Skip to content

Commit

Permalink
Merge pull request #955 from Mbed-TLS/mbedtls-2.28.1rc0-pr
Browse files Browse the repository at this point in the history
Mbed TLS 2.28.1rc0 pr
  • Loading branch information
daverodgman authored Jul 11, 2022
2 parents ada62f2 + fe9d08f commit dd79db1
Show file tree
Hide file tree
Showing 47 changed files with 711 additions and 186 deletions.
96 changes: 95 additions & 1 deletion ChangeLog
Original file line number Diff line number Diff line change
@@ -1,4 +1,98 @@
mbed TLS ChangeLog (Sorted per branch, date)
Mbed TLS ChangeLog (Sorted per branch, date)

= Mbed TLS 2.28.1 branch released 2022-07-11

Default behavior changes
* mbedtls_cipher_set_iv will now fail with ChaCha20 and ChaCha20+Poly1305
for IV lengths other than 12. The library was silently overwriting this
length with 12, but did not inform the caller about it. Fixes #4301.

Features
* When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you may list the PSA crypto
feature requirements in the file named by the new macro
MBEDTLS_PSA_CRYPTO_CONFIG_FILE instead of the default psa/crypto_config.h.
Furthermore you may name an additional file to include after the main
file with the macro MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE.

Security
* Zeroize dynamically-allocated buffers used by the PSA Crypto key storage
module before freeing them. These buffers contain secret key material, and
could thus potentially leak the key through freed heap.
* Fix a potential heap buffer overread in TLS 1.2 server-side when
MBEDTLS_USE_PSA_CRYPTO is enabled, an opaque key (created with
mbedtls_pk_setup_opaque()) is provisioned, and a static ECDH ciphersuite
is selected. This may result in an application crash or potentially an
information leak.
* Fix a buffer overread in DTLS ClientHello parsing in servers with
MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled. An unauthenticated client
or a man-in-the-middle could cause a DTLS server to read up to 255 bytes
after the end of the SSL input buffer. The buffer overread only happens
when MBEDTLS_SSL_IN_CONTENT_LEN is less than a threshold that depends on
the exact configuration: 258 bytes if using mbedtls_ssl_cookie_check(),
and possibly up to 571 bytes with a custom cookie check function.
Reported by the Cybeats PSI Team.

Bugfix
* Fix a memory leak if mbedtls_ssl_config_defaults() is called twice.
* Fix several bugs (warnings, compiler and linker errors, test failures)
in reduced configurations when MBEDTLS_USE_PSA_CRYPTO is enabled.
* Fix a bug in (D)TLS curve negotiation: when MBEDTLS_USE_PSA_CRYPTO was
enabled and an ECDHE-ECDSA or ECDHE-RSA key exchange was used, the
client would fail to check that the curve selected by the server for
ECDHE was indeed one that was offered. As a result, the client would
accept any curve that it supported, even if that curve was not allowed
according to its configuration. Fixes #5291.
* Fix unit tests that used 0 as the file UID. This failed on some
implementations of PSA ITS. Fixes #3838.
* Fix API violation in mbedtls_md_process() test by adding a call to
mbedtls_md_starts(). Fixes #2227.
* Fix compile errors when MBEDTLS_HAVE_TIME is not defined. Add tests
to catch bad uses of time.h.
* Fix the library search path when building a shared library with CMake
on Windows.
* Fix bug in the alert sending function mbedtls_ssl_send_alert_message()
potentially leading to corrupted alert messages being sent in case
the function needs to be re-called after initially returning
MBEDTLS_SSL_WANT_WRITE. Fixes #1916.
* In configurations with MBEDTLS_SSL_DTLS_CONNECTION_ID enabled but none of
MBEDTLS_SSL_HW_RECORD_ACCEL, MBEDTLS_SSL_EXPORT_KEYS or MBEDTLS_DEBUG_C,
DTLS handshakes using CID would crash due to a null pointer dereference.
Fix this. Fixes #3998.
* Fix incorrect documentation of mbedtls_x509_crt_profile. The previous
documentation stated that the `allowed_pks` field applies to signatures
only, but in fact it does apply to the public key type of the end entity
certificate, too. Fixes #1992.
* Fix PSA cipher multipart operations using ARC4. Previously, an IV was
required but discarded. Now, an IV is rejected, as it should be.
* Fix undefined behavior in mbedtls_asn1_find_named_data(), where val is
not NULL and val_len is zero.
* psa_raw_key_agreement() now returns PSA_ERROR_BUFFER_TOO_SMALL when
applicable. Fixes #5735.
* Fix a bug in the x25519 example program where the removal of
MBEDTLS_ECDH_LEGACY_CONTEXT caused the program not to run. Fixes #4901 and
#3191.
* Encode X.509 dates before 1/1/2000 as UTCTime rather than
GeneralizedTime. Fixes #5465.
* Fix order value of curve x448.
* Fix string representation of DNs when outputting values containing commas
and other special characters, conforming to RFC 1779. Fixes #769.
* Silence a warning from GCC 12 in the selftest program. Fixes #5974.
* Fix mbedtls_asn1_write_mpi() writing an incorrect encoding of 0.
* Fix resource leaks in mbedtls_pk_parse_public_key() in low
memory conditions.
* Fix server connection identifier setting for outgoing encrypted records
on DTLS 1.2 session resumption. After DTLS 1.2 session resumption with
connection identifier, the Mbed TLS client now properly sends the server
connection identifier in encrypted record headers. Fix #5872.
* Fix a null pointer dereference when performing some operations on zero
represented with 0 limbs (specifically mbedtls_mpi_mod_int() dividing
by 2, and mbedtls_mpi_write_string() in base 2).
* Fix record sizes larger than 16384 being sometimes accepted despite being
non-compliant. This could not lead to a buffer overflow. In particular,
application data size was already checked correctly.

