mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-24 12:25:40 +00:00
Merge pull request #746 from mpg/changelog-for-local-lucky13-2.7-restricted
[Backport 2.7] Add a ChangeLog entry for local Lucky13 variant
This commit is contained in:
commit
d4c464ff22
11
ChangeLog.d/local-lucky13.txt
Normal file
11
ChangeLog.d/local-lucky13.txt
Normal file
|
@ -0,0 +1,11 @@
|
|||
Security
|
||||
* In (D)TLS record decryption, when using a CBC ciphersuites without the
|
||||
Encrypt-then-Mac extension, use constant code flow memory access patterns
|
||||
to extract and check the MAC. This is an improvement to the existing
|
||||
countermeasure against Lucky 13 attacks. The previous countermeasure was
|
||||
effective against network-based attackers, but less so against local
|
||||
attackers. The new countermeasure defends against local attackers, even
|
||||
if they have access to fine-grained measurements. In particular, this
|
||||
fixes a local Lucky 13 cache attack found and reported by Tuba Yavuz,
|
||||
Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler
|
||||
(University of Florida) and Dave Tian (Purdue University).
|
Loading…
Reference in a new issue