diff options
author | Dave Rodgman <dave.rodgman@arm.com> | 2021-12-17 11:22:23 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-12-17 11:22:23 +0000 |
commit | e41442b34d895721c59fcef52a8ad6ea322bfda9 (patch) | |
tree | f09f56a3155a68f7e3eb175b6879ef6e5c68875b | |
parent | 7b9cd91587d6166c6d243538f8c5939059d107ba (diff) | |
parent | cf4667126010c665341f9e50ef691b7ef8294188 (diff) | |
download | mbedtls-archive/mbedtls-2.16.zip mbedtls-archive/mbedtls-2.16.tar.gz mbedtls-archive/mbedtls-2.16.tar.bz2 |
Merge pull request #872 from ARMmbed/mbedtls-2.16.12_merge_into_releasearchive/mbedtls-2.16
Mbedtls 2.16.12 merge into release
-rw-r--r-- | ChangeLog | 55 | ||||
-rw-r--r-- | ChangeLog.d/base64-ranges.txt | 4 | ||||
-rw-r--r-- | ChangeLog.d/bugfix-for-gcm-long-iv-size.txt | 3 | ||||
-rw-r--r-- | ChangeLog.d/build-without-sha.txt | 3 | ||||
-rw-r--r-- | ChangeLog.d/check-return.txt | 10 | ||||
-rw-r--r-- | ChangeLog.d/fix-pkcs12-null-password.txt | 5 | ||||
-rw-r--r-- | ChangeLog.d/issue4630.txt | 2 | ||||
-rw-r--r-- | ChangeLog.d/issue4870.txt | 10 | ||||
-rw-r--r-- | ChangeLog.d/mac-zeroize.txt | 6 | ||||
-rw-r--r-- | ChangeLog.d/makefile-python-windows.txt | 4 | ||||
-rw-r--r-- | ChangeLog.d/muladdc-amd64-memory.txt | 4 | ||||
-rw-r--r-- | ChangeLog.d/no-strerror.txt | 3 | ||||
-rw-r--r-- | doxygen/input/doc_mainpage.h | 2 | ||||
-rw-r--r-- | doxygen/mbedtls.doxyfile | 2 | ||||
-rw-r--r-- | include/mbedtls/version.h | 8 | ||||
-rw-r--r-- | library/CMakeLists.txt | 6 | ||||
-rw-r--r-- | library/ssl_tls.c | 4 | ||||
-rwxr-xr-x | tests/scripts/all.sh | 6 | ||||
-rw-r--r-- | tests/suites/test_suite_version.data | 4 |
19 files changed, 73 insertions, 68 deletions
@@ -1,5 +1,60 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.16.12 branch released 2021-12-17 + +Security + * Zeroize several intermediate variables used to calculate the expected + value when verifying a MAC or AEAD tag. This hardens the library in + case the value leaks through a memory disclosure vulnerability. For + example, a memory disclosure vulnerability could have allowed a + man-in-the-middle to inject fake ciphertext into a DTLS connection. + * Fix a double-free that happened after mbedtls_ssl_set_session() or + mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED + (out of memory). After that, calling mbedtls_ssl_session_free() + and mbedtls_ssl_free() would cause an internal session buffer to + be free()'d twice. + +Bugfix + * Stop using reserved identifiers as local variables. Fixes #4630. + * The GNU makefiles invoke python3 in preference to python except on Windows. + The check was accidentally not performed when cross-compiling for Windows + on Linux. Fix this. Fixes #4774. + * Mark basic constraints critical as appropriate. Note that the previous + entry for this fix in the 2.16.10 changelog was in error, and it was not + included in the 2.16.10 release as was stated. + Make 'mbedtls_x509write_crt_set_basic_constraints' consistent with RFC + 5280 4.2.1.9 which says: "Conforming CAs MUST include this extension in + all CA certificates that contain public keys used to validate digital + signatures on certificates and MUST mark the extension as critical in + such certificates." Previous to this change, the extension was always + marked as non-critical. This was fixed by #4044. + * Fix missing constraints on x86_64 assembly code for bignum multiplication + that broke some bignum operations with (at least) Clang 12. + Fixes #4116, #4786, #4917. + * Failures of alternative implementations of AES or DES single-block + functions enabled with MBEDTLS_AES_ENCRYPT_ALT, MBEDTLS_AES_DECRYPT_ALT, + MBEDTLS_DES_CRYPT_ECB_ALT or MBEDTLS_DES3_CRYPT_ECB_ALT were ignored. + This does not concern the implementation provided with Mbed TLS, + where this function cannot fail, or full-module replacements with + MBEDTLS_AES_ALT or MBEDTLS_DES_ALT. Reported by Armelle Duboc in #1092. + * Some failures of HMAC operations were ignored. These failures could only + happen with an alternative implementation of the underlying hash module. + * Fix the build of sample programs when neither MBEDTLS_ERROR_C nor + MBEDTLS_ERROR_STRERROR_DUMMY is enabled. + * Fix a bug in mbedtls_gcm_starts() when the bit length of the iv + exceeds 2^32. Fixes #4884. + * Fix the build when no SHA2 module is included. Fixes #4930. + * Fix the build when only the bignum module is included. Fixes #4929. + * Fix a potential invalid pointer dereference