Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via or IRC
Bug 711180 (CVE-2019-16910) - <net-libs/mbedtls-2.19.0: use of RNG with insufficient entropy allows to recover private key vise side-channel attack (CVE-2019-16910)
Summary: <net-libs/mbedtls-2.19.0: use of RNG with insufficient entropy allows to reco...
Alias: CVE-2019-16910
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B4 [noglsa cve]
Depends on: 712704
  Show dependency tree
Reported: 2020-03-01 17:07 UTC by Sam James
Modified: 2020-07-04 18:43 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---
nattka: sanity-check-


Note You need to log in before you can comment on or make changes to this bug.
Description Sam James gentoo-dev Security 2020-03-01 17:07:33 UTC
"Mbed TLS does not have a constant-time/constant-trace arithmetic library and uses blinding to protect against side channel attacks.

In the ECDSA signature routine previous Mbed TLS versions used the same RNG object for generating the ephemeral key pair and for generating the blinding values. The deterministic ECDSA function reused this by passing the RNG object created from the private key and the message to be signed as prescribed by RFC 6979. This meant that the same RNG object was used whenever the same message was signed, rendering the blinding ineffective."

"Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)"

Affected versions (see
- <2.19.0
- <2.18.1
- 2.17.0
- <2.16.3
- 2.12.0
- 2.10.0
Comment 1 Thomas Deutschmann gentoo-dev Security 2020-03-02 22:29:53 UTC
@ maintainer(s): Can we start stabilization?
Comment 2 Anthony Basile gentoo-dev 2020-03-03 00:46:53 UTC
(In reply to Thomas Deutschmann from comment #1)
> @ maintainer(s): Can we start stabilization?

Its ready. KEYWORDS="amd64 arm arm64 ia64 ppc ppc64 x86"
Comment 3 Agostino Sarubbo gentoo-dev 2020-03-03 11:46:37 UTC
x86 stable
Comment 4 Agostino Sarubbo gentoo-dev 2020-03-03 12:39:53 UTC
amd64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2020-03-03 12:40:59 UTC
ppc stable
Comment 6 Agostino Sarubbo gentoo-dev 2020-03-03 13:41:46 UTC
arm stable
Comment 7 Agostino Sarubbo gentoo-dev 2020-03-03 14:38:42 UTC
ppc64 stable
Comment 8 Agostino Sarubbo gentoo-dev 2020-03-04 08:08:07 UTC
ia64 stable
Comment 9 Mart Raudsepp gentoo-dev 2020-03-13 22:11:14 UTC
arm64 stable
Comment 10 Sam James gentoo-dev Security 2020-03-13 22:12:21 UTC
Thanks arches.

@maintainer(s), can we cleanup?
Comment 11 Anthony Basile gentoo-dev 2020-03-15 01:15:38 UTC
(In reply to sam_c (Security Padawan) from comment #10)
> Thanks arches.
> @maintainer(s), can we cleanup?

Comment 12 Sam James gentoo-dev Security 2020-03-15 01:19:29 UTC
(In reply to Anthony Basile from comment #11)
> (In reply to sam_c (Security Padawan) from comment #10)
> > Thanks arches.
> > 
> > @maintainer(s), can we cleanup?
> done

Comment 13 Thomas Deutschmann gentoo-dev Security 2020-03-15 02:54:06 UTC
GLSA Vote: No!

Repository is clean, all done!
Comment 14 Sam James gentoo-dev Security 2020-03-15 03:19:30 UTC
Reopening because 2.17.0 was restored due to breaking net-p2p/fms:
Comment 15 NATTkA bot gentoo-dev 2020-04-06 11:25:11 UTC
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
Comment 16 NATTkA bot gentoo-dev 2020-05-25 21:24:46 UTC
Unable to check for sanity:

> no match for package: net-libs/mbedtls-2.19.1-r2
Comment 17 Sam James gentoo-dev Security 2020-05-25 21:32:56 UTC
Thanks :)
Comment 18 Sam James gentoo-dev Security 2020-07-04 18:43:22 UTC
We're all clean here. Closing.