mbedtls/ChangeLog.d/local-lucky13.txt

Security
   * In (D)TLS record decryption, when using a CBC ciphersuites without the
     Encrypt-then-Mac extension, use constant code flow memory access patterns
     to extract and check the MAC. This is an improvement to the existing
     countermeasure against Lucky 13 attacks. The previous countermeasure was
     effective against network-based attackers, but less so against local
     attackers. The new countermeasure defends against local attackers, even
     if they have access to fine-grained measurements. In particular, this
     fixes a local Lucky 13 cache attack found and reported by Tuba Yavuz,
     Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler
     (University of Florida) and Dave Tian (Purdue University).
Add a ChangeLog entry for local Lucky13 variant Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2020-08-20 12:17:05 +02:00			`Security`
Clarify that the Lucky 13 fix is quite general Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2020-08-26 10:10:11 +02:00			`* In (D)TLS record decryption, when using a CBC ciphersuites without the`
			`Encrypt-then-Mac extension, use constant code flow memory access patterns`
			`to extract and check the MAC. This is an improvement to the existing`
			`countermeasure against Lucky 13 attacks. The previous countermeasure was`
			`effective against network-based attackers, but less so against local`
			`attackers. The new countermeasure defends against local attackers, even`
			`if they have access to fine-grained measurements. In particular, this`
			`fixes a local Lucky 13 cache attack found and reported by Tuba Yavuz,`
			`Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler`
Add a ChangeLog entry for local Lucky13 variant Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2020-08-20 12:17:05 +02:00			`(University of Florida) and Dave Tian (Purdue University).`