error outside gate for OPENSSL_EXTRA
* Remove MCAPI project's dependency on zlib version
* Only use __builtin_offset on supported GCC versions (4+)
* Fix for c89 builds with using WOLF_C89
* Fix 64bit postfix for constants building with powerpc
* Fixed async Sniffer with TLS v1.3, async removal of `WC_HW_WAIT_E` and
sanitize leak
* Fix for QAT ECC to gate use of HW based on marker
* Fix the supported version extension to always check minDowngrade
* Fix for TLS v1.1 length sanity check for large messages
* Fixes for loading a long DER/ASN.1 certificate chain
* Fix to expose the RSA public DER export functions with certgen
* Fixes for building with small version of SHA3
* Fix configure with WOLFSSL_WPAS_SMALL
* Fix to free PKCS7 recipient list in error cases
* Sanity check to confirm ssl->hsHashes is not NULL before attempting to
dereference it
* Clear the leftover byte count in Aes struct when setting IV
|