Merge remote-tracking branch 'upstream-restricted/pr/478' into development-restricted

This commit is contained in:
Jaeden Amero 2018-04-30 17:37:42 +01:00
commit 78d2f7d5df

View file

@ -3,43 +3,46 @@ mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS 2.9.0 branch released 2018-04-30 = mbed TLS 2.9.0 branch released 2018-04-30
Security Security
* Fix a bug in the X.509 module potentially leading to a buffer overread * Fix an issue in the X.509 module which could lead to a buffer overread
during CRT verification or to invalid or omitted checks for certificate during certificate validation. Additionally, the issue could also lead to
validity. The former can be triggered remotely, while the latter requires unnecessary callback checks being made or to some validation checks to be
a non DER-compliant certificate correctly signed by a trusted CA, or a omitted. The overread could be triggered remotely, while the other issues
trusted CA with a non DER-compliant certificate. Found by luocm on GitHub. would require a non DER-compliant certificate to be correctly signed by a
Fixes #825. trusted CA, or a trusted CA with a non DER-compliant certificate. Found by
* Fix buffer length assertion in the ssl_parse_certificate_request() luocm. Fixes #825.
function which leads to an arbitrary overread of the message buffer. The * Fix the buffer length assertion in the ssl_parse_certificate_request()
overreads could occur upon receiving a message malformed at the point function which led to an arbitrary overread of the message buffer. The
where an optional signature algorithms list is expected in the cases of overreads could be caused by receiving a malformed message at the point
the signature algorithms section being too short. In the debug builds where an optional signature algorithms list is expected when the signature
the overread data is printed to the standard output. algorithms section is too short. In builds with debug output, the overread
data is output with the debug data.
* Fix a client-side bug in the validation of the server's ciphersuite choice * Fix a client-side bug in the validation of the server's ciphersuite choice
potentially leading to the client accepting a ciphersuite it didn't offer which could potentially lead to the client accepting a ciphersuite it didn't
or one that cannot be used with the (D)TLS version chosen by the server. offer or a ciphersuite that cannot be used with the TLS or DTLS version
This may lead to corruption of internal data structures for some chosen by the server. This could lead to corruption of internal data
configurations. structures for some configurations.
Features Features
* Add option MBEDTLS_AES_FEWER_TABLES to dynamically compute 3/4 of the AES tables * Add an option, MBEDTLS_AES_FEWER_TABLES, to dynamically compute smaller AES
during runtime, thereby reducing the RAM/ROM footprint by ~6kb. Suggested tables during runtime, thereby reducing the RAM/ROM footprint by ~6KiB.
and contributed by jkivilin in #394. Suggested and contributed by jkivilin in pull request #394.
* Add initial support for Curve448 (RFC 7748). Only mbedtls_ecp_mul() and * Add initial support for Curve448 (RFC 7748). Only mbedtls_ecp_mul() and
ECDH primitive functions (mbedtls_ecdh_gen_public(), ECDH primitive functions (mbedtls_ecdh_gen_public(),
mbedtls_ecdh_compute_shared()) are supported for now. Contributed by mbedtls_ecdh_compute_shared()) are supported for now. Contributed by
Nicholas Wilson (#348). Nicholas Wilson (#348).
API Changes API Changes
* Add function mbedtls_net_poll to public API allowing to wait for a * Extend the public API with the function of mbedtls_net_poll() to allow user
network context to become ready for reading or writing. applications to wait for a network context to become ready before reading
* Add function mbedtls_ssl_check_pending to public API allowing to check or writing.
if more data is pending to be processed in the internal message buffers. * Add function mbedtls_ssl_check_pending() to the public API to allow
a check for whether more more data is pending to be processed in the
internal message buffers.
This function is necessary to determine when it is safe to idle on the This function is necessary to determine when it is safe to idle on the
underlying transport in case event-driven IO is used. underlying transport in case event-driven IO is used.
Bugfix Bugfix
* Fix spurious uninitialized variable warning in cmac.c. Fix independently * Fix a spurious uninitialized variable warning in cmac.c. Fix independently
contributed by Brian J Murray and David Brown. contributed by Brian J Murray and David Brown.
