Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: mbedtls-2-devel | Distribution: openSUSE Tumbleweed |
Version: 2.28.9 | Vendor: openSUSE |
Release: 1.3 | Build date: Mon Sep 2 21:59:03 2024 |
Group: Development/Libraries/C and C++ | Build host: reproducible |
Size: 2592880 | Source RPM: mbedtls-2-2.28.9-1.3.src.rpm |
Packager: http://bugs.opensuse.org | |
Url: https://tls.mbed.org | |
Summary: Development files for mbedtls, a SSL/TLS library |
This subpackage contains the development files for mbedtls, a suite of libraries for cryptographic functions and the SSL/TLS protocol suite.
Apache-2.0 OR GPL-2.0-or-later
* Mon Sep 02 2024 Jaime Marquínez Ferrándiz <jaime.marquinez.ferrandiz@fastmail.net> - Update to version 2.28.9: Security * Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled. CVE-2024-45157 Bugfix * Fix the build in some configurations when check_config.h is not included. Fix gh#Mbed-TLS/mbedtls#9152. * Fix issue of redefinition warning messages for _GNU_SOURCE in entropy_poll.c and sha_256.c. There was a build warning during building for linux platform. Resolves gh#Mbed-TLS/mbedtls#9026 * Fix error handling when creating a key in a dynamic secure element (feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition, the creation could return PSA_SUCCESS but using or destroying the key would not work. Fixes gh#Mbed-TLS/mbedtls#8537. * Fix a memory leak that could occur when failing to process an RSA key through some PSA functions due to low memory conditions. Document and enforce the limitation of mbedtls_psa_register_se_key() to persistent keys. Resolves gh#Mbed-TLS/mbedtls#9253. - Add fix_calloc-transposed-args.patch * Sun Mar 31 2024 Jaime Marquínez Ferrándiz <jaime.marquinez.ferrandiz@fastmail.net> - Update to version 2.28.8: Features * AES-NI is now supported in Windows builds with clang and clang-cl. Resolves gh#Mbed-TLS/mbedtls#8372. * Add pc files for pkg-config, e.g.: pkg-config --cflags --libs (mbedtls|mbedcrypto|mbedx509) Security * Passing buffers that are stored in untrusted memory as arguments to PSA functions is now secure by default. The PSA core now protects against modification of inputs or exposure of intermediate outputs during operations. This is currently implemented by copying buffers. This feature increases code size and memory usage. If buffers passed to PSA functions are owned exclusively by the PSA core for the duration of the function call (i.e. no buffer parameters are in shared memory), copying may be disabled by setting MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS. Note that setting this option will cause input-output buffer overlap to be only partially supported (gh#Mbed-TLS/mbedtls#3266). Fixes CVE-2024-28960 boo#1222157 . Bugfix * Fix the build with CMake when Everest is enabled through a user configuration file or the compiler command line. Fixes gh#Mbed-TLS/mbedtls#8165. * Fix an inconsistency between implementations and usages of __cpuid, which mainly causes failures when building Windows target using mingw or clang. Fixes gh#Mbed-TLS/mbedtls#8334 & gh#Mbed-TLS/mbedtls#8332. * Correct initial capacities for key derivation algorithms: TLS12_PRF, TLS12_PSK_TO_MS. * Fix mbedtls_pk_get_bitlen() for RSA keys whose size is not a multiple of 8. Fixes gh#Mbed-TLS/mbedtls#868. * Avoid segmentation fault caused by releasing not initialized entropy resource in gen_key example. Fixes gh#Mbed-TLS/mbedtls#8809. * Fix missing bitflags in SSL session serialization headers. Their absence allowed SSL sessions saved in one configuration to be loaded in a different, incompatible configuration. * Fix the restoration of the ALPN when loading serialized connection with the mbedtls_ssl_context_load() API. * Fully support arbitrary overlap between inputs and outputs of PSA functions. Note that overlap is still only partially supported when MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS is set (gh#Mbed-TLS/mbedtls#3266). Changes * Use heap memory to allocate DER encoded public/private key. This reduces stack usage significantly for writing a public/private key to a PEM string. * cmake: Use GnuInstallDirs to customize install directories Replace custom LIB_INSTALL_DIR variable