a7186d0913
Fix CVE-2019-18222: Our bignum implementation is not constant time/constant trace, so side channel attacks can retrieve the blinded value, factor it (as it is smaller than RSA keys and not guaranteed to have only large prime factors), and then, by brute force, recover the key. Reported by Alejandro Cabrera Aldaya and Billy Brumley. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> |
||
|---|---|---|
| .. | ||
| 0001-bn_mul.h-fix-x86-PIC-inline-ASM-compilation-with-GCC.patch | ||
| Config.in | ||
| mbedtls.hash | ||
| mbedtls.mk | ||