c694d51223
Replace the bundled Mbed TLS 2.26.0 sources with the 2.28.10 release
(last LTS in the 2.x series, released 2025-03-24). 2.28.x is a strict
ABI-compatible continuation of the 2.x line, so no librist code change
is required; the bundled subset (crypto-only, no TLS/X.509/debug) keeps
the same exclusion list as before.
What this brings in:
* CVE-2025-27809: TLS clients without mbedtls_ssl_set_hostname() can
no longer be silently impersonated by any cert-authenticated server.
* CVE-2025-27810: TLS 1.2 Finished message could be miscalculated on
allocator/HW failure, breaking the handshake's integrity guarantee.
* CVE-2024-45157: PSA HMAC_DRBG selection regression.
* Several years of fixes across AES, ECP, MPI, RSA, PK, PKCS5,
bignum constant-time routines, Windows-specific build issues, and
the new constant_time.c side-channel-hardening primitives that are
now used pervasively throughout the crypto core.
What this required on the librist side:
* meson.build (contrib/mbedtls): add 5 new crypto sources that the
crypto core now hard-depends on:
- library/constant_time.c
- library/psa_crypto_aead.c
- library/psa_crypto_cipher.c
- library/psa_crypto_hash.c
- library/psa_crypto_mac.c
No previously-listed sources were removed upstream, and librist's
classic-API usage (AES-CTR, CTR-DRBG, entropy, SHA-256, PBKDF2,
MPI) is unchanged.
* library/timing.c: re-apply the downstream "widen hardclock gate
from defined(_MSC_VER) to defined(_WIN32)" patch (originally
6495392) so MinGW and Clang-Windows builds keep using
QueryPerformanceCounter for mbedtls_timing_hardclock(). Upstream
Mbed TLS 2.28 still gates this on _MSC_VER only.
* refresh_mbedtls_source.sh: point at subprojects/mbedtls-2.28.10/.
Two files removed by upstream between 2.26 and 2.28 and dropped here
accordingly: psa_crypto_service_integration.h and ssl_invasive.h.
Also drop the stale library/libmbedcrypto.a build artifact that was
checked in by accident with the original 2.26.0 import.