mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 23:35:43 +01:00
138109133d
- it's 2020, there shouldn't be too many systems out there where SHA-1 is the only available hash option, so its usefulness is limited - OTOH testing configurations without SHA-2 reveal bugs that are not easy to fix in a fully compatible way So overall, the benefit/cost ratio is not good enough to justify keeping SHA-1 as a fallback option here. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
17 lines
930 B
Plaintext
17 lines
930 B
Plaintext
Changes
|
|
* The ECP module, enabled by `MBEDTLS_ECP_C`, now depends on
|
|
`MBEDTLS_CTR_DRBG_C`, `MBEDTLS_HMAC_DRBG_C`, `MBEDTLS_SHA512_C` or
|
|
`MBEDTLS_SHA256_C` for some side-channel coutermeasures. If side channels
|
|
are not a concern, this dependency can be avoided by enabling the new
|
|
option `MBEDTLS_ECP_NO_INTERNAL_RNG`.
|
|
|
|
Security
|
|
* Fix side channel in mbedtls_ecp_check_pub_priv() and
|
|
mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a
|
|
private key that didn't include the uncompressed public key), as well as
|
|
mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL
|
|
f_rng argument. An attacker with access to precise enough timing and
|
|
memory access information (typically an untrusted operating system
|
|
attacking a secure enclave) could fully recover the ECC private key.
|
|
Found and reported by Alejandro Cabrera Aldaya and Billy Brumley.
|