From 652e035ea10740362e657cb7b822bbd46bdc3990 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 14 Dec 2021 11:08:55 +0100 Subject: [PATCH] Assemble ChangeLog MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog | 55 +++++++++++++++++++++ ChangeLog.d/base64-ranges.txt | 4 -- ChangeLog.d/bugfix-for-gcm-long-iv-size.txt | 3 -- ChangeLog.d/build-without-sha.txt | 3 -- ChangeLog.d/check-return.txt | 10 ---- ChangeLog.d/fix-pkcs12-null-password.txt | 5 -- ChangeLog.d/fix-session-copy-bug.txt | 6 --- ChangeLog.d/issue4630.txt | 2 - ChangeLog.d/issue4870.txt | 10 ---- ChangeLog.d/mac-zeroize.txt | 6 --- ChangeLog.d/makefile-python-windows.txt | 4 -- ChangeLog.d/muladdc-amd64-memory.txt | 4 -- ChangeLog.d/no-strerror.txt | 3 -- 13 files changed, 55 insertions(+), 60 deletions(-) delete mode 100644 ChangeLog.d/base64-ranges.txt delete mode 100644 ChangeLog.d/bugfix-for-gcm-long-iv-size.txt delete mode 100644 ChangeLog.d/build-without-sha.txt delete mode 100644 ChangeLog.d/check-return.txt delete mode 100644 ChangeLog.d/fix-pkcs12-null-password.txt delete mode 100644 ChangeLog.d/fix-session-copy-bug.txt delete mode 100644 ChangeLog.d/issue4630.txt delete mode 100644 ChangeLog.d/issue4870.txt delete mode 100644 ChangeLog.d/mac-zeroize.txt delete mode 100644 ChangeLog.d/makefile-python-windows.txt delete mode 100644 ChangeLog.d/muladdc-amd64-memory.txt delete mode 100644 ChangeLog.d/no-strerror.txt diff --git a/ChangeLog b/ChangeLog index 47e2b5a243..7cf1bfe9c6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,60 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Security + * Zeroize several intermediate variables used to calculate the expected + value when verifying a MAC or AEAD tag. This hardens the library in + case the value leaks through a memory disclosure vulnerability. For + example, a memory disclosure vulnerability could have allowed a + man-in-the-middle to inject fake ciphertext into a DTLS connection. + * Fix a double-free that happened after mbedtls_ssl_set_session() or + mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED + (out of memory). After that, calling mbedtls_ssl_session_free() + and mbedtls_ssl_free() would cause an internal session buffer to + be free()'d twice. + +Bugfix + * Stop using reserved identifiers as local variables. Fixes #4630. + * The GNU makefiles invoke python3 in preference to python except on Windows. + The check was accidentally not performed when cross-compiling for Windows + on Linux. Fix this. Fixes #4774. + * Mark basic constraints critical as appropriate. Note that the previous + entry for this fix in the 2.16.10 changelog was in error, and it was not + included in the 2.16.10 release as was stated. + Make 'mbedtls_x509write_crt_set_basic_constraints' consistent with RFC + 5280 4.2.1.9 which says: "Conforming CAs MUST include this extension in + all CA certificates that contain public keys used to validate digital + signatures on certificates and MUST mark the extension as critical in + such certificates." Previous to this change, the extension was always + marked as non-critical. This was fixed by #4044. + * Fix missing constraints on x86_64 assembly code for bignum multiplication + that broke some bignum operations with (at least) Clang 12. + Fixes #4116, #4786, #4917. + * Failures of alternative implementations of AES or DES single-block + functions enabled with MBEDTLS_AES_ENCRYPT_ALT, MBEDTLS_AES_DECRYPT_ALT, + MBEDTLS_DES_CRYPT_ECB_ALT or MBEDTLS_DES3_CRYPT_ECB_ALT were ignored. + This does not concern the implementation provided with Mbed TLS, + where this function cannot fail, or full-module replacements with + MBEDTLS_AES_ALT or MBEDTLS_DES_ALT. Reported by Armelle Duboc in #1092. + * Some failures of HMAC operations were ignored. These failures could only + happen with an alternative implementation of the underlying hash module. + * Fix the build of sample programs when neither MBEDTLS_ERROR_C nor + MBEDTLS_ERROR_STRERROR_DUMMY is enabled. + * Fix a bug in mbedtls_gcm_starts() when bits of iv are longer than 2^32. + Fixes #4884. + * Fix the build when no SHA2 module is included. Fixes #4930. + * Fix the build when only the bignum module is included. Fixes #4929. + * Fix a potential invalid pointer dereference and infinite loop bugs in + pkcs12 functions when the password is empty. Fix the documentation to + better describe the inputs to these functions and their possible values. + Fixes #5136. + +Changes + * Improve the performance of base64 constant-flow code. The result is still + slower than the original non-constant-flow implementation, but much faster + than the previous constant-flow implementation. Fixes #4814. + = mbed TLS 2.16.11 branch released 2021-07-07 Security diff --git a/ChangeLog.d/base64-ranges.txt b/ChangeLog.d/base64-ranges.txt deleted file mode 100644 index e3f3862bfb..0000000000 --- a/ChangeLog.d/base64-ranges.txt +++ /dev/null @@ -1,4 +0,0 @@ -Changes - * Improve the performance of base64 constant-flow code. The result is still - slower than the original non-constant-flow implementation, but much faster - than the previous constant-flow implementation. Fixes #4814. diff --git a/ChangeLog.d/bugfix-for-gcm-long-iv-size.txt b/ChangeLog.d/bugfix-for-gcm-long-iv-size.txt deleted file mode 100644 index 4287ea747a..0000000000 --- a/ChangeLog.d/bugfix-for-gcm-long-iv-size.