mbedtls

yuzu-emu/mbedtls

Fork 0

mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-30 04:54:21 +01:00

Commit Graph

Author	SHA1	Message	Date
Gilles Peskine	d8e2e8347b	Zeroize local MAC variables Zeroize local MAC variables used for CBC+HMAC cipher suites. In encryption, this is just good hygiene but probably not needed for security since the data protected by the MAC that could leak is about to be transmitted anyway. In DTLS decryption, this could be a security issue since an adversary could learn the MAC of data that they were trying to inject. At least with encrypt-then-MAC, the adversary could then easily inject a datagram with a corrected packet. TLS would still be safe since the receiver would close the connection after the bad MAC. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-11 14:24:23 +01:00

Author

SHA1

Message

Date

Gilles Peskine

d8e2e8347b

Zeroize local MAC variables

Zeroize local MAC variables used for CBC+HMAC cipher suites. In encryption,
this is just good hygiene but probably not needed for security since the
data protected by the MAC that could leak is about to be transmitted anyway.
In DTLS decryption, this could be a security issue since an adversary could
learn the MAC of data that they were trying to inject. At least with
encrypt-then-MAC, the adversary could then easily inject a datagram with
a corrected packet. TLS would still be safe since the receiver would close
the connection after the bad MAC.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

2021-12-11 14:24:23 +01:00

1 Commits