Accepting request 947118 from security:tls

OBS-URL: https://build.opensuse.org/request/show/947118
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mbedtls?expand=0&rev=33

baselibs.conf

@@ -1,3 +1,3 @@
-libmbedtls13
+libmbedtls14
 libmbedx509-1
 libmbedcrypto7

mbedtls-2.27.0.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2a07856e541f0e5f6eaee4f78018c52f25bd244ed76f9020dea54a8b02cac6ea
-size 4212277

mbedtls-2.28.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6519579b836ed78cc549375c7c18b111df5717e86ca0eeff4cb64b2674f424cc
+size 3711231

mbedtls.changes

@@ -1,3 +1,125 @@
+-------------------------------------------------------------------
+Mon Jan 17 13:11:33 UTC 2022 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Fix baselib.conf
+
+-------------------------------------------------------------------
+Thu Jan 13 12:46:09 UTC 2022 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Update to 2.28.0: (bsc#1193979, CVE-2021-45450)
+  API changes
+   * Some fields of mbedtls_ssl_session and mbedtls_ssl_config are in a
+   different order. This only affects applications that define such
+   structures directly or serialize them.
+  Requirement changes
+   * Sign-magnitude and one's complement representations for signed integers are
+   not supported. Two's complement is the only supported representation.
+  Removals
+   * Remove config option MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES,
+   which allowed SHA-1 in the default TLS configuration for certificate
+   signing. It was intended to facilitate the transition in environments
+   with SHA-1 certificates. SHA-1 is considered a weak message digest and
+   its use constitutes a security risk.
+   * Remove the partial support for running unit tests via Greentea on Mbed OS,
+   which had been unmaintained since 2018.
+  Features
+   * The identifier of the CID TLS extension can be configured by defining
+   MBEDTLS_TLS_EXT_CID at compile time.
+   * Warn if errors from certain functions are ignored. This is currently
+   supported on GCC-like compilers and on MSVC and can be configured through
+   the macro MBEDTLS_CHECK_RETURN. The warnings are always enabled
+   (where supported) for critical functions where ignoring the return
+   value is almost always a bug. Enable the new configuration option
+   MBEDTLS_CHECK_RETURN_WARNING to get warnings for other functions. This
+   is currently implemented in the AES, DES and md modules, and will be
+   extended to other modules in the future.
+   * Add missing PSA macros declared by PSA Crypto API 1.0.0:
+   PSA_ALG_IS_SIGN_HASH, PSA_ALG_NONE, PSA_HASH_BLOCK_LENGTH, PSA_KEY_ID_NULL.
+   * Add new API mbedtls_ct_memcmp for constant time buffer comparison.
+   * Add PSA API definition for ARIA.
+  Security
+   * Zeroize several intermediate variables used to calculate the expected
+   value when verifying a MAC or AEAD tag. This hardens the library in
+   case the value leaks through a memory disclosure vulnerability. For
+   example, a memory disclosure vulnerability could have allowed a
+   man-in-the-middle to inject fake ciphertext into a DTLS connection.
+   * In psa_cipher_generate_iv() and psa_cipher_encrypt(), do not read back
+   from the output buffer. This fixes a potential policy bypass or decryption
+   oracle vulnerability if the output buffer is in memory that is shared with
+   an untrusted application.
+   * Fix a double-free that happened after mbedtls_ssl_set_session() or
+   mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED
+   (out of memory). After that, calling mbedtls_ssl_session_free()
+   and mbedtls_ssl_free() would cause an internal session buffer to
+   be free()'d twice.
+  Bugfix
+   * Stop using reserved identifiers as local variables. Fixes #4630.
+   * The GNU makefiles invoke python3 in preference to python except on Windows.
+   * The check was accidentally not performed when cross-compiling for Windows
+   on Linux. Fix this. Fixes #4774.
+   * Prevent divide by zero if either of PSA_CIPHER_ENCRYPT_OUTPUT_SIZE() or
+   PSA_CIPHER_UPDATE_OUTPUT_SIZE() were called using an asymmetric key type.
+   * Fix a parameter set but unused in psa_crypto_cipher.c. Fixes #4935.
