From c776582dc363aa404a045c6abf3e109c04669149 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 8 Mar 2021 18:31:02 +0000 Subject: [PATCH] Update Changelog for 2.16.10 Signed-off-by: Dave Rodgman --- ChangeLog | 47 +++++++++++++++++++ ChangeLog.d/basic-constraints-critical.txt | 8 ---- ChangeLog.d/drbg-mutex.txt | 5 -- ChangeLog.d/issue4093.txt | 7 --- ...make_base64_table_access_constant_flow.txt | 4 -- ChangeLog.d/mpi_sub_abs.txt | 7 --- ChangeLog.d/net_poll-fd_setsize.txt | 4 -- ChangeLog.d/rsa-mutex.txt | 13 ----- ChangeLog.d/rsa_private-ret.txt | 2 - 9 files changed, 47 insertions(+), 50 deletions(-) delete mode 100644 ChangeLog.d/basic-constraints-critical.txt delete mode 100644 ChangeLog.d/drbg-mutex.txt delete mode 100644 ChangeLog.d/issue4093.txt delete mode 100644 ChangeLog.d/make_base64_table_access_constant_flow.txt delete mode 100644 ChangeLog.d/mpi_sub_abs.txt delete mode 100644 ChangeLog.d/net_poll-fd_setsize.txt delete mode 100644 ChangeLog.d/rsa-mutex.txt delete mode 100644 ChangeLog.d/rsa_private-ret.txt diff --git a/ChangeLog b/ChangeLog index 1ecfc8b0a..fe7aecd27 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,52 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.16.10 branch released 2021-03-12 + +Default behavior changes + * In mbedtls_rsa_context objects, the ver field was formerly documented + as always 0. It is now reserved for internal purposes and may take + different values. + +Security + * Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating + |A| - |B| where |B| is larger than |A| and has more limbs (so the + function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE). Only + applications calling mbedtls_mpi_sub_abs() directly are affected: + all calls inside the library were safe since this function is + only called with |A| >= |B|. Reported by Guido Vranken in #4042. + * Fix an errorneous estimation for an internal buffer in + mbedtls_pk_write_key_pem(). If MBEDTLS_MPI_MAX_SIZE is set to an odd + value the function might fail to write a private RSA keys of the largest + supported size. + Found by Daniel Otte, reported in #4093 and fixed in #4094, + backported in #4100. + * Fix a stack buffer overflow with mbedtls_net_poll() and + mbedtls_net_recv_timeout() when given a file descriptor that is + beyond FD_SETSIZE. Reported by FigBug in #4169. + * Guard against strong local side channel attack against base64 tables by + making access aceess to them use constant flow code. + +Bugfix + * Fix an incorrect error code if an RSA private operation glitched. + * Fix a resource leak in CTR_DRBG and HMAC_DRBG when MBEDTLS_THREADING_C + is enabled, on platforms where initializing a mutex allocates resources. + This was a regression introduced in the previous release. Reported in + #4017, #4045 and #4071. + * Ensure that calling mbedtls_rsa_free() or mbedtls_entropy_free() + twice is safe. This happens for RSA when some Mbed TLS library functions + fail. Such a double-free was not safe when MBEDTLS_THREADING_C was + enabled on platforms where freeing a mutex twice is not safe. + * Fix a resource leak in a bad-arguments case of mbedtls_rsa_gen_key() + when MBEDTLS_THREADING_C is enabled on platforms where initializing + a mutex allocates resources. + * This change makes 'mbedtls_x509write_crt_set_basic_constraints' + consistent with RFC 5280 4.2.1.9 which says: "Conforming CAs MUST + include this extension in all CA certificates that contain public keys + used to validate digital signatures on certificates and MUST mark the + extension as critical in such certificates." Previous to this change, + the extension was always marked as non-critical. This was fixed by + #4044. + = mbed TLS 2.16.9 branch released 2020-12-11 Security diff --git a/ChangeLog.d/basic-constraints-critical.txt b/ChangeLog.d/basic-constraints-critical.txt deleted file mode 100644 index c747ee954..000000000 --- a/ChangeLog.d/basic-constraints-critical.txt +++ /dev/null @@ -1,8 +0,0 @@ -Bugfix - * This change makes 'mbedtls_x509write_crt_set_basic_constraints' - consistent with RFC 5280 4.2.1.9 which says: "Conforming CAs MUST - include this extension in all CA certificates that contain public keys - used to validate digital signatures on certificates and MUST mark the - extension as critical in such certificates." Previous to this change, - the extension was always marked as non-critical. This was fixed by - #4044. diff --git a/ChangeLog.d/drbg-mutex.txt b/ChangeLog.d/drbg-mutex.txt deleted file mode 100644 index 3ac5abfa8..000000000 --- a/ChangeLog.d/drbg-mutex.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix a resource leak in CTR_DRBG and HMAC_DRBG when MBEDTLS_THREADING_C - is enabled, on platforms where initializing a mutex allocates resources. - This was a regression introduced in the previous release. Reported in - #4017, #4045 and #4071. diff --git a/ChangeLog.d/issue4093.txt b/ChangeLog.d/issue4093.txt deleted file mode 100644 index b8d634b15..000000000 --- a/ChangeLog.d/issue4093.txt +++ /dev/null @@ -1,7 +0,0 @@ -Security - * Fix an errorneous estimation for an internal buffer in - mbedtls_pk_write_key_pem(). If MBEDTLS_MPI_MAX_SIZE is set to an odd - value the function might fail to write a private RSA keys of the largest - supported size. - Found by Daniel Otte, reported in #4093 and fixed in #4094, - backported in #4100. diff --git a/ChangeLog.d/make_base64_table_access_constant_flow.txt b/ChangeLog.d/make_base64_table_access_constant_flow.txt deleted file mode 100644 index 733c972d0..000000000 --- a/ChangeLog.d/make_base64_table_access_constant_flow.txt +++ /dev/null @@ -1,4 +0,0 @@ -Security - * Guard against strong local side channel attack against base64 tables by - making access aceess to them use constant flow code. - diff --git a/ChangeLog.d/mpi_sub_abs.txt b/ChangeLog.d/mpi_sub_abs.txt deleted file mode 100644 index 9f34ee74b..000000000 --- a/ChangeLog.d/mpi_sub_abs.txt +++ /dev/null @@ -1,7 +0,0 @@ -Security - * Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating - |A| - |B| where |B| is larger than |A| and has more limbs (so the - function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE). Only - applications calling mbedtls_mpi_sub_abs() directly are affected: - all calls inside the library were safe since this function is - only called with |A| >= |B|. Reported by Guido Vranken in #4042. diff --git a/ChangeLog.d/net_poll-fd_setsize.txt b/ChangeLog.d/net_poll-fd_setsize.txt deleted file mode 100644 index e4db8c7e3..000000000 --- a/ChangeLog.d/net_poll-fd_setsize.txt +++ /dev/null @@ -1,4 +0,0 @@ -Security - * Fix a stack buffer overflow with mbedtls_net_poll() and - mbedtls_net_recv_timeout() when given a file descriptor that is - beyond FD_SETSIZE. Reported by FigBug in #4169. diff --git a/ChangeLog.d/rsa-mutex.txt b/ChangeLog.d/rsa-mutex.txt deleted file mode 100644 index 2a477a9cb..000000000 --- a/ChangeLog.d/rsa-mutex.txt +++ /dev/null @@ -1,13 +0,0 @@ -Bugfix - * Ensure that calling mbedtls_rsa_free() or mbedtls_entropy_free() - twice is safe. This happens for RSA when some Mbed TLS library functions - fail. Such a double-free was not safe when MBEDTLS_THREADING_C was - enabled on platforms where freeing a mutex twice is not safe. - * Fix a resource leak in a bad-arguments case of mbedtls_rsa_gen_key() - when MBEDTLS_THREADING_C is enabled on platforms where initializing - a mutex allocates resources. - -Default behavior changes - * In mbedtls_rsa_context objects, the ver field was formerly documented - as always 0. It is now reserved for internal purposes and may take - different values. diff --git a/ChangeLog.d/rsa_private-ret.txt b/ChangeLog.d/rsa_private-ret.txt deleted file mode 100644 index b965cea77..000000000 --- a/ChangeLog.d/rsa_private-ret.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix an incorrect error code if an RSA private operation glitched.