mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-10-18 12:31:05 +00:00
Add ChangeLog entry
This commit is contained in:
Janos Follath
parent
d65df1fa67
commit
1baed82774
|
|
@ -2,6 +2,13 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
|||
|
||||
= mbed TLS 2.16.x branch released xxxx-xx-xx
|
||||
|
||||
Security
|
||||
* Fix side channel vulnerability in ECDSA. Our bignum implementation is not
|
||||
constant time/constant trace, so side channel attacks can retrieve the
|
||||
blinded value, factor it (as it is smaller than RSA keys and not guaranteed
|
||||
to have only large prime factors), and then, by brute force, recover the
|
||||
key. Reported by Alejandro Cabrera Aldaya and Billy Brumley.
|
||||
|
||||
Bugfix
|
||||
* Remove redundant line for getting the bitlen of a bignum, since the variable
|
||||
holding the returned value is overwritten a line after.
|
||||
|
|
|
|||
Loading…
Reference in a new issue