SHA256
1
0
forked from pool/mbedtls-2

Accepting request 1116219 from home:jaimeMF:branches:security:tls

- Update to 2.28.5:
  Features
  * The documentation of mbedtls_ecp_group now describes the optimized
    representation of A for some curves. Fixes gh#Mbed-TLS/mbedtls#8045.
  Security
  * Developers using mbedtls_pkcs5_pbes2() or mbedtls_pkcs12_pbe() should
    review the size of the output buffer passed to this function, and note that
    the output after decryption may include CBC padding. Consider moving to the
    new functions mbedtls_pkcs5_pbes2_ext() or mbedtls_pkcs12_pbe_ext() which
    checks for overflow of the output buffer and reports the actual length of
    the output.
  * Improve padding calculations in CBC decryption, NIST key unwrapping and
    RSA OAEP decryption. With the previous implementation, some compilers
    (notably recent versions of Clang and IAR) could produce non-constant time
    code, which could allow a padding oracle attack if the attacker has access
    to precise timing measurements.
  * Fix a buffer overread when parsing short TLS application data records in
    ARC4 or null-cipher cipher suites. Credit to OSS-Fuzz.
  Bugfix
  * Fix x509 certificate generation to conform to RFC 5480 / RFC 5758 when
    using ECC key. The certificate was rejected by some crypto frameworks.
    Fixes gh#Mbed-TLS/mbedtls#2924.
  * Fix some cases where mbedtls_mpi_mod_exp, RSA key construction or ECDSA
    signature can silently return an incorrect result in low memory conditions.
  * Fix IAR compiler warnings. Fixes gh#Mbed-TLS/mbedtls#7873,
    gh#Mbed-TLS/mbedtls#4300.
  * Fix an issue when parsing an otherName subject alternative name into a
    mbedtls_x509_san_other_name struct. The type-id of the otherName was not
    copied to the struct. This meant that the struct had incomplete information
    about the otherName SAN and contained uninitialized memory.
  * Fix the detection of HardwareModuleName otherName SANs. These were being
    detected by comparing the wrong field and the check was erroneously
    inverted.
  * Fix an error when MBEDTLS_ECDSA_SIGN_ALT is defined but not
    MBEDTLS_ECDSA_VERIFY_ALT, causing ecdsa verify to fail. Fixes
    gh#Mbed-TLS/mbedtls#7498.  Functions in the ssl_cache module now return a
    negative MBEDTLS_ERR_xxx error code on failure. Before, they returned 1 to
    indicate failure in some cases involving a missing entry or a full cache.
  Changes
  * In configurations with ARIA or Camellia but not AES, the value of
    MBEDTLS_CIPHER_BLKSIZE_MAX was 8, rather than 16 as the name might suggest.
    This did not affect any library code, because this macro was only used in
    relation with CMAC which does not support these ciphers.  Its value is now
    16 if ARIA or Camellia are present. This may affect application code that
    uses this macro.

OBS-URL: https://build.opensuse.org/request/show/1116219
OBS-URL: https://build.opensuse.org/package/show/security:tls/mbedtls-2?expand=0&rev=8
This commit is contained in:
Jaime Marquínez Ferrándiz 2023-10-07 14:56:25 +00:00 committed by Git OBS Bridge
parent 8c8d5286ad
commit 77cd7e0775
4 changed files with 53 additions and 4 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:578c4dcd15bbff3f5cd56aa07cd4f850fc733634e3d5947be4f7157d5bfd81ac
size 3993397

3
mbedtls-2.28.5.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:849e86b626e42ded6bf67197b64aa771daa54e2a7e2868dc67e1e4711959e5e3
size 4004752

View File

@ -1,3 +1,52 @@
-------------------------------------------------------------------
Sat Oct 7 13:08:45 UTC 2023 - Jaime Marquínez Ferrándiz <jaime.marquinez.ferrandiz@fastmail.net>
- Update to 2.28.5:
Features
* The documentation of mbedtls_ecp_group now describes the optimized
representation of A for some curves. Fixes gh#Mbed-TLS/mbedtls#8045.
Security
* Developers using mbedtls_pkcs5_pbes2() or mbedtls_pkcs12_pbe() should
review the size of the output buffer passed to this function, and note that
the output after decryption may include CBC padding. Consider moving to the
new functions mbedtls_pkcs5_pbes2_ext() or mbedtls_pkcs12_pbe_ext() which
checks for overflow of the output buffer and reports the actual length of
the output.
* Improve padding calculations in CBC decryption, NIST key unwrapping and
RSA OAEP decryption. With the previous implementation, some compilers
(notably recent versions of Clang and IAR) could produce non-constant time
code, which could allow a padding oracle attack if the attacker has access
to precise timing measurements.
* Fix a buffer overread when parsing short TLS application data records in
ARC4 or null-cipher cipher suites. Credit to OSS-Fuzz.
Bugfix
* Fix x509 certificate generation to conform to RFC 5480 / RFC 5758 when
using ECC key. The certificate was rejected by some crypto frameworks.
Fixes gh#Mbed-TLS/mbedtls#2924.
* Fix some cases where mbedtls_mpi_mod_exp, RSA key construction or ECDSA
signature can silently return an incorrect result in low memory conditions.
* Fix IAR compiler warnings. Fixes gh#Mbed-TLS/mbedtls#7873,
gh#Mbed-TLS/mbedtls#4300.
* Fix an issue when parsing an otherName subject alternative name into a
mbedtls_x509_san_other_name struct. The type-id of the otherName was not
copied to the struct. This meant that the struct had incomplete information
about the otherName SAN and contained uninitialized memory.
* Fix the detection of HardwareModuleName otherName SANs. These were being
detected by comparing the wrong field and the check was erroneously
inverted.
* Fix an error when MBEDTLS_ECDSA_SIGN_ALT is defined but not
MBEDTLS_ECDSA_VERIFY_ALT, causing ecdsa verify to fail. Fixes
gh#Mbed-TLS/mbedtls#7498. Functions in the ssl_cache module now return a
negative MBEDTLS_ERR_xxx error code on failure. Before, they returned 1 to
indicate failure in some cases involving a missing entry or a full cache.
Changes
* In configurations with ARIA or Camellia but not AES, the value of
MBEDTLS_CIPHER_BLKSIZE_MAX was 8, rather than 16 as the name might suggest.
This did not affect any library code, because this macro was only used in
relation with CMAC which does not support these ciphers. Its value is now
16 if ARIA or Camellia are present. This may affect application code that
uses this macro.
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Aug 16 18:46:37 UTC 2023 - Scott Bradnick <scott.bradnick@suse.com> Wed Aug 16 18:46:37 UTC 2023 - Scott Bradnick <scott.bradnick@suse.com>

View File

@ -21,7 +21,7 @@
%define lib_x509 libmbedx509-1 %define lib_x509 libmbedx509-1
%define _rname mbedtls %define _rname mbedtls
Name: mbedtls-2 Name: mbedtls-2
Version: 2.28.4 Version: 2.28.5
Release: 0 Release: 0
Summary: Libraries for crypto and SSL/TLS protocols Summary: Libraries for crypto and SSL/TLS protocols
License: Apache-2.0 License: Apache-2.0