Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
Add countermeasure against cache-based lucky 13
Conflicts:
library/ssl_tls.c
diff --git a/ChangeLog b/ChangeLog
index 8c5995c..d50ded9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -90,6 +90,8 @@
* With authmode set to SSL_VERIFY_OPTIONAL, verification of keyUsage and
extendedKeyUsage on the leaf certificate was lost (results not accessible
via ssl_get_verify_results()).
+ * Add countermeasure against "Lucky 13 strikes back" cache-based attack,
+ https://dl.acm.org/citation.cfm?id=2714625
Features
* Add x509_crt_verify_info() to display certificate verification results.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index bb5ab3b..9fb2c97 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1943,7 +1943,8 @@
ssl->in_msglen );
mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec,
ssl->in_msg + ssl->in_msglen );
- for( j = 0; j < extra_run; j++ )
+ /* Call md_process at least once due to cache attacks */
+ for( j = 0; j < extra_run + 1; j++ )
mbedtls_md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg );
mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec );