mbedtls/ChangeLog.d/local-lucky13.txt

Security
   * Fix a local timing side channel vulnerability in (D)TLS record decryption
     when using a CBC ciphersuites without the Encrypt-then-Mac extension. In
     those circumstances, a local attacker able to observe the state of the
     cache could use well-chosen functions to measure the exact computation
     time of the HMAC, and follow up with the usual range of Lucky 13 attacks,
     including plaintext recovery and key recovery. Found and reported by Tuba
     Yavuz, Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler
     (University of Florida) and Dave Tian (Purdue University).
Add a ChangeLog entry for local Lucky13 variant Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2020-08-20 12:17:05 +02:00			`Security`
			`* Fix a local timing side channel vulnerability in (D)TLS record decryption`
			`when using a CBC ciphersuites without the Encrypt-then-Mac extension. In`
			`those circumstances, a local attacker able to observe the state of the`
			`cache could use well-chosen functions to measure the exact computation`
			`time of the HMAC, and follow up with the usual range of Lucky 13 attacks,`
			`including plaintext recovery and key recovery. Found and reported by Tuba`
			`Yavuz, Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler`
			`(University of Florida) and Dave Tian (Purdue University).`