From 85596ae5f0a4709c371d696d2e2bbc5a3665ed83 Mon Sep 17 00:00:00 2001 From: Peter Korsgaard Date: Thu, 26 Sep 2019 12:31:45 +0200 Subject: [PATCH] package/mbedtls: security bump to version 2.7.12 Fixes the following security vulnerabilities: 2.7.12: - Fix a missing error detection in ECJPAKE. This could have caused a predictable shared secret if a hardware accelerator failed and the other side of the key exchange had a similar bug. - When writing a private EC key, use a constant size for the private value, as specified in RFC 5915. Previously, the value was written as an ASN.1 INTEGER, which caused the size of the key to leak about 1 bit of information on average and could cause the value to be 1 byte too large for the output buffer. - The deterministic ECDSA calculation reused the scheme's HMAC-DRBG to implement blinding. Because of this for the same key and message the same blinding value was generated. This reduced the effectiveness of the countermeasure and leaked information about the private key through side channels. Reported by Jack Lloyd. 2.7.11: - Make mbedtls_ecdh_get_params return an error if the second key belongs to a different group from the first. Before, if an application passed keys that belonged to different group, the first key's data was interpreted according to the second group, which could lead to either an error or a meaningless output from mbedtls_ecdh_get_params. In the latter case, this could expose at most 5 bits of the private key. Signed-off-by: Peter Korsgaard --- package/mbedtls/mbedtls.hash | 6 +++--- package/mbedtls/mbedtls.mk | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package/mbedtls/mbedtls.hash b/package/mbedtls/mbedtls.hash index 57a5aeffcb..84fe820c5c 100644 --- a/package/mbedtls/mbedtls.hash +++ b/package/mbedtls/mbedtls.hash @@ -1,5 +1,5 @@ -# From https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.0-2.7.9-and-2.1.18-released -sha1 70dc65f3f6f6b2392b821163be7f1f634f0012c8 mbedtls-2.7.9-apache.tgz -sha256 18e57260b46579245744adb79c2924194dad36aac38c2d0be9e749b9181c706f mbedtls-2.7.9-apache.tgz +# From https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.3-and-2.7.12-released +sha1 ce1af75d497cc03fe5c8e8e15fbf583d9dfbacd1 mbedtls-2.7.12-apache.tgz +sha256 d3a36dbc9f607747daa6875c1ab2e41f49eff5fc99d3436b4f3ac90c89f3c143 mbedtls-2.7.12-apache.tgz # Locally calculated sha256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30 apache-2.0.txt diff --git a/package/mbedtls/mbedtls.mk b/package/mbedtls/mbedtls.mk index 4a5a731d42..427b2acb55 100644 --- a/package/mbedtls/mbedtls.mk +++ b/package/mbedtls/mbedtls.mk @@ -5,7 +5,7 @@ ################################################################################ MBEDTLS_SITE = https://tls.mbed.org/code/releases -MBEDTLS_VERSION = 2.7.9 +MBEDTLS_VERSION = 2.7.12 MBEDTLS_SOURCE = mbedtls-$(MBEDTLS_VERSION)-apache.tgz MBEDTLS_CONF_OPTS = \ -DENABLE_PROGRAMS=$(if $(BR2_PACKAGE_MBEDTLS_PROGRAMS),ON,OFF) \