Commit Graph

12 Commits

Author SHA256 Message Date
Martin Pluskal
0171d2c11f - Update baselibs.conf
OBS-URL: https://build.opensuse.org/package/show/security:tls/mbedtls?expand=0&rev=50
2024-04-04 14:35:38 +00:00
Martin Pluskal
2e80ec14d6 OBS-URL: https://build.opensuse.org/package/show/security:tls/mbedtls?expand=0&rev=45 2023-10-11 10:53:58 +00:00
Martin Pluskal
b3b7f6d4a7 OBS-URL: https://build.opensuse.org/package/show/security:tls/mbedtls?expand=0&rev=40 2023-04-28 09:04:51 +00:00
Martin Pluskal
80ff478794 Accepting request 946956 from home:Guillaume_G:branches:security:tls
- Fix baselib.conf

OBS-URL: https://build.opensuse.org/request/show/946956
OBS-URL: https://build.opensuse.org/package/show/security:tls/mbedtls?expand=0&rev=35
2022-01-18 07:55:10 +00:00
Martin Pluskal
9b7046063e Accepting request 907287 from home:pmonrealgonzalez:branches:security:tls
- Update to 2.27.0:
  API changes:
   * Update AEAD output size macros to bring them in line with the PSA Crypto
     API version 1.0 spec. This version of the spec parameterizes them on the
     key type used, as well as the key bit-size in the case of
     PSA_AEAD_TAG_LENGTH.
     The old versions of these macros were renamed and deprecated as follows:
     - PSA_AEAD_TAG_LENGTH          -> PSA_AEAD_TAG_LENGTH_1_ARG
     - PSA_AEAD_ENCRYPT_OUTPUT_SIZE -> PSA_AEAD_ENCRYPT_OUTPUT_SIZE_2_ARG
     - PSA_AEAD_DECRYPT_OUTPUT_SIZE -> PSA_AEAD_DECRYPT_OUTPUT_SIZE_2_ARG
     - PSA_AEAD_UPDATE_OUTPUT_SIZE  -> PSA_AEAD_UPDATE_OUTPUT_SIZE_2_ARG
     - PSA_AEAD_FINISH_OUTPUT_SIZE  -> PSA_AEAD_FINISH_OUTPUT_SIZE_1_ARG
     - PSA_AEAD_VERIFY_OUTPUT_SIZE  -> PSA_AEAD_VERIFY_OUTPUT_SIZE_1_ARG
   * Implement one-shot cipher functions, psa_cipher_encrypt and
     psa_cipher_decrypt, according to the PSA Crypto API 1.0.0
     specification.
  Features:
   * Add mbedtls_rsa_rsassa_pss_sign_ext() function allowing to generate a
     signature with a specific salt length. This function allows to validate
     test cases provided in the NIST's CAVP test suite.
   * Added support for built-in driver keys through the PSA opaque crypto
     driver interface. Refer to the documentation of
     MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS for more information.
   * Implement psa_sign_message() and psa_verify_message().
   * The new function mbedtls_mpi_random() generates a random value in a
     given range uniformly.
   * Implement psa_mac_compute() and psa_mac_verify() as defined in the
     PSA Cryptograpy API 1.0.0 specification.
   * MBEDTLS_ECP_MAX_BITS is now determined automatically from the configured
     curves and no longer needs to be configured explicitly to save RAM.

OBS-URL: https://build.opensuse.org/request/show/907287
OBS-URL: https://build.opensuse.org/package/show/security:tls/mbedtls?expand=0&rev=31
2021-08-03 11:25:35 +00:00
Martin Pluskal
32885839d9 Accepting request 858114 from home:dirkmueller:branches:security:tls
- update to 2.25.0:
  * This release of Mbed TLS provides bug fixes, minor enhancements and new
  features. This release includes fixes for security issues. 
  * see https://github.com/ARMmbed/mbedtls/releases/tag/v2.25.0
  * The functions mbedtls_cipher_auth_encrypt() and
  mbedtls_cipher_auth_decrypt() would write past the minimum documented size
  of the output buffer when used with NIST_KW. As a result, code using those
  functions as documented with NIST_KW could have a buffer overwrite of up to
  15 bytes, with consequences ranging up to arbitrary code execution
  depending on the location of the output buffer.
  * Limit the size of calculations performed by mbedtls_mpi_exp_mod to
  MBEDTLS_MPI_MAX_SIZE to prevent a potential denial of service when generating
  Diffie-Hellman key pairs. Credit to OSS-Fuzz.
  
  * A failure of the random generator was ignored in mbedtls_mpi_fill_random(),
  which is how most uses of randomization in asymmetric cryptography (including
  key generation, intermediate value randomization and blinding) are implemented.
  This could cause failures or the silent use of non-random values. A random
  generator can fail if it needs reseeding and cannot not obtain entropy, or due
  to an internal failure (which, for Mbed TLS's own CTR_DRBG or HMAC_DRBG, can
  only happen due to a misconfiguration).
  
