From d69ae8c21dd7041c04261d5e7148f0065df2d886 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 25 Oct 2019 08:53:01 +0100 Subject: [PATCH] Add ChangeLog entry --- ChangeLog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ChangeLog b/ChangeLog index 125e5b69d..95c0d177d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -65,6 +65,13 @@ Changes = mbed TLS 2.16.x branch released xxxx-xx-xx +Security + * Fix side channel vulnerability in ECDSA. Our bignum implementation is not + constant time/constant trace, so side channel attacks can retrieve the + blinded value, factor it (as it is smaller than RSA keys and not guaranteed + to have only large prime factors), and then, by brute force, recover the + key. Reported by Alejandro Cabrera Aldaya and Billy Brumley. + Bugfix * Remove redundant line for getting the bitlen of a bignum, since the variable holding the returned value is overwritten a line after.