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix a bug in mbedtls_gcm_starts() when bits of iv are longer than 2^32. - Fixes #4884. diff --git a/ChangeLog.d/build-without-sha.txt b/ChangeLog.d/build-without-sha.txt deleted file mode 100644 index 78ba27694a..0000000000 --- a/ChangeLog.d/build-without-sha.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix the build when no SHA2 module is included. Fixes #4930. - * Fix the build when only the bignum module is included. Fixes #4929. diff --git a/ChangeLog.d/check-return.txt b/ChangeLog.d/check-return.txt deleted file mode 100644 index 6eb1629f75..0000000000 --- a/ChangeLog.d/check-return.txt +++ /dev/null @@ -1,10 +0,0 @@ -Bugfix - * Failures of alternative implementations of AES or DES single-block - functions enabled with MBEDTLS_AES_ENCRYPT_ALT, MBEDTLS_AES_DECRYPT_ALT, - MBEDTLS_DES_CRYPT_ECB_ALT or MBEDTLS_DES3_CRYPT_ECB_ALT were ignored. - This does not concern the implementation provided with Mbed TLS, - where this function cannot fail, or full-module replacements with - MBEDTLS_AES_ALT or MBEDTLS_DES_ALT. Reported by Armelle Duboc in #1092. - * Some failures of HMAC operations were ignored. These failures could only - happen with an alternative implementation of the underlying hash module. - diff --git a/ChangeLog.d/fix-pkcs12-null-password.txt b/ChangeLog.d/fix-pkcs12-null-password.txt deleted file mode 100644 index fae8195535..0000000000 --- a/ChangeLog.d/fix-pkcs12-null-password.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix a potential invalid pointer dereference and infinite loop bugs in - pkcs12 functions when the password is empty. Fix the documentation to - better describe the inputs to these functions and their possible values. - Fixes #5136. diff --git a/ChangeLog.d/fix-session-copy-bug.txt b/ChangeLog.d/fix-session-copy-bug.txt deleted file mode 100644 index 6286fa8f9f..0000000000 --- a/ChangeLog.d/fix-session-copy-bug.txt +++ /dev/null @@ -1,6 +0,0 @@ -Security - * Fix a double-free that happened after mbedtls_ssl_set_session() or - mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED - (out of memory). After that, calling mbedtls_ssl_session_free() - and mbedtls_ssl_free() would cause an internal session buffer to - be free()'d twice. diff --git a/ChangeLog.d/issue4630.txt b/ChangeLog.d/issue4630.txt deleted file mode 100644 index 0bc4b99e59..0000000000 --- a/ChangeLog.d/issue4630.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Stop using reserved identifiers as local variables. Fixes #4630. diff --git a/ChangeLog.d/issue4870.txt b/ChangeLog.d/issue4870.txt deleted file mode 100644 index 213a824835..0000000000 --- a/ChangeLog.d/issue4870.txt +++ /dev/null @@ -1,10 +0,0 @@ -Bugfix - * Mark basic constraints critical as appropriate. Note that the previous - entry for this fix in the 2.16.10 changelog was in error, and it was not - included in the 2.16.10 release as was stated. - Make 'mbedtls_x509write_crt_set_basic_constraints' consistent with RFC - 5280 4.2.1.9 which says: "Conforming CAs MUST include this extension in - all CA certificates that contain public keys used to validate digital - signatures on certificates and MUST mark the extension as critical in - such certificates." Previous to this change, the extension was always - marked as non-critical. This was fixed by #4044. diff --git a/ChangeLog.d/mac-zeroize.txt b/ChangeLog.d/mac-zeroize.txt deleted file mode 100644 index a43e34f845..0000000000 --- a/ChangeLog.d/mac-zeroize.txt +++ /dev/null @@ -1,6 +0,0 @@ -Security - * Zeroize several intermediate variables used to calculate the expected - value when verifying a MAC or AEAD tag. This hardens the library in - case the value leaks through a memory disclosure vulnerability. For - example, a memory disclosure vulnerability could have allowed a - man-in-the-middle to inject fake ciphertext into a DTLS connection. diff --git a/ChangeLog.d/makefile-python-windows.txt b/ChangeLog.d/makefile-python-windows.txt deleted file mode 100644 index 57ccc1a39a..0000000000 --- a/ChangeLog.d/makefile-python-windows.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * The GNU makefiles invoke python3 in preference to python except on Windows. - The check was accidentally not performed when cross-compiling for Windows - on Linux. Fix this. Fixes #4774. diff --git a/ChangeLog.d/muladdc-amd64-memory.txt b/ChangeLog.d/muladdc-amd64-memory.txt deleted file mode 100644 index b834331671..0000000000 --- a/ChangeLog.d/muladdc-amd64-memory.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix missing constraints on x86_64 assembly code for bignum multiplication - that broke some bignum operations with (at least) Clang 12. - Fixes #4116, #4786, #4917. diff --git a/ChangeLog.d/no-strerror.txt b/ChangeLog.d/no-strerror.txt deleted file mode 100644 index 69743a8715..0000000000 --- a/ChangeLog.d/no-strerror.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix the build of sample programs when neither MBEDTLS_ERROR_C nor - MBEDTLS_ERROR_STRERROR_DUMMY is enabled.