-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #212 from sehlen-bsi/audit/autoupdate
🤖 Audit: Auto-update with latest upstream patches
- Loading branch information
Showing
15 changed files
with
537 additions
and
16 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| title: Additions | ||
|
|
||
| description: | | ||
| One notable addition is basic support for SSLKEYLOGFILE, which allows for | ||
| debugging of TLS connections by exporting the secrets used to encrypt and | ||
| decrypt traffic. See also `draft-ietf-tls-keylogfile <https://datatracker.ietf.org/doc/draft-ietf-tls-keylogfile/02/>`_. | ||
| patches: | ||
| # Introduce Public_Key::raw_public_key_bits() (@reneme) | ||
| - pr: 3985 # https://github.com/randombit/botan/pull/3985 | ||
| merge_commit: 2d52a434a97aff21e865bd7d4487800232d85827 | ||
| classification: info | ||
|
|
||
| # add callback to export secrets for SSLKEYLOGFILE (@volok-aleksej) | ||
| - pr: 4043 # https://github.com/randombit/botan/pull/4043 | ||
| merge_commit: 9a5a367c82b8daba4a59861d23517e3a537eeb65 | ||
| classification: info | ||
|
|
||
| # FIX: some code smells found by clang-tidy (@reneme) | ||
| - pr: 4070 # https://github.com/randombit/botan/pull/4070 | ||
| merge_commit: bccd67b986374ecb573c1c933b2cfa36a602166d | ||
| classification: info | ||
|
|
||
| # Use sysctlbyname on iOS as well (@randombit) | ||
| - pr: 4018 # https://github.com/randombit/botan/pull/4018 | ||
| merge_commit: 19e9ada97714d9030941711976c2200948c5151d | ||
| classification: info | ||
|
|
||
| # Add a os_utils helper for locatime->put_time (@randombit) | ||
| - pr: 4011 # https://github.com/randombit/botan/pull/4011 | ||
| merge_commit: 660dd6ed8945238dfae97ef5391217001a10204b | ||
| classification: info | ||
| auditer: reneme | ||
|
|
||
| # Optimize XTS tweak computation (@randombit) | ||
| - pr: 4057 # https://github.com/randombit/botan/pull/4057 | ||
| merge_commit: 36bde7448b05dc555ef4bc0cb6adfbe697cb4870 | ||
| classification: info | ||
| auditer: reneme |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| title: Build System | ||
|
|
||
| description: | | ||
| This section covers changes to the build system. Most notably, Botan now requires | ||
| at least XCode 15 to build on macOS. | ||
| patches: | ||
| # Add helper for defining binary option pairs (@randombit) | ||
| - pr: 3997 # https://github.com/randombit/botan/pull/3997 | ||
| merge_commit: d9edacb2655162dd3b59a5be6a0a5a51809fe0d3 | ||
| classification: info | ||
|
|
||
| # Distinguish between LLVM Clang and XCode Clang (@randombit) | ||
| - pr: 4010 # https://github.com/randombit/botan/pull/4010 | ||
| merge_commit: 3863af7ea0b7a74506979626abc876c4bd24122f | ||
| classification: info | ||
|
|
||
| # Tweak XCode version detection, update CI to XCode 15.4 (@randombit) | ||
| - pr: 4066 # https://github.com/randombit/botan/pull/4066 | ||
| merge_commit: 8d0ab774b451e586da58111b6103e59134cc2bac | ||
| classification: info | ||
|
|
||
| # Fix enabling stack protector (@Kentzo) | ||
| - pr: 3996 # https://github.com/randombit/botan/pull/3996 | ||
| merge_commit: 846a6aedc9bdfbf1cff043f1cd32c3c261407669 | ||
| classification: info | ||
| auditer: reneme |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,100 @@ | ||
| title: Code Chores | ||
|
|
||
| description: | | ||
| This section covers changes to the code that focus on general maintenance. | ||
| None of these changes should affect the functionality of the library. However, | ||
| note that a number of obsolete features have been deprecated in this release. | ||
| patches: | ||
| # Improve notification and documentation of deprecated features (@randombit) | ||
| - pr: 4050 # https://github.com/randombit/botan/pull/4050 | ||
| merge_commit: f7e4e9320a8d31e958f9c01c82ae884dec035e39 | ||
| classification: info | ||
| comment: | | ||
| This deprecates a number of modules, namely: | ||
| * Symmetric ciphers | ||
| * GOST 28147 | ||
| * Lion | ||
