diff options
| author | Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> | 2020-08-26 11:52:15 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-08-26 11:52:15 +0200 |
| commit | 376712217ea6621a927b62387e244f71fec83d69 (patch) | |
| tree | 282c3fea6cf95278ae44d1bc909dbd5d1d11490c | |
| parent | d4ac4e037ba68d97bea1be85e4ba34efee050b5f (diff) | |
| parent | 8f18d08fae10a80c9cc6580f5cfea1821791dcda (diff) | |
| download | mbedtls-376712217ea6621a927b62387e244f71fec83d69.zip mbedtls-376712217ea6621a927b62387e244f71fec83d69.tar.gz mbedtls-376712217ea6621a927b62387e244f71fec83d69.tar.bz2 | |
Merge pull request #737 from mpg/changelog-for-local-lucky13-dev-restricted
Add a ChangeLog entry for local Lucky13 variant
| -rw-r--r-- | ChangeLog.d/local-lucky13.txt | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/ChangeLog.d/local-lucky13.txt b/ChangeLog.d/local-lucky13.txt new file mode 100644 index 0000000..adf493a --- /dev/null +++ b/ChangeLog.d/local-lucky13.txt @@ -0,0 +1,11 @@ +Security + * In (D)TLS record decryption, when using a CBC ciphersuites without the + Encrypt-then-Mac extension, use constant code flow memory access patterns + to extract and check the MAC. This is an improvement to the existing + countermeasure against Lucky 13 attacks. The previous countermeasure was + effective against network-based attackers, but less so against local + attackers. The new countermeasure defends against local attackers, even + if they have access to fine-grained measurements. In particular, this + fixes a local Lucky 13 cache attack found and reported by Tuba Yavuz, + Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler + (University of Florida) and Dave Tian (Purdue University). |