From bd5d1ffda048efab912390f355fc07d1c4cded7c1c101633c9281659436b89cb Mon Sep 17 00:00:00 2001 From: Martin Pluskal Date: Fri, 14 Jan 2022 13:58:34 +0000 Subject: [PATCH 1/2] Accepting request 946391 from home:Guillaume_G:branches:security:tls - Update to 2.28.0: (bsc#1193979, CVE-2021-45450) OBS-URL: https://build.opensuse.org/request/show/946391 OBS-URL: https://build.opensuse.org/package/show/security:tls/mbedtls?expand=0&rev=34 --- mbedtls-2.27.0.tar.gz | 3 -- mbedtls-2.28.0.tar.gz | 3 ++ mbedtls.changes | 117 ++++++++++++++++++++++++++++++++++++++++++ mbedtls.spec | 4 +- 4 files changed, 122 insertions(+), 5 deletions(-) delete mode 100644 mbedtls-2.27.0.tar.gz create mode 100644 mbedtls-2.28.0.tar.gz diff --git a/mbedtls-2.27.0.tar.gz b/mbedtls-2.27.0.tar.gz deleted file mode 100644 index a03dde7..0000000 --- a/mbedtls-2.27.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2a07856e541f0e5f6eaee4f78018c52f25bd244ed76f9020dea54a8b02cac6ea -size 4212277 diff --git a/mbedtls-2.28.0.tar.gz b/mbedtls-2.28.0.tar.gz new file mode 100644 index 0000000..e1348b7 --- /dev/null +++ b/mbedtls-2.28.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6519579b836ed78cc549375c7c18b111df5717e86ca0eeff4cb64b2674f424cc +size 3711231 diff --git a/mbedtls.changes b/mbedtls.changes index db3d187..e644754 100644 --- a/mbedtls.changes +++ b/mbedtls.changes @@ -1,3 +1,120 @@ +------------------------------------------------------------------- +Thu Jan 13 12:46:09 UTC 2022 - Guillaume GARDET + +- Update to 2.28.0: (bsc#1193979, CVE-2021-45450) + API changes + * Some fields of mbedtls_ssl_session and mbedtls_ssl_config are in a + different order. This only affects applications that define such + structures directly or serialize them. + Requirement changes + * Sign-magnitude and one's complement representations for signed integers are + not supported. Two's complement is the only supported representation. + Removals + * Remove config option MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES, + which allowed SHA-1 in the default TLS configuration for certificate + signing. It was intended to facilitate the transition in environments + with SHA-1 certificates. SHA-1 is considered a weak message digest and + its use constitutes a security risk. + * Remove the partial support for running unit tests via Greentea on Mbed OS, + which had been unmaintained since 2018. + Features + * The identifier of the CID TLS extension can be configured by defining + MBEDTLS_TLS_EXT_CID at compile time. + * Warn if errors from certain functions are ignored. This is currently + supported on GCC-like compilers and on MSVC and can be configured through + the macro MBEDTLS_CHECK_RETURN. The warnings are always enabled + (where supported) for critical functions where ignoring the return + value is almost always a bug. Enable the new configuration option + MBEDTLS_CHECK_RETURN_WARNING to get warnings for other functions. This + is currently implemented in the AES, DES and md modules, and will be + extended to other modules in the future. + * Add missing PSA macros declared by PSA Crypto API 1.0.0: + PSA_ALG_IS_SIGN_HASH, PSA_ALG_NONE, PSA_HASH_BLOCK_LENGTH, PSA_KEY_ID_NULL. + * Add new API mbedtls_ct_memcmp for constant time buffer comparison. + * Add PSA API definition for ARIA. + Security + * Zeroize several intermediate variables used to calculate the expected + value when verifying a MAC or AEAD tag. This hardens the library in + case the value leaks through a memory disclosure vulnerability. For + example, a memory disclosure vulnerability could have allowed a + man-in-the-middle to inject fake ciphertext into a DTLS connection. + * In psa_cipher_generate_iv() and psa_cipher_encrypt(), do not read back + from the output buffer. This fixes a potential policy bypass or decryption + oracle vulnerability if the output buffer is in memory that is shared with + an untrusted application. + * Fix a double-free that happened after mbedtls_ssl_set_session() or + mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED + (out of memory). After that, calling mbedtls_ssl_session_free() + and mbedtls_ssl_free() would cause an internal session buffer to + be free()'d twice. + Bugfix + * Stop using reserved identifiers as local variables. Fixes #4630. + * The GNU makefiles invoke python3 in preference to python except on Windows. + * The check was accidentally not performed when cross-compiling for Windows + on Linux. Fix this. Fixes #4774. + * Prevent divide by zero if either of PSA_CIPHER_ENCRYPT_OUTPUT_SIZE() or + PSA_CIPHER_UPDATE_OUTPUT_SIZE() were called using an asymmetric key type. + * Fix a parameter set but unused in psa_crypto_cipher.c. Fixes #4935. + * Don't use the obsolete header path sys/fcntl.h in unit tests. + These header files cause compilation errors in musl. + Fixes #4969. + * Fix missing constraints on x86_64 and aarch64 assembly code + for bignum multiplication that