diff --git a/baselibs.conf b/baselibs.conf index bbe6294..3d7639b 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,3 +1,3 @@ libmbedtls13 libmbedx509-1 -libmbedcrypto6 +libmbedcrypto7 diff --git a/mbedtls-2.26.0.tar.gz b/mbedtls-2.26.0.tar.gz deleted file mode 100644 index 9263a83..0000000 --- a/mbedtls-2.26.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:37949e823c7e1f6695fc56858578df355da0770c284b1c1304cfc8b396d539cd -size 4081036 diff --git a/mbedtls-2.27.0.tar.gz b/mbedtls-2.27.0.tar.gz new file mode 100644 index 0000000..a03dde7 --- /dev/null +++ b/mbedtls-2.27.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2a07856e541f0e5f6eaee4f78018c52f25bd244ed76f9020dea54a8b02cac6ea +size 4212277 diff --git a/mbedtls-4237.patch b/mbedtls-4237.patch deleted file mode 100644 index 75a22ac..0000000 --- a/mbedtls-4237.patch +++ /dev/null @@ -1,150 +0,0 @@ -From 29b641688d038143a193c69eac4d6e8eacc934d8 Mon Sep 17 00:00:00 2001 -From: Paul Elliott -Date: Wed, 17 Mar 2021 13:02:02 +0000 -Subject: [PATCH 1/2] Fix printf format issue in programs - -Fix issues that were missed as part of previous printf attribute -cleanup - -Signed-off-by: Paul Elliott ---- - programs/random/gen_random_havege.c | 2 +- - programs/ssl/ssl_pthread_server.c | 22 ++++++++++++---------- - 2 files changed, 13 insertions(+), 11 deletions(-) - -diff --git a/programs/random/gen_random_havege.c b/programs/random/gen_random_havege.c -index ccca7f3d470..e82e62769e8 100644 ---- a/programs/random/gen_random_havege.c -+++ b/programs/random/gen_random_havege.c -@@ -81,7 +81,7 @@ int main( int argc, char *argv[] ) - if( ( ret = mbedtls_havege_random( &hs, buf, sizeof( buf ) ) ) != 0 ) - { - mbedtls_printf( " failed\n ! mbedtls_havege_random returned -0x%04X", -- -ret ); -+ ( unsigned int ) -ret ); - goto exit; - } - -diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c -index c8ab21522ed..c4c6ef1037b 100644 ---- a/programs/ssl/ssl_pthread_server.c -+++ b/programs/ssl/ssl_pthread_server.c -@@ -142,7 +142,7 @@ static void *handle_ssl_connection( void *data ) - if( ( ret = mbedtls_ssl_setup( &ssl, thread_info->config ) ) != 0 ) - { - mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_setup returned -0x%04x\n", -- thread_id, -ret ); -+ thread_id, ( unsigned int ) -ret ); - goto thread_exit; - } - -@@ -158,7 +158,7 @@ static void *handle_ssl_connection( void *data ) - if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) - { - mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_handshake returned -0x%04x\n", -- thread_id, -ret ); -+ thread_id, ( unsigned int ) -ret ); - goto thread_exit; - } - } -@@ -195,7 +195,7 @@ static void *handle_ssl_connection( void *data ) - - default: - mbedtls_printf( " [ #%ld ] mbedtls_ssl_read returned -0x%04x\n", -- thread_id, -ret ); -+ thread_id, ( unsigned int ) -ret ); - goto thread_exit; - } - } -@@ -229,7 +229,7 @@ static void *handle_ssl_connection( void *data ) - if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) - { - mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_write returned -0x%04x\n", -- thread_id, ret ); -+ thread_id, ( unsigned int ) ret ); - goto thread_exit; - } - } -@@ -246,7 +246,7 @@ static void *handle_ssl_connection( void *data ) - ret != MBEDTLS_ERR_SSL_WANT_WRITE ) - { - mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_close_notify returned -0x%04x\n", -- thread_id, ret ); -+ thread_id, ( unsigned int ) ret ); - goto thread_exit; - } - } -@@ -263,7 +263,7 @@ static void *handle_ssl_connection( void *data ) - char error_buf[100]; - mbedtls_strerror( ret, error_buf, 100 ); - mbedtls_printf(" [ #%ld ] Last error was: -0x%04x - %s\n\n", -- thread_id, -ret, error_buf ); -+ thread_id, ( unsigned int ) -ret, error_buf ); - } - #endif - -@@ -408,7 +408,7 @@ int main( void ) - strlen( pers ) ) ) != 0 ) - { - mbedtls_printf( " failed: mbedtls_ctr_drbg_seed returned -0x%04x\n", -- -ret ); -+ ( unsigned int ) -ret ); - goto exit; - } - -@@ -425,7 +425,7 @@ int main( void ) - MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 ) - { - mbedtls_printf( " failed: mbedtls_ssl_config_defaults returned -0x%04x\n", -- -ret ); -+ ( unsigned int ) -ret ); - goto exit; - } - -@@ -470,7 +470,8 @@ int main( void ) - { - char error_buf[100]; - mbedtls_strerror( ret, error_buf, 100 ); -- mbedtls_printf( " [ main ] Last error was: -0x%04x - %s\n", -ret, error_buf ); -+ mbedtls_printf( " [ main ] Last error was: -0x%04x - %s\n", ( unsigned int ) -ret, -+ error_buf ); - } - #endif - -@@ -482,7 +483,8 @@ int main( void ) - if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd, - NULL, 0, NULL ) ) != 0 ) - { -- mbedtls_printf( " [ main ] failed: mbedtls_net_accept returned -0x%04x\n", ret ); -+ mbedtls_printf( " [ main ] failed: mbedtls_net_accept returned -0x%04x\n", -+ ( unsigned int ) ret ); - goto exit; - } - - -From 2065a8d8af27c6cb1e40c9462b5933336dca7434 Mon Sep 17 00:00:00 2001 -From: Paul Elliott -Date: Wed, 17 Mar 2021 13:12:22 +0000 -Subject: [PATCH 2/2] Reduce level of -Wformat-truncation - -Reduce level of format truncation warnings due to issues with false -positives (an unknown size buffer is always treated as size 1) - -Signed-off-by: Paul Elliott ---- - CMakeLists.txt | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 2ab2e01ebf0..14ca7b69625 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -198,7 +198,7 @@ if(CMAKE_COMPILER_IS_GNU) - endif() - endif() - if (GCC_VERSION VERSION_GREATER 7.0 OR GCC_VERSION VERSION_EQUAL 7.0) -- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-overflow=2 -Wformat-truncation=2") -+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-overflow=2 -Wformat-truncation") - endif() - set(CMAKE_C_FLAGS_RELEASE "-O2") - set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") diff --git a/mbedtls.changes b/mbedtls.changes index c6bce91..4d2d0cf 100644 --- a/mbedtls.changes +++ b/mbedtls.changes @@ -1,3 +1,188 @@ +------------------------------------------------------------------- +Tue Jul 20 07:33:28 UTC 2021 - Pedro Monreal + +- Update to 2.27.0: + API changes: + * Update AEAD output size macros to bring them in line with the PSA Crypto + API version 1.0 spec. This version of the spec parameterizes them on the + key type used, as well as the key bit-size in the case of + PSA_AEAD_TAG_LENGTH. + The old versions of these macros were renamed and deprecated as follows: + - PSA_AEAD_TAG_LENGTH -> PSA_AEAD_TAG_LENGTH_1_ARG + - PSA_AEAD_ENCRYPT_OUTPUT_SIZE -> PSA_AEAD_ENCRYPT_OUTPUT_SIZE_2_ARG + - PSA_AEAD_DECRYPT_OUTPUT_SIZE -> PSA_AEAD_DECRYPT_OUTPUT_SIZE_2_ARG + - PSA_AEAD_UPDATE_OUTPUT_SIZE -> PSA_AEAD_UPDATE_OUTPUT_SIZE_2_ARG + - PSA_AEAD_FINISH_OUTPUT_SIZE -> PSA_AEAD_FINISH_OUTPUT_SIZE_1_ARG + - PSA_AEAD_VERIFY_OUTPUT_SIZE -> PSA_AEAD_VERIFY_OUTPUT_SIZE_1_ARG + * Implement one-shot cipher functions, psa_cipher_encrypt and + psa_cipher_decrypt, according to the PSA Crypto API 1.0.0 + specification. + Features: + * Add mbedtls_rsa_rsassa_pss_sign_ext() function allowing to generate a + signature with a specific salt length. This function allows to validate + test cases provided in the NIST's CAVP test suite. + * Added support for built-in driver keys through the PSA opaque crypto + driver interface. Refer to the documentation of + MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS for more information. + * Implement psa_sign_message() and psa_verify_message(). + * The new function mbedtls_mpi_random() generates a random value in a + given range uniformly. + * Implement psa_mac_compute() and psa_mac_verify() as defined in the + PSA Cryptograpy API 1.0.0 specification. + * MBEDTLS_ECP_MAX_BITS is now determined automatically from the configured + curves and no longer needs to be configured explicitly to save RAM. + Security + * Fix a bias in the generation of finite-field Diffie-Hellman-Merkle (DHM) + private keys and of blinding values for DHM and elliptic curves (ECP) + computations. + * Fix a potential side channel vulnerability in ECDSA ephemeral key generation. + An adversary who is capable of very precise timing measurements could + learn partial information about the leading bits of the nonce used for the + signature, allowing the recovery of the private key after observing a + large number of signature operations. This completes a partial fix in + Mbed TLS 2.20.0. + * It was possible to configure MBEDTLS_ECP_MAX_BITS to a value that is + too small, leading to buffer overflows in ECC operations. Fail the build + in such a case. + * An adversary with access to precise enough information about memory + accesses (typically, an untrusted operating system attacking a secure + enclave) could recover an RSA private key after observing the victim + performing a single private-key operation. + * An adversary with access to precise enough timing information (typically, a + co-located process) could recover a Curve25519 or Curve448 static ECDH key + after inputting a