+   * Don't use the obsolete header path sys/fcntl.h in unit tests.
+   These header files cause compilation errors in musl.
+   Fixes #4969.
+   * Fix missing constraints on x86_64 and aarch64 assembly code
+   for bignum multiplication that broke some bignum operations with
+   (at least) Clang 12.
+   Fixes #4116, #4786, #4917, #4962.
+   * Fix mbedtls_cipher_crypt: AES-ECB when MBEDTLS_USE_PSA_CRYPTO is enabled.
+   * Failures of alternative implementations of AES or DES single-block
+   functions enabled with MBEDTLS_AES_ENCRYPT_ALT, MBEDTLS_AES_DECRYPT_ALT,
+   MBEDTLS_DES_CRYPT_ECB_ALT or MBEDTLS_DES3_CRYPT_ECB_ALT were ignored.
+   This does not concern the implementation provided with Mbed TLS,
+   where this function cannot fail, or full-module replacements with
+   MBEDTLS_AES_ALT or MBEDTLS_DES_ALT. Reported by Armelle Duboc in #1092.
+   * Some failures of HMAC operations were ignored. These failures could only
+   happen with an alternative implementation of the underlying hash module.
+   * Fix the error returned by psa_generate_key() for a public key. Fixes #4551.
+   * Fix the build of sample programs when neither MBEDTLS_ERROR_C nor
+   MBEDTLS_ERROR_STRERROR_DUMMY is enabled.
+   * Fix PSA_ALG_RSA_PSS verification accepting an arbitrary salt length.
+   This algorithm now accepts only the same salt length for verification
+   that it produces when signing, as documented. Use the new algorithm
+   PSA_ALG_RSA_PSS_ANY_SALT to accept any salt length. Fixes #4946.
+   * The existing predicate macro name PSA_ALG_IS_HASH_AND_SIGN is now reserved
+   for algorithm values that fully encode the hashing step, as per the PSA
+   Crypto API specification. This excludes PSA_ALG_RSA_PKCS1V15_SIGN_RAW and
+   PSA_ALG_ECDSA_ANY. The new predicate macro PSA_ALG_IS_SIGN_HASH covers
+   all algorithms that can be used with psa_{sign,verify}_hash(), including
+   these two.
+   * Fix issue in Makefile on Linux with SHARED=1, that caused shared libraries
+   not to list other shared libraries they need.
+   * Fix a bug in mbedtls_gcm_starts() when the bit length of the iv
+   exceeds 2^32. Fixes #4884.
+   * Fix an uninitialized variable warning in test_suite_ssl.function with GCC
+   version 11.
+   * Fix the build when no SHA2 module is included. Fixes #4930.
+   * Fix the build when only the bignum module is included. Fixes #4929.
+   * Fix a potential invalid pointer dereference and infinite loop bugs in
+   pkcs12 functions when the password is empty. Fix the documentation to
+   better describe the inputs to these functions and their possible values.
+   Fixes #5136.
+   * The key usage flags PSA_KEY_USAGE_SIGN_MESSAGE now allows the MAC
+   operations psa_mac_compute() and psa_mac_sign_setup().
+   * The key usage flags PSA_KEY_USAGE_VERIFY_MESSAGE now allows the MAC
+   operations psa_mac_verify() and psa_mac_verify_setup().
+  Changes
+   * Set config option MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE to be
+   disabled by default.
+   * Improve the performance of base64 constant-flow code. The result is still
+   slower than the original non-constant-flow implementation, but much faster
+   than the previous constant-flow implementation. Fixes #4814.
+   * Indicate in the error returned if the nonce length used with
+   ChaCha20-Poly1305 is invalid, and not just unsupported.
+   * The mbedcrypto library includes a new source code module constant_time.c,
+   containing various functions meant to resist timing side channel attacks.
+   * This module does not have a separate configuration option, and functions
+   from this module will be included in the build as required. Currently
+   most of the interface of this module is private and may change at any
+   time.
+
 -------------------------------------------------------------------
 Tue Jul 20 07:33:28 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
 

mbedtls.spec

@@ -16,11 +16,11 @@
 #
 
 
-%define lib_tls    libmbedtls13
+%define lib_tls    libmbedtls14
 %define lib_crypto libmbedcrypto7
 %define lib_x509   libmbedx509-1
 Name:           mbedtls
-Version:        2.27.0
+Version:        2.28.0
 Release:        0
 Summary:        Libraries for crypto and SSL/TLS protocols
 License:        Apache-2.0