* Add missing dependencies in test suites that led to build failures * Add missing dependencies in test suites that led to build failures
in configurations that omit certain hashes or public-key algorithms. in configurations that omit certain hashes or public-key algorithms.
@ -47,15 +50,16 @@ Bugfix
* Fix C89 incompatibility in benchmark.c. Contributed by Brendan Shanks. * Fix C89 incompatibility in benchmark.c. Contributed by Brendan Shanks.
#1353 #1353
* Add missing dependencies for MBEDTLS_HAVE_TIME_DATE and * Add missing dependencies for MBEDTLS_HAVE_TIME_DATE and
MBEDTLS_VERSION_FEATURES in test suites. Contributed by Deomid Ryabkov. MBEDTLS_VERSION_FEATURES in some test suites. Contributed by
Fixes #1299, #1475. Deomid Ryabkov. Fixes #1299, #1475.
* Fix dynamic library building process with Makefile on Mac OS X. Fixed by * Fix the Makefile build process for building shared libraries on Mac OS X.
mnacamura. Fixed by mnacamura.
* Fix parsing of PKCS#8 encoded Elliptic Curve keys. Previously Mbed TLS was * Fix parsing of PKCS#8 encoded Elliptic Curve keys. Previously Mbed TLS was
unable to parse keys with only the optional parameters field of the unable to parse keys which had only the optional parameters field of the
ECPrivateKey structure. Found by Jethro Beekman, fixed in #1379. ECPrivateKey structure. Found by Jethro Beekman, fixed in #1379.
* Return plaintext data sooner on unpadded CBC decryption, as stated in * Return the plaintext data more quickly on unpadded CBC decryption, as
the mbedtls_cipher_update() documentation. Contributed by Andy Leiserson. stated in the mbedtls_cipher_update() documentation. Contributed by
Andy Leiserson.
* Fix overriding and ignoring return values when parsing and writing to * Fix overriding and ignoring return values when parsing and writing to
a file in pk_sign program. Found by kevlut in #1142. a file in pk_sign program. Found by kevlut in #1142.
* Restrict usage of error code MBEDTLS_ERR_SSL_WANT_READ to situations * Restrict usage of error code MBEDTLS_ERR_SSL_WANT_READ to situations
@ -63,9 +67,8 @@ Bugfix
to make progress. Previously, this error code was also occasionally to make progress. Previously, this error code was also occasionally
returned when unexpected messages were being discarded, ignoring that returned when unexpected messages were being discarded, ignoring that
further messages could potentially already be pending to be processed further messages could potentially already be pending to be processed
in the internal buffers; these cases lead to deadlocks in case in the internal buffers; these cases led to deadlocks when event-driven
event-driven I/O was used. I/O was used. Found and reported by Hubert Mis in #772.
Found and reported by Hubert Mis in #772.
* Fix buffer length assertions in the ssl_parse_certificate_request() * Fix buffer length assertions in the ssl_parse_certificate_request()
function which leads to a potential one byte overread of the message function which leads to a potential one byte overread of the message
buffer. buffer.
@ -74,18 +77,18 @@ Bugfix
Changes Changes
* Remove some redundant code in bignum.c. Contributed by Alexey Skalozub. * Remove some redundant code in bignum.c. Contributed by Alexey Skalozub.
* Support cmake build where Mbed TLS is a subproject. Fix * Support cmake builds where Mbed TLS is a subproject. Fix contributed
contributed independently by Matthieu Volat and Arne Schwabe. independently by Matthieu Volat and Arne Schwabe.
* Improve testing in configurations that omit certain hashes or * Improve testing in configurations that omit certain hashes or
public-key algorithms. Includes contributions by Gert van Dijk. public-key algorithms. Includes contributions by Gert van Dijk.
* Improve negative testing of X.509 parsing. * Improve negative testing of X.509 parsing.
* Do not define global mutexes around readdir() and gmtime() in * Do not define global mutexes around readdir() and gmtime() in
configurations where the feature is disabled. Found and fixed by Gergely configurations where the feature is disabled. Found and fixed by Gergely
Budai. Budai.