and infinite loop bugs in + pkcs12 functions when the password is empty. Fix the documentation to + better describe the inputs to these functions and their possible values. + Fixes #5136. + +Changes + * Improve the performance of base64 constant-flow code. The result is still + slower than the original non-constant-flow implementation, but much faster + than the previous constant-flow implementation. Fixes #4814. + = mbed TLS 2.16.11 branch released 2021-07-07 Security diff --git a/ChangeLog.d/base64-ranges.txt b/ChangeLog.d/base64-ranges.txt deleted file mode 100644 index e3f3862..0000000 --- a/ChangeLog.d/base64-ranges.txt +++ /dev/null @@ -1,4 +0,0 @@ -Changes - * Improve the performance of base64 constant-flow code. The result is still - slower than the original non-constant-flow implementation, but much faster - than the previous constant-flow implementation. Fixes #4814. diff --git a/ChangeLog.d/bugfix-for-gcm-long-iv-size.txt b/ChangeLog.d/bugfix-for-gcm-long-iv-size.txt deleted file mode 100644 index 0e46ad3..0000000 --- a/ChangeLog.d/bugfix-for-gcm-long-iv-size.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix a bug in mbedtls_gcm_starts() when bits of iv are longer than 2^32. - * Fix #4884. diff --git a/ChangeLog.d/build-without-sha.txt b/ChangeLog.d/build-without-sha.txt deleted file mode 100644 index 78ba276..0000000 --- a/ChangeLog.d/build-without-sha.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix the build when no SHA2 module is included. Fixes #4930. - * Fix the build when only the bignum module is included. Fixes #4929. diff --git a/ChangeLog.d/check-return.txt b/ChangeLog.d/check-return.txt deleted file mode 100644 index 6eb1629..0000000 --- a/ChangeLog.d/check-return.txt +++ /dev/null @@ -1,10 +0,0 @@ -Bugfix - * Failures of alternative implementations of AES or DES single-block - functions enabled with MBEDTLS_AES_ENCRYPT_ALT, MBEDTLS_AES_DECRYPT_ALT, - MBEDTLS_DES_CRYPT_ECB_ALT or MBEDTLS_DES3_CRYPT_ECB_ALT were ignored. - This does not concern the implementation provided with Mbed TLS, - where this function cannot fail, or full-module replacements with - MBEDTLS_AES_ALT or MBEDTLS_DES_ALT. Reported by Armelle Duboc in #1092. - * Some failures of HMAC operations were ignored. These failures could only - happen with an alternative implementation of the underlying hash module. - diff --git a/ChangeLog.d/fix-pkcs12-null-password.txt b/ChangeLog.d/fix-pkcs12-null-password.txt deleted file mode 100644 index fae8195..0000000 --- a/ChangeLog.d/fix-pkcs12-null-password.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix a potential invalid pointer dereference and infinite loop bugs in - pkcs12 functions when the password is empty. Fix the documentation to - better describe the inputs to these functions and their possible values. - Fixes #5136. diff --git a/ChangeLog.d/issue4630.txt b/ChangeLog.d/issue4630.txt deleted file mode 100644 index 0bc4b99..0000000 --- a/ChangeLog.d/issue4630.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Stop using reserved identifiers as local variables. Fixes #4630. diff --git a/ChangeLog.d/issue4870.txt b/ChangeLog.d/issue4870.txt deleted file mode 100644 index 213a824..0000000 --- a/ChangeLog.d/issue4870.txt +++ /dev/null @@ -1,10 +0,0 @@ -Bugfix - * Mark basic constraints critical as appropriate. Note that the previous - entry for this fix in the 2.16.10 changelog was in error, and it was not - included in the 2.16.10 release as was stated. - Make 'mbedtls_x509write_crt_set_basic_constraints' consistent with RFC - 5280 4.2.1.9 which says: "Conforming CAs MUST include this extension in - all CA certificates that contain public keys used to validate digital - signatures on certificates and MUST mark the extension as critical in - such certificates." Previous to this change, the extension was always - marked as non-critical. This was fixed by #4044. diff --git a/ChangeLog.d/mac-zeroize.txt b/ChangeLog.d/mac-zeroize.txt deleted file mode 100644 index a43e34f..0000000 --- a/ChangeLog.d/mac-zeroize.txt +++ /dev/null @@ -1,6 +0,0 @@ -Security - * Zeroize several intermediate variables used to calculate the expected - value when verifying a MAC or AEAD tag. This hardens the library in - case the value leaks through a memory disclosure vulnerability. For - example, a memory disclosure vulnerability could have allowed a - man-in-the-middle to inject fake ciphertext into a DTLS connection. diff --git a/ChangeLog.d/makefile-python-windows.txt b/ChangeLog.d/makefile-python-windows.txt deleted file mode 100644 index 57ccc1a..0000000 --- a/ChangeLog.d/makefile-python-windows.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * The GNU makefiles invoke python3 in preference to python except on Windows. - The check was accidentally not performed when cross-compiling for Windows - on Linux. Fix this. Fixes #4774. diff --git a/ChangeLog.d/muladdc-amd64-memory.txt b/ChangeLog.d/muladdc-amd64-memory.txt deleted file mode 100644 index b834331..0000000 --- a/ChangeLog.d/muladdc-amd64-memory.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix missing constraints on x86_64 assembly code for bignum multiplication - that broke some bignum operations with (at least) Clang 12. - Fixes #4116, #4786, #4917. diff --git a/ChangeLog.d/no-strerror.txt b/ChangeLog.d/no-strerror.txt deleted file mode 100644 index 69743a8..0000000 --- a/ChangeLog.d/no-strerror.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix the build of sample programs when neither MBEDTLS_ERROR_C nor - MBEDTLS_ERROR_STRERROR_DUMMY is enabled. diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index ff3af46..4ada8c9 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -49,7 +49,7 @@ */ /** - * @mainpage mbed TLS v2.16.11 source code documentation + * @mainpage mbed TLS v2.16.12 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 43b9b7b..eb20774 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.16.11" +PROJECT_NAME = "mbed TLS v2.16.12" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index 49cbeb0..35955a6 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -65,16 +65,16 @@ */ #define MBEDTLS_VERSION_MAJOR 2 #define MBEDTLS_VERSION_MINOR 16 -#define MBEDTLS_VERSION_PATCH 11 +#define MBEDTLS_VERSION_PATCH 12 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02100B00 -#define MBEDTLS_VERSION_STRING "2.16.11" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.11" +#define MBEDTLS_VERSION_NUMBER 0x02100C00 +#define MBEDTLS_VERSION_STRING "2.16.12" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.12" #if defined(MBEDTLS_VERSION_C) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 0afdde7..e147776 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -165,15 +165,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedcrypto SHARED ${src_crypto}) - set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.11 SOVERSION 3) + set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.12 SOVERSION 3) target_link_libraries(mbedcrypto ${libs}) add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.16.11 SOVERSION 0) + set_target_properties(mbedx509 PROPERTIES VERSION 2.16.12 SOVERSION 0) target_link_libraries(mbedx509 ${libs} mbedcrypto) add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.16.11 SOVERSION 12) + set_target_properties(mbedtls PROPERTIES VERSION 2.16.12 SOVERSION 12) target_link_libraries(mbedtls ${libs} mbedx509) install(TARGETS mbedtls mbedx509 mbedcrypto diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ae8f34e..1272764 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -301,6 +301,10 @@ static int ssl_session_copy( mbedtls_ssl_session *dst, const mbedtls_ssl_session mbedtls_ssl_session_free( dst ); memcpy( dst, src, sizeof( mbedtls_ssl_session ) ); +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) + dst->ticket = NULL; +#endif + #if defined(MBEDTLS_X509_CRT_PARSE_C) if( src->peer_cert != NULL ) { diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 9d7e74d..ccd6193 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1725,12 +1725,12 @@ support_test_cmake_out_of_source () { # Attempt to parse lsb-release to find out distribution and version. If not # found this should fail safe (test is supported). - if [[ -f /etc/lsb-release ]]; then + if [ -f /etc/lsb-release ]; then while read -r lsb_line; do case "$lsb_line" in - "DISTRIB_ID"*) distrib_id=${lsb_line/#DISTRIB_ID=};; - "DISTRIB_RELEASE"*) distrib_ver=${lsb_line/#DISTRIB_RELEASE=};; + "DISTRIB_ID"*) distrib_id=${lsb_line#DISTRIB_ID=};; + "DISTRIB_RELEASE"*) distrib_ver=${lsb_line#DISTRIB_RELEASE=};; esac done < /etc/lsb-release diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index 3aa2523..a8a997b 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.16.11" +check_compiletime_version:"2.16.12" Check runtime library version -check_runtime_version:"2.16.11" +check_runtime_version:"2.16.12" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 |