From f142d4ccaba7dca43b0526bdbae7486ee9f994d0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 11 Feb 2020 19:05:03 +0100 Subject: [PATCH 1/3] Update ChangeLog for crypto changes since Mbed Crypto 3.0.1 Add ChangeLog entries for changes brought by the submodule update in 81d31002503f0cdc735176279e913106155666c4. --- ChangeLog | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/ChangeLog b/ChangeLog index aadc9e95d3..b05b522d90 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,27 @@ New deprecations library which allows TLS authentication to use keys stored in a PKCS#11 token such as a smartcard. +Security + * Fix potential memory overread when performing an ECDSA signature + operation. The overread only happens with cryptographically low + probability (of the order of 2^-n where n is the bitsize of the curve) + unless the RNG is broken, and could result in information disclosure or + denial of service (application crash or extra resource consumption). + Found by Auke Zeilstra and Peter Schwabe, using static analysis. + +Features + * The new build option MBEDTLS_SHA512_NO_SHA384 allows building SHA-512 + support without SHA-384. + +API changes + * Change the encoding of key types and curves in the PSA API. The new + values are aligned with the upcoming release of the PSA Crypto API + specification version 1.0.0. The main change which may break some + existing code is that elliptic curve key types no longer encode the + exact curve: a psa_ecc_curve_t or psa_key_type_t value only encodes + a curve family and the key size determines the exact curve (for example, + PSA_ECC_CURVE_SECP_R1 with 256 bits is P256R1). ARMmbed/mbed-crypto#330 + Bugfix * Fix an unchecked call to mbedtls_md() in the x509write module. * Fix build failure with MBEDTLS_ZLIB_SUPPORT enabled. Reported by From 799ae77f90584f39c2fbdae7e117ff5742774d77 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 11 Feb 2020 18:41:16 +0100 Subject: [PATCH 2/3] Update crypto submodule * #352: Parse RSA parameters DP, DQ and QP from PKCS1 private keys * #263: Introduce ASN.1 SEQUENCE traversal API * #345: Fix possible error code mangling in psa_mac_verify_finish * #357: Update Mbed Crypto with latest Mbed TLS changes as of 2020-02-03 * #350: test_suite_asn1parse: improve testing of trailing garbage in parse_prefixes * #346: Improve robustness and testing of mbedtls_mpi_copy --- crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto b/crypto index 819799cfc6..4d8c836cdc 160000 --- a/crypto +++ b/crypto @@ -1 +1 @@ -Subproject commit 819799cfc68e4c4381673a8a27af19802c8263f2 +Subproject commit 4d8c836cdc4559d862337c5b2ecc9ca5d1e7810f From 25a5c09fbb50bf186cabffebf9b75cc1aff07ab3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 11 Feb 2020 19:12:49 +0100 Subject: [PATCH 3/3] Update ChangeLog for crypto changes from 799ae77f90584f39c2fbdae7e117ff5742774d77 Add ChangeLog entries for changes brought by the submodule update in the previous commit. --- ChangeLog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ChangeLog b/ChangeLog index b05b522d90..4bbf8f16fd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,11 @@ Security unless the RNG is broken, and could result in information disclosure or denial of service (application crash or extra resource consumption). Found by Auke Zeilstra and Peter Schwabe, using static analysis. + * To avoid a side channel vulnerability when parsing an RSA private key, + read all the CRT parameters from the DER structure rather than + reconstructing them. Found by Alejandro Cabrera Aldaya and Billy Bob + Brumley. Reported and fix contributed by Jack Lloyd. + ARMmbed/mbed-crypto#352 Features * The new build option MBEDTLS_SHA512_NO_SHA384 allows building SHA-512 @@ -37,6 +42,8 @@ Bugfix Jack Lloyd in #2859. Fix submitted by jiblime in #2963. * Fix some false-positive uninitialized variable warnings in X.509. Fix contributed by apple-ihack-geek in #2663. + * Fix a possible error code mangling in psa_mac_verify_finish() when + a cryptographic accelerator fails. ARMmbed/mbed-crypto#345 = mbed TLS 2.20.0 branch released 2020-01-15