Changes
* Assume source files are in UTF-8 when using MSVC with CMake.

= mbed TLS 2.28.0 branch released 2021-12-17

Expand Down
3 changes: 0 additions & 3 deletions ChangeLog.d/PSA-test-suites-NOT-using-UID-0.txt

This file was deleted.

This file was deleted.

5 changes: 0 additions & 5 deletions ChangeLog.d/alert_reentrant.txt

This file was deleted.

2 changes: 0 additions & 2 deletions ChangeLog.d/asn1write-0-fix

This file was deleted.

2 changes: 0 additions & 2 deletions ChangeLog.d/bug_x448.txt

This file was deleted.

4 changes: 0 additions & 4 deletions ChangeLog.d/chacha20_invalid_iv_len_fix.txt

This file was deleted.

2 changes: 0 additions & 2 deletions ChangeLog.d/cmake_msvc_utf8.txt

This file was deleted.

5 changes: 0 additions & 5 deletions ChangeLog.d/doc-x509-profile-pk.txt

This file was deleted.

5 changes: 0 additions & 5 deletions ChangeLog.d/dtls-cid-null.txt

This file was deleted.

3 changes: 0 additions & 3 deletions ChangeLog.d/fix-csr_subject_commas.txt

This file was deleted.

3 changes: 0 additions & 3 deletions ChangeLog.d/fix-time-format-pre-2000.txt

This file was deleted.

3 changes: 0 additions & 3 deletions ChangeLog.d/fix-undefined-memcpy-mbedtls_asn1_named_data.txt

This file was deleted.

3 changes: 0 additions & 3 deletions ChangeLog.d/fix-windows-cmake-build-with-shared-libraries.txt

This file was deleted.

4 changes: 0 additions & 4 deletions ChangeLog.d/fix-x25519-program.txt

This file was deleted.

4 changes: 0 additions & 4 deletions ChangeLog.d/fix_some_resource_leaks.txt

This file was deleted.

2 changes: 0 additions & 2 deletions ChangeLog.d/mbedtls_ssl_config_defaults-memleak.txt

This file was deleted.

3 changes: 0 additions & 3 deletions ChangeLog.d/psa-rc4.txt

This file was deleted.

6 changes: 0 additions & 6 deletions ChangeLog.d/psa_crypto_config_file.txt

This file was deleted.

3 changes: 0 additions & 3 deletions ChangeLog.d/psa_crypto_reduced_configs_bugs.txt

This file was deleted.

3 changes: 0 additions & 3 deletions ChangeLog.d/psa_raw_key_agreement-buffer_too_small.txt

This file was deleted.

