Remove potential timing leak in ecdsa_sign()

2026-01-03 13:15:42 +01:00 · 2014-03-31 11:55:42 +02:00 · 2014-03-31 11:55:42 +02:00 · dd75c3183b
commit dd75c3183b
parent 6b0d268bc9
3 changed files with 32 additions and 7 deletions
--- a/4
+++ b/4
@ -2,6 +2,10 @@ PolarSSL ChangeLog (Sorted per branch, date)

 = PolarSSL 1.3 branch

+Security
+   * Avoid potential timing leak in ecdsa_sign() by blinding modular division.
+     (Found by Watson Ladd.)
+
 Bugfix
   * The length of various ClientKeyExchange messages was not properly checked.
   * Some example server programs were not sending the close_notify alert.