with standard CMAKE_INSTALL_LIBDIR variable. For backward compatibility, set CMAKE_INSTALL_LIBDIR if LIB_INSTALL_DIR is set. * Wed Jan 31 2024 Martin Pluskal <mpluskal@suse.com> - Update to version 2.28.7: - Resolves CVE-2024-23170 boo#1219336 * Fri Nov 10 2023 Jaime Marquínez Ferrándiz <jaime.marquinez.ferrandiz@fastmail.net> - Update to 2.28.6: Changes: * Mbed TLS is now released under a dual Apache-2.0 OR GPL-2.0-or-later license. Users may choose which license they take the code under. * Sat Oct 07 2023 Jaime Marquínez Ferrándiz <jaime.marquinez.ferrandiz@fastmail.net> - Update to 2.28.5: Features * The documentation of mbedtls_ecp_group now describes the optimized representation of A for some curves. Fixes gh#Mbed-TLS/mbedtls#8045. Security * Developers using mbedtls_pkcs5_pbes2() or mbedtls_pkcs12_pbe() should review the size of the output buffer passed to this function, and note that the output after decryption may include CBC padding. Consider moving to the new functions mbedtls_pkcs5_pbes2_ext() or mbedtls_pkcs12_pbe_ext() which checks for overflow of the output buffer and reports the actual length of the output. * Improve padding calculations in CBC decryption, NIST key unwrapping and RSA OAEP decryption. With the previous implementation, some compilers (notably recent versions of Clang and IAR) could produce non-constant time code, which could allow a padding oracle attack if the attacker has access to precise timing measurements. * Fix a buffer overread when parsing short TLS application data records in ARC4 or null-cipher cipher suites. Credit to OSS-Fuzz. Bugfix * Fix x509 certificate generation to conform to RFC 5480 / RFC 5758 when using ECC key. The certificate was rejected by some crypto frameworks. Fixes gh#Mbed-TLS/mbedtls#2924. * Fix some cases where mbedtls_mpi_mod_exp, RSA key construction or ECDSA signature can silently return an incorrect result in low memory conditions. * Fix IAR compiler warnings. Fixes gh#Mbed-TLS/mbedtls#7873, gh#Mbed-TLS/mbedtls#4300. * Fix an issue when parsing an otherName subject alternative name into a mbedtls_x509_san_other_name struct. The type-id of the otherName was not copied to the struct. This meant that the struct had incomplete information about the otherName SAN and contained uninitialized memory. * Fix the detection of HardwareModuleName otherName SANs. These were being detected by comparing the wrong field and the check was erroneously inverted. * Fix an error when MBEDTLS_ECDSA_SIGN_ALT is defined but not MBEDTLS_ECDSA_VERIFY_ALT, causing ecdsa verify to fail. Fixes gh#Mbed-TLS/mbedtls#7498. Functions in the ssl_cache module now return a negative MBEDTLS_ERR_xxx error code on failure. Before, they returned 1 to indicate failure in some cases involving a missing entry or a full cache. Changes * In configurations with ARIA or Camellia but not AES, the value of MBEDTLS_CIPHER_BLKSIZE_MAX was 8, rather than 16 as the name might suggest. This did not affect any library code, because this macro was only used in relation with CMAC which does not support these ciphers. Its value is now 16 if ARIA or Camellia are present. This may affect application code that uses this macro. * Wed Aug 16 2023 Scott Bradnick <scott.bradnick@suse.com> - Update to 2.28.4: Features * Allow MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE to be set by setting the CMake variable of the same name at configuration time. Bugfix * Fix crypt_and_hash decryption fail when used with a stream cipher mode of operation, due to the input not being a multiple of the block size. Resolves #7417. * Fix a bug where mbedtls_x509_string_to_names() would return success when given a invalid name string, if it did not contain '=' or ','. * Fix missing PSA initialization in sample programs when MBEDTLS_USE_PSA_CRYPTO is enabled. * Fix clang and armclang compilation error when targeting certain Arm M-class CPUs (Cortex-M0, Cortex-M0+, Cortex-M1, Cortex-M23, SecurCore SC000). Fixes #1077. * Fixed an issue that caused compile errors when using CMake and the IAR toolchain. * Fix the build with MBEDTLS_PSA_INJECT_ENTROPY. Fixes #7516. * Fix builds on Windows with clang. * Fix compilation warnings in aes.c