mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-27 00:15:30 +00:00
f530c8018b
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
12 lines
752 B
Plaintext
12 lines
752 B
Plaintext
Security
|
|
* In (D)TLS record decryption, when using a CBC ciphersuites without the
|
|
Encrypt-then-Mac extension, use constant code flow memory access patterns
|
|
to extract and check the MAC. This is an improvement to the existing
|
|
countermeasure against Lucky 13 attacks. The previous countermeasure was
|
|
effective against network-based attackers, but less so against local
|
|
attackers. The new countermeasure defends against local attackers, even
|
|
if they have access to fine-grained measurements. In particular, this
|
|
fixes a local Lucky 13 cache attack found and reported by Tuba Yavuz,
|
|
Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler
|
|
(University of Florida) and Dave Tian (Purdue University).
|