yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 17:45:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add ChangeLog entry

Browse Source
This commit is contained in:
Gilles Peskine 2018-06-27 10:57:33 +02:00
parent d0e55a4657
commit 104d85865d
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
ChangeLog
View File

@ -2,6 +2,21 @@ mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS x.x.x branch released xxxx-xx-xx = mbed TLS x.x.x branch released xxxx-xx-xx
Security
* Fix a vulnerability in TLS ciphersuites based on CBC and using SHA-384,
in (D)TLS 1.0 to 1.2, that allowed an active network attacker to
partially recover the plaintext of messages under some conditions by
exploiting timing measurements. With DTLS, the attacker could perform
this recovery by sending many messages in the same connection. With TLS
or if mbedtls_ssl_conf_dtls_badmac_limit() was used, the attack only
worked if the same secret (for example a HTTP Cookie) has been repeatedly
sent over connections manipulated by the attacker. Connections using GCM
or CCM instead of CBC, using hash sizes other than SHA-384, or using
Encrypt-then-Mac (RFC 7366) were not affected. The vulnerability was
caused by a miscalculation (for SHA-384) in a countermeasure to the
original Lucky 13 attack. Found by Kenny Paterson, Eyal Ronen and Adi
Shamir.
API Changes API Changes
* Extend the platform module with a util component that contains * Extend the platform module with a util component that contains
functionality shared by multiple Mbed TLS modules. At this stage functionality shared by multiple Mbed TLS modules. At this stage