Manuel Pégourié-Gonnard ac12767ff3 Fix non-constant-time comparison in mbedtls_ecp_gen_privkey ...

Calling mbedtls_mpi_cmp_int reveals the number of leading zero limbs
to an adversary who is capable of very fine-grained timing
measurements. This is very little information, but could be practical
with secp521r1 (1/512 chance of the leading limb being 0) if the
adversary can measure the precise timing of a large number of
signature operations.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

2021-06-01 12:06:57 +02:00

..

00README.md

When to write a changelog: minor improvements

2020-10-01 00:34:22 +02:00

add-missing-parenthesis.txt

Improve changelog entry for #4217

2021-04-27 17:10:41 +01:00

aescrypt2.txt

Remove the sample program aescrypt2

2021-04-28 17:45:12 +02:00

aria-alt.txt

Changelog entry for the ARIA_ALT and CAMELLIA_ALT fixes

2021-05-25 18:45:46 +02:00

bugfix_PR3616.txt

Fix premature fopen() call in mbedtls_entropy_write_seed_file #3175

2020-09-28 00:28:25 +03:00

ciphersuite-sha1-sha384-guard.txt

Fix dependency for TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384

2021-05-19 16:54:32 +02:00

dhm_min_bitlen.txt

Enforce dhm_min_bitlen exactly, not just the byte size

2021-04-09 17:35:33 +02:00

dtls_sample_use_read_timeout.txt

Actually use the READ_TIMEOUT_MS in the sample DTLS client and server

2021-03-15 16:55:03 -04:00

ecdsa-random-leading-zeros.txt

Fix non-constant-time comparison in mbedtls_ecp_gen_privkey

2021-06-01 12:06:57 +02:00

fix-pk-parse-key-error-code.txt

Fix an incorrect error code addition in pk_parse_key_pkcs8_unencrypted_der

2021-04-28 13:54:16 +02:00

host_test-int32.txt

Fix build error when int32_t is not int

2021-05-18 16:44:22 +02:00

make-generate-tests-python.txt

Changelog entry for no longer explicitly invoking python2

2021-05-12 19:01:26 +02:00

mpi_read_negative_zero.txt

Explain the problem in more concrete terms

2021-04-12 17:17:34 +02:00

posix-define.txt

Add changelog for posix definition

2021-05-13 11:18:59 -06:00