ci: Update dependency ARMmbed/mbedtls to v3.6.0 #13646
Closed
+1
−1
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
3.5.0
->3.6.0
Release Notes
ARMmbed/mbedtls (ARMmbed/mbedtls)
v3.6.0
: Mbed TLS 3.6.0 LTSCompare Source
Description
This release of Mbed TLS provides new features, bug fixes and minor enhancements. This release includes fixes for security issues.
This release brings in improved multithreaded operations, record-size-limit, and early-data support and other TLS1.3 improvements. TLS1.3 support is now enabled by default.
Long-term support
Mbed TLS 3.6 is a long-term support (LTS) branch. It will be supported with bug-fixes and security fixes until at least March 2027.
Security Advisories
For full details, please see the following link:
Release Notes
API changes
tls13_
in mbedtls_ssl_tls13_conf_early_data() andmbedtls_ssl_tls13_conf_max_early_data_size() API names. Early data
feature may not be TLS 1.3 specific in the future. Fixes #6909.
Default behavior changes
The undocumented ability to import other formats (PKCS#8, SubjectPublicKey,
PEM) accepted by the pkparse module has been removed. Applications that
need these formats can call mbedtls_pk_parse_{public,}key() followed by
mbedtls_pk_import_into_psa().
Requirement changes
New deprecations
MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_xxx. The old names may still
be used, but are deprecated.
They are deprecated and will be removed in a future version of the
library.
mbedtls_ecp_write_key_ext().
Removals
an RSA key as a domain parameter is no longer supported. Use
psa_generate_key_ext() instead.
same behavior mbedtls_pk_get_psa_attributes() and
mbedtls_pk_import_into_psa() can be used to import a PK key into PSA,
while mbedtls_pk_setup_opaque() can be used to wrap a PSA key into a opaque
PK context.
Features
when compiling for Thumb (T32) or 32-bit Arm (A32).
Resolves #8372.
parsing unsupported certificate extensions via user provided callback.
the decryption direction of block ciphers (AES, ARIA, Camellia).
This affects both the low-level modules and the high-level APIs
(the cipher and PSA interfaces). This option is incompatible with modes
that use the decryption direction (ECB in PSA, CBC, XTS, KW) and with DES.
AES when compiling for Thumb (T32) or 32-bit Arm (A32).
library without the corresponding built-in implementation. Generally
speaking that requires both the key type and algorithm to be accelerated
or they'll both be built in. However, for CCM and GCM the built-in
implementation is able to take advantage of a driver that only
accelerates the key type (that is, the block cipher primitive). See
docs/driver-only-builds.md for full details and current limitations.
disabled. This requires PSA_WANT_ALG_ECB_NO_PADDING in addition to
MBEDTLS_PSA_CRYPTO_C and PSA_WANT_KEY_TYPE_AES.
size by disabling it in more circumstances. In particular, the CCM and
GCM modules no longer depend on MBEDTLS_CIPHER_C. Also,
MBEDTLS_PSA_CRYPTO can now be enabled without MBEDTLS_CIPHER_C if all
unauthenticated (non-AEAD) ciphers are disabled, or if they're all
fully provided by drivers. See docs/driver-only-builds.md for full
details and current limitations; in particular, NIST_KW and PKCS5/PKCS12
decryption still unconditionally depend on MBEDTLS_CIPHER_C.
and configured with MBEDTLS_SSL_RECORD_SIZE_LIMIT.
Application data sent and received will be fragmented according to
Record size limits negotiated during handshake.
hardware accelerated AES is not present (around 13-23% on 64-bit Arm).
to convert between Mbed TLS and PSA curve identifiers.
gaps made by making its fields private: mbedtls_ecp_set_public_key(),
mbedtls_ecp_write_public_key(), mbedtls_ecp_keypair_calc_public(),
mbedtls_ecp_keypair_get_group_id(). Fixes #5017, #5441, #8367, #8652.
mbedtls_md_type_from_psa_alg() to convert between mbedtls_md_type_t and
psa_algorithm_t.
convert ECDSA signatures between raw and DER (ASN.1) formats.
with PKCS#5 PBES2. Keys encrypted this way can now be parsed by PK parse.
in bits, i.e. the key size for an RSA key.
pkg-config --cflags --libs (mbedtls|mbedcrypto|mbedx509)
mbedtls_ssl_session.ticket_creation_time
.mbedtls_pk_import_into_psa() provide a uniform way to create a PSA
key from a PK key.