| * Noekeon | ||
| * SHAKE-based stream cipher | ||
| * Hash functions | ||
| * MD4 | ||
| * Streebog | ||
| * Key derivation functions | ||
| * PRF X9.42 | ||
| * Public key cryptography | ||
| * Dilithium in AES mode | ||
| * DLIES | ||
| * GOST 34.10 | ||
| * Kyber in AES mode ("Kyber 90s") | ||
| * McEliece | ||
| # [std::span] some pubkey things (@reneme) | ||
| - pr: 3993 # https://github.com/randombit/botan/pull/3993 | ||
| merge_commit: ad0aeedc33c74c81608adcbc751ad2c58503c007 | ||
| classification: info | ||
|
|
||
| # Remove some obsolete and/or rarely used STL utilities (@randombit) | ||
| - pr: 3988 # https://github.com/randombit/botan/pull/3988 | ||
| merge_commit: fea4cb983ff2e6acab6d9915b1f852a2662578a6 | ||
| classification: info | ||
|
|
||
| # Fix inclusion of bswap.h (@randombit) | ||
| - pr: 4000 # https://github.com/randombit/botan/pull/4000 | ||
| merge_commit: 4cfd407534a109767c15a0cf705689eb44379f5a | ||
| classification: info | ||
|
|
||
| # Cleanup of rounding functionality (@randombit) | ||
| - pr: 3998 # https://github.com/randombit/botan/pull/3998 | ||
| merge_commit: 7987b8e006c52e671fb6dd0a08a10c65f2d25400 | ||
| classification: info | ||
|
|
||
| # Refactor: concat() is constexpr and can deal with std::array<> (@reneme) | ||
| - pr: 3994 # https://github.com/randombit/botan/pull/3994 | ||
| merge_commit: 06997284554155c8a051d05e68eebd28c84dfeb9 | ||
| classification: info | ||
|
|
||
| # Move checked integer arithmetic to int_utils.h (@randombit) | ||
| - pr: 3999 # https://github.com/randombit/botan/pull/3999 | ||
| merge_commit: 8d02e96ada344cb289dd060d76cc0c03240d2255 | ||
| classification: info | ||
|
|
||
| # Compute the Kuznyechik tables instead of hardcoding them (@randombit) | ||
| - pr: 4017 # https://github.com/randombit/botan/pull/4017 | ||
| merge_commit: 11b88e5899ca0a30036f35c57fa94b83d4de10cd | ||
| classification: out of scope | ||
|
|
||
| # Rename Curve25519 to X25519 (@randombit) | ||
| - pr: 4012 # https://github.com/randombit/botan/pull/4012 | ||
| merge_commit: d1ba2fd6e25e0884ca6fd12281db498386560b42 | ||
| classification: info | ||
|
|
||
| # Use copy_mem in Sphincs+ (@FAlbertDev) | ||
| - pr: 4028 # https://github.com/randombit/botan/pull/4028 | ||
| merge_commit: e50f4f61b08115c4616136ec87df718b75284721 | ||
| classification: info | ||
|
|
||
| # Teach clang-format about our DEPRECATED macros (@randombit) | ||
| - pr: 4055 # https://github.com/randombit/botan/pull/4055 | ||
| merge_commit: 6bc081fb0d652c9c8fa5ec054c61745436be2f48 | ||
| classification: info | ||
| auditer: reneme | ||
|
|
||
| # Avoid various GCC 14 false positive issues (@randombit) | ||
| - pr: 4046 # https://github.com/randombit/botan/pull/4046 | ||
| merge_commit: 9ed7adbb599679c437f9bd8d7d4acf91471f78ef | ||
| classification: info | ||
| auditer: reneme | ||
|
|
||
| # Small cleanup to the freestanding argon2 function (@randombit) | ||
| - pr: 4006 # https://github.com/randombit/botan/pull/4006 | ||
| merge_commit: c479ebbc9eefdaa722cb36761703e0c234e35d8d | ||
| classification: info |
43 changes: 43 additions & 0 deletions
43
docs/audit_report/changes/topics/continuous_integration.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| title: Continuous Integration | ||
|
|
||
| description: | | ||
| This section covers changes to the continuous integration system. | ||
| The functionality of the library should not be affected by these changes. | ||
| patches: | ||
| # Update roughtime.cloudflare.com public key and port (@lukevalenta) | ||
| - pr: 4002 # https://github.com/randombit/botan/pull/4002 | ||
| merge_commit: 3801b0af5d4414cc4bded25b8d7a09b3d4a0854e | ||
| classification: info | ||
| auditer: reneme | ||
|
|
||
| # Upgrade XCode in CI to 15.2 on MacOS 13 and 15.3 on MacOS 14 (@randombit) | ||
| - pr: 4005 # https://github.com/randombit/botan/pull/4005 | ||
| merge_commit: c428cbc070c0527fed6af196f19080b35a1470e2 | ||
| classification: info | ||
