Skip to content

Commit

Permalink
Merge pull request #139 from sehlen-bsi/audit/autoupdate
Browse files Browse the repository at this point in the history
🤖 Audit: Auto-update with latest upstream patches
  • Loading branch information
reneme authored Oct 10, 2023
2 parents e94658c + 4acbf54 commit da100b3
Show file tree
Hide file tree
Showing 10 changed files with 168 additions and 5 deletions.
2 changes: 1 addition & 1 deletion config/botan.env
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ BOTAN_VERSION=3.2.0
# creation of source-code related document generation. Once a Botan release is
# minted, this may be the git-tag of that release. During development of an
# upcoming version it should be a concrete commit SHA on Botan's main branch.
BOTAN_REF=0a183f3f21492ff7d3967779dfe69b9ca2ef4cf5
BOTAN_REF=6f466a2704a31856ebc27451ca861527d3dd00a1

# The Botan repository reference that is currently seen as the "trusted source
# revision". Typically this is the source reference that was audited by the
Expand Down
41 changes: 38 additions & 3 deletions docs/audit_report/changes/topics/build_system.yml
Original file line number Diff line number Diff line change
@@ -1,13 +1,48 @@
title: Build System

description: |
Botan can now use the "ninja" build tool alongside "make". This is useful
especially on Windows where the builtin "nmake" build tool still does not
Botan can now use the "ninja" build tool alongside "make". This is useful,
especially on Windows, where the built-in "nmake" build tool still does not
support parallel compilation. The security of the cryptographic
implementations in the library is not affected by this.
implementations in the library is not affected by this. Another major change
is improved multithreading support, which also does not affect security.
patches:
# Add ninja support (@securitykernel)
- pr: 3677 # https://github.com/randombit/botan/pull/3677
merge_commit: 88fbc408173226be04ebf843447e76cdebcfee03
classification: info

# thead pool debugging support proposal using native capabilities if po… (@devnexen)
- pr: 3628 # https://github.com/randombit/botan/pull/3628
merge_commit: 86381e75cf7a286bb73068a97ec4bd9784316a15
classification: info
auditer: FAlbertDev

# Remove Android NDK hack (@randombit)
- pr: 3721 # https://github.com/randombit/botan/pull/3721
merge_commit: 494d928af4e28e17d2938fec85a70357a9e7560c
classification: info

# Update XLC build configuration (@randombit)
- pr: 3730 # https://github.com/randombit/botan/pull/3730
merge_commit: 921a9af069626d85497963773e4cef08e96aed8d
classification: info
auditer: FAlbertDev

# Disable global thread pool on MinGW by default (@randombit)
- pr: 3726 # https://github.com/randombit/botan/pull/3726
merge_commit: ff187b33eef2d7285fdb9f27ecff4950d6c8ab2a
classification: info
auditer: FAlbertDev

# OS::set_thread_name attempt to port to windows >= 10 (@devnexen)
- pr: 3738 # https://github.com/randombit/botan/pull/3738
merge_commit: 39a07ebd60dda5dc8ba23d67abecaa4beca2f422
classification: info
auditer: FAlbertDev

# Add missing simd requires to aes_ni (@lieser)
- pr: 3741 # https://github.com/randombit/botan/pull/3741
merge_commit: 335af7462959257be20d1044dd28c81382883c7a
classification: info
21 changes: 21 additions & 0 deletions docs/audit_report/changes/topics/chores.yml
Original file line number Diff line number Diff line change
Expand Up @@ -127,8 +127,29 @@ patches:
merge_commit: 7c03c1b8939bf61508a34720a6a65631488d5df4
classification: info

# Refactor: Remove MDx_HashFunction (@reneme)
- pr: 3705 # https://github.com/randombit/botan/pull/3705
merge_commit: 1db2b19cd07d88630159716fbb6ebe7fd5a5dfdf
classification: relevant

# Use -Wno-error=stringop-overread in Werror mode to bypass GCC bugs (@randombit)
- pr: 3711 # https://github.com/randombit/botan/pull/3711
merge_commit: e3679419f88a73f1678b83ff3529810927e9430e
classification: info
auditer: reneme

# std::span and AlignmentBuffer<> for GHASH (@reneme)
- pr: 3714 # https://github.com/randombit/botan/pull/3714
merge_commit: c7a4b4c5a40e25e634056c29064aa441b928989a
classification: info

