diff options
author | Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> | 2020-08-20 12:17:05 +0200 |
---|---|---|
committer | Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> | 2020-08-20 12:17:05 +0200 |
commit | 53d216081cf97b90d2cfdf06f9802680c0e8a05a (patch) | |
tree | 6d5fff1b45b3f9ae18c6c33ea3eafe69e2cd7f12 | |
parent | 71f4fa13bb8e0f310dbb1ee69ed748e1c6ccccd5 (diff) | |
download | mbed-tls-53d216081cf97b90d2cfdf06f9802680c0e8a05a.tar.gz |
Add a ChangeLog entry for local Lucky13 variant
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
-rw-r--r-- | ChangeLog.d/local-lucky13.txt | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/ChangeLog.d/local-lucky13.txt b/ChangeLog.d/local-lucky13.txt new file mode 100644 index 000000000..5a3eed0ba --- /dev/null +++ b/ChangeLog.d/local-lucky13.txt @@ -0,0 +1,9 @@ +Security + * Fix a local timing side channel vulnerability in (D)TLS record decryption + when using a CBC ciphersuites without the Encrypt-then-Mac extension. In + those circumstances, a local attacker able to observe the state of the + cache could use well-chosen functions to measure the exact computation + time of the HMAC, and follow up with the usual range of Lucky 13 attacks, + including plaintext recovery and key recovery. Found and reported by Tuba + Yavuz, Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler + (University of Florida) and Dave Tian (Purdue University). |