  * Fix a compliance issue whereby we were not checking the tag on the algorithm
  parameters (only the size) when comparing the signature in the description part
  of the cert to the real signature. This meant that a NULL algorithm parameters
  entry would look identical to an array of REAL (size zero) to the library and
  thus the certificate would be considered valid. However, if the parameters do
  not match in any way then the certificate should be considered invalid, and
  indeed OpenSSL marks these certs as invalid when mbedtls did not. Many thanks
  to guidovranken who found this issue via differential fuzzing and reported it

OBS-URL: https://build.opensuse.org/request/show/858114
OBS-URL: https://build.opensuse.org/package/show/security:tls/mbedtls?expand=0&rev=22
2020-12-22 10:24:25 +00:00
Martin Pluskal
ddd7fc109e Accepting request 827276 from home:dirkmueller:branches:security:tls
- update to 2.23.0:
  a lot of changes see https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0
  * Fix a side channel vulnerability in modular exponentiation that could reveal an RSA private key used in a secure enclave. Noticed by Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim and Hyesoon Kim (Georgia Institute of Technology); and Marcus Peinado (Microsoft Research). Reported by Raoul Strackx (Fortanix) in #3394.
  * Fix side channel in mbedtls_ecp_check_pub_priv() and mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a private key that didn't include the uncompressed public key), as well as mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL f_rng argument. An attacker with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave) could fully recover the ECC private key. Found and reported by Alejandro Cabrera Aldaya and Billy Brumley.
  * Fix issue in Lucky 13 counter-measure that could make it ineffective when hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT macros). This would cause the original Lucky 13 attack to be possible in those configurations, allowing an active network attacker to recover plaintext after repeated timing measurements under some conditions. Reported and fix suggested by Luc Perneel in #3246.

OBS-URL: https://build.opensuse.org/request/show/827276
OBS-URL: https://build.opensuse.org/package/show/security:tls/mbedtls?expand=0&rev=15
2020-08-17 10:36:14 +00:00
Tomáš Chvátal
1791b616af Accepting request 657220 from home:pmonrealgonzalez:branches:security:tls
- Library package version bumped to libmbedtls12

- Update to version 2.14.1: [bsc#1118727, CVE-2018-19608]
  Security
   * Fix timing variations and memory access variations in RSA PKCS#1 v1.5
     decryption that could lead to a Bleichenbacher-style padding oracle
     attack. In TLS, this affects servers that accept ciphersuites based on
     RSA decryption (i.e. ciphersuites whose name contains RSA but not
     (EC)DH(E)). Discovered by Eyal Ronen (Weizmann Institute),  Robert Gillham
     (University of Adelaide), Daniel Genkin (University of Michigan),
     Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom
     (University of Adelaide, Data61). The attack is described in more detail
     in the paper available here: http://cat.eyalro.net/cat.pdf  CVE-2018-19608
   * In mbedtls_mpi_write_binary(), don't leak the exact size of the number
     via branching and memory access patterns. An attacker who could submit
     a plaintext for RSA PKCS#1 v1.5 decryption but only observe the timing
     of the decryption and not its result could nonetheless decrypt RSA
     plaintexts and forge RSA signatures. Other asymmetric algorithms may
     have been similarly vulnerable. Reported by Eyal Ronen, Robert Gillham,
     Daniel Genkin, Adi Shamir, David Wong and Yuval Yarom.
   * Wipe sensitive buffers on the stack in the CTR_DRBG and HMAC_DRBG
     modules.
  API Changes
   * The new functions mbedtls_ctr_drbg_update_ret() and
     mbedtls_hmac_drbg_update_ret() are similar to mbedtls_ctr_drbg_update()
     and mbedtls_hmac_drbg_update() respectively, but the new functions
     report errors whereas the old functions return void. We recommend that
     applications use the new functions.
- Version 2.14.0:
  Security

OBS-URL: https://build.opensuse.org/request/show/657220
OBS-URL: https://build.opensuse.org/package/show/security:tls/mbedtls?expand=0&rev=4
2018-12-11 15:42:05 +00:00
Dominique Leuenberger
79546094fd Accepting request 621852 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/621852
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mbedtls?expand=0&rev=17
2018-07-13 08:19:30 +00:00
Dominique Leuenberger
b19ab02e4a Accepting request 576327 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/576327
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mbedtls?expand=0&rev=14
2018-02-15 12:21:52 +00:00
Dominique Leuenberger
6e59b5513a Accepting request 423405 from devel:libraries:c_c++
- Merge changes from home:X0F:HSF
- Add mbedtls_fix522.patch which fixes building of dpendant
  libraries

- Update description

- Split shared libraries to subpackages

- update to 2.3.0:
  * adding libmbedcrypto, libmbedx509
  * headers moved to /usr/include/mbedtls
  * remove compatibility symlink
  * source compatibility header /usr/include/mbedtls/compat-1.3.h
  * Use primary upstream license (Apache-2.0)

OBS-URL: https://build.opensuse.org/request/show/423405
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mbedtls?expand=0&rev=9
2016-09-30 13:22:53 +00:00
Dominique Leuenberger
5679e57a39 Accepting request 319258 from devel:libraries:c_c++
1

OBS-URL: https://build.opensuse.org/request/show/319258
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mbedtls?expand=0&rev=4
2015-08-10 07:11:21 +00:00