Assemble ChangeLog

Executed scripts/assemble_changelog.py.

Signed-off-by: Janos Follath <janos.follath@arm.com>
This commit is contained in:
Janos Follath 2020-08-26 14:49:52 +01:00
parent 36169d479f
commit 4ac5a7be5a
13 changed files with 65 additions and 67 deletions

View file

@ -1,5 +1,70 @@
mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS x.x.x branch released xxxx-xx-xx
Features
* Support building on e2k (Elbrus) architecture: correctly enable
-Wformat-signedness, and fix the code that causes signed-one-bit-field
and sign-compare warnings. Contributed by makise-homura (Igor Molchanov)
<akemi_homura@kurisa.ch>.
Security
* When checking X.509 CRLs, a certificate was only considered as revoked if
its revocationDate was in the past according to the local clock if
available. In particular, on builds without MBEDTLS_HAVE_TIME_DATE,
certificates were never considered as revoked. On builds with
MBEDTLS_HAVE_TIME_DATE, an attacker able to control the local clock (for
example, an untrusted OS attacking a secure enclave) could prevent
revocation of certificates via CRLs. Fixed by no longer checking the
revocationDate field, in accordance with RFC 5280. Reported by
yuemonangong in #3340. Reported independently and fixed by
Raoul Strackx and Jethro Beekman in #3433.
* In (D)TLS record decryption, when using a CBC ciphersuites without the
Encrypt-then-Mac extension, use constant code flow memory access patterns
to extract and check the MAC. This is an improvement to the existing
countermeasure against Lucky 13 attacks. The previous countermeasure was
effective against network-based attackers, but less so against local
attackers. The new countermeasure defends against local attackers, even
if they have access to fine-grained measurements. In particular, this
fixes a local Lucky 13 cache attack found and reported by Tuba Yavuz,
Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler
(University of Florida) and Dave Tian (Purdue University).
* Fix side channel in RSA private key operations and static (finite-field)
Diffie-Hellman. An adversary with precise enough timing and memory access
information (typically an untrusted operating system attacking a secure
enclave) could bypass an existing counter-measure (base blinding) and
potentially fully recover the private key.
* Fix a 1-byte buffer overread in mbedtls_x509_crl_parse_der().
Credit to OSS-Fuzz for detecting the problem and to Philippe Antoine
for pinpointing the problematic code.
* Zeroising of plaintext buffers in mbedtls_ssl_read() to erase unused
application data from memory. Reported in #689 by
Johan Uppman Bruce of Sectra.
Bugfix
* Avoid use of statically sized stack buffers for certificate writing.
This previously limited the maximum size of DER encoded certificates
in mbedtls_x509write_crt_der() to 2Kb. Reported by soccerGB in #2631.
* Reduce the stack consumption of mbedtls_x509write_csr_der() which
previously could lead to stack overflow on constrained devices.
Contributed by Doru Gucea and Simon Leet in #3464.
* Use arc4random_buf on NetBSD instead of rand implementation with cyclical
lower bits. Fix contributed in #3540.
* Fix building library/net_sockets.c and the ssl_mail_client program on
NetBSD. NetBSD conditionals were added for the backport to avoid the risk
of breaking a platform. Original fix contributed by Nia Alarie in #3422.
Adapted for long-term support branch 2.16 in #3558.
* Fix bug in redirection of unit test outputs on platforms where stdout is
defined as a macro. First reported in #2311 and fix contributed in #3528.
Adopted for LTS branch 2.16 in #3601.
Changes
* Update copyright notices to use Linux Foundation guidance. As a result,
the copyright of contributors other than Arm is now acknowledged, and the
years of publishing are no longer tracked in the source files. This also
eliminates the need for the lines declaring the files to be part of
MbedTLS. Fixes #3457.
= mbed TLS 2.16.7 branch released 2020-07-01
Security

View file

@ -1,4 +0,0 @@
Bugfix
* Avoid use of statically sized stack buffers for certificate writing.
This previously limited the maximum size of DER encoded certificates
in mbedtls_x509write_crt_der() to 2Kb. Reported by soccerGB in #2631.

