The Libassuan package contains an IPC library used by some of the
other GnuPG related packages. Libassuan's primary use is to allow
a client to interact with a non-persistent server. Libassuan is
not, however, limited to use with GnuPG servers and clients. It
was designed to be flexible enough to meet the demands of many
transaction based environments with non-persistent servers.
Packaged by adanbsd as pkgsrc/wip/libassuan22.
Revision 0.0.6
--------------
- Typo fix to id_kp_serverAuth object value
- A test case for indefinite length encoding eliminated as it's
forbidden in DER.
Revision 0.1.8
--------------
- ObjectIdentifier codec fixed to work properly with arc 0 and arc 2 values.
- Explicit limit on ObjectIdentifier arc value size removed.
- Unicode initializer support added to OctetString type and derivatives.
- New prettyPrintType() abstract method implemented to base pyasn1 types
to facilitate encoding errors analisys.
- The __str__() method implemented to Tag, TagSet and TagMap classes to
ease encoding errors troubleshooting.
easing encoding errors
- Fix to SEQUENCE and SET types to give them their private componentTypes
collection (which is a NamedTypes object) so that they won't collide in
a MT execution environment.
- Missing T61String,ISO646String character types and ObjectDescriptor useful
type added.
- Distribute is gone, switched to setuptools completely.
- Missing NamedValues.__repr__() added.
- The base.NoValue() class, that indicates uninitialized ASN.1 object,
made public.
- The base.NoValue() class instances now support __repr__() what makes
possible to perform repr() on uninitialized pyasn1 types objects.
- When comparing ASN.1 types, by-tag and/or by-constraints matching
can now be performed with the isSuperTypeOf()/isSameTypeWith() optional
flags.
- Constructed types now verify their consistency by invoking
isSameTypeWith(matchTags=True, matchConstraints=False) and
isSuperTypeOf(matchTags=False, matchConstraints=True) for each of their
components rather than isSuperTypeOf() as it used to be. Constriants check
could be enforced to isSameTypeWith() with the strictConstraints=True
constructed classes attribute.
- Constructed types can now be initialized with new .setComponents() method
which accepts both var-args and keyword-args. Default repr() modified to
reflect this change.
- NamedTypes() and NamedValues() made comparable.
- Test coverage extended to cover pyasn1 types __repr__() function.
- The abs(Integer()) & abs(Real()) operation now returns respective pyasn1
type, not a Python type.
- More Python magic methods implementations added to Integer & Real classes
(e.g. __pos__, __neg__, __round__, __floor__, __ceil__, __trunc__)
- The Integer.__invert__ Python magic method implemented.
- The OctetString.__int__() and .__float__() magic methods implemented.
- Handle the case of null writer at Debug printer.
- BitString encoder/decoder performance improved.
- Built-in debugging is now based on Python logging module.
- Fix to NamedType.__repr__() to work properly.
- Fixes to __repr__() implementation of many built-in ASN.1 types to take into
account all of their initializers such as tagSet, subtypeSpec etc.
- String typed float initializer to REAL type now supported.
- Float typed mantissa initializer to REAL type for base 2 added.
- Encoding bases 8 and 16 support for REAL type binary encoder added.
- More strict CER/DER encoders added for GeneralizedTime and UTCTime types.
- Asn1Item.hasValue() added to easily distinguish initalized ASN.1 objects
from uninitialized ones (e.g. pure types).
- Fix to REAL type binary decoder to handle different bases and scale factor.
- Fix to TagSet.repr() to include [obsolete] baseTag information.
- Fix to broken REAL type decoding handling.
- Fix to BitString and OctetString decoders dealing with constructed
encoding -- it used to be possible to embed other types in substrate.
- Fix to end-of-octest sentinel handling:
* require strict two-zeros sentinel encoding
* recognize EOO sentinel only when explicitly requested by caller
of the decoder via allowEoo=True parameter (warning: API change)
- DER codec hardened not to tolerate indefinite length encoding/decoding.
