Fix leakage of projective coordinates in ECC See the comments in the code for how an attack would go, and the ChangeLog entry for an impact assessment. (For ECDSA, leaking a few bits of the scalar over several signatures translates to full private key recovery using a lattice attack.) Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

commit: f60041688c8af902c59930afd25952f1003bcdcb [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Wed Mar 25 12:41:29 2020 +0100
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Wed Apr 01 11:02:18 2020 +0200
tree: 175581413cdd8ce40075740221881f2dde2c84fb
parent: bfa0f7d54077dd278c7952e2d002b5206262c686 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 6ec1e7ec..64c72a5 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -2,6 +2,13 @@
 
 = mbed TLS x.x.x branch released xxxx-xx-xx
 
+Security
+   * Fix side channel in ECC code that allowed an adversary with access to
+     precise enough timing and memory access information (typically an
+     untrusted operating system attacking a secure enclave) to fully recover
+     an ECDSA private key. Found and reported by Alejandro Cabrera Aldaya,
+     Billy Brumley and Cesar Pereida Garcia. CVE-2020-10932
+
 Bugfix
    * Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and
      MBEDTLS_SSL_HW_RECORD_ACCEL are enabled.
commit	f60041688c8af902c59930afd25952f1003bcdcb	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Wed Mar 25 12:41:29 2020 +0100
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Wed Apr 01 11:02:18 2020 +0200
tree	175581413cdd8ce40075740221881f2dde2c84fb
parent	bfa0f7d54077dd278c7952e2d002b5206262c686 [diff] [blame]