ECDH in all ECDH configurations.
operations when hardware accelerated AES is not present. Improves
performance by around 30% on 64-bit Intel; 125% on Armv7-M.
key pair with a custom public exponent.
mbedtls_ecp_write_key(), but can be used without separately calculating
the output length.
mbedtls_ecdh_context
structure.MBEDTLS_PRIVATE(ca_istrue)
member ofmbedtls_x509_crt
structure. This requires settingthe MBEDTLS_X509_EXT_BASIC_CONSTRAINTS bit in the certificate's
ext_types field.
MBEDTLS_PSA_CRYPTO_CLIENT is enabled at build time and psa_crypto_init() is
called at runtime. This together with MBEDTLS_PSA_RANDOM_STATE can be
used as random number generator function (f_rng) and context (p_rng) in
legacy functions.
mbedtls_pk_copy_public_from_psa() provide ways to set up a PK context
with the same content as a PSA key.
session-id length, and ciphersuite-id members of
mbedtls_ssl_session
structure.Add new accessor to expose the ciphersuite-id of
mbedtls_ssl_ciphersuite_t
structure.Design ref: #8529docs/tls13-early-data.md). The support enablement is controlled at build
time by the MBEDTLS_SSL_EARLY_DATA configuration option and at runtime by
the mbedtls_ssl_conf_early_data() API (by default disabled in both cases).
for multithreaded access to the the PSA global state, including
concurrently calling psa_crypto_init() when MBEDTLS_THREADING_C and
MBEDTLS_THREADING_PTHREAD are defined. See
docs/architecture/psa-thread-safety/psa-thread-safety.md for more details.
Resolves issues #3263 and #7945.
Security
ClientHello in a TLS 1.3 server supporting some PSK key exchange mode. A
malicious client could cause information disclosure or a denial of service.
to PSA functions is now secure by default.
The PSA core now protects against modification of inputs or exposure
of intermediate outputs during operations. This is currently implemented
by copying buffers.
This feature increases code size and memory usage. If buffers passed to
PSA functions are owned exclusively by the PSA core for the duration of
the function call (i.e. no buffer parameters are in shared memory),
copying may be disabled by setting MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS.
Note that setting this option will cause input-output buffer overlap to
be only partially supported (#3266).
Fixes CVE-2024-28960.
when an SSL context is reset with the mbedtls_ssl_session_reset() API.
An attacker was able to prevent an Mbed TLS server from establishing any
TLS 1.3 connection potentially resulting in a Denial of Service or forced
version downgrade from TLS 1.3 to TLS 1.2. Fixes #8654 reported by hey3e.
Fixes CVE-2024-28755.
TLS 1.2 implementation of the protocol if it is disabled.
client could put the TLS 1.3-only server in an infinite loop processing
a TLS 1.2 ClientHello, resulting in a denial of service. Reported by
Matthias Mucha and Thomas Blattmann, SICK AG.
was able to successfully establish a TLS 1.2 connection with the server.
Reported by alluettiv on GitHub.
Fixes CVE-2024-28836.
Bugfix
a user configuration file or the compiler command line. Fixes #8165.
disabled.
in the san parameter is not separated by a colon.
in the san parameter is not separated by a colon.
__cpuid
,which mainly causes failures when building Windows target using
mingw or clang. Fixes #8334 & #8332.
instead of seconds. That avoids rounding errors when computing the age of
tickets compared to peer using a millisecond clock (observed with GnuTLS).
Fixes #6623.
is disabled at runtime. Fixes #8593.
in TLS Suite B Profile. Fixes #8221.
(psa_asymmetric_[en|de]crypt) with opaque keys.
Resolves #8461.
acceleration detection when the libc headers do not define the
corresponding constant. Reported by valord577.
