Add a ChangeLog entry for local Lucky13 variant

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2020-08-20 12:17:05 +02:00
parent 5b2e60dc36
commit c9ebbd5843

View file

@ -0,0 +1,9 @@
Security
* Fix a local timing side channel vulnerability in (D)TLS record decryption
when using a CBC ciphersuites without the Encrypt-then-Mac extension. In
those circumstances, a local attacker able to observe the state of the
cache could use well-chosen functions to measure the exact computation
time of the HMAC, and follow up with the usual range of Lucky 13 attacks,
including plaintext recovery and key recovery. Found and reported by Tuba
Yavuz, Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler
(University of Florida) and Dave Tian (Purdue University).