Security update that addresses:
- Local side channel attack on RSA and static Diffie-Hellman
- Local side channel attack on classical CBC decryption in (D)TLS
Other changes are listed at
https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.16.8/ChangeLog
Minor of libmbedtls has been bumped because of the addition of a symbol.
OK tb@
Fix side channel in ECC code that allowed an adversary with access to
precise enough timing and memory access information to fully recover an
ECDSA private key (CVE-2020-10932).
Mbed TLS 2.16.3 is a maintenance release of the Mbed TLS 2.16 branch,
and provides bug fixes and minor enhancements. Overview of changes can
be found at
https://github.com/ARMmbed/mbedtls/releases/tag/mbedtls-2.16.3.
Minor of mbedcrypto has been bumped as symbols have been added.
OK sthen@
This is the first release in a new long term support branch, which fixes
a couple of bugs, and adds some new features. Changelog can be found at
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.0-2.7.9-and-2.1.18-released
- Minors of mbedtls and mbedcrypt have been bumped as symbols have been
added
- Tell PORTROACH to follow the LTS branch
- Take maintainership
OK juanfra@
Fixes vulnerabilities in the TLS ciphersuites (CVE-2018-0497 and
CVE-2018-0498). Major number of all SHARED_LIBS have been bumped as
symbols have been removed.
OK sthen@
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01
mentions 3 security issues, at least CVE-2017-2784 (Freeing of memory
allocated on stack when validating a public key with a secp224k1 curve)
affects mbedtls-2.2.1.
Packaging:
- bump major of shared libs since symbols have been removed
- tweak license marker
- kill code in testsuite that fails to build with our stdio
implementation (can't take the address of stdout, the C standard
warns about that)
- kill some debug flags set by cmake
Make test passes on amd64 and arm, also tests & ok juanfra@
tree currently uses this library)
* Lowest common hash was selected from signature_algorithms extension in
TLS 1.2 (found by Darren Bane) (introduced in 1.3.8).
* Remotely-triggerable memory leak when parsing some X.509 certificates
(server is not affected if it doesn't ask for a client certificate)
(found using Codenomicon Defensics).
* Remotely-triggerable memory leak when parsing crafted ClientHello
(not affected if ECC support was compiled out) (found using Codenomicon
Defensics).
- includes a fix for CVE-2014-4911 (DoS)
- delete patches committed upstream
- unbreak sparc64
- new features, see ChangeLog
Regress tests pass on amd64 and sparc64.
ok sthen@
Note that no port uses it yet.