for certain combinations of configuration options. * Fix a compilation error on some platforms when including mbedtls/ssl.h with all TLS support disabled. Fixes #6628. Changes * Update test data to avoid failures of unit tests after 2023-08-07, and update expiring certififcates in the certs * Mon May 08 2023 Jaime Marquínez Ferrándiz <jaime.marquinez.ferrandiz@fastmail.net> - Fix the use of the %{release} macro for the mbedtls-devel version * Tue May 02 2023 Jaime Marquínez Ferrándiz <jaime.marquinez.ferrandiz@fastmail.net> - Update to 2.28.3: Features * Use HOSTCC (if it is set) when compiling C code during generation of the configuration-independent files. This allows them to be generated when CC is set for cross compilation. * AES-NI is now supported with Visual Studio. * AES-NI is now supported in 32-bit builds, or when MBEDTLS_HAVE_ASM is disabled, when compiling with GCC or Clang or a compatible compiler for a target CPU that supports the requisite instructions (for example gcc -m32 - msse2 -maes -mpclmul). (Generic x86 builds with GCC-like compilers still require MBEDTLS_HAVE_ASM and a 64-bit target.) Security * MBEDTLS_AESNI_C, which is enabled by default, was silently ignored on builds that couldn't compile the GCC-style assembly implementation (most notably builds with Visual Studio), leaving them vulnerable to timing side-channel attacks. There is now an intrinsics-based AES-NI implementation as a fallback for when the assembly one cannot be used. Bugfix * Fix a build issue on Windows where the source and build directory could not be on different drives (#5751). * Fix possible integer overflow in mbedtls_timing_hardclock(), which could cause a crash for certain platforms & compiler options. * Fix IAR compiler warnings. Fixes #6924. * Fix a bug in the build where directory names containing spaces were causing generate_errors.pl to error out resulting in a build failure. Fixes issue #6879. * Fix compile error where MBEDTLS_RSA_C and MBEDTLS_X509_CRT_WRITE_C are defined, but MBEDTLS_PK_RSA_ALT_SUPPORT is not defined. Fixes #3174. * Fix a build issue when defining MBEDTLS_TIMING_ALT and MBEDTLS_SELF_TEST. The library would not link if the user didn't provide an external self-test function. The self-test is now provided regardless of the choice of internal/alternative timing implementation. Fixes #6923. * mbedtls_x509write_crt_set_serial() now explicitly rejects serial numbers whose binary representation is longer than 20 bytes. This was already forbidden by the standard (RFC5280 - section 4.1.2.2) and now it's being enforced also at code level. * Fix potential undefined behavior in mbedtls_mpi_sub_abs(). Reported by Pascal Cuoq using TrustInSoft Analyzer in #6701; observed independently by Aaron Ucko under Valgrind. * Fix behavior of certain sample programs which could, when run with no arguments, access uninitialized memory in some cases. Fixes #6700 (which was found by TrustInSoft Analyzer during REDOCS'22) and #1120. * Fix build errors in test programs when MBEDTLS_CERTS_C is disabled. Fixes #6243. * Fix parsing of X.509 SubjectAlternativeName extension. Previously, malformed alternative name components were not caught during initial certificate parsing, but only on subsequent calls to mbedtls_x509_parse_subject_alt_name(). Fixes #2838. * Fix bug in conversion from OID to string in mbedtls_oid_get_numeric_string(). OIDs such as 2.40.0.25 are now printed correctly. * Reject OIDs with overlong-encoded subidentifiers when converting them to a string. * Reject OIDs with subidentifier values exceeding UINT_MAX. Such subidentifiers can be valid, but Mbed TLS cannot currently handle them. * Reject OIDs that have unterminated subidentifiers, or (equivalently) have the most-significant bit set in their last byte. * Silence a warning about an unused local variable in bignum.c on some architectures. Fixes #7166. * Silence warnings from clang -Wdocumentation about empty \retval descriptions, which started appearing with Clang 15. Fixes #6960. * Fix undefined behavior in mbedtls_ssl_read() and mbedtls_ssl_write() if len argument is 0 and buffer is NULL. Changes * The C code follows a new coding style. This is transparent for