Security | |
* Fix a potential side channel vulnerability in ECDSA ephemeral key generation. | |
An adversary who is capable of very precise timing measurements could | |
learn partial information about the leading bits of the nonce used for the | |
signature, allowing the recovery of the private key after observing a | |
large number of signature operations. This completes a partial fix in | |
Mbed TLS 2.20.0. |