|
|
||
| # Tweak XCode version detection, update CI to XCode 15.4 (@randombit) | ||
| - pr: 4066 # https://github.com/randombit/botan/pull/4066 | ||
| merge_commit: 8d0ab774b451e586da58111b6103e59134cc2bac | ||
| classification: info | ||
|
|
||
| # FIX: dynamically pull test.openquantumsafe.org root CA (@reneme) | ||
| - pr: 4071 # https://github.com/randombit/botan/pull/4071 | ||
| merge_commit: 8af866b4a30f671e3b62fe986cf973ec23ba1edc | ||
| classification: info | ||
|
|
||
| # FIX: clang-tidy error in nightly build (@reneme) | ||
| - pr: 4075 # https://github.com/randombit/botan/pull/4075 | ||
| merge_commit: 00e234d884a31e37b291df531fc12f5f1313da2f | ||
| classification: info | ||
| comment: Also fixes a minor clang-tidy warning introduced in GH #4043. | ||
|
|
||
| # Skip the Frodo KAT tests under valgrind and arm32-qemu (@randombit) | ||
| - pr: 4081 # https://github.com/randombit/botan/pull/4081 | ||
| merge_commit: 35c8bd170f246767ce29a830b20b99cf7eb03ce6 | ||
| classification: info | ||
|
|
||
| # Chore: Update BoGo test suite (@reneme) | ||
| - pr: 4078 # https://github.com/randombit/botan/pull/4078 | ||
| merge_commit: 100a065bda4219d0cea220859681e65a2714019b | ||
| classification: info |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| title: Refactoring of CRYSTALS (Kyber and Dilithium) | ||
|
|
||
| patches: | ||
| # Refactor: Kyber internals (@reneme) | ||
| - pr: 3887 # https://github.com/randombit/botan/pull/3887 | ||
| merge_commit: b1a6d251bb361494bd6299d0601680b22a136183 | ||
| classification: relevant | ||
| comment: | | ||
| This PR refactors the internals of the Kyber implementation. | ||
| The changes are internal and neither affect the public API nor the functionality. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| title: Documentation | ||
|
|
||
| description: | | ||
| This section covers changes to the documentation and release notes. These | ||
| changes should not affect the functionality of the library. | ||
| patches: | ||
| # Update license year [ci skip] (Jack Lloyd) | ||
| - commit: 0baf3cb7ff7cad2a8daaf3f74882003c2db88115 # https://github.com/randombit/botan/commit/0baf3cb7ff7cad2a8daaf3f74882003c2db88115 | ||
| classification: info | ||
| auditer: reneme | ||
|
|
||
| # Clarify SemVer guarantees (@randombit) | ||
| - pr: 4015 # https://github.com/randombit/botan/pull/4015 | ||
| merge_commit: ce348dba379aafa4783cecec05b0560607ddaa94 | ||
| classification: info | ||
|
|
||
| # Bump version and add initial news items for 3.5.0 [ci skip] (Jack Lloyd) | ||
| - commit: 5e6f52cf3767d156dd8f323a8f74c29c6e166fb4 # https://github.com/randombit/botan/commit/5e6f52cf3767d156dd8f323a8f74c29c6e166fb4 | ||
| classification: info | ||
| auditer: reneme | ||
|
|
||
| # Minor update on roadmap and support lifetimes [ci skip] (Jack Lloyd) | ||
| - commit: 9c05fbecf4250cdfe442378e958250fa0b1922d4 # https://github.com/randombit/botan/commit/9c05fbecf4250cdfe442378e958250fa0b1922d4 | ||
| classification: info | ||
| auditer: reneme | ||
|
|
||
| # Update info about OCSP responder vulnerability [ci skip] (Jack Lloyd) | ||
| - commit: efc4d24ec614814b2666c6bf28a123fcaefff4cf # https://github.com/randombit/botan/commit/efc4d24ec614814b2666c6bf28a123fcaefff4cf | ||
| classification: info | ||
| auditer: reneme | ||
|
|
||
| # Update news with recent changes [ci skip] (Jack Lloyd) | ||
| - commit: dd24ef254b1a97da0ab6cdc4d3193f50fe992843 # https://github.com/randombit/botan/commit/dd24ef254b1a97da0ab6cdc4d3193f50fe992843 | ||
| classification: info | ||
| auditer: reneme | ||
|
|
||
| # Update note regarding minimum XCode version [ci skip] (Jack Lloyd) | ||
| - commit: a265013b9e3e52e69a14cef4808bb74dfe6c0229 # https://github.com/randombit/botan/commit/a265013b9e3e52e69a14cef4808bb74dfe6c0229 | ||
| classification: info | ||
| auditer: reneme | ||
|
|
||
| # Update news [ci skip] (Jack Lloyd) | ||