TLS12_PSK_TO_MS, PBKDF2-HMAC, PBKDF2-CMAC
multiple of 8. Fixes #868.
entropy resource in gen_key example. Fixes #8809.
decrypted keys and it rejects invalid ones.
mbedtls_pk_encrypt() on non-opaque RSA keys to honor the padding mode in
the RSA context. Before, if MBEDTLS_USE_PSA_CRYPTO was enabled and the
RSA context was configured for PKCS#1 v2.1 (PSS/OAEP), the sign/verify
functions performed a PKCS#1 v1.5 signature instead and the
encrypt/decrypt functions returned an error. Fixes #8824.
allowed SSL sessions saved in one configuration to be loaded in a
different, incompatible configuration.
generating a new random after a HelloRetryRequest. Fixes #8669.
the mbedtls_ssl_context_load() API.
an opaque RSA context and specifying MBEDTLS_PK_RSASSA_PSS as key type.
primary algorithm of the wrapped PSA key.
functions. Note that overlap is still only partially supported when
MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS is set (#3266).
Changes
This reduces stack usage significantly for writing a public/private
key to a PEM string.
they are now treated separately. This means that they should be
individually enabled in order to enable respective support; also the
corresponding MBEDTLS_PSA_ACCEL symbol should be defined in case
acceleration is required.
mbedtls_ecc_group_of_psa from psa/crypto_extra.h to mbedtls/psa_util.h
PSA (MBEDTLS_PSA_CRYPTO_C) is enabled.
to select only some of the parameters / groups, with the macros
PSA_WANT_DH_RFC7919_XXXX. You now need to defined the corresponding macro
for each size you want to support. Also, if you have an FFDH accelerator,
you'll need to define the appropriate MBEDTLS_PSA_ACCEL macros to signal
support for these domain parameters.
saving code size when those are not otherwise enabled.
have changed their speed/memory compromise as part of a proactive security
improvement. The new default value of MBEDTLS_MPI_WINDOW_SIZE roughly
preserves the current speed, at the expense of increasing memory
consumption.
visualc/VS2017.
Who should update
We recommend all users should update to take advantage of the bug fixes contained in this release at an appropriate point in their development lifecycle.
Note
Checksum
The SHA256 hashes for the archives are:
3ecf94fcfdaacafb757786a01b7538a61750ebd85c4b024f56ff8ba1490fcd38 mbedtls-3.6.0.tar.bz2
v3.5.2
: Mbed TLS 3.5.2Compare Source
Description
This release of Mbed TLS provides fixes for security issues.
Security Advisories
For full details, please see the following link:
Release Notes
Security
could be sufficient for an attacker to recover the plaintext. A local
attacker or a remote attacker who is close to the victim on the network
might have precise enough timing measurements to exploit this. It requires
the attacker to send a large number of messages for decryption. For
details, see "Everlasting ROBOT: the Marvin Attack", Hubert Kario. Reported
by Hubert Kario, Red Hat.
could result in an integer overflow, causing a zero-length buffer to be
allocated to hold the extension. The extension would then be copied into
the buffer, causing a heap buffer overflow.
Who should update
We recommend all users should update to take advantage of the bug fixes contained in this release at an appropriate point in their development lifecycle.
Checksum
The SHA256 hashes for the archives are:
35890edf1a2c7a7e29eac3118d43302c3e1173e0df0ebaf5db56126dabe5bb05 v3.5.2.tar.gz
eedecc468b3f8d052ef05a9d42bf63f04c8a1c50d1c5a94c251c681365a2c723 mbedtls-3.5.2.tar.gz
55c1525e7d5de18b84a1d1e5540950b4a3bac70e02889cf309919b2877cba63b v3.5.2.zip
fea0c12622044ef0d594361e83b2c2b5e4ca56bc1b44126ccca50872c7d6d4f6 mbedtls-3.5.2.zip
The URLs below point to the archives named
vX.Y.Z...
. When checking hashes, please be aware that due to GitHub's use of the Content-Disposition header, some clients will download thevX.Y.Z...
archive and save it with the filenamembedtls-X.Y.Z...
.v3.5.1
: Mbed TLS 3.5.1Compare Source
Description
This release of Mbed TLS provides a license update, and a bugfix.
Release Notes
Changes
license. Users may choose which license they take the code under.
Bugfix
in CMake.
Who should update
We recommend all users should update at an appropriate point in their development lifecycle.
Checksum
The SHA256 hashes for the archives are:
2597419f1a4a79dd28e6f5edc5180aff7e83bd85548437e07dcf9f808ceccb76 mbedtls-3.5.1.tar.gz
959a492721ba036afc21f04d1836d874f93ac124cf47cf62c9bcd3a753e49bdb mbedtls-3.5.1.zip
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.