mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-03 18:24:19 +01:00
Clarify attribution for the Bleichenbacher's Cat fix
This commit is contained in:
parent
4303f7619e
commit
be16e38102
@ -7,8 +7,11 @@ Security
|
||||
decryption that could lead to a Bleichenbacher-style padding oracle
|
||||
attack. In TLS, this affects servers that accept ciphersuites based on
|
||||
RSA decryption (i.e. ciphersuites whose name contains RSA but not
|
||||
(EC)DH(E)). Reported by Eyal Ronen, Robert Gillham, Daniel Genkin, Adi
|
||||
Shamir, David Wong and Yuval Yarom. CVE-2018-19608
|
||||
(EC)DH(E)). Discovered by Eyal Ronen (Weizmann Institute), Robert Gillham
|
||||
(University of Adelaide), Daniel Genkin (University of Michigan),
|
||||
Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom
|
||||
(University of Adelaide, Data61). The attack is described in more detail
|
||||
in the paper available here: http://cat.eyalro.net/cat.pdf CVE-2018-19608
|
||||
* In mbedtls_mpi_write_binary(), don't leak the exact size of the number
|
||||
via branching and memory access patterns. An attacker who could submit
|
||||
a plaintext for RSA PKCS#1 v1.5 decryption but only observe the timing
|
||||
|
Loading…
Reference in New Issue
Block a user