| - commit: d6b946da3160b07235fbd1a2044149daacb3b9e7 # https://github.com/randombit/botan/commit/d6b946da3160b07235fbd1a2044149daacb3b9e7 | ||
| classification: info | ||
| auditer: reneme | ||
|
|
||
| # Update todo list [ci skip] (Jack Lloyd) | ||
| - commit: 36048811197c519cc66bbb245acf3b829dfe3107 # https://github.com/randombit/botan/commit/36048811197c519cc66bbb245acf3b829dfe3107 | ||
| classification: info | ||
| auditer: reneme | ||
|
|
||
| # Officially SemVer exclude functions starting with underscore [ci skip] (Jack Lloyd) | ||
| - commit: ddfd07547244e315c762442ac771d64830927ee7 # https://github.com/randombit/botan/commit/ddfd07547244e315c762442ac771d64830927ee7 | ||
| classification: info | ||
| auditer: reneme |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,69 @@ | ||
| title: New implementation of Elliptic Curve Cryptography | ||
|
|
||
| patches: | ||
| # Add word3 type and take advantage of Clang's _BitInt extension (@randombit) | ||
| - pr: 3989 # https://github.com/randombit/botan/pull/3989 | ||
| merge_commit: 0d32f989991bbc4fd057968c52a253e1dc3566a2 | ||
| classification: relevant | ||
| comment: | | ||
| Introduces a helper for a 3-word wide accumulator that is useful for | ||
| comba multiplication and big number montgomery reduction. | ||
| # Remove all 32-bit x86 inline asm related to multiprecision math (@randombit) | ||
| - pr: 3987 # https://github.com/randombit/botan/pull/3987 | ||
| merge_commit: 1a814747a4637aadf0af45880ec98b80792339e1 | ||
| classification: info | ||
|
|
||
| # Add constexpr shift_right mp helper (@randombit) | ||
| - pr: 4008 # https://github.com/randombit/botan/pull/4008 | ||
| merge_commit: 7113fb440f176f985790f10fae3745b91a94c95d | ||
| classification: info | ||
|
|
||
| # Redirect from the template Comba to the unrolled Combas where possible (@randombit) | ||
| - pr: 4007 # https://github.com/randombit/botan/pull/4007 | ||
| merge_commit: d184e7842fe7db26f8ab8368e92526574c8343fe | ||
| classification: info | ||
|
|
||
| # Change ECC base multiply tests to consume fixed sized inputs (@randombit) | ||
| - pr: 4016 # https://github.com/randombit/botan/pull/4016 | ||
| merge_commit: 550f8e9ed40c388769d4a298dc23c96888638fc2 | ||
| classification: info | ||
|
|
||
| # Take advange of CT::Mask::select_n (@randombit) | ||
| - pr: 3990 # https://github.com/randombit/botan/pull/3990 | ||
| merge_commit: 8970266d1071a448f62b379d1ce65ac33539e78d | ||
| classification: info | ||
|
|
||
| # Replace bogus custom curve in TLS example (@randombit) | ||
| - pr: 4039 # https://github.com/randombit/botan/pull/4039 | ||
| merge_commit: 7eb9dbbf56fc0fc8875be39e5cbae52766667555 | ||
| classification: relevant | ||
| comment: | | ||
| Introduces a rough check for the Hasse bound to the curve verification. | ||
| The replaced bogus curve was just in some example code and not used in the library. | ||
| # Account for the cofactor when checking Hasse bound (Jack Lloyd) | ||
| - commit: 2b8cf53ae0e835c3223461ce68af2ff9a656d5f2 # https://github.com/randombit/botan/commit/2b8cf53ae0e835c3223461ce68af2ff9a656d5f2 | ||
| classification: relevant | ||
| auditer: reneme | ||
| comment: | | ||
| Follow-up fix for GH #4039. | ||
| # Some EC_Group usage cleanups (@randombit) | ||
| - pr: 4038 # https://github.com/randombit/botan/pull/4038 | ||
| merge_commit: 9bca3f772b4f834afe443235897635ba91f30989 | ||
| classification: info | ||
|
|
||
| # Clean out the BigInt interface (@randombit) | ||
| - pr: 4056 # https://github.com/randombit/botan/pull/4056 | ||
| merge_commit: e101afd63b121c43742d8340148f0c4c2c9f6ea9 | ||
| classification: relevant | ||
| comment: | | ||
| Internal cleanups of Botan's big number implementation. | ||
| # Follow-up: Use load_be more efficiently (@reneme) | ||
| - pr: 4085 # https://github.com/randombit/botan/pull/4085 | ||
| merge_commit: 5649a10ec3399d28c8b84ae18fd65fce57bd7bca | ||
| classification: info | ||
| comment: | | ||
| This is a follow-up to PR #4056. |
Oops, something went wrong.