Add changelog entry for mbedtls_mpi_write_binary fix

This commit is contained in:
Gilles Peskine 2018-11-29 12:46:05 +01:00
parent 056f19c79f
commit 50da016e5c

View file

@ -9,6 +9,13 @@ Security
RSA decryption (i.e. ciphersuites whose name contains RSA but not
(EC)DH(E)). Reported by Eyal Ronen, Robert Gillham, Daniel Genkin, Adi
Shamir, David Wong and Yuval Yarom. CVE-2018-19608
* In mbedtls_mpi_write_binary(), don't leak the exact size of the number
via branching and memory access patterns. An attacker who could submit
a plaintext for RSA PKCS#1 v1.5 decryption but only observe the timing
of the decryption and not its result could nonetheless decrypt RSA
plaintexts and forge RSA signatures. Other asymmetric algorithms may
have been similarly vulnerable. Reported by Eyal Ronen, Robert Gillham,
Daniel Genkin, Adi Shamir, David Wong and Yuval Yarom.
= mbed TLS 2.13.1 branch released 2018-09-06