ChangeLog.d/local-lucky13.txt - mirror/mbed-tls - TrustedFirmware Git Browser

 Security
    * Fix a local timing side channel vulnerability in (D)TLS record decryption
      when using a CBC ciphersuites without the Encrypt-then-Mac extension. In
      those circumstances, a local attacker able to observe the state of the
      cache could use well-chosen functions to measure the exact computation
      time of the HMAC, and follow up with the usual range of Lucky 13 attacks,
      including plaintext recovery and key recovery. Found and reported by Tuba
      Yavuz, Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler
      (University of Florida) and Dave Tian (Purdue University).
	Security
	* Fix a local timing side channel vulnerability in (D)TLS record decryption
	when using a CBC ciphersuites without the Encrypt-then-Mac extension. In
	those circumstances, a local attacker able to observe the state of the
	cache could use well-chosen functions to measure the exact computation
	time of the HMAC, and follow up with the usual range of Lucky 13 attacks,
	including plaintext recovery and key recovery. Found and reported by Tuba
	Yavuz, Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler
	(University of Florida) and Dave Tian (Purdue University).