1.70 2015-06-26
Patch from Alexander Bluhm: The new OpenSSL 1.0.2 X509_check_* functions are not available in
current LibreSSL. So disable them in SSLeay.xs.
Fixed a problem with building against OSX homebrew's openssl. Patch from
Shoichi Kaji.
Removed a test in t/local/33_x509_create_cert.t which fails due to
changes in 1.0.1n and later
--------------------------------
pkgsrc changes:
- Adjust EGG_NAME
Upstream changes:
* Release 0.13 (07 Feb 2015)
Fix the argument order for Curve constructor (put openssl_name= at the end,
with a default value) to unbreak compatibility with external callers who used
the 0.11 convention.
* Release 0.12 (06 Feb 2015)
Switch to Versioneer for version-string management (fixing the broken
`ecdsa.__version__` attribute). Add Curve.openssl_name property. Mention
secp256k1 in README, test against OpenSSL. Produce "wheel" distributions. Add
py3.4 and pypy3 compatibility testing. Other minor fixes.
forensics and security. Based on the dd program found in the GNU
Coreutils package, dcfldd has the following additional features:
* Hashing on-the-fly - dcfldd can hash the input data as it is being
transferred, helping to ensure data integrity.
* Status output - dcfldd can update the user of its progress in terms
of the amount of data transferred and how much longer operation will take.
* Flexible disk wipes - dcfldd can be used to wipe disks quickly and
with a known pattern if desired.
* Image/wipe Verify - dcfldd can verify that a target drive is a
bit-for-bit match of the specified input file or pattern.
* Multiple outputs - dcfldd can output to multiple files or disks at
the same time.
* Split output - dcfldd can split output to multiple files with more
configurability than the split command.
* Piped output and logs - dcfldd can send all its log data and output
to commands as well as files natively.
- Fix HMAC ABI incompatibility. The previous version introduced an ABI
incompatibility in the handling of HMAC. The previous ABI has now been
restored.
- Malformed ECParameters causes infinite loop
When processing an ECParameters structure OpenSSL enters an infinite loop
if the curve specified is over a specially malformed binary polynomial
field.
This can be used to perform denial of service against any
system which processes public keys, certificate requests or
certificates. This includes TLS clients and TLS servers with
client authentication enabled.
This issue was reported to OpenSSL by Joseph Barr-Pixton.
(CVE-2015-1788)
[Andy Polyakov]
- Exploitable out-of-bounds read in X509_cmp_time
X509_cmp_time does not properly check the length of the ASN1_TIME
string and can read a few bytes out of bounds. In addition,
X509_cmp_time accepts an arbitrary number of fractional seconds in the
time string.
An attacker can use this to craft malformed certificates and CRLs of
various sizes and potentially cause a segmentation fault, resulting in
a DoS on applications that verify certificates or CRLs. TLS clients
that verify CRLs are affected. TLS clients and servers with client
authentication enabled may be affected if they use custom verification
callbacks.
This issue was reported to OpenSSL by Robert Swiecki (Google), and
independently by Hanno Böck.
(CVE-2015-1789)
[Emilia Käsper]
- PKCS7 crash with missing EnvelopedContent
The PKCS#7 parsing code does not handle missing inner EncryptedContent
correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs
with missing content and trigger a NULL pointer dereference on parsing.
Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
structures from untrusted sources are affected. OpenSSL clients and
servers are not affected.
This issue was reported to OpenSSL by Michal Zalewski (Google).
(CVE-2015-1790)
[Emilia Käsper]
- CMS verify infinite loop with unknown hash function
When verifying a signedData message the CMS code can enter an infinite loop
if presented with an unknown hash function OID. This can be used to perform
denial of service against any system which verifies signedData messages using
the CMS code.
This issue was reported to OpenSSL by Johannes Bauer.
(CVE-2015-1792)
[Stephen Henson]
- Race condition handling NewSessionTicket
If a NewSessionTicket is received by a multi-threaded client when
attempting to reuse a previous ticket then a race condition can occur
potentially leading to a double free of the ticket data.
