"Mbed TLS does not have a constant-time/constant-trace arithmetic library and uses blinding to protect against side channel attacks.
In the ECDSA signature routine previous Mbed TLS versions used the same RNG object for generating the ephemeral key pair and for generating the blinding values. The deterministic ECDSA function reused this by passing the RNG object created from the private key and the message to be signed as prescribed by RFC 6979. This meant that the same RNG object was used whenever the same message was signed, rendering the blinding ineffective."
"Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)"
Affected versions (see https://www.cvedetails.com/cve/CVE-2019-16910/):
@ maintainer(s): Can we start stabilization?
(In reply to Thomas Deutschmann from comment #1)
> @ maintainer(s): Can we start stabilization?
Its ready. KEYWORDS="amd64 arm arm64 ia64 ppc ppc64 x86"
@maintainer(s), can we cleanup?
(In reply to sam_c (Security Padawan) from comment #10)
> Thanks arches.
> @maintainer(s), can we cleanup?
(In reply to Anthony Basile from comment #11)
> (In reply to sam_c (Security Padawan) from comment #10)
> > Thanks arches.
> > @maintainer(s), can we cleanup?
GLSA Vote: No!
Repository is clean, all done!
Reopening because 2.17.0 was restored due to breaking net-p2p/fms:
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
Unable to check for sanity:
> no match for package: net-libs/mbedtls-2.19.1-r2
We're all clean here. Closing.