broke some bignum operations with + (at least) Clang 12. + Fixes #4116, #4786, #4917, #4962. + * Fix mbedtls_cipher_crypt: AES-ECB when MBEDTLS_USE_PSA_CRYPTO is enabled. + * Failures of alternative implementations of AES or DES single-block + functions enabled with MBEDTLS_AES_ENCRYPT_ALT, MBEDTLS_AES_DECRYPT_ALT, + MBEDTLS_DES_CRYPT_ECB_ALT or MBEDTLS_DES3_CRYPT_ECB_ALT were ignored. + This does not concern the implementation provided with Mbed TLS, + where this function cannot fail, or full-module replacements with + MBEDTLS_AES_ALT or MBEDTLS_DES_ALT. Reported by Armelle Duboc in #1092. + * Some failures of HMAC operations were ignored. These failures could only + happen with an alternative implementation of the underlying hash module. + * Fix the error returned by psa_generate_key() for a public key. Fixes #4551. + * Fix the build of sample programs when neither MBEDTLS_ERROR_C nor + MBEDTLS_ERROR_STRERROR_DUMMY is enabled. + * Fix PSA_ALG_RSA_PSS verification accepting an arbitrary salt length. + This algorithm now accepts only the same salt length for verification + that it produces when signing, as documented. Use the new algorithm + PSA_ALG_RSA_PSS_ANY_SALT to accept any salt length. Fixes #4946. + * The existing predicate macro name PSA_ALG_IS_HASH_AND_SIGN is now reserved + for algorithm values that fully encode the hashing step, as per the PSA + Crypto API specification. This excludes PSA_ALG_RSA_PKCS1V15_SIGN_RAW and + PSA_ALG_ECDSA_ANY. The new predicate macro PSA_ALG_IS_SIGN_HASH covers + all algorithms that can be used with psa_{sign,verify}_hash(), including + these two. + * Fix issue in Makefile on Linux with SHARED=1, that caused shared libraries + not to list other shared libraries they need. + * Fix a bug in mbedtls_gcm_starts() when the bit length of the iv + exceeds 2^32. Fixes #4884. + * Fix an uninitialized variable warning in test_suite_ssl.function with GCC + version 11. + * Fix the build when no SHA2 module is included. Fixes #4930. + * Fix the build when only the bignum module is included. Fixes #4929. + * Fix a potential invalid pointer dereference and infinite loop bugs in + pkcs12 functions when the password is empty. Fix the documentation to + better describe the inputs to these functions and their possible values. + Fixes #5136. + * The key usage flags PSA_KEY_USAGE_SIGN_MESSAGE now allows the MAC + operations psa_mac_compute() and psa_mac_sign_setup(). + * The key usage flags PSA_KEY_USAGE_VERIFY_MESSAGE now allows the MAC + operations psa_mac_verify() and psa_mac_verify_setup(). + Changes + * Set config option MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE to be + disabled by default. + * Improve the performance of base64 constant-flow code. The result is still + slower than the original non-constant-flow implementation, but much faster + than the previous constant-flow implementation. Fixes #4814. + * Indicate in the error returned if the nonce length used with + ChaCha20-Poly1305 is invalid, and not just unsupported. + * The mbedcrypto library includes a new source code module constant_time.c, + containing various functions meant to resist timing side channel attacks. + * This module does not have a separate configuration option, and functions + from this module will be included in the build as required. Currently + most of the interface of this module is private and may change at any + time. + ------------------------------------------------------------------- Tue Jul 20 07:33:28 UTC 2021 - Pedro Monreal diff --git a/mbedtls.spec b/mbedtls.spec index 5c9333c..a4a53cf 100644 --- a/mbedtls.spec +++ b/mbedtls.spec @@ -16,11 +16,11 @@ # -%define lib_tls libmbedtls13 +%define lib_tls libmbedtls14 %define lib_crypto libmbedcrypto7 %define lib_x509 libmbedx509-1 Name: mbedtls -Version: 2.27.0 +Version: 2.28.0 Release: 0 Summary: Libraries for crypto and SSL/TLS protocols License: Apache-2.0 From 80ff47879456fd520a3d9500c771d04eed0819f11894017d4b31f88e20d5d097 Mon Sep 17 00:00:00 2001 From: Martin Pluskal Date: Tue, 18 Jan 2022 07:55:10 +0000 Subject: [PATCH 2/2] Accepting request 946956 from home:Guillaume_G:branches:security:tls - Fix baselib.conf OBS-URL: https://build.opensuse.org/request/show/946956 OBS-URL: https://build.opensuse.org/package/show/security:tls/mbedtls?expand=0&rev=35 --- baselibs.conf | 2 +- mbedtls.changes | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/baselibs.conf b/baselibs.conf index 3d7639b..d59f50f 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,3 +1,3 @@ -libmbedtls13 +libmbedtls14 libmbedx509-1 libmbedcrypto7 diff --git a/mbedtls.changes b/mbedtls.changes index e644754..c2e491b 100644 --- a/mbedtls.changes +++ b/mbedtls.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Jan 17 13:11:33 UTC 2022 - Guillaume GARDET + +- Fix baselib.conf + ------------------------------------------------------------------- Thu Jan 13 12:46:09 UTC 2022 - Guillaume GARDET