Clarify attribution for the Bleichenbacher's Cat fix

This commit is contained in:
Simon Butcher 2018-12-01 22:43:08 +00:00
parent 51b8a2fa87
commit fabc6001ff

View File

@ -7,8 +7,11 @@ Security
decryption that could lead to a Bleichenbacher-style padding oracle decryption that could lead to a Bleichenbacher-style padding oracle
attack. In TLS, this affects servers that accept ciphersuites based on attack. In TLS, this affects servers that accept ciphersuites based on
RSA decryption (i.e. ciphersuites whose name contains RSA but not RSA decryption (i.e. ciphersuites whose name contains RSA but not
(EC)DH(E)). Reported by Eyal Ronen, Robert Gillham, Daniel Genkin, Adi (EC)DH(E)). Discovered by Eyal Ronen (Weizmann Institute), Robert Gillham
Shamir, David Wong and Yuval Yarom. CVE-2018-19608 (University of Adelaide), Daniel Genkin (University of Michigan),
Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom
(University of Adelaide, Data61). The attack is described in more detail
in the paper available here: http://cat.eyalro.net/cat.pdf CVE-2018-19608
* In mbedtls_mpi_write_binary(), don't leak the exact size of the number * In mbedtls_mpi_write_binary(), don't leak the exact size of the number
via branching and memory access patterns. An attacker who could submit via branching and memory access patterns. An attacker who could submit
a plaintext for RSA PKCS#1 v1.5 decryption but only observe the timing a plaintext for RSA PKCS#1 v1.5 decryption but only observe the timing