aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>2020-08-26 11:52:29 +0200
committerGitHub <noreply@github.com>2020-08-26 11:52:29 +0200
commitd4c464ff225c55f767316d79ebf3f0821d6b14aa (patch)
tree6f649b870aa71a582d7e79e74df53bb5ac868d99
parent117587d544e85ef1448a7afb7d1e22d9e35211e4 (diff)
parentf530c8018b5e2b5f6aca04ded9e31874d368f751 (diff)
downloadmbed-tls-d4c464ff225c55f767316d79ebf3f0821d6b14aa.tar.gz
Merge pull request #746 from mpg/changelog-for-local-lucky13-2.7-restricted
[Backport 2.7] Add a ChangeLog entry for local Lucky13 variant
-rw-r--r--ChangeLog.d/local-lucky13.txt11
1 files changed, 11 insertions, 0 deletions
diff --git a/ChangeLog.d/local-lucky13.txt b/ChangeLog.d/local-lucky13.txt
new file mode 100644
index 000000000..adf493abe
--- /dev/null
+++ b/ChangeLog.d/local-lucky13.txt
@@ -0,0 +1,11 @@
+Security
+ * In (D)TLS record decryption, when using a CBC ciphersuites without the
+ Encrypt-then-Mac extension, use constant code flow memory access patterns
+ to extract and check the MAC. This is an improvement to the existing
+ countermeasure against Lucky 13 attacks. The previous countermeasure was
+ effective against network-based attackers, but less so against local
+ attackers. The new countermeasure defends against local attackers, even
+ if they have access to fine-grained measurements. In particular, this
+ fixes a local Lucky 13 cache attack found and reported by Tuba Yavuz,
+ Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler
+ (University of Florida) and Dave Tian (Purdue University).