[mbed-tls] Question about fix of "Timing side channel in private key RSA operations"

26 Jan 2024


      Hi folks,
This is a question about understanding changes in recent new release.
I want to understand how new release e.g. 2.28.7 fix the vulnerable described in https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-securi....
Want to check that if following commits in new release, for example 2.28.7, are the actual commits for fixing the vulnerable above:
42175031ca48e2fba62b97fc802e5df33d5221ff
4fe396f1e1aa84346e23b89435a251624c205035
aa6760d7b5d9a218eaf072f4155974f58b00986b
601bffc4cec7c78cfc6b64048379172578fce13c
In short, they are first 4 commits in I found https://github.com/Mbed-TLS/mbedtls/compare/v2.28.6...v2.28.7
Thank you for any  help you can provide!
Best,
Yuxiang

2024

2023

2022

2021

2020

[mbed-tls] Question about fix of "Timing side channel in private key RSA operations"