diff --git a/ChangeLog b/ChangeLog index 81c7534cf..3f2385451 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,8 +7,11 @@ Security decryption that could lead to a Bleichenbacher-style padding oracle attack. In TLS, this affects servers that accept ciphersuites based on RSA decryption (i.e. ciphersuites whose name contains RSA but not - (EC)DH(E)). Reported by Eyal Ronen, Robert Gillham, Daniel Genkin, Adi - Shamir, David Wong and Yuval Yarom. CVE-2018-19608 + (EC)DH(E)). Discovered by Eyal Ronen (Weizmann Institute), Robert Gillham + (University of Adelaide), Daniel Genkin (University of Michigan), + Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom + (University of Adelaide, Data61). The attack is described in more detail + in the paper available here: http://cat.eyalro.net/cat.pdf CVE-2018-19608 * In mbedtls_mpi_write_binary(), don't leak the exact size of the number via branching and memory access patterns. An attacker who could submit a plaintext for RSA PKCS#1 v1.5 decryption but only observe the timing