Skip to content

Mbed Crypto 3.1.0

Latest
Compare
Choose a tag to compare
@yanesca yanesca released this 21 Feb 09:39
· 53 commits to development since this release
cf4a40b

Introduction

Mbed Crypto 3.1.0 has now been released. This release brings fixes for a security issue, as described in more detail in our security advisory.

The Mbed cryptography library is a reference implementation of the cryptography interface of the Arm Platform Security (PSA) architecture. Note that while this library is versioned as 3.1.0, the PSA APIs are under development and subject to change based on feedback. The next release of Mbed Crypto may not provide backwards compatibility with this release.

Security

  • Fix potential memory overread when performing an ECDSA signature operation. The overread only happens with cryptographically low probability (of the order of 2^-n where n is the bitsize of the curve) unless the RNG is broken, and could result in information disclosure or denial of service (application crash or extra resource consumption). Found by Auke Zeilstra and Peter Schwabe, using static analysis.
  • To avoid a side channel vulnerability when parsing an RSA private key, read all the CRT parameters from the DER structure rather than reconstructing them. Found by Alejandro Cabrera Aldaya and Billy Bob Brumley. Reported and fix contributed by Jack Lloyd.

Features

  • The new build option MBEDTLS_SHA512_NO_SHA384 allows building SHA-512 support without SHA-384.

API Changes

  • Change the encoding of key types and curves in the PSA API. The new values are aligned with the upcoming release of the PSA Crypto API specification version 1.0.0. The main change which may break some existing code is that elliptic curve key types no longer encode the exact curve: a psa_ecc_curve_t or psa_key_type_t value only encodes a curve family and the key size determines the exact curve (for example, PSA_ECC_CURVE_SECP_R1 with 256 bits is P256R1).

Bugfix

  • Fix a possible error code mangling in psa_mac_verify_finish() when a cryptographic accelerator fails.
  • Fix a bug in mbedtls_pk_parse_key() that would cause it to accept some RSA keys that would later be rejected by functions expecting private keys. Found by Catena cyber using oss-fuzz (issue 20467).
  • Fix a bug in mbedtls_pk_parse_key() that would cause it to accept some RSA keys with invalid values by silently fixing those values.

Who should update

We recommend all affected users should update to take advantage of the bug fixes contained in this release at an appropriate point in their development lifecycle.