From b4be9589b61720aa954bcda8c5391ca5a704045479001fa08202803db1f83d0f Mon Sep 17 00:00:00 2001
From: Martin Pluskal <mpluskal@suse.com>
Date: Thu, 22 Dec 2022 08:29:32 +0000
Subject: [PATCH] Accepting request 1044072 from
 home:abergmann:branches:security:tls

- Update to 2.28.2: (bsc#1206576, CVE-2022-46393)
  Security:
  * Fix potential heap buffer overread and overwrite in DTLS if
    MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
    MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
old: security:tls/mbedtls
new: home:abergmann:branches:security:tls/mbedtls rev None
Index: mbedtls.changes
===================================================================
--- mbedtls.changes (revision 36)
+++ mbedtls.changes (revision 2)
@@ -1,4 +1,75 @@
 -------------------------------------------------------------------
+Wed Dec 21 11:10:10 UTC 2022 - Alexander Bergmann <abergmann@suse.com>
+
+- Update to 2.28.2: (bsc#1206576, CVE-2022-46393)
+
+  Security:
+  * Fix potential heap buffer overread and overwrite in DTLS if
+    MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
+    MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
+  * An adversary with access to precise enough information about memory
+    accesses (typically, an untrusted operating system attacking a secure
+    enclave) could recover an RSA private key after observing the victim
+    performing a single private-key operation if the window size used for the
+    exponentiation was 3 or smaller. Found and reported by Zili KOU,
+    Wenjian HE, Sharad Sinha, and Wei ZHANG. See "Cache Side-channel Attacks
+    and Defenses of the Sliding Window Algorithm in TEEs" - Design, Automation
+    and Test in Europe 2023.
+
+  Bugfix:
+  * Fix a long-standing build failure when building x86 PIC code with old
+    gcc (4.x). The code will be slower, but will compile. We do however
+    recommend upgrading to a more recent compiler instead. Fixes #1910.
+  * Fix support for little-endian Microblaze when MBEDTLS_HAVE_ASM is defined.
+    Contributed by Kazuyuki Kimura to fix #2020.
+  * Use double quotes to include private header file psa_crypto_cipher.h.
+    Fixes 'file not found with include' error when building with Xcode.
+  * Fix handling of broken symlinks when loading certificates using
+    mbedtls_x509_crt_parse_path(). Instead of returning an error as soon as a
+    broken link is encountered, skip the broken link and continue parsing
+    other certificate files. Contributed by Eduardo Silva in #2602.
+  * Fix a compilation error when using CMake with an IAR toolchain.
+    Fixes #5964.
+  * Fix bugs and missing dependencies when building and testing
+    configurations with only one encryption type enabled in TLS 1.2.
+  * Provide the missing definition of mbedtls_setbuf() in some configurations
+    with MBEDTLS_PLATFORM_C disabled. Fixes #6118, #6196.
+  * Fix compilation errors when trying to build with
+    PSA drivers for AEAD (GCM, CCM, Chacha20-Poly1305).
+  * Fix memory leak in ssl_parse_certificate_request() caused by
+    mbedtls_x509_get_name() not freeing allocated objects in case of error.
+    Change mbedtls_x509_get_name() to clean up allocated objects on error.
+  * Fix checks on PK in check_config.h for builds with PSA and RSA. This does
+    not change which builds actually work, only moving a link-time error to
+    an early check.
+  * Fix ECDSA verification, where it was not always validating the
+    public key. This bug meant that it was possible to verify a
+    signature with an invalid public key, in some cases. Reported by
+    Guido Vranken using Cryptofuzz in #4420.
+  * Fix a possible null pointer dereference if a memory allocation fails
+    in TLS PRF code. Reported by Michael Madsen in #6516.
+  * Fix a bug in which mbedtls_x509_crt_info() would produce non-printable
+    bytes when parsing certificates containing a binary RFC 4108
+    HardwareModuleName as a Subject Alternative Name extension. Hardware
+    serial numbers are now rendered in hex format. Fixes #6262.
+  * Fix bug in error reporting in dh_genprime.c where upon failure,
+    the error code returned by mbedtls_mpi_write_file() is overwritten
+    and therefore not printed.
+  * In the bignum module, operations of the form (-A) - (+A) or (-A) - (-A)
+    with A > 0 created an unintended representation of the value 0 which was
+    not processed correctly by some bignum operations. Fix this. This had no
+    consequence on cryptography code, but might affect applications that call
+    bignum directly and use negative numbers.
+  * Fix undefined behavior (typically harmless in practice) of
+    mbedtls_mpi_add_mpi(), mbedtls_mpi_add_abs() and mbedtls_mpi_add_int()
+    when both operands are 0 and the left operand is represented with 0 limbs.
+  * Fix undefined behavior (typically harmless in practice) when some bignum
+    functions receive the most negative value of mbedtls_mpi_sint. Credit
+    to OSS-Fuzz. Fixes #6597.
+  * Fix undefined behavior (typically harmless in practice) in PSA ECB
+    encryption and decryption.
+
+-------------------------------------------------------------------
 Fri Nov  4 16:53:36 UTC 2022 - Mia Herkt <mia@0x0.st>

