From 7d1e95c991a508cfa4912c7b93dfab358fc40374 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 29 Apr 2015 01:35:48 +0200 Subject: [PATCH] Add countermeasure against cache-based lucky 13 --- ChangeLog | 2 ++ library/ssl_tls.c | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 7186addd0..bbaddbcc1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,8 @@ Security * With authmode set to SSL_VERIFY_OPTIONAL, verification of keyUsage and extendedKeyUsage on the leaf certificate was lost (results not accessible via ssl_get_verify_results()). + * Add countermeasure against "Lucky 13 strikes back" cache-based attack, + https://dl.acm.org/citation.cfm?id=2714625 Features * Add x509_crt_verify_info() to display certificate verification results. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 72cd6d21a..f079adc45 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1825,7 +1825,8 @@ static int ssl_decrypt_buf( ssl_context *ssl ) ssl->in_msglen ); md_hmac_finish( &ssl->transform_in->md_ctx_dec, ssl->in_msg + ssl->in_msglen ); - for( j = 0; j < extra_run; j++ ) + /* Call md_process at least once due to cache attacks */ + for( j = 0; j < extra_run + 1; j++ ) md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg ); md_hmac_reset( &ssl->transform_in->md_ctx_dec );