Clarify attribution for the Bleichenbacher's Cat fix

This commit is contained in:
Simon Butcher 2018-12-01 22:46:55 +00:00
parent 4303f7619e
commit be16e38102

View File

@ -7,8 +7,11 @@ Security
decryption that could lead to a Bleichenbacher-style padding oracle
attack. In TLS, this affects servers that accept ciphersuites based on
RSA decryption (i.e. ciphersuites whose name contains RSA but not
(EC)DH(E)). Reported by Eyal Ronen, Robert Gillham, Daniel Genkin, Adi
Shamir, David Wong and Yuval Yarom. CVE-2018-19608
(EC)DH(E)). Discovered by Eyal Ronen (Weizmann Institute), Robert Gillham
(University of Adelaide), Daniel Genkin (University of Michigan),
Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom
(University of Adelaide, Data61). The attack is described in more detail
in the paper available here: http://cat.eyalro.net/cat.pdf CVE-2018-19608
* In mbedtls_mpi_write_binary(), don't leak the exact size of the number
via branching and memory access patterns. An attacker who could submit
a plaintext for RSA PKCS#1 v1.5 decryption but only observe the timing