 - Update to 2.28.1: (CVE-2022-35409)
Index: mbedtls.spec
===================================================================
--- mbedtls.spec (revision 36)
+++ mbedtls.spec (revision 2)
@@ -20,7 +20,7 @@
 %define lib_crypto libmbedcrypto7
 %define lib_x509   libmbedx509-1
 Name:           mbedtls
-Version:        2.28.1
+Version:        2.28.2
 Release:        0
 Summary:        Libraries for crypto and SSL/TLS protocols
 License:        Apache-2.0
Index: mbedtls-2.28.2.tar.gz
===================================================================
Binary file mbedtls-2.28.2.tar.gz (revision 2) added
Index: mbedtls-2.28.1.tar.gz
===================================================================
Binary file mbedtls-2.28.1.tar.gz (revision 36) deleted

OBS-URL: https://build.opensuse.org/request/show/1044072
OBS-URL: https://build.opensuse.org/package/show/security:tls/mbedtls?expand=0&rev=37
---
 mbedtls-2.28.1.tar.gz |  3 --
 mbedtls-2.28.2.tar.gz |  3 ++
 mbedtls.changes       | 71 +++++++++++++++++++++++++++++++++++++++++++
 mbedtls.spec          |  2 +-
 4 files changed, 75 insertions(+), 4 deletions(-)
 delete mode 100644 mbedtls-2.28.1.tar.gz
 create mode 100644 mbedtls-2.28.2.tar.gz

