2020-05-19 12:38:31 +02:00
|
|
|
Changes
|
|
|
|
|
* The ECP module, enabled by `MBEDTLS_ECP_C`, now depends on
|
|
|
|
|
`MBEDTLS_CTR_DRBG_C` or `MBEDTLS_HMAC_DRBG_C` for some side-channel
|
|
|
|
|
coutermeasures. If side channels are not a concern, this dependency can
|
|
|
|
|
be avoided by enabling the new option `MBEDTLS_ECP_NO_INTERNAL_RNG`.
|
2020-06-04 10:31:06 +02:00
|
|
|
|
|
|
|
|
Security
|
|
|
|
|
* Fix side channel in mbedtls_ecp_check_pub_priv() and
|
|
|
|
|
mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a
|
|
|
|
|
private key that didn't include the uncompressed public key), as well as
|
|
|
|
|
mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL
|
|
|
|
|
f_rng argument. An attacker with access to precise enough timing and
|
|
|
|
|
memory access information (typically an untrusted operating system
|
|
|
|
|
attacking a secure enclave) could fully recover the ECC private key.
|
|
|
|
|
Found and reported by Alejandro Cabrera Aldaya and Billy Brumley.
|