# std::span for MessageAuthenticationCode internals (@reneme)
- pr: 3713 # https://github.com/randombit/botan/pull/3713
merge_commit: b36d2bd8a0e26cc3f026ace71d568319970e16dd
classification: info

# Some small updates for clang-tidy 16 (@randombit)
- pr: 3735 # https://github.com/randombit/botan/pull/3735
merge_commit: 23b51a727b61097290ea65b87f23d65867fbe215
classification: info
auditer: FAlbertDev
5 changes: 5 additions & 0 deletions docs/audit_report/changes/topics/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -72,3 +72,8 @@ patches:
- pr: 3718 # https://github.com/randombit/botan/pull/3718
merge_commit: 0a183f3f21492ff7d3967779dfe69b9ca2ef4cf5
classification: info

# Move emscripten CI build to macOS (@randombit)
- pr: 3720 # https://github.com/randombit/botan/pull/3720
merge_commit: ae37d6503af79de5f376da2b6c92476a36e7d386
classification: info
15 changes: 15 additions & 0 deletions docs/audit_report/changes/topics/documentation.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,3 +34,18 @@ patches:
- commit: c321da5c3d69b86962468d8eb55c9ea07be077d5 # https://github.com/randombit/botan/commit/c321da5c3d69b86962468d8eb55c9ea07be077d5
classification: info
auditer: reneme

# Doc: Update TLS Chapter in Handbook (@reneme)
- pr: 3708 # https://github.com/randombit/botan/pull/3708
merge_commit: b1136e8c6eb4b1aaf92be71e3888b206ebf55660
classification: info

# Minor updates to contribution doc [ci skip] (Jack Lloyd)
- commit: c09a134ceb5bc0a4f466442e3ff121638a9697d3 # https://github.com/randombit/botan/commit/c09a134ceb5bc0a4f466442e3ff121638a9697d3
classification: info
auditer: FAlbertDev

# Update my PGP key [ci skip] (Jack Lloyd)
- commit: e38cc9213e834ced07d4c145f9ba4ef76545904a # https://github.com/randombit/botan/commit/e38cc9213e834ced07d4c145f9ba4ef76545904a
classification: info
auditer: FAlbertDev
16 changes: 16 additions & 0 deletions docs/audit_report/changes/topics/extensions.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,3 +26,19 @@ patches:
SHAKE-128, SHAKE-256, cSHAKE-128, cSHAKE-256. The latter two are not
available via the public API and are meant for internal users like KMAC.
# Use XOF interface in Kyber and Dilithium (@reneme)
- pr: 3672 # https://github.com/randombit/botan/pull/3672
merge_commit: b5d604419ed153eb6e071f50ae6314b4fca4638d
classification: relevant

# Prepare for Kyber standardization updates (@randombit)
- pr: 3695 # https://github.com/randombit/botan/pull/3695
merge_commit: ff51697d484d042e0d5ec01b1a39abd4f570508f
classification: info

# X509: Allow writing CDP extension into certificates (@martin-schiffner)
- pr: 3712 # https://github.com/randombit/botan/pull/3712
merge_commit: d2506bf61d8aec35b302a3ea84f80e08aa43b556
classification: relevant
auditer: FAlbertDev
comment: Allow support for the X509 extension CDP.
18 changes: 18 additions & 0 deletions docs/audit_report/changes/topics/fixes.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,3 +24,21 @@ patches:
- commit: 96871c284f0305cc72215368376260a2a9aec898 # https://github.com/randombit/botan/commit/96871c284f0305cc72215368376260a2a9aec898
classification: info
auditer: reneme

# Add some minimal API sanity checks for PK_Signer/PK_Verifier (@lieser)
- pr: 3702 # https://github.com/randombit/botan/pull/3702
merge_commit: f7fcff3d6c8aef096da4520993e49c3c467a002d
classification: relevant
comment: |
This fixes potential use-after-free and/or null pointer dereferences in case
an asymmetric key operation outlived its underlying asymmetric key object.
# Some small test cleanups as a followup to #3702 (@randombit)
- pr: 3725 # https://github.com/randombit/botan/pull/3725
merge_commit: 30ecb87197a4bb94fc660a2e6d215b20a9ac7f06
classification: info