(CVE-2015-1791)
[Matt Caswell]
- Removed support for the two export grade static DH ciphersuites
EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites
were newly added (along with a number of other static DH ciphersuites) to
1.0.2. However the two export ones have *never* worked since they were
introduced. It seems strange in any case to be adding new export
ciphersuites, and given "logjam" it also does not seem correct to fix them.
[Matt Caswell]
- Only support 256-bit or stronger elliptic curves with the
'ecdh_auto' setting (server) or by default (client). Of supported
curves, prefer P-256 (both).
[Emilia Kasper]
- Reject DH handshakes with parameters shorter than 768 bits.
[Kurt Roeckx and Emilia Kasper]
This is former security/polarssl rebranded under a new name, keeping the same
API though and providing the previous libs as symlinks, so should be used as
as drop-in replacement for security/polarssl.
Changelog since polarssl-1.3.9 follows.
= mbed TLS 1.3.11 released 2015-06-04
Security
* With authmode set to SSL_VERIFY_OPTIONAL, verification of keyUsage and
extendedKeyUsage on the leaf certificate was lost (results not accessible
via ssl_get_verify_results()).
* Add countermeasure against "Lucky 13 strikes back" cache-based attack,
https://dl.acm.org/citation.cfm?id=2714625
Features
* Improve ECC performance by using more efficient doubling formulas
(contributed by Peter Dettman).
* Add x509_crt_verify_info() to display certificate verification results.
* Add support for reading DH parameters with privateValueLength included
(contributed by Daniel Kahn Gillmor).
* Add support for bit strings in X.509 names (request by Fredrik Axelsson).
* Add support for id-at-uniqueIdentifier in X.509 names.
* Add support for overriding snprintf() (except on Windows) and exit() in
the platform layer.
* Add an option to use macros instead of function pointers in the platform
layer (helps get rid of unwanted references).
* Improved Makefiles for Windows targets by fixing library targets and making
cross-compilation easier (thanks to Alon Bar-Lev).
* The benchmark program also prints heap usage for public-key primitives
if POLARSSL_MEMORY_BUFFER_ALLOC_C and POLARSSL_MEMORY_DEBUG are defined.
* New script ecc-heap.sh helps measuring the impact of ECC parameters on
speed and RAM (heap only for now) usage.
* New script memory.sh helps measuring the ROM and RAM requirements of two
reduced configurations (PSK-CCM and NSA suite B).
* Add config flag POLARSSL_DEPRECATED_WARNING (off by default) to produce
warnings on use of deprecated functions (with GCC and Clang only).
* Add config flag POLARSSL_DEPRECATED_REMOVED (off by default) to produce
errors on use of deprecated functions.
Bugfix
* Fix compile errors with PLATFORM_NO_STD_FUNCTIONS.
* Fix compile error with PLATFORM_EXIT_ALT (thanks to Rafał Przywara).
* Fix bug in entropy.c when THREADING_C is also enabled that caused
entropy_free() to crash (thanks to Rafał Przywara).
* Fix memory leak when gcm_setkey() and ccm_setkey() are used more than
once on the same context.
* Fix bug in ssl_mail_client when password is longer that username (found
by Bruno Pape).
* Fix undefined behaviour (memcmp( NULL, NULL, 0 );) in X.509 modules
(detected by Clang's 3.6 UBSan).
* mpi_size() and mpi_msb() would segfault when called on an mpi that is
initialized but not set (found by pravic).
* Fix detection of support for getrandom() on Linux (reported by syzzer) by
doing it at runtime (using uname) rather that compile time.
* Fix handling of symlinks by "make install" (found by Gaël PORTAY).
* Fix potential NULL pointer dereference (not trigerrable remotely) when
ssl_write() is called before the handshake is finished (introduced in
1.3.10) (first reported by Martin Blumenstingl).
* Fix bug in pk_parse_key() that caused some valid private EC keys to be
rejected.
* Fix bug in Via Padlock support (found by Nikos Mavrogiannopoulos).
