TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 441d6f98336940a6eb2f6db4720bc265a36eca2f
commit441d6f98336940a6eb2f6db4720bc265a36eca2f[log] [tgz]
authorJanos Follath <janos.follath@arm.com>Thu Sep 08 10:44:16 2016 +0100
committerSimon Butcher <simon.butcher@arm.com>Thu Oct 13 14:14:16 2016 +0100
treedaaed91d51238e1921c04907a3a72e9dbf738c63
parent696f92e9b4c43dc5e9d818f4c417d58b9cc8dd79 [diff]
Remove MBEDTLS_SSL_AEAD_RANDOM_IV feature

In a USENIX WOOT '16 paper the authors warn about a security risk
of random Initialisation Vectors (IV) repeating values.

The MBEDTLS_SSL_AEAD_RANDOM_IV feature is affected by this risk and
it isn't compliant with RFC5116. Furthermore, strictly speaking it
is a different cipher suite from the TLS (RFC5246) point of view.

Removing the MBEDTLS_SSL_AEAD_RANDOM_IV feature to resolve the above
problems.

Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky and Philipp
Jovanovic, "Nonce-Disrespecting Adversaries: Practical Forgery Attacks
on GCM in TLS", USENIX WOOT '16
4 files changed
tree: daaed91d51238e1921c04907a3a72e9dbf738c63
  1. configs/
  2. doxygen/
  3. include/
  4. library/
  5. programs/
  6. scripts/
  7. tests/
  8. visualc/
  9. .gitignore
  10. .travis.yml
  11. ChangeLog
  12. CMakeLists.txt
  13. DartConfiguration.tcl
  14. LICENSE
  15. Makefile
  16. README.rst