Add ChangeLog entry

commit: 1baed827746bbe017f4070502ecdad7e9bda09bc [log] [tgz]
author: Janos Follath <janos.follath@arm.com> Fri Oct 25 08:53:01 2019 +0100
committer: Janos Follath <janos.follath@arm.com> Fri Oct 25 11:21:30 2019 +0100
tree: 960dc9c9ff2b026182d37ef9cb0aeebf96a8f5da
parent: d65df1fa67ca80a5142909036d1b75d8c370f89d [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index c92e429..7074eb2 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -2,6 +2,13 @@
 
 = mbed TLS 2.16.x branch released xxxx-xx-xx
 
+Security
+   * Fix side channel vulnerability in ECDSA. Our bignum implementation is not
+     constant time/constant trace, so side channel attacks can retrieve the
+     blinded value, factor it (as it is smaller than RSA keys and not guaranteed
+     to have only large prime factors), and then, by brute force, recover the
+     key. Reported by Alejandro Cabrera Aldaya and Billy Brumley.
+
 Bugfix
    * Remove redundant line for getting the bitlen of a bignum, since the variable
      holding the returned value is overwritten a line after.
commit	1baed827746bbe017f4070502ecdad7e9bda09bc	[log] [tgz]
author	Janos Follath <janos.follath@arm.com>	Fri Oct 25 08:53:01 2019 +0100
committer	Janos Follath <janos.follath@arm.com>	Fri Oct 25 11:21:30 2019 +0100
tree	960dc9c9ff2b026182d37ef9cb0aeebf96a8f5da
parent	d65df1fa67ca80a5142909036d1b75d8c370f89d [diff] [blame]