mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 05:25:29 +00:00
Add a ChangeLog entry for local Lucky13 variant
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
parent
5b2e60dc36
commit
c9ebbd5843
9
ChangeLog.d/local-lucky13.txt
Normal file
9
ChangeLog.d/local-lucky13.txt
Normal file
|
@ -0,0 +1,9 @@
|
|||
Security
|
||||
* Fix a local timing side channel vulnerability in (D)TLS record decryption
|
||||
when using a CBC ciphersuites without the Encrypt-then-Mac extension. In
|
||||
those circumstances, a local attacker able to observe the state of the
|
||||
cache could use well-chosen functions to measure the exact computation
|
||||
time of the HMAC, and follow up with the usual range of Lucky 13 attacks,
|
||||
including plaintext recovery and key recovery. Found and reported by Tuba
|
||||
Yavuz, Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler
|
||||
(University of Florida) and Dave Tian (Purdue University).
|
Loading…
Reference in a new issue