chosen public key and observing the victim performing the + corresponding private-key operation. + Bugfix + * Add printf function attributes to mbedtls_debug_print_msg to ensure we + get printf format specifier warnings. + * Fix premature fopen() call in mbedtls_entropy_write_seed_file which may + lead to seed file corruption in the case where the path to the seed file is + equal to MBEDTLS_PLATFORM_STD_NV_SEED_FILE. + * PSA functions other than psa_open_key now return PSA_ERROR_INVALID_HANDLE + rather than PSA_ERROR_DOES_NOT_EXIST for an invalid handle, bringing them + in line with version 1.0.0 of the specification. + * PSA functions creating a key now return PSA_ERROR_INVALID_ARGUMENT rather + than PSA_ERROR_INVALID_HANDLE when the identifier specified for the key + to create is not valid, bringing them in line with version 1.0.0 of the + specification. + * Fix some cases in the bignum module where the library constructed an + unintended representation of the value 0 which was not processed + correctly by some bignum operations. This could happen when + mbedtls_mpi_read_string() was called on "-0", or when + mbedtls_mpi_mul_mpi() and mbedtls_mpi_mul_int() was called with one of + the arguments being negative and the other being 0. + * Fix a bug in ECDSA that would cause it to fail when the hash is all-bits + zero. + * Fix a compilation error when MBEDTLS_ECP_RANDOMIZE_MXZ_ALT is + defined. + * Fix an incorrect error code when parsing a PKCS#8 private key. + * In a TLS client, enforce the Diffie-Hellman minimum parameter size + set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the + minimum size was rounded down to the nearest multiple of 8. + * In library/net_sockets.c, _POSIX_C_SOURCE and _XOPEN_SOURCE are + defined to specific values. If the code is used in a context + where these are already defined, this can result in a compilation + error. Instead, assume that if they are defined, the values will + be adequate to build Mbed TLS. + * The cipher suite TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 was not available + when SHA-1 was disabled and was offered when SHA-1 was enabled but SHA-384 + was disabled. Fix the dependency. + * Do not offer SHA384 cipher suites when SHA-384 is disabled. + * With MBEDTLS_PSA_CRYPTO_C disabled, some functions were getting built + nonetheless, resulting in undefined reference errors when building a + shared library. + * Fix test suite code on platforms where int32_t is not int, such as + Arm Cortex-M. + * Fix some issues affecting MBEDTLS_ARIA_ALT implementations: a misplaced + directive in a header and a missing initialization in the self-test. + * Fix a missing initialization in the Camellia self-test, affecting + MBEDTLS_CAMELLIA_ALT implementations. + * Restore the ability to configure PSA via Mbed TLS options to support RSA + key pair operations but exclude RSA key generation. When MBEDTLS_GENPRIME + is not defined PSA will no longer attempt to use mbedtls_rsa_gen_key(). + * Fix a regression introduced in 2.24.0 which broke (D)TLS CBC ciphersuites + (when the encrypt-then-MAC extension is not in use) with some ALT + implementations of the underlying hash (SHA-1, SHA-256, SHA-384), causing + the affected side to wrongly reject valid messages. + * Remove outdated check-config.h check that prevented implementing the + timing module on Mbed OS. + * Fix PSA_ALG_TLS12_PRF and PSA_ALG_TLS12_PSK_TO_MS being too permissive + about missing inputs. + * Fix a resource leak in a test suite with an alternative AES + implementation. + * Fix a crash in mbedtls_mpi_debug_mpi on a bignum having 0 limbs. This + could notably be triggered by setting the TLS debug level to 3 or above + and using a Montgomery curve for the key exchange. + * psa_verify_hash() was relying on implementation-specific behavior of + mbedtls_rsa_rsassa_pss_verify() and was causing failures in some _ALT + implementations. This reliance is now removed. + * Disallow inputs of length different from the corresponding hash when + signing or verifying with PSA_ALG_RSA_PSS (The PSA Crypto API mandates + that PSA_ALG_RSA_PSS uses the same hash throughout the algorithm.) + * Fix a null pointer dereference when mbedtls_mpi_exp_mod() was called with + A=0 represented with 0 limbs. Up to and including Mbed TLS 2.26, this bug + could not be triggered by code that constructed A with one of the + mbedtls_mpi_read_xxx functions (including in particular TLS code) since + those