View file

@ -1,6 +0,0 @@
Changes
* Update copyright notices to use Linux Foundation guidance. As a result,
the copyright of contributors other than Arm is now acknowledged, and the
years of publishing are no longer tracked in the source files. This also
eliminates the need for the lines declaring the files to be part of
MbedTLS. Fixes #3457.

View file

@ -1,11 +0,0 @@
Security
* When checking X.509 CRLs, a certificate was only considered as revoked if
its revocationDate was in the past according to the local clock if
available. In particular, on builds without MBEDTLS_HAVE_TIME_DATE,
certificates were never considered as revoked. On builds with
MBEDTLS_HAVE_TIME_DATE, an attacker able to control the local clock (for
example, an untrusted OS attacking a secure enclave) could prevent
revocation of certificates via CRLs. Fixed by no longer checking the
revocationDate field, in accordance with RFC 5280. Reported by
yuemonangong in #3340. Reported independently and fixed by
Raoul Strackx and Jethro Beekman in #3433.

View file

@ -1,5 +0,0 @@
Features
* Support building on e2k (Elbrus) architecture: correctly enable
-Wformat-signedness, and fix the code that causes signed-one-bit-field
and sign-compare warnings. Contributed by makise-homura (Igor Molchanov)
<akemi_homura@kurisa.ch>.

View file

@ -1,5 +0,0 @@
Bugfix
* Fix building library/net_sockets.c and the ssl_mail_client program on
NetBSD. NetBSD conditionals were added for the backport to avoid the risk
of breaking a platform. Original fix contributed by Nia Alarie in #3422.
Adapted for long-term support branch 2.16 in #3558.

View file

@ -1,11 +0,0 @@
Security
* In (D)TLS record decryption, when using a CBC ciphersuites without the
Encrypt-then-Mac extension, use constant code flow memory access patterns
to extract and check the MAC. This is an improvement to the existing
countermeasure against Lucky 13 attacks. The previous countermeasure was
effective against network-based attackers, but less so against local
attackers. The new countermeasure defends against local attackers, even
if they have access to fine-grained measurements. In particular, this
fixes a local Lucky 13 cache attack found and reported by Tuba Yavuz,
Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler
(University of Florida) and Dave Tian (Purdue University).

View file

@ -1,3 +0,0 @@
Bugfix
* Use arc4random_buf on NetBSD instead of rand implementation with cyclical
lower bits. Fix contributed in #3540.

View file

@ -1,6 +0,0 @@
Security
* Fix side channel in RSA private key operations and static (finite-field)
Diffie-Hellman. An adversary with precise enough timing and memory access
information (typically an untrusted operating system attacking a secure
enclave) could bypass an existing counter-measure (base blinding) and
potentially fully recover the private key.

View file

@ -1,4 +0,0 @@
Bugfix
* Fix bug in redirection of unit test outputs on platforms where stdout is
defined as a macro. First reported in #2311 and fix contributed in #3528.
Adopted for LTS branch 2.16 in #3601.

View file

@ -1,4 +0,0 @@
Security
* Fix a 1-byte buffer overread in mbedtls_x509_crl_parse_der().
Credit to OSS-Fuzz for detecting the problem and to Philippe Antoine
for pinpointing the problematic code.

View file

@ -1,4 +0,0 @@
Bugfix
* Reduce the stack consumption of mbedtls_x509write_csr_der() which
previously could lead to stack overflow on constrained devices.
Contributed by Doru Gucea and Simon Leet in #3464.

View file

@ -1,4 +0,0 @@
Security
* Zeroising of plaintext buffers in mbedtls_ssl_read() to erase unused
application data from memory. Reported in #689 by
Johan Uppman Bruce of Sectra.