users but affects contributors and maintainers of local patches. For more information, see https://mbed-tls.readthedocs.io/en/latest/kb/how-to/rewrite-branch-for-coding-style/ * Changed the default MBEDTLS_ECP_WINDOW_SIZE from 6 to 2. As tested in issue 6790, the correlation between this define and RSA decryption performance has changed lately due to security fixes. To fix the performance degradation when using default values the window was reduced from 6 to 2, a value that gives the best or close to best results when tested on Cortex-M4 and Intel i7. * Mon May 01 2023 Jaime Marquínez Ferrándiz <jaime.marquinez.ferrandiz@fastmail.net> - Setup the mbedtls-2 package * Wed Mar 08 2023 Martin Pluskal <mpluskal@suse.com> - Build AVX2 enabled hwcaps library for x86_64-v3 * Wed Dec 21 2022 Alexander Bergmann <abergmann@suse.com> - Update to 2.28.2: (bsc#1206576, CVE-2022-46393) Security: * Fix potential heap buffer overread and overwrite in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX. * An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) could recover an RSA private key after observing the victim performing a single private-key operation if the window size used for the exponentiation was 3 or smaller. Found and reported by Zili KOU, Wenjian HE, Sharad Sinha, and Wei ZHANG. See "Cache Side-channel Attacks and Defenses of the Sliding Window Algorithm in TEEs" - Design, Automation and Test in Europe 2023. Bugfix: * Fix a long-standing build failure when building x86 PIC code with old gcc (4.x). The code will be slower, but will compile. We do however recommend upgrading to a more recent compiler instead. Fixes #1910. * Fix support for little-endian Microblaze when MBEDTLS_HAVE_ASM is defined. Contributed by Kazuyuki Kimura to fix #2020. * Use double quotes to include private header file psa_crypto_cipher.h. Fixes 'file not found with include' error when building with Xcode. * Fix handling of broken symlinks when loading certificates using mbedtls_x509_crt_parse_path(). Instead of returning an error as soon as a broken link is encountered, skip the broken link and continue parsing other certificate files. Contributed by Eduardo Silva in #2602. * Fix a compilation error when using CMake with an IAR toolchain. Fixes #5964. * Fix bugs and missing dependencies when building and testing configurations with only one encryption type enabled in TLS 1.2. * Provide the missing definition of mbedtls_setbuf() in some configurations with MBEDTLS_PLATFORM_C disabled. Fixes #6118, #6196. * Fix compilation errors when trying to build with PSA drivers for AEAD (GCM, CCM, Chacha20-Poly1305). * Fix memory leak in ssl_parse_certificate_request() caused by mbedtls_x509_get_name() not freeing allocated objects in case of error. Change mbedtls_x509_get_name() to clean up allocated objects on error. * Fix checks on PK in check_config.h for builds with PSA and RSA. This does not change which builds actually work, only moving a link-time error to an early check. * Fix ECDSA verification, where it was not always validating the public key. This bug meant that it was possible to verify a signature with an invalid public key, in some cases. Reported by Guido Vranken using Cryptofuzz in #4420. * Fix a possible null pointer dereference if a memory allocation fails in TLS PRF code. Reported by Michael Madsen in #6516. * Fix a bug in which mbedtls_x509_crt_info() would produce non-printable bytes when parsing certificates containing a binary RFC 4108 HardwareModuleName as a Subject Alternative Name extension. Hardware serial numbers are now rendered in hex format. Fixes #6262. * Fix bug in error reporting in dh_genprime.c where upon failure, the error code returned by mbedtls_mpi_write_file() is overwritten and therefore not printed. * In the bignum module, operations of the form (-A) - (+A) or (-A) - (-A) with A > 0 created an unintended representation of the value 0 which was not processed correctly by some bignum operations. Fix this. This had no consequence on cryptography code, but might affect applications that call bignum directly and use negative numbers. * Fix undefined behavior (typically harmless in practice) of mbedtls_mpi_add_mpi(), mbedtls_mpi_add_abs() and