| commit | dd75c3183b60a208f4770bbd3d32a981272aa1ea | [log] [tgz] |
|---|---|---|
| author | Manuel Pégourié-Gonnard <mpg@elzevir.fr> | Mon Mar 31 11:55:42 2014 +0200 |
| committer | Manuel Pégourié-Gonnard <mpg@elzevir.fr> | Mon Mar 31 11:55:42 2014 +0200 |
| tree | 5e7aa78b3f468aa7f96c63b250c61dc24ccfc3c9 | |
| parent | 6b0d268bc919e14e0617169052e0ad874f2fca5c [diff] [blame] |
Remove potential timing leak in ecdsa_sign()
diff --git a/ChangeLog b/ChangeLog index 417b37f..a6bcdf1 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -2,6 +2,10 @@ = PolarSSL 1.3 branch +Security + * Avoid potential timing leak in ecdsa_sign() by blinding modular division. + (Found by Watson Ladd.) + Bugfix * The length of various ClientKeyExchange messages was not properly checked. * Some example server programs were not sending the close_notify alert.