ChangeLog - OpenGrok cross reference for /optee_os/lib/libmbedtls/mbedtls/ChangeLog

17    * Fix a timing side channel in CBC-PKCS7 decryption that could
19      some plaintexts through a timing-based padding oracle attack.
21    * Fix a local timing side-channel in modular inversion and GCD that was
68      the adversary to conduct timing attacks and potentially recover the
103    * Fix a timing side channel in the implementation of PKCS#7 padding
105      ciphertexts to recover the plaintext through a timing oracle attack.
697    * Fix a timing side channel in private key RSA operations. This side channel
700      might have precise enough timing measurements to exploit this. It requires
884      has access to precise timing measurements.
887      timing. (Clang has been seen to do this.) Also introduce assembly
1114      Arm, so that these systems are no longer vulnerable to timing side-channel
1120      timing side-channel attacks. There is now an intrinsics-based AES-NI
1875      containing various functions meant to resist timing side channel attacks.
2170    * Alternative implementations of the AES, DHM, ECJPAKE, ECP, RSA and timing
2190      An adversary who is capable of very precise timing measurements could
2200    * Fix an issue where an adversary with access to precise enough timing
2262      timing module on Mbed OS. Fixes #4633.
2684      Diffie-Hellman. An adversary with precise enough timing and memory access
2781      f_rng argument. An attacker with access to precise enough timing and
2789      plaintext after repeated timing measurements under some conditions.
2881      precise enough timing and memory access information (typically an
3133    * Remove redundant include file in timing.c. Fixes #2640 reported by irwir.
3348    * Reduce the complexity of the timing tests. They were assuming more than the
3435    * Fix timing variations and memory access variations in RSA PKCS#1 v1.5
3446      a plaintext for RSA PKCS#1 v1.5 decryption but only observe the timing
3670      exploiting timing measurements. With DTLS, the attacker could perform
4060      sake of saving memory, but potentially leading to slight timing
4075    * New unit tests for timing. Improve the self-test to be more robust
4531    * Extended test coverage of special cases, and added new timing test suite.
5033    * Fix warnings from mingw64 in timing.c (found by kxjklele).
5048    * Remove potential sources of timing variations (some contributed by Pascal
5081    * Fix timing difference that could theoretically lead to a
5160    * Fix compile error in timing.c when POLARSSL_NET_C and POLARSSL_SELFTEST
5312    * Avoid potential timing leak in ecdsa_sign() by blinding modular division.
5348    * Ability to provide alternate timing implementation
5567    * RSA blinding on CRT operations to counter timing attacks
5586    * Fix warnings from mingw64 in timing.c (found by kxjklele).
5749    * RSA blinding on CRT operations to counter timing attacks
5821    * Removed further timing differences during SSL message decryption in
5823    * Removed timing differences due to bad padding from
5837    * Removed timing differences during SSL message decryption in
5985    * Removed timing differences during SSL message decryption in
5987    * Removed timing differences due to bad padding from
6366      padlock and timing code.
6484     * Fixed a bug introduced in xyssl-0.5/timing.c: hardclock
6519     * Updated timing.c for improved compatibility with i386
6524     * Updated timing.c to support ARM and MIPS arch