diff options
author | Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> | 2020-08-26 11:52:29 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-08-26 11:52:29 +0200 |
commit | d4c464ff225c55f767316d79ebf3f0821d6b14aa (patch) | |
tree | 6f649b870aa71a582d7e79e74df53bb5ac868d99 | |
parent | 117587d544e85ef1448a7afb7d1e22d9e35211e4 (diff) | |
parent | f530c8018b5e2b5f6aca04ded9e31874d368f751 (diff) | |
download | mbed-tls-d4c464ff225c55f767316d79ebf3f0821d6b14aa.tar.gz |
Merge pull request #746 from mpg/changelog-for-local-lucky13-2.7-restricted
[Backport 2.7] Add a ChangeLog entry for local Lucky13 variant
-rw-r--r-- | ChangeLog.d/local-lucky13.txt | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/ChangeLog.d/local-lucky13.txt b/ChangeLog.d/local-lucky13.txt new file mode 100644 index 000000000..adf493abe --- /dev/null +++ b/ChangeLog.d/local-lucky13.txt @@ -0,0 +1,11 @@ +Security + * In (D)TLS record decryption, when using a CBC ciphersuites without the + Encrypt-then-Mac extension, use constant code flow memory access patterns + to extract and check the MAC. This is an improvement to the existing + countermeasure against Lucky 13 attacks. The previous countermeasure was + effective against network-based attackers, but less so against local + attackers. The new countermeasure defends against local attackers, even + if they have access to fine-grained measurements. In particular, this + fixes a local Lucky 13 cache attack found and reported by Tuba Yavuz, + Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler + (University of Florida) and Dave Tian (Purdue University). |