aboutsummaryrefslogtreecommitdiff
path: root/ChangeLog.d/ecp-internal-rng.txt
blob: c0419acad508fdeb3cad9cb56b0a95310244608f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Changes
   * The ECP module, enabled by `MBEDTLS_ECP_C`, now depends on
     `MBEDTLS_CTR_DRBG_C` or `MBEDTLS_HMAC_DRBG_C` for some side-channel
     coutermeasures. If side channels are not a concern, this dependency can
     be avoided by enabling the new option `MBEDTLS_ECP_NO_INTERNAL_RNG`.

Security
   * Fix side channel in mbedtls_ecp_check_pub_priv() and
     mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a
     private key that didn't include the uncompressed public key), as well as
     mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL
     f_rng argument. An attacker with access to precise enough timing and
     memory access information (typically an untrusted operating system
     attacking a secure enclave) could fully recover the ECC private key.
     Found and reported by Alejandro Cabrera Aldaya and Billy Brumley.