# FIX: out-of-bounds access of std::array (@reneme)
- pr: 3736 # https://github.com/randombit/botan/pull/3736
merge_commit: a8b4fe3e1eb88e286d67130e8fd7f77423420dda
classification: info
6 changes: 6 additions & 0 deletions docs/audit_report/changes/topics/kuznyechik.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,3 +23,9 @@ patches:
- commit: be263bab07288a54576c3e25bd3383fe9abad8fa # https://github.com/randombit/botan/commit/be263bab07288a54576c3e25bd3383fe9abad8fa
classification: info
auditer: reneme

# Some cleanups for Kuznyechik (@randombit)
- pr: 3724 # https://github.com/randombit/botan/pull/3724
merge_commit: 218f5028b2111b8c31406680f4fd1c13f55e8eb8
classification: out of scope
auditer: FAlbertDev
25 changes: 25 additions & 0 deletions docs/audit_report/changes/topics/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,3 +40,28 @@ patches:
- commit: 091b7c89b7d2e6f3a92121feb8fb37f75bd651cb # https://github.com/randombit/botan/commit/091b7c89b7d2e6f3a92121feb8fb37f75bd651cb
classification: info
auditer: reneme

# Update change notes [ci skip] (Jack Lloyd)
- commit: 5ccf554190949add414721e3652a8da66f67e520 # https://github.com/randombit/botan/commit/5ccf554190949add414721e3652a8da66f67e520
classification: info
auditer: FAlbertDev

# Update change notes [ci skip] (Jack Lloyd)
- commit: 258211bd0eebb7ceddf6663bfaf1a37cb772d060 # https://github.com/randombit/botan/commit/258211bd0eebb7ceddf6663bfaf1a37cb772d060
classification: info
auditer: FAlbertDev

# Update change notes [ci skip] (Jack Lloyd)
- commit: 68ca91208e2c640fab835f3ba40d5e37145beac4 # https://github.com/randombit/botan/commit/68ca91208e2c640fab835f3ba40d5e37145beac4
classification: info
auditer: FAlbertDev

# Update change notes (Jack Lloyd)
- commit: e7b2aa5ee62c4f696f3c45c50e660fb0207b31f3 # https://github.com/randombit/botan/commit/e7b2aa5ee62c4f696f3c45c50e660fb0207b31f3
classification: info
auditer: FAlbertDev

# Update for 3.2.0 release (Jack Lloyd)
- commit: 6f466a2704a31856ebc27451ca861527d3dd00a1 # https://github.com/randombit/botan/commit/6f466a2704a31856ebc27451ca861527d3dd00a1
classification: info
auditer: FAlbertDev
24 changes: 23 additions & 1 deletion docs/audit_report/changes/topics/tls.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
title: TLS Improvements and Extensions

description: |
Most notably, this adds support for user-provided Preshared Keys in TLS 1.3.
Most notably, this adds support for quantum-secure hybrid PQ/T key
establishment combining Kyber and classical elliptic curve algorithms.
Also, support for user-provided Preshared Keys in TLS 1.3 is added.
Apart from that, a few minor fixes and internal improvements on the TLS
implementation were merged.
Expand Down Expand Up @@ -49,3 +51,23 @@ patches:
classification: info
comment: |
This affects Botan's CLI, not the actual TLS implementation.
# [TLS 1.3] Hybrid PQ/T key establishment (@reneme)
- pr: 3609 # https://github.com/randombit/botan/pull/3609
merge_commit: 2f15b3ee1fd88e9f461ae92320a2b76a97211cba
classification: critical

# [TLS 1.3] Clean up support Hybrid PQ/T algorithms (@reneme)
- pr: 3733 # https://github.com/randombit/botan/pull/3733
merge_commit: 6546d0294bd18193f353262a1dfab4dd30255d17
classification: info

# Wrap TLS::Group_Params enum in a class (@randombit)
- pr: 3729 # https://github.com/randombit/botan/pull/3729
merge_commit: a5b0723e37d79c8b1b3cf3deaaa41e47688a2737
classification: info

# In the CLI tests also test Kyber kex against google.com (@randombit)
- pr: 3739 # https://github.com/randombit/botan/pull/3739
merge_commit: 72d50f5f244ac74c90fcd02c0579fe37e00f13a5
classification: info

0 comments on commit da100b3

Please sign in to comment.