Description:
The new release addresses twelve security issues, including one Critical. Refer to the Dell BSAFE Crypto-C Micro Edition 4.1.5 and Dell BSAFE Micro Edition Suite 4.6 Release Notes for details about the vulnerabilities being addressed.
Public disclosure of the vulnerabilities will occur at the end of the applicable embargo period. Until that embargo ends, only customers with active BSAFE maintenance contracts can receive details about the vulnerabilities.
This release is also designed to include the following Dell BSAFE Crypto-C Micro Edition 4.1.5 new features and changes:
- All static library files have been replaced by a single, platform-specific library named ccme. Linking to separate provider static libraries is no longer required.
- The FIPS 140-2 dynamic libraries ccme_ecc_accel_fips and ccme_ecc_accel_non_fips are removed and the features formerly provided by these libraries are provided by ccme_ecc_fips and ccme_ecc_non_fips, respectively. The FIPS 140-2 library set size has been reduced for many platforms.
- Elliptic Curve Cryptography (ECC) parameter generation is no longer supported and ECC parameter generation identifiers are removed.
- Acceleration tables for ECC asymmetric key operations are no longer available, and ECC asymmetric key identifiers are deprecated.
- For Elliptic Curve Diffie-Hellman (ECDH), when retrieving the private key using R_CR_get_info() with R_CR_INFO_ID_DH_PRIV_KEY, the retrieved R_ITEM object refers to data managed by the R_CR object, and therefore is not required to be freed by the application.
- The list of available named elliptic curves for cryptographic operations in software and on PKCS #11 hardware devices is consolidated to remove less common and non-NIST-approved curves. All curves of ONB representation are no longer supported.
- For EC key generation, R_CR_generate_key no longer allocates and returns an R_PKEY object when passed a pointer to a NULL value. This makes EC key generation consistent with key generation for other algorithms.
- The Elliptic Curve Augmented Encryption Scheme (ECAES) asymmetric key encryption algorithm, which was deprecated, is now removed.
- The structure of the BIO has been made opaque. Each type of BIO implements the basic BIO interface and can extend the structure with implementation specific fields.