mbedtls_mpi_add_int() when both operands are 0 and the left operand is represented with 0 limbs. * Fix undefined behavior (typically harmless in practice) when some bignum functions receive the most negative value of mbedtls_mpi_sint. Credit to OSS-Fuzz. Fixes #6597. * Fix undefined behavior (typically harmless in practice) in PSA ECB encryption and decryption. * Fri Nov 04 2022 Mia Herkt <mia@0x0.st> - Update to 2.28.1: (CVE-2022-35409) Default behavior changes * mbedtls_cipher_set_iv will now fail with ChaCha20 and ChaCha20+Poly1305 for IV lengths other than 12. The library was silently overwriting this length with 12, but did not inform the caller about it. gh#Mbed-TLS/mbedtls#4301 Features * When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you may list the PSA crypto feature requirements in the file named by the new macro MBEDTLS_PSA_CRYPTO_CONFIG_FILE instead of the default psa/crypto_config.h. Furthermore you may name an additional file to include after the main file with the macro MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE. Security * Zeroize dynamically-allocated buffers used by the PSA Crypto key storage module before freeing them. These buffers contain secret key material, and could thus potentially leak the key through freed heap. * Fix a potential heap buffer overread in TLS 1.2 server-side when MBEDTLS_USE_PSA_CRYPTO is enabled, an opaque key (created with mbedtls_pk_setup_opaque()) is provisioned, and a static ECDH ciphersuite is selected. This may result in an application crash or potentially an information leak. * Fix a buffer overread in DTLS ClientHello parsing in servers with MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled. An unauthenticated client or a man-in-the-middle could cause a DTLS server to read up to 255 bytes after the end of the SSL input buffer. The buffer overread only happens when MBEDTLS_SSL_IN_CONTENT_LEN is less than a threshold that depends on the exact configuration: 258 bytes if using mbedtls_ssl_cookie_check(), and possibly up to 571 bytes with a custom cookie check function. Reported by the Cybeats PSI Team. Bugfix * Fix a memory leak if mbedtls_ssl_config_defaults() is called twice. * Fix several bugs (warnings, compiler and linker errors, test failures) in reduced configurations when MBEDTLS_USE_PSA_CRYPTO is enabled. * Fix a bug in (D)TLS curve negotiation: when MBEDTLS_USE_PSA_CRYPTO was enabled and an ECDHE-ECDSA or ECDHE-RSA key exchange was used, the client would fail to check that the curve selected by the server for ECDHE was indeed one that was offered. As a result, the client would accept any curve that it supported, even if that curve was not allowed according to its configuration. gh#Mbed-TLS/mbedtls#5291 * Fix unit tests that used 0 as the file UID. This failed on some implementations of PSA ITS. gh#Mbed-TLS/mbedtls#3838 * Fix API violation in mbedtls_md_process() test by adding a call to mbedtls_md_starts(). gh#Mbed-TLS/mbedtls#2227 * Fix compile errors when MBEDTLS_HAVE_TIME is not defined. Add tests to catch bad uses of time.h. * Fix bug in the alert sending function mbedtls_ssl_send_alert_message() potentially leading to corrupted alert messages being sent in case the function needs to be re-called after initially returning MBEDTLS_SSL_WANT_WRITE. gh#Mbed-TLS/mbedtls#1916 * In configurations with MBEDTLS_SSL_DTLS_CONNECTION_ID enabled but none of MBEDTLS_SSL_HW_RECORD_ACCEL, MBEDTLS_SSL_EXPORT_KEYS or MBEDTLS_DEBUG_C, DTLS handshakes using CID would crash due to a null pointer dereference. Fix this. gh#Mbed-TLS/mbedtls#3998 * Fix incorrect documentation of mbedtls_x509_crt_profile. The previous documentation stated that the allowed_pks field applies to signatures only, but in fact it does apply to the public key type of the end entity certificate, too. gh#Mbed-TLS/mbedtls#1992 * Fix PSA cipher multipart operations using ARC4. Previously, an IV was required but discarded. Now, an IV is rejected, as it should be. * Fix undefined behavior in mbedtls_asn1_find_named_data(), where val is not NULL and val_len is zero. psa_raw_key_agreement() now returns PSA_ERROR_BUFFER_TOO_SMALL when applicable. gh#Mbed-TLS/mbedtls#5735 * Fix a bug in the x25519 example program where the removal of MBEDTLS_ECDH_LEGACY_CONTEXT caused the program not to run. gh#Mbed-TLS/mbedtls#4901 gh#Mbed-TLS/mbedtls#3191 * Encode X.509 dates before 1/1/2000 as UTCTime rather than GeneralizedTime. gh#Mbed-TLS/mbedtls#5465 * Fix order value of curve x448. * Fix string representation of DNs when outputting values containing commas and other special characters, conforming to RFC 1779. gh#Mbed-TLS/mbedtls#769 * Silence a warning from GCC 12 in the selftest program. gh#Mbed-TLS/mbedtls#5974 * Fix mbedtls_asn1_write_mpi() writing an incorrect encoding of 0. * Fix resource leaks in mbedtls_pk_parse_public_key() in low memory conditions. * Fix server connection identifier setting for outgoing encrypted records on DTLS 1.2 session resumption. After DTLS 1.2 session resumption with connection identifier, the Mbed TLS client now properly sends the server connection identifier in encrypted record headers. gh#Mbed-TLS/mbedtls#5872 * Fix a null pointer dereference when performing some operations on zero represented with 0 limbs (specifically mbedtls_mpi_mod_int() dividing by 2, and mbedtls_mpi_write_string() in base 2). * Fix record sizes larger than 16384 being sometimes accepted despite being non-compliant. This could not lead to a buffer overflow. In particular, application data size was already checked correctly. * Mon Jan 17 2022 Guillaume GARDET <guillaume.gardet@opensuse.org> - Fix baselib.conf * Thu Jan 13 2022 Guillaume GARDET <guillaume.gardet@opensuse.org> - Update to 2.28.0: (bsc#1193979, CVE-2021-45450) API changes * Some fields of mbedtls_ssl_session and mbedtls_ssl_config are in a different order. This only affects applications that define such structures directly or serialize them. Requirement changes * Sign-magnitude and one's complement representations for signed integers are not supported. Two's complement is the only supported representation. Removals * Remove config option MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES, which allowed SHA-1 in the default TLS configuration for certificate signing. It was intended to facilitate the transition in environments with SHA-1 certificates. SHA-1 is considered a weak message digest and its use constitutes a security risk. * Remove the partial support for running unit tests via Greentea on Mbed OS, which had been unmaintained since 2018. Features * The identifier of the CID TLS extension can be configured by defining MBEDTLS_TLS_EXT_CID at compile time. * Warn if errors from certain functions are ignored. This is currently supported on GCC-like compilers and on MSVC and can be configured through the macro MBEDTLS_CHECK_RETURN. The warnings are always enabled (where supported) for critical functions where ignoring the return value is almost always a bug. Enable the new configuration option MBEDTLS_CHECK_RETURN_WARNING to get warnings for other functions. This is currently implemented in the AES, DES and md modules, and will be extended to other modules in the future. * Add missing PSA macros declared by PSA Crypto API 1.0.0: PSA_ALG_IS_SIGN_HASH, PSA_ALG_NONE, PSA_HASH_BLOCK_LENGTH, PSA_KEY_ID_NULL. * Add new API mbedtls_ct_memcmp for constant time buffer comparison. * Add PSA API definition for ARIA. Security * Zeroize several intermediate variables used to calculate the expected value when verifying a MAC or AEAD tag. This hardens the library in case the value leaks through a memory disclosure vulnerability. For example, a memory disclosure vulnerability could have allowed a man-in-the-middle to inject fake ciphertext into a DTLS connection. * In psa_cipher_generate_iv() and psa_cipher_encrypt(), do not read back from the output buffer. This fixes a potential policy bypass or decryption oracle vulnerability if the output buffer is in memory that is shared with an untrusted application. * Fix a double-free that happened after mbedtls_ssl_set_session() or mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED (out of memory). After that, calling mbedtls_ssl_session_free() and mbedtls_ssl_free() would cause an internal session buffer to be free()'d twice. Bugfix * Stop using reserved identifiers as local variables. Fixes #4630. * The GNU makefiles invoke python3 in preference to python except on Windows. * The check was accidentally not performed when cross-compiling for Windows on Linux. Fix this. Fixes #4774. * Prevent divide by zero if either of PSA_CIPHER_ENCRYPT_OUTPUT_SIZE() or PSA_CIPHER_UPDATE_OUTPUT_SIZE() were called using an asymmetric key type. * Fix a parameter set but unused in psa_crypto_cipher.c. Fixes #4935. * Don't use the obsolete header path sys/fcntl.h in unit tests. These header files cause compilation errors in musl. Fixes #4969. * Fix missing constraints on x86_64 and aarch64 assembly code for bignum multiplication that broke some bignum operations with (at least) Clang 12. Fixes #4116, #4786, #4917, #4962. * Fix mbedtls_cipher_crypt: AES-ECB when MBEDTLS_USE_PSA_CRYPTO is enabled. * Failures of alternative implementations of AES or DES single-block functions enabled with MBEDTLS_AES_ENCRYPT_ALT, MBEDTLS_AES_DECRYPT_ALT, MBEDTLS_DES_CRYPT_ECB_ALT or MBEDTLS_DES3_CRYPT_ECB_ALT were ignored. This does not concern the implementation provided with Mbed TLS, where this function cannot fail, or full-module replacements with MBEDTLS_AES_ALT or MBEDTLS_DES_ALT. Reported by Armelle Duboc in #1092. * Some failures of HMAC operations were ignored. These failures could only happen with an alternative implementation of the underlying hash module. * Fix the error returned by psa_generate_key() for a public key. Fixes #4551. * Fix the build of sample programs when neither MBEDTLS_ERROR_C nor MBEDTLS_ERROR_STRERROR_DUMMY is enabled. * Fix PSA_ALG_RSA_PSS verification accepting an arbitrary salt length. This algorithm now accepts only the same salt length for verification that it produces when signing, as documented. Use the new algorithm PSA_ALG_RSA_PSS_ANY_SALT to accept any salt length. Fixes #4946. * The existing predicate macro name PSA_ALG_IS_HASH_AND_SIGN is now reserved for algorithm values that fully encode the hashing step, as per the PSA Crypto API specification. This excludes PSA_ALG_RSA_PKCS1V15_SIGN_RAW and PSA_ALG_ECDSA_ANY. The new predicate macro PSA_ALG_IS_SIGN_HASH covers all algorithms that can be used with psa_{sign,verify}_hash(), including these two. * Fix issue in Makefile on Linux with SHARED=1, that caused shared libraries not to list other shared libraries they need. * Fix a bug in mbedtls_gcm_starts() when the bit length of the iv exceeds 2^32. Fixes #4884. * Fix an uninitialized variable warning in test_suite_ssl.function with GCC version 11. * Fix the build when no SHA2 module is included. Fixes #4930. * Fix the build when only the bignum module is included. Fixes #4929. * Fix a potential invalid pointer dereference and infinite loop bugs in pkcs12 functions when the password is empty. Fix the documentation to better describe the inputs to these functions and their possible values. Fixes #5136. * The key usage flags PSA_KEY_USAGE_SIGN_MESSAGE now allows the MAC operations psa_mac_compute() and psa_mac_sign_setup(). * The key usage flags PSA_KEY_USAGE_VERIFY_MESSAGE now allows the MAC operations psa_mac_verify() and psa_mac_verify_setup(). Changes * Set config option MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE to be disabled by default. * Improve the performance of base64 constant-flow code. The result is still slower than the original non-constant-flow implementation, but much faster than the previous constant-flow implementation. Fixes #4814. * Indicate in the error returned if the nonce length used with ChaCha20-Poly1305 is invalid, and not just unsupported. * The mbedcrypto library includes a new source code module constant_time.c, containing various functions meant to resist timing side channel attacks. * This module does not have a separate configuration option, and functions from this module will be included in the build as required. Currently most of the interface of this module is private and may change at any time.