always built an mpi object with at least one limb. + * Fix mbedtls_mpi_gcd(G,A,B) when the value of B is zero. This had no + effect on Mbed TLS's internal use of mbedtls_mpi_gcd(), but may affect + applications that call mbedtls_mpi_gcd() directly. + * The PSA API no longer allows the creation or destruction of keys with a + read-only lifetime. The persistence level PSA_KEY_PERSISTENCE_READ_ONLY + can now only be used as intended, for keys that cannot be modified through + normal use of the API. + * When MBEDTLS_PSA_CRYPTO_SPM is enabled, crypto_spe.h was not included + in all the right places. Include it from crypto_platform.h, which is + the natural place. + * mbedtls_pk_sign() and mbedtls_pk_verify() and their extended and + restartable variants now always honor the specified hash length if + nonzero. Before, for RSA, hash_len was ignored in favor of the length of + the specified hash algorithm. + * Fix which alert is sent in some cases to conform to the + applicable RFC: on an invalid Finished message value, an + invalid max_fragment_length extension, or an + unsupported extension used by the server. + * Correct (change from 12 to 13 bytes) the value of the macro describing the + maximum nonce length returned by psa_aead_generate_nonce(). + Changes + * Add extra printf compiler warning flags to builds. + * Fix memsan build false positive in x509_crt.c with Clang 11 + * Fix the setting of the read timeout in the DTLS sample programs. + * Remove the AES sample application programs/aes/aescrypt2 which shows + bad cryptographic practice. + * Alternative implementations of CMAC may now opt to not support 3DES as a + CMAC block cipher, and still pass the CMAC self test. + * Remove configs/config-psa-crypto.h, which was identical to the default + configuration except for having some extra cryptographic mechanisms + enabled and for unintended differences. This configuration was primarily + intended to demonstrate the PSA API, and lost most of its usefulness when + MBEDTLS_PSA_CRYPTO_C became enabled by default. + * When building the test suites with GNU make, invoke python3 or python, not + python2, which is no longer supported upstream. + * When using session cache based session resumption on the server, + double-check that custom session cache implementations return + sessions which are consistent with the negotiated ciphersuite + and compression method. + * Fix build failure on MinGW toolchain when __USE_MING_ANSI_STDIO is on. + When that flag is on, standard GNU C printf format specifiers + should be used. + * Reduce the default value of MBEDTLS_ECP_WINDOW_SIZE. This reduces RAM usage + during ECC operations at a negligible performance cost. + * mbedtls_mpi_read_binary(), mbedtls_mpi_read_binary_le() and + mbedtls_mpi_read_string() now construct an mbedtls_mpi object with 0 limbs + when their input has length 0. Note that this is an implementation detail + and can change at any time, so this change should be transparent, but it + may result in mbedtls_mpi_write_binary() or mbedtls_mpi_write_string() + now writing an empty string where it previously wrote one or more + zero digits when operating from values constructed with an mpi_read + function and some mpi operations. + * Implicitly add PSA_KEY_USAGE_SIGN_MESSAGE key usage policy flag when + PSA_KEY_USAGE_SIGN_HASH flag is set and PSA_KEY_USAGE_VERIFY_MESSAGE flag + when PSA_KEY_USAGE_VERIFY_HASH flag is set. This usage flag extension + is also applied when loading a key from storage. + * Remove mbedtls-4237.patch upstream + * Library soname bump to libmbedcrypto7 + ------------------------------------------------------------------- Thu Apr 15 16:00:07 UTC 2021 - Martin Pluskal diff --git a/mbedtls.spec b/mbedtls.spec index 942cc48..5c9333c 100644 --- a/mbedtls.spec +++ b/mbedtls.spec @@ -17,10 +17,10 @@ %define lib_tls libmbedtls13 -%define lib_crypto libmbedcrypto6 +%define lib_crypto libmbedcrypto7 %define lib_x509 libmbedx509-1 Name: mbedtls -Version: 2.26.0 +Version: 2.27.0 Release: 0 Summary: Libraries for crypto and SSL/TLS protocols License: Apache-2.0 @@ -28,8 +28,6 @@ Group: Development/Libraries/C and C++ URL: https://tls.mbed.org Source: https://github.com/ARMmbed/mbedtls/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source99: baselibs.conf -# PATCH-FIX-UPSTREAM - https://github.com/ARMmbed/mbedtls/issues/4233 -Patch1: mbedtls-4237.patch BuildRequires: cmake BuildRequires: ninja BuildRequires: pkgconfig