Hi Folks,
finally we’ve mangaged to finish version 1.18.0 of libtomcrypt.
There were some minor changes since the RC5, namely:
- A fix regarding
ltc_mp_digit
when compiling for win64. - Fixing the build when building on a machine without
git
installed.
The tarballs of the release can be downloaded here:
[crypt-1.18.0.tar.xz] [tar.xz.asc]
After nearly 1400 commits over the last 10 years there were some changes accumulated… :)
Therefore we’re splitting this summary here up in bugfixes, cryptographic fixes, major additions and major improvements.
A detailed list of all changes is included in the changes
file.
Bugfixes
- Multi2 decrypt operation was broken when a non-standard number of rounds is used. 21ddcf35681916c091ae91e7e8e5bd6bdf8ab51d
- Noekeon decrypt and encrypt operations were broken. 6dc089015adfc4f66679b6b680476422bd6b6c01
- XTEA decrypt and encrypt operations were broken. 2526d5df8f9a228cf20ba90982aed4a5e951ac5f
- The Windows implementation of
rng_get_bytes()
tried to read fromc:\dev\urandom
resp.c:\dev\random
before using the Windows CSP. b36e75b7f12c75bd852b8bcee36ea6bd9727d5c0 rsa_make_key()
could try to free uninitialized variables in case something in the MPI provider went wrong. 98893c077bd603d5c1aeb972a88c23ffe59a8ae6- The RSA/PKCS#1 v2.0 PSS hash verification was broken in cases where
bitlength(key) % 8 == 1
. 3324da26019640d7df72841f5e644d7e42a6b8f6 - Camellia decrypt operation was broken (which only plays a role if you used Tom’s last tarball as it wasn’t in 1.17 yet). 45dcbc654d5867bb5ee475b9b1be0b2c3959d0de
- Issues reported by miscellaneous analysers (valgrind, asan, ubsan, clang/scan-build, coverity).
Cryptographic fixes
- A Bleichenbacher Signature attack was fixed in the RSA/PKCS#1 v1.5 EMSA code. 5eb9743410ce4657e9d54fef26a2ee31a1b5dd09
- Fixed potential Timing attacks in EAX, OCB and OCBv3. 05e28d6cfa473e5c6e312ef8bfe6137bc8caa0da
- Fixed potential Timing attack in CCM. (09e4b0ec9b46ac4db3fa904658821c54106a1d0e & 75b114517a3f8db2075a45b0af87d4d74778ad66)
- Fixed potential counter reuse in GCM. 7d418b34b3fe6d49354d5a9ef5a442c387a1bd06
Major additions
- Blake2b & Blake2s (hash & mac)
- ChaCha (stream cipher), Poly1305 (mac), ChaCha20Poly1305 (encauth)
- Diffie-Hellman (has been revived from an earlier version and re-worked)
- SHA3 (incl. SHAKE3)
- OCBv3 (encauth)
- Camellia (block cipher)
- New stream cipher API (ChaCha, RC4, Sober128)
- ChaCha20-based PRNG
- RSA - loading keys PKCS#8 (private) and X.509 (public)
Major improvements
- Re-worked all makefiles.
- Fixed a bunch of build issues on a lot of platforms.
- ECC, DSA and RSA hardened in multiple ways.
Thanks go out to all contributors and bug reporters. I wanted to thank especially Karel, who’s using the library in his PERL bindings perl-CryptX, and Larry Bugbee, who both contributed loads of improvements and invaluable feedback (before and behind the scenes). Thanks go also out to @rolf0r, François Perrad, all the OS package maintainers who reported feedback and organisations like Linaro who are using the library in their OP-TEE environment and upstreamed some nice patches.
Let’s see how this goes on and hopefully evolves into a 2.0
version of the library :)
Cheers,
Karel & Steffen
P.S.: If you experience any issues, feel free to drop us a mail on the [ML] or open a PR on [GitHub].