* Harden mbedtls_ssl_config_free() against misuse, so that it doesn't * Harden the function mbedtls_ssl_config_free() against misuse, so that it
leak memory in case the user doesn't use mbedtls_ssl_conf_psk() and doesn't leak memory if the user doesn't use mbedtls_ssl_conf_psk() and
instead incorrectly manipulates conf->psk and/or conf->psk_identity instead incorrectly manipulates the configuration structure directly.
directly. Found and fix submitted by junyeonLEE in #1220. Found and fix submitted by junyeonLEE in #1220.
* Provide an empty implementation of mbedtls_pkcs5_pbes2() when * Provide an empty implementation of mbedtls_pkcs5_pbes2() when
MBEDTLS_ASN1_PARSE_C is not enabled. This allows the use of PBKDF2 MBEDTLS_ASN1_PARSE_C is not enabled. This allows the use of PBKDF2
without PBES2. Fixed by Marcos Del Sol Vives. without PBES2. Fixed by Marcos Del Sol Vives.
@ -96,7 +99,7 @@ Changes
Krylov. Krylov.
* Improve the documentation of mbedtls_ssl_write(). Suggested by * Improve the documentation of mbedtls_ssl_write(). Suggested by
Paul Sokolovsky in #1356. Paul Sokolovsky in #1356.
* Add an option in the makefile to support ar utilities where the operation * Add an option in the Makefile to support ar utilities where the operation
letter must not be prefixed by '-', such as LLVM. Found and fixed by letter must not be prefixed by '-', such as LLVM. Found and fixed by
Alex Hixon. Alex Hixon.
* Allow configuring the shared library extension by setting the DLEXT * Allow configuring the shared library extension by setting the DLEXT
@ -109,8 +112,8 @@ Changes
* Improve robustness of mbedtls_ssl_derive_keys against the use of * Improve robustness of mbedtls_ssl_derive_keys against the use of
HMAC functions with non-HMAC ciphersuites. Independently contributed HMAC functions with non-HMAC ciphersuites. Independently contributed
by Jiayuan Chen in #1377. Fixes #1437. by Jiayuan Chen in #1377. Fixes #1437.
* Improve security of RSA key generation by including criteria from FIPS * Improve security of RSA key generation by including criteria from
186-4. Contributed by Jethro Beekman. #1380 FIPS 186-4. Contributed by Jethro Beekman. #1380
* Declare functions in header files even when an alternative implementation * Declare functions in header files even when an alternative implementation
of the corresponding module is activated by defining the corresponding of the corresponding module is activated by defining the corresponding
MBEDTLS_XXX_ALT macro. This means that alternative implementations do MBEDTLS_XXX_ALT macro. This means that alternative implementations do
@ -314,7 +317,7 @@ Bugfix
* Fix ssl_parse_record_header() to silently discard invalid DTLS records * Fix ssl_parse_record_header() to silently discard invalid DTLS records
as recommended in RFC 6347 Section 4.1.2.7. as recommended in RFC 6347 Section 4.1.2.7.
* Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times.
Found by projectgus and jethrogb, #836. Found by projectgus and Jethro Beekman, #836.
* Fix usage help in ssl_server2 example. Found and fixed by Bei Lin. * Fix usage help in ssl_server2 example. Found and fixed by Bei Lin.
* Parse signature algorithm extension when renegotiating. Previously, * Parse signature algorithm extension when renegotiating. Previously,
renegotiated handshakes would only accept signatures using SHA-1 renegotiated handshakes would only accept signatures using SHA-1
@ -508,8 +511,7 @@ Bugfix
Previous behaviour was to keep processing data even after the alert has Previous behaviour was to keep processing data even after the alert has
been sent. been sent.
* Accept empty trusted CA chain in authentication mode * Accept empty trusted CA chain in authentication mode
MBEDTLS_SSL_VERIFY_OPTIONAL. MBEDTLS_SSL_VERIFY_OPTIONAL. Found by Jethro Beekman. #864
Found by jethrogb. #864
* Fix implementation of mbedtls_ssl_parse_certificate() to not annihilate * Fix implementation of mbedtls_ssl_parse_certificate() to not annihilate
fatal errors in authentication mode MBEDTLS_SSL_VERIFY_OPTIONAL and to fatal errors in authentication mode MBEDTLS_SSL_VERIFY_OPTIONAL and to
reflect bad EC curves within verification result. reflect bad EC curves within verification result.