Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 711180 (CVE-2019-16910) - <net-libs/mbedtls-2.19.0: use of RNG with insufficient entropy allows to recover private key vise side-channel attack (CVE-2019-16910)
Summary: <net-libs/mbedtls-2.19.0: use of RNG with insufficient entropy allows to reco...
Status: RESOLVED FIXED
Alias: CVE-2019-16910
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://tls.mbed.org/tech-updates/sec...
Whiteboard: B4 [noglsa cve]
Keywords:
Depends on: 712704
Blocks:
  Show dependency tree
 
Reported: 2020-03-01 17:07 UTC by Sam James
Modified: 2020-07-04 18:43 UTC (History)
1 user (show)

See Also:
Package list:
net-libs/mbedtls-2.19.1-r2
Runtime testing required: ---
nattka: sanity-check-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-01 17:07:33 UTC 
Description:
"Mbed TLS does not have a constant-time/constant-trace arithmetic library and uses blinding to protect against side channel attacks.

In the ECDSA signature routine previous Mbed TLS versions used the same RNG object for generating the ephemeral key pair and for generating the blinding values. The deterministic ECDSA function reused this by passing the RNG object created from the private key and the message to be signed as prescribed by RFC 6979. This meant that the same RNG object was used whenever the same message was signed, rendering the blinding ineffective."

Further,
"Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)"

Affected versions (see https://www.cvedetails.com/cve/CVE-2019-16910/):
- <2.19.0
- <2.18.1
- 2.17.0
- <2.16.3
- 2.12.0
- 2.10.0
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-02 22:29:53 UTC 
@ maintainer(s): Can we start stabilization?
Comment 2 Anthony Basile gentoo-dev 2020-03-03 00:46:53 UTC 
(In reply to Thomas Deutschmann from comment #1)
> @ maintainer(s): Can we start stabilization?

Its ready. KEYWORDS="amd64 arm arm64 ia64 ppc ppc64 x86"
Comment 3 Agostino Sarubbo gentoo-dev 2020-03-03 11:46:37 UTC 
x86 stable
Comment 4 Agostino Sarubbo gentoo-dev 2020-03-03 12:39:53 UTC 
amd64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2020-03-03 12:40:59 UTC 
ppc stable
Comment 6 Agostino Sarubbo gentoo-dev 2020-03-03 13:41:46 UTC 
arm stable
Comment 7 Agostino Sarubbo gentoo-dev 2020-03-03 14:38:42 UTC 
ppc64 stable
Comment 8 Agostino Sarubbo gentoo-dev 2020-03-04 08:08:07 UTC 
ia64 stable
Comment 9 Mart Raudsepp gentoo-dev 2020-03-13 22:11:14 UTC 
arm64 stable
Comment 10 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-13 22:12:21 UTC 
Thanks arches.

@maintainer(s), can we cleanup?
Comment 11 Anthony Basile gentoo-dev 2020-03-15 01:15:38 UTC 
(In reply to sam_c (Security Padawan) from comment #10)
> Thanks arches.
> 
> @maintainer(s), can we cleanup?

done
Comment 12 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-15 01:19:29 UTC 
(In reply to Anthony Basile from comment #11)
> (In reply to sam_c (Security Padawan) from comment #10)
> > Thanks arches.
> > 
> > @maintainer(s), can we cleanup?
> 
> done

Thanks!
Comment 13 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-15 02:54:06 UTC 
GLSA Vote: No!

Repository is clean, all done!
Comment 14 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-15 03:19:30 UTC 
Reopening because 2.17.0 was restored due to breaking net-p2p/fms:

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b6d437cfc5afcba4b4fb5eb539f28d93bedd71e4
Comment 15 NATTkA bot gentoo-dev 2020-04-06 11:25:11 UTC 
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
Comment 16 NATTkA bot gentoo-dev 2020-05-25 21:24:46 UTC 
Unable to check for sanity:

> no match for package: net-libs/mbedtls-2.19.1-r2
Comment 17 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-05-25 21:32:56 UTC 
Thanks :)
Comment 18 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-04 18:43:22 UTC 
We're all clean here. Closing.