mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-25 19:25:45 +01:00
Add a ChangeLog entry for local Lucky13 variant
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
parent
5b2e60dc36
commit
c9ebbd5843
9
ChangeLog.d/local-lucky13.txt
Normal file
9
ChangeLog.d/local-lucky13.txt
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
Security
|
||||||
|
* Fix a local timing side channel vulnerability in (D)TLS record decryption
|
||||||
|
when using a CBC ciphersuites without the Encrypt-then-Mac extension. In
|
||||||
|
those circumstances, a local attacker able to observe the state of the
|
||||||
|
cache could use well-chosen functions to measure the exact computation
|
||||||
|
time of the HMAC, and follow up with the usual range of Lucky 13 attacks,
|
||||||
|
including plaintext recovery and key recovery. Found and reported by Tuba
|
||||||
|
Yavuz, Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler
|
||||||
|
(University of Florida) and Dave Tian (Purdue University).
|
Loading…
Reference in New Issue
Block a user