* Fix thread safety bug in RSA operations (found by Fredrik Axelsson).
* Fix hardclock() (only used in the benchmarking program) with some
versions of mingw64 (found by kxjhlele).
* Fix warnings from mingw64 in timing.c (found by kxjklele).
* Fix potential unintended sign extension in asn1_get_len() on 64-bit
platforms.
* Fix potential memory leak in ssl_set_psk() (found by Mansour Moufid).
* Fix compile error when POLARSSL_SSL_DISABLE_RENEGOTATION and
POLARSSL_SSL_SSESSION_TICKETS where both enabled in config.h (introduced
in 1.3.10).
* Add missing extern "C" guard in aesni.h (reported by amir zamani).
* Add missing dependency on SHA-256 in some x509 programs (reported by
Gergely Budai).
* Fix bug related to ssl_set_curves(): the client didn't check that the
curve picked by the server was actually allowed.
Changes
* Remove bias in mpi_gen_prime (contributed by Pascal Junod).
* Remove potential sources of timing variations (some contributed by Pascal
Junod).
* Options POLARSSL_HAVE_INT8 and POLARSSL_HAVE_INT16 are deprecated.
* Enabling POLARSSL_NET_C without POLARSSL_HAVE_IPV6 is deprecated.
* compat-1.2.h and openssl.h are deprecated.
* Adjusting/overriding CFLAGS and LDFLAGS with the make build system is now
more flexible (warning: OFLAGS is not used any more) (see the README)
(contributed by Alon Bar-Lev).
* ssl_set_own_cert() no longer calls pk_check_pair() since the
performance impact was bad for some users (this was introduced in 1.3.10).
* Move from SHA-1 to SHA-256 in example programs using signatures
(suggested by Thorsten Mühlfelder).
* Remove some unneeded inclusions of header files from the standard library
"minimize" others (eg use stddef.h if only size_t is needed).
* Change #include lines in test files to use double quotes instead of angle
brackets for uniformity with the rest of the code.
* Remove dependency on sscanf() in X.509 parsing modules.
= mbed TLS 1.3.10 released 2015-02-09
Security
* NULL pointer dereference in the buffer-based allocator when the buffer is
full and polarssl_free() is called (found by Mark Hasemeyer)
(only possible if POLARSSL_MEMORY_BUFFER_ALLOC_C is enabled, which it is
not by default).
* Fix remotely-triggerable uninitialised pointer dereference caused by
crafted X.509 certificate (TLS server is not affected if it doesn't ask for a
client certificate) (found using Codenomicon Defensics).
* Fix remotely-triggerable memory leak caused by crafted X.509 certificates
(TLS server is not affected if it doesn't ask for a client certificate)
(found using Codenomicon Defensics).
* Fix potential stack overflow while parsing crafted X.509 certificates
(TLS server is not affected if it doesn't ask for a client certificate)
(found using Codenomicon Defensics).
* Fix timing difference that could theoretically lead to a
Bleichenbacher-style attack in the RSA and RSA-PSK key exchanges
(reported by Sebastian Schinzel).
Features
* Add support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv).
* Add support for Extended Master Secret (draft-ietf-tls-session-hash).
* Add support for Encrypt-then-MAC (RFC 7366).
* Add function pk_check_pair() to test if public and private keys match.
* Add x509_crl_parse_der().
* Add compile-time option POLARSSL_X509_MAX_INTERMEDIATE_CA to limit the
length of an X.509 verification chain.
* Support for renegotiation can now be disabled at compile-time
* Support for 1/n-1 record splitting, a countermeasure against BEAST.
* Certificate selection based on signature hash, preferring SHA-1 over SHA-2
for pre-1.2 clients when multiple certificates are available.
* Add support for getrandom() syscall on recent Linux kernels with Glibc or
a compatible enough libc (eg uClibc).
* Add ssl_set_arc4_support() to make it easier to disable RC4 at runtime
while using the default ciphersuite list.