/usr/include/everest /usr/include/everest/Hacl_Curve25519.h /usr/include/everest/everest.h /usr/include/everest/kremlib /usr/include/everest/kremlib.h /usr/include/everest/kremlib/FStar_UInt128.h /usr/include/everest/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h /usr/include/everest/kremlin /usr/include/everest/kremlin/c_endianness.h /usr/include/everest/kremlin/internal /usr/include/everest/kremlin/internal/builtin.h /usr/include/everest/kremlin/internal/callconv.h /usr/include/everest/kremlin/internal/compat.h /usr/include/everest/kremlin/internal/debug.h /usr/include/everest/kremlin/internal/target.h /usr/include/everest/kremlin/internal/types.h /usr/include/everest/kremlin/internal/wasmsupport.h /usr/include/everest/vs2010 /usr/include/everest/vs2010/Hacl_Curve25519.h /usr/include/everest/vs2010/inttypes.h /usr/include/everest/vs2010/stdbool.h /usr/include/everest/x25519.h /usr/include/mbedtls /usr/include/mbedtls/aes.h /usr/include/mbedtls/aesni.h /usr/include/mbedtls/arc4.h /usr/include/mbedtls/aria.h /usr/include/mbedtls/asn1.h /usr/include/mbedtls/asn1write.h /usr/include/mbedtls/base64.h /usr/include/mbedtls/bignum.h /usr/include/mbedtls/blowfish.h /usr/include/mbedtls/bn_mul.h /usr/include/mbedtls/camellia.h /usr/include/mbedtls/ccm.h /usr/include/mbedtls/certs.h /usr/include/mbedtls/chacha20.h /usr/include/mbedtls/chachapoly.h /usr/include/mbedtls/check_config.h /usr/include/mbedtls/cipher.h /usr/include/mbedtls/cipher_internal.h /usr/include/mbedtls/cmac.h /usr/include/mbedtls/compat-1.3.h /usr/include/mbedtls/config.h /usr/include/mbedtls/config_psa.h /usr/include/mbedtls/constant_time.h /usr/include/mbedtls/ctr_drbg.h /usr/include/mbedtls/debug.h /usr/include/mbedtls/des.h /usr/include/mbedtls/dhm.h /usr/include/mbedtls/ecdh.h /usr/include/mbedtls/ecdsa.h /usr/include/mbedtls/ecjpake.h /usr/include/mbedtls/ecp.h /usr/include/mbedtls/ecp_internal.h /usr/include/mbedtls/entropy.h /usr/include/mbedtls/entropy_poll.h /usr/include/mbedtls/error.h /usr/include/mbedtls/gcm.h /usr/include/mbedtls/havege.h /usr/include/mbedtls/hkdf.h /usr/include/mbedtls/hmac_drbg.h /usr/include/mbedtls/md.h /usr/include/mbedtls/md2.h /usr/include/mbedtls/md4.h /usr/include/mbedtls/md5.h /usr/include/mbedtls/md_internal.h /usr/include/mbedtls/memory_buffer_alloc.h /usr/include/mbedtls/net.h /usr/include/mbedtls/net_sockets.h /usr/include/mbedtls/nist_kw.h /usr/include/mbedtls/oid.h /usr/include/mbedtls/padlock.h /usr/include/mbedtls/pem.h /usr/include/mbedtls/pk.h /usr/include/mbedtls/pk_internal.h /usr/include/mbedtls/pkcs11.h /usr/include/mbedtls/pkcs12.h /usr/include/mbedtls/pkcs5.h /usr/include/mbedtls/platform.h /usr/include/mbedtls/platform_time.h /usr/include/mbedtls/platform_util.h /usr/include/mbedtls/poly1305.h /usr/include/mbedtls/psa_util.h /usr/include/mbedtls/ripemd160.h /usr/include/mbedtls/rsa.h /usr/include/mbedtls/rsa_internal.h /usr/include/mbedtls/sha1.h /usr/include/mbedtls/sha256.h /usr/include/mbedtls/sha512.h /usr/include/mbedtls/ssl.h /usr/include/mbedtls/ssl_cache.h /usr/include/mbedtls/ssl_ciphersuites.h /usr/include/mbedtls/ssl_cookie.h /usr/include/mbedtls/ssl_internal.h /usr/include/mbedtls/ssl_ticket.h /usr/include/mbedtls/threading.h /usr/include/mbedtls/timing.h /usr/include/mbedtls/version.h /usr/include/mbedtls/x509.h /usr/include/mbedtls/x509_crl.h /usr/include/mbedtls/x509_crt.h /usr/include/mbedtls/x509_csr.h /usr/include/mbedtls/xtea.h /usr/include/psa /usr/include/psa/crypto.h /usr/include/psa/crypto_builtin_composites.h /usr/include/psa/crypto_builtin_primitives.h /usr/include/psa/crypto_compat.h /usr/include/psa/crypto_config.h /usr/include/psa/crypto_driver_common.h /usr/include/psa/crypto_driver_contexts_composites.h /usr/include/psa/crypto_driver_contexts_primitives.h /usr/include/psa/crypto_extra.h /usr/include/psa/crypto_platform.h /usr/include/psa/crypto_se_driver.h /usr/include/psa/crypto_sizes.h /usr/include/psa/crypto_struct.h /usr/include/psa/crypto_types.h /usr/include/psa/crypto_values.h /usr/lib/libmbedcrypto.so /usr/lib/libmbedtls.so /usr/lib/libmbedx509.so /usr/lib/pkgconfig/mbedcrypto.pc /usr/lib/pkgconfig/mbedtls.pc /usr/lib/pkgconfig/mbedx509.pc /usr/share/doc/packages/mbedtls-2-devel /usr/share/doc/packages/mbedtls-2-devel/ChangeLog /usr/share/doc/packages/mbedtls-2-devel/README.md /usr/share/licenses/mbedtls-2-devel /usr/share/licenses/mbedtls-2-devel/LICENSE
Generated by rpm2html 1.8.1
Fabrice Bellet, Sun Jan 12 02:11:34 2025