diff --git a/mbedtls-2.28.1.tar.gz b/mbedtls-2.28.1.tar.gz
deleted file mode 100644
index 6e7b75e..0000000
--- a/mbedtls-2.28.1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6797a7b6483ef589deeab8d33d401ed235d7be25eeecda1be8ddfed406d40ff4
-size 3914247
diff --git a/mbedtls-2.28.2.tar.gz b/mbedtls-2.28.2.tar.gz
new file mode 100644
index 0000000..9be5a61
--- /dev/null
+++ b/mbedtls-2.28.2.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bc55232bf71fd66045122ba9050a29ea7cb2e8f99b064a9e6334a82f715881a0
+size 3934658
diff --git a/mbedtls.changes b/mbedtls.changes
index c3d8694..e63d669 100644
--- a/mbedtls.changes
+++ b/mbedtls.changes
@@ -1,3 +1,74 @@
+-------------------------------------------------------------------
+Wed Dec 21 11:10:10 UTC 2022 - Alexander Bergmann <abergmann@suse.com>
+
+- Update to 2.28.2: (bsc#1206576, CVE-2022-46393)
+
+  Security:
+  * Fix potential heap buffer overread and overwrite in DTLS if
+    MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
+    MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
+  * An adversary with access to precise enough information about memory
+    accesses (typically, an untrusted operating system attacking a secure
+    enclave) could recover an RSA private key after observing the victim
+    performing a single private-key operation if the window size used for the
+    exponentiation was 3 or smaller. Found and reported by Zili KOU,
+    Wenjian HE, Sharad Sinha, and Wei ZHANG. See "Cache Side-channel Attacks
+    and Defenses of the Sliding Window Algorithm in TEEs" - Design, Automation
+    and Test in Europe 2023.
+
+  Bugfix:
+  * Fix a long-standing build failure when building x86 PIC code with old
+    gcc (4.x). The code will be slower, but will compile. We do however
+    recommend upgrading to a more recent compiler instead. Fixes #1910.
+  * Fix support for little-endian Microblaze when MBEDTLS_HAVE_ASM is defined.
+    Contributed by Kazuyuki Kimura to fix #2020.
+  * Use double quotes to include private header file psa_crypto_cipher.h.
+    Fixes 'file not found with include' error when building with Xcode.
+  * Fix handling of broken symlinks when loading certificates using
+    mbedtls_x509_crt_parse_path(). Instead of returning an error as soon as a
+    broken link is encountered, skip the broken link and continue parsing
+    other certificate files. Contributed by Eduardo Silva in #2602.
+  * Fix a compilation error when using CMake with an IAR toolchain.
+    Fixes #5964.
+  * Fix bugs and missing dependencies when building and testing
+    configurations with only one encryption type enabled in TLS 1.2.
+  * Provide the missing definition of mbedtls_setbuf() in some configurations
+    with MBEDTLS_PLATFORM_C disabled. Fixes #6118, #6196.
+  * Fix compilation errors when trying to build with
+    PSA drivers for AEAD (GCM, CCM, Chacha20-Poly1305).
+  * Fix memory leak in ssl_parse_certificate_request() caused by
+    mbedtls_x509_get_name() not freeing allocated objects in case of error.
+    Change mbedtls_x509_get_name() to clean up allocated objects on error.
+  * Fix checks on PK in check_config.h for builds with PSA and RSA. This does
+    not change which builds actually work, only moving a link-time error to
+    an early check.
+  * Fix ECDSA verification, where it was not always validating the
+    public key. This bug meant that it was possible to verify a
+    signature with an invalid public key, in some cases. Reported by
+    Guido Vranken using Cryptofuzz in #4420.
+  * Fix a possible null pointer dereference if a memory allocation fails
+    in TLS PRF code. Reported by Michael Madsen in #6516.
+  * Fix a bug in which mbedtls_x509_crt_info() would produce non-printable
+    bytes when parsing certificates containing a binary RFC 4108
+    HardwareModuleName as a Subject Alternative Name extension. Hardware
+    serial numbers are now rendered in hex format. Fixes #6262.
+  * Fix bug in error reporting in dh_genprime.c where upon failure,
+    the error code returned by mbedtls_mpi_write_file() is overwritten
+    and therefore not printed.
+  * In the bignum module, operations of the form (-A) - (+A) or (-A) - (-A)
+    with A > 0 created an unintended representation of the value 0 which was
+    not processed correctly by some bignum operations. Fix this. This had no
+    consequence on cryptography code, but might affect applications that call
+    bignum directly and use negative numbers.
+  * Fix undefined behavior (typically harmless in practice) of
+    mbedtls_mpi_add_mpi(), mbedtls_mpi_add_abs() and mbedtls_mpi_add_int()
+    when both operands are 0 and the left operand is represented with 0 limbs.
+  * Fix undefined behavior (typically harmless in practice) when some bignum
+    functions receive the most negative value of mbedtls_mpi_sint. Credit
+    to OSS-Fuzz. Fixes #6597.
+  * Fix undefined behavior (typically harmless in practice) in PSA ECB
+    encryption and decryption.
+
 -------------------------------------------------------------------
 Fri Nov  4 16:53:36 UTC 2022 - Mia Herkt <mia@0x0.st>
 
diff --git a/mbedtls.spec b/mbedtls.spec
index d2a8ac2..7eedd61 100644
--- a/mbedtls.spec
+++ b/mbedtls.spec
@@ -20,7 +20,7 @@
 %define lib_crypto libmbedcrypto7
 %define lib_x509   libmbedx509-1
 Name:           mbedtls
-Version:        2.28.1
+Version:        2.28.2
 Release:        0
 Summary:        Libraries for crypto and SSL/TLS protocols
 License:        Apache-2.0