Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update mbedtls from 3.5.0 to 3.6.1 #96

Merged
merged 2 commits into from
Aug 31, 2024
Merged

Update mbedtls from 3.5.0 to 3.6.1 #96

merged 2 commits into from
Aug 31, 2024

Conversation

DL6ER
Copy link
Member

@DL6ER DL6ER commented Aug 30, 2024

What does this implement/fix?

See title.

The respective CHANGELOGs can be found on their pages, I'm only quoting security-related changes here:

  • https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.5.1 (Nov 8, 2023)
    No real change happened in this point release

  • https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.5.2 (Jan 26, 2024)

    • Fix a timing side channel in private key RSA operations. This side channel
      could be sufficient for an attacker to recover the plaintext. A local
      attacker or a remote attacker who is close to the victim on the network
      might have precise enough timing measurements to exploit this. It requires
      the attacker to send a large number of messages for decryption. For
      details, see "Everlasting ROBOT: the Marvin Attack", Hubert Kario. Reported
      by Hubert Kario, Red Hat.
    • Fix a failure to validate input when writing x509 extensions lengths which
      could result in an integer overflow, causing a zero-length buffer to be
      allocated to hold the extension. The extension would then be copied into
      the buffer, causing a heap buffer overflow.

  • https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0 (Mar 28, 2024)

    • This release of Mbed TLS provides new features, bug fixes and minor enhancements. This release includes fixes for security issues. This release brings in improved multithreaded operations, record-size-limit, and early-data support and other TLS1.3 improvements. TLS1.3 support is now enabled by default.
    • Fix a stack buffer overread (less than 256 bytes) when parsing a TLS 1.3
      ClientHello in a TLS 1.3 server supporting some PSK key exchange mode. A
      malicious client could cause information disclosure or a denial of service.
      Passing buffers that are stored in untrusted memory as arguments
      to PSA functions is now secure by default.
    • The PSA core now protects against modification of inputs or exposure
      of intermediate outputs during operations. This is currently implemented
      by copying buffers.
      This feature increases code size and memory usage. If buffers passed to
      PSA functions are owned exclusively by the PSA core for the duration of
      the function call (i.e. no buffer parameters are in shared memory),
      copying may be disabled by setting MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS.
      Note that setting this option will cause input-output buffer overlap to
      be only partially supported (PSA crypto API: some cases of overlapping parameters are not supported Mbed-TLS/mbedtls#3266).
      Fixes GHSA-6h48-8w2f-5w94.
    • Restore the maximum TLS version to be negotiated to the configured one
      when an SSL context is reset with the mbedtls_ssl_session_reset() API.
      An attacker was able to prevent an Mbed TLS server from establishing any
      TLS 1.3 connection potentially resulting in a Denial of Service or forced
      version downgrade from TLS 1.3 to TLS 1.2. Fixes programs/ssl/ssl_server2 bug Mbed-TLS/mbedtls#8654 reported by hey3e.
      Fixes GHSA-9w5c-29mx-552c.
    • When negotiating TLS version on server side, do not fall back to the
      TLS 1.2 implementation of the protocol if it is disabled.
      • If the TLS 1.2 implementation was disabled at build time, a TLS 1.2
        client could put the TLS 1.3-only server in an infinite loop processing
        a TLS 1.2 ClientHello, resulting in a denial of service. Reported by
        Matthias Mucha and Thomas Blattmann, SICK AG.
      • If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client
        was able to successfully establish a TLS 1.2 connection with the server.
        Reported by alluettiv on GitHub.
        Fixes GHSA-39fv-p94v-rg6c.

  • https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.1 (today)

    • Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does
      not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when
      MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.
      CVE-2024-45157
    • Fix a stack buffer overflow in mbedtls_ecdsa_der_to_raw() and
      mbedtls_ecdsa_raw_to_der() when the bits parameter is larger than the
      largest supported curve. In some configurations with PSA disabled,
      all values of bits are affected. This never happens in internal library
      calls, but can affect applications that call these functions directly.
      CVE-2024-45158
    • With TLS 1.3, when a server enables optional authentication of the
      client, if the client-provided certificate does not have appropriate values
      in keyUsage or extKeyUsage extensions, then the return value of
      mbedtls_ssl_get_verify_result() would incorrectly have the
      MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_EXT_KEY_USAGE bits
      clear. As a result, an attacker that had a certificate valid for uses other
      than TLS client authentication could be able to use it for TLS client
      authentication anyway. Only TLS 1.3 servers were affected, and only with
      optional authentication (required would abort the handshake with a fatal
      alert).
      CVE-2024-45159

This PR furthermore ends the special magic that ensures riscv64 is built using alpine:edge while the others are all built on alpine:latest as riscv64 is officially supported since Alpine Linux release v3.20.

Related issue or feature (if applicable): N/A

Pull request in docs with documentation (if applicable): N/A

By submitting this pull request, I confirm the following:

  1. I have read and understood the contributors guide, as well as this entire template. I understand which branch to base my commits and Pull Requests against.
  2. I have commented my proposed changes within the code.
  3. I am willing to help maintain this change if there are issues with it later.
  4. It is compatible with the EUPL 1.2 license
  5. I have squashed any insignificant commits. (git rebase)

Checklist:

  • The code change is tested and works locally.
  • I based my code and PRs against the repositories developmental branch.
  • I signed off all commits. Pi-hole enforces the DCO for all contributions
  • I signed all my commits. Pi-hole requires signatures to verify authorship
  • I have read the above and my PR is ready for review.

rdwebdesign
rdwebdesign approved these changes Aug 30, 2024
View reviewed changes
Copy link
Member

@rdwebdesign rdwebdesign left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All tests are finally passing.

@DL6ER DL6ER merged commit 2e6b447 into master Aug 31, 2024
14 checks passed
@DL6ER DL6ER deleted the ftl-build/update_mbedtls branch August 31, 2024 01:55
@DL6ER DL6ER mentioned this pull request Aug 31, 2024
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rdwebdesign rdwebdesign rdwebdesign approved these changes

Assignees
No one assigned
Labels
ftl-build
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

programs/ssl/ssl_server2 bug
2 participants
@DL6ER @rdwebdesign