* Added new error codes and debug messages about selection of
ciphersuite/certificate.
Bugfix
* Stack buffer overflow if ctr_drbg_update() is called with too large
add_len (found by Jean-Philippe Aumasson) (not triggerable remotely).
* Possible buffer overflow of length at most POLARSSL_MEMORY_ALIGN_MULTIPLE
if memory_buffer_alloc_init() was called with buf not aligned and len not
a multiple of POLARSSL_MEMORY_ALIGN_MULTIPLE (not triggerable remotely).
* User set CFLAGS were ignored by Cmake with gcc (introduced in 1.3.9, found
by Julian Ospald).
* Fix potential undefined behaviour in Camellia.
* Fix potential failure in ECDSA signatures when POLARSSL_ECP_MAX_BITS is a
multiple of 8 (found by Gergely Budai).
* Fix unchecked return code in x509_crt_parse_path() on Windows (found by
Peter Vaskovic).
* Fix assembly selection for MIPS64 (thanks to James Cowgill).
* ssl_get_verify_result() now works even if the handshake was aborted due
to a failed verification (found by Fredrik Axelsson).
* Skip writing and parsing signature_algorithm extension if none of the
key exchanges enabled needs certificates. This fixes a possible interop
issue with some servers when a zero-length extension was sent. (Reported
by Peter Dettman.)
* On a 0-length input, base64_encode() did not correctly set output length
(found by Hendrik van den Boogaard).
Changes
* Use deterministic nonces for AEAD ciphers in TLS by default (possible to
switch back to random with POLARSSL_SSL_AEAD_RANDOM_IV in config.h).
* Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined.
* ssl_set_own_cert() now returns an error on key-certificate mismatch.
* Forbid repeated extensions in X.509 certificates.
* debug_print_buf() now prints a text view in addition to hexadecimal.
* A specific error is now returned when there are ciphersuites in common
but none of them is usable due to external factors such as no certificate
with a suitable (extended)KeyUsage or curve or no PSK set.
* It is now possible to disable negotiation of truncated HMAC server-side
0.9.1 - 2015-06-06
~~~~~~~~~~~~~~~~~~
* **SECURITY ISSUE**: Fixed a double free in the OpenSSL backend when using DSA
to verify signatures. Note that this only affects PyPy 2.6.0 and (presently
unreleased) CFFI versions greater than 1.1.0.
Noteworthy changes in version 0.9.4 (2015-06-05)
------------------------------------------------
* Fix regression in GTK+ and curses pinentries.
Noteworthy changes in version 0.9.3 (2015-06-01)
------------------------------------------------
* Improved documentation
* New pinentry-gnome3
* More improvements for pinentry-tty.
* Fixes for pinentry-curses including support for Ctrl-W, Ctrl-U,
Ctrl-H, Ctrl-L, and Alt-Backspace
* New Assuan command to request clearing an external cache.
* Fixed problems linking to ncursesw.
* All kind of other minor fixes.
1.69 2015-06-04
Testing with OpenSSL 1.0.2, 1.0.2a. OK.
Completed LibreSSL compatibility with the kind assistance of Alexander
Bluhm.
Improved compatibility with OpenSSL 1.0.2a as suggested by Petr Pisar.
Added the X509_check_* functions introduced in OpenSSL 1.0.2, contributed
by Carsten Gaebler.
Added support for X509_V_FLAG_TRUSTED_FIRST constant, patch from Gisle Aas.
Patch allows get_keyblock_size to work correctly with
OpenSSL 1.0.1 and later versions. Contributed by Heikki Vatiainen.
researchers to identify and classify malware samples. With YARA
you can create descriptions of malware families (or whatever you
want to describe) based on textual or binary patterns.
signify tool is heavily inspired by signify used in OpenBSD. However, the main
goal of this project is to define high level API for signing files, validating
signatures and encrypting using public keys cryptography. Asignify is
designed to be portable and self-contained with zero external dependencies.
It uses blake2b as the hash function and ed25519 implementation from tweetnacl.
