Accepting request 858120 from security:tls

OBS-URL: https://build.opensuse.org/request/show/858120
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mbedtls?expand=0&rev=27

baselibs.conf

@@ -1,3 +1,3 @@
 libmbedtls13
 libmbedx509-1
-libmbedcrypto5
+libmbedcrypto6

mbedtls.changes

@@ -1,3 +1,46 @@
+-------------------------------------------------------------------
+Tue Dec 22 10:11:45 UTC 2020 - Dirk Müller <dmueller@suse.com>
+
+- update to 2.25.0:
+  * This release of Mbed TLS provides bug fixes, minor enhancements and new
+  features. This release includes fixes for security issues. 
+  * see https://github.com/ARMmbed/mbedtls/releases/tag/v2.25.0
+
+  * The functions mbedtls_cipher_auth_encrypt() and
+  mbedtls_cipher_auth_decrypt() would write past the minimum documented size
+  of the output buffer when used with NIST_KW. As a result, code using those
+  functions as documented with NIST_KW could have a buffer overwrite of up to
+  15 bytes, with consequences ranging up to arbitrary code execution
+  depending on the location of the output buffer.
+
+  * Limit the size of calculations performed by mbedtls_mpi_exp_mod to
+  MBEDTLS_MPI_MAX_SIZE to prevent a potential denial of service when generating
+  Diffie-Hellman key pairs. Credit to OSS-Fuzz.
+  
+  * A failure of the random generator was ignored in mbedtls_mpi_fill_random(),
+  which is how most uses of randomization in asymmetric cryptography (including
+  key generation, intermediate value randomization and blinding) are implemented.
+  This could cause failures or the silent use of non-random values. A random
+  generator can fail if it needs reseeding and cannot not obtain entropy, or due
+  to an internal failure (which, for Mbed TLS's own CTR_DRBG or HMAC_DRBG, can
+  only happen due to a misconfiguration).
+  
+  * Fix a compliance issue whereby we were not checking the tag on the algorithm
+  parameters (only the size) when comparing the signature in the description part
+  of the cert to the real signature. This meant that a NULL algorithm parameters
+  entry would look identical to an array of REAL (size zero) to the library and
+  thus the certificate would be considered valid. However, if the parameters do
+  not match in any way then the certificate should be considered invalid, and
+  indeed OpenSSL marks these certs as invalid when mbedtls did not. Many thanks
+  to guidovranken who found this issue via differential fuzzing and reported it
+  in #3629.
+  
+  * Zeroising of local buffers and variables which are used for calculations in
+  mbedtls_pkcs5_pbkdf2_hmac(), mbedtls_internal_sha*_process(),
+  mbedtls_internal_md*_process() and mbedtls_internal_ripemd160_process()
+  functions to erase sensitive data from memory. Reported by Johan Malmgren and
+  Johan Uppman Bruce from Sectra.
+
 -------------------------------------------------------------------
 Wed Sep  9 11:24:12 UTC 2020 - Dirk Mueller <dmueller@suse.com>
 

mbedtls.spec

@@ -17,10 +17,10 @@
 
 
 %define lib_tls    libmbedtls13
-%define lib_crypto libmbedcrypto5
+%define lib_crypto libmbedcrypto6
 %define lib_x509   libmbedx509-1
 Name:           mbedtls
-Version:        2.24.0
+Version:        2.25.0
 Release:        0
 Summary:        Libraries for crypto and SSL/TLS protocols
 License:        Apache-2.0

v2.24.0.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d436ae4892bd80329ca18a3960052fbb42d3f1f46c7519711d6763621ca6cfa0
-size 3911881

v2.25.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f838f670f51070bc6b4ebf0c084affd9574652ded435b064969f36ce4e8b586d
+size 3994316