5 changes: 0 additions & 5 deletions ChangeLog.d/resumption_cid.txt

This file was deleted.

2 changes: 0 additions & 2 deletions ChangeLog.d/selftest-gcc12.txt

This file was deleted.

3 changes: 0 additions & 3 deletions ChangeLog.d/timeless.txt

This file was deleted.

7 changes: 0 additions & 7 deletions ChangeLog.d/use-psa-ecdhe-curve.txt

This file was deleted.

4 changes: 0 additions & 4 deletions ChangeLog.d/zeroize_key_buffers_before_free.txt

This file was deleted.

2 changes: 1 addition & 1 deletion doxygen/input/doc_mainpage.h
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
*/

/**
* @mainpage mbed TLS v2.28.0 source code documentation
* @mainpage mbed TLS v2.28.1 source code documentation
*
* This documentation describes the internal structure of mbed TLS. It was
* automatically generated from specially formatted comment blocks in
Expand Down
2 changes: 1 addition & 1 deletion doxygen/mbedtls.doxyfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
PROJECT_NAME = "mbed TLS v2.28.0"
PROJECT_NAME = "mbed TLS v2.28.1"
OUTPUT_DIRECTORY = ../apidoc/
FULL_PATH_NAMES = NO
OPTIMIZE_OUTPUT_FOR_C = YES
Expand Down
75 changes: 49 additions & 26 deletions include/mbedtls/pk.h
Original file line number Diff line number Diff line change
Expand Up @@ -217,32 +217,6 @@ typedef struct
typedef void mbedtls_pk_restart_ctx;
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */

#if defined(MBEDTLS_RSA_C)
/**
* Quick access to an RSA context inside a PK context.
*
* \warning You must make sure the PK context actually holds an RSA context
* before using this function!
*/
static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
{
return( (mbedtls_rsa_context *) (pk).pk_ctx );
}
#endif /* MBEDTLS_RSA_C */

#if defined(MBEDTLS_ECP_C)
/**
* Quick access to an EC context inside a PK context.
*
* \warning You must make sure the PK context actually holds an EC context
* before using this function!
*/
static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
{
return( (mbedtls_ecp_keypair *) (pk).pk_ctx );
}
#endif /* MBEDTLS_ECP_C */

#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
/**
* \brief Types for RSA-alt abstraction
Expand Down Expand Up @@ -656,6 +630,55 @@ const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx );
*/
mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );

#if defined(MBEDTLS_RSA_C)
/**
* Quick access to an RSA context inside a PK context.
*
* \warning This function can only be used when the type of the context, as
* returned by mbedtls_pk_get_type(), is #MBEDTLS_PK_RSA.
* Ensuring that is the caller's responsibility.
* Alternatively, you can check whether this function returns NULL.
*
* \return The internal RSA context held by the PK context, or NULL.
*/
static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
{
switch( mbedtls_pk_get_type( &pk ) )
{
case MBEDTLS_PK_RSA:
return( (mbedtls_rsa_context *) (pk).pk_ctx );
default:
return( NULL );
}
}
#endif /* MBEDTLS_RSA_C */

#if defined(MBEDTLS_ECP_C)
/**
* Quick access to an EC context inside a PK context.
*
* \warning This function can only be used when the type of the context, as
* returned by mbedtls_pk_get_type(), is #MBEDTLS_PK_ECKEY,
* #MBEDTLS_PK_ECKEY_DH, or #MBEDTLS_PK_ECDSA.
* Ensuring that is the caller's responsibility.
* Alternatively, you can check whether this function returns NULL.
*
* \return The internal EC context held by the PK context, or NULL.
*/
static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
{
switch( mbedtls_pk_get_type( &pk ) )
{
case MBEDTLS_PK_ECKEY:
case MBEDTLS_PK_ECKEY_DH:
case MBEDTLS_PK_ECDSA:
return( (mbedtls_ecp_keypair *) (pk).pk_ctx );
default:
return( NULL );
}
}
#endif /* MBEDTLS_ECP_C */

#if defined(MBEDTLS_PK_PARSE_C)
/** \ingroup pk_module */
/**
Expand Down
Loading

0 comments on commit dd79db1

Please sign in to comment.