mbedtls: Update to upstream version 2.16.4

Fixes CVE-2019-18222. `include/mbedtls/version.h` was modified to include the forgotten version bump to 2.16.4, fixed upstream by ARMmbed/mbedtls#2992.
author: Rémi Verschelde <rverschelde@gmail.com> 2020-01-26 18:06:09 +0100
committer: Rémi Verschelde <rverschelde@gmail.com> 2020-01-26 18:19:29 +0100
commit: 724487b3c11e4038ed4accfef0d4803250ac92bf (patch)
tree: aebb521c7e23b2b6fa6e8c449070ae69795de19d /thirdparty/mbedtls/library/ecp.c
parent: 72c44bafac6e280b5e1e99b417588624bfb5ecc6 (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/thirdparty/mbedtls/library/ecp.c b/thirdparty/mbedtls/library/ecp.c
index db36191b9b..040c20bd38 100644
--- a/thirdparty/mbedtls/library/ecp.c
+++ b/thirdparty/mbedtls/library/ecp.c
@@ -2724,6 +2724,7 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
     {
         /* SEC1 3.2.1: Generate d such that 1 <= n < N */
         int count = 0;
+        unsigned cmp = 0;
 
         /*
          * Match the procedure given in RFC 6979 (deterministic ECDSA):
@@ -2748,9 +2749,14 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
              */
             if( ++count > 30 )
                 return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
+
+            ret = mbedtls_mpi_lt_mpi_ct( d, &grp->N, &cmp );
+            if( ret != 0 )
+            {
+                goto cleanup;
+            }
         }
-        while( mbedtls_mpi_cmp_int( d, 1 ) < 0 ||
-               mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 );
+        while( mbedtls_mpi_cmp_int( d, 1 ) < 0 || cmp != 1 );
     }
 #endif /* ECP_SHORTWEIERSTRASS */
author	Rémi Verschelde <rverschelde@gmail.com>	2020-01-26 18:06:09 +0100
committer	Rémi Verschelde <rverschelde@gmail.com>	2020-01-26 18:19:29 +0100
commit	724487b3c11e4038ed4accfef0d4803250ac92bf (patch)
tree	aebb521c7e23b2b6fa6e8c449070ae69795de19d /thirdparty/mbedtls/library/ecp.c
parent	72c44bafac6e280b5e1e99b417588624bfb5ecc6 (diff)