Add ChangeLog entry

This commit is contained in:
Janos Follath 2019-11-11 14:15:00 +00:00
parent e25f1ee44d
commit d71f31bfb7

View file

@ -2,6 +2,12 @@ mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS 2.16.x branch released xxxx-xx-xx
Security
* Fix side channel vulnerability in ECDSA key generation. Obtaining precise
timings on the comparison in the key generation enabled the attacker to
learn leading bits of the ephemeral key used during ECDSA signatures and to
recover the private key. Reported by Jeremy Dubeuf.
Bugfix
* Remove redundant line for getting the bitlen of a bignum, since the variable
holding the returned value is overwritten a line after.