mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-23 04:45:49 +01:00
Add changelog entry for mbedtls_mpi_write_binary fix
This commit is contained in:
parent
cc47d6c595
commit
c12113a61a
@ -9,6 +9,13 @@ Security
|
|||||||
RSA decryption (i.e. ciphersuites whose name contains RSA but not
|
RSA decryption (i.e. ciphersuites whose name contains RSA but not
|
||||||
(EC)DH(E)). Reported by Eyal Ronen, Robert Gillham, Daniel Genkin, Adi
|
(EC)DH(E)). Reported by Eyal Ronen, Robert Gillham, Daniel Genkin, Adi
|
||||||
Shamir, David Wong and Yuval Yarom. CVE-2018-19608
|
Shamir, David Wong and Yuval Yarom. CVE-2018-19608
|
||||||
|
* In mbedtls_mpi_write_binary(), don't leak the exact size of the number
|
||||||
|
via branching and memory access patterns. An attacker who could submit
|
||||||
|
a plaintext for RSA PKCS#1 v1.5 decryption but only observe the timing
|
||||||
|
of the decryption and not its result could nonetheless decrypt RSA
|
||||||
|
plaintexts and forge RSA signatures. Other asymmetric algorithms may
|
||||||
|
have been similarly vulnerable. Reported by Eyal Ronen, Robert Gillham,
|
||||||
|
Daniel Genkin, Adi Shamir, David Wong and Yuval Yarom.
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Fix failure in hmac_drbg in the benchmark sample application, when
|
* Fix failure in hmac_drbg in the benchmark sample application, when
|
||||||
|
Loading…
Reference in New Issue
Block a user