eden-emu/mbedtls
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add changelog entry

Browse source
This commit is contained in:
Gilles Peskine 2020-01-31 12:05:53 +01:00 committed by Simon Butcher
parent d817f54077
commit a32e45d632
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
ChangeLog
View file

@ -70,6 +70,11 @@ Security
unless the RNG is broken, and could result in information disclosure or unless the RNG is broken, and could result in information disclosure or
denial of service (application crash or extra resource consumption). denial of service (application crash or extra resource consumption).
Found by Auke Zeilstra and Peter Schwabe, using static analysis. Found by Auke Zeilstra and Peter Schwabe, using static analysis.
* To avoid a side channel vulnerability when parsing an RSA private key,
read all the CRT parameters from the DER structure rather than
reconstructing them. Found by Alejandro Cabrera Aldaya and Billy Bob
Brumley. Reported and fix contributed by Jack Lloyd.
ARMmbed/mbed-crypto#352
Bugfix Bugfix
* Fix an unchecked call to mbedtls_md() in the x509write module. * Fix an unchecked call to mbedtls_md() in the x509write module.