aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>2020-08-20 12:17:05 +0200
committerManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>2020-08-20 12:17:05 +0200
commit53d216081cf97b90d2cfdf06f9802680c0e8a05a (patch)
tree6d5fff1b45b3f9ae18c6c33ea3eafe69e2cd7f12
parent71f4fa13bb8e0f310dbb1ee69ed748e1c6ccccd5 (diff)
downloadmbed-tls-53d216081cf97b90d2cfdf06f9802680c0e8a05a.tar.gz
Add a ChangeLog entry for local Lucky13 variant
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
-rw-r--r--ChangeLog.d/local-lucky13.txt9
1 files changed, 9 insertions, 0 deletions
diff --git a/ChangeLog.d/local-lucky13.txt b/ChangeLog.d/local-lucky13.txt
new file mode 100644
index 000000000..5a3eed0ba
--- /dev/null
+++ b/ChangeLog.d/local-lucky13.txt
@@ -0,0 +1,9 @@
+Security
+ * Fix a local timing side channel vulnerability in (D)TLS record decryption
+ when using a CBC ciphersuites without the Encrypt-then-Mac extension. In
+ those circumstances, a local attacker able to observe the state of the
+ cache could use well-chosen functions to measure the exact computation
+ time of the HMAC, and follow up with the usual range of Lucky 13 attacks,
+ including plaintext recovery and key recovery. Found and reported by Tuba
+ Yavuz, Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler
+ (University of Florida) and Dave Tian (Purdue University).