Timing Side-Channel in AES-CCM Tag Verification in AWS-LC
Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an
unauthenticated user to potentially determine authentication tag validity
via timing analysis.
The impacted implementations are through the EVP CIPHER API:
EVP_aes_128_ccm, EVP_aes_192_ccm, and EVP_aes_256_ccm.
Customers of AWS services do not need to take action. aws-lc-sys contains
code from AWS-LC. Applications using aws-lc-sys should upgrade to the most
recent release of aws-lc-sys.
Workarounds
In the special cases of using AES-CCM with (M=4, L=2), (M=8, L=2), or
(M=16, L=2), applications can workaround this issue by using AES-CCM through
the EVP AEAD API using implementations EVP_aead_aes_128_ccm_bluetooth,
EVP_aead_aes_128_ccm_bluetooth_8, and EVP_aead_aes_128_ccm_matter
respectively.
Otherwise, there is no workaround and applications using aws-lc-sys should
upgrade to the most recent release.
See advisory page for additional details.
aws-lc-sys0.34.0>=0.38.0<0.14.0Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an
unauthenticated user to potentially determine authentication tag validity
via timing analysis.
The impacted implementations are through the EVP CIPHER API:
EVP_aes_128_ccm,EVP_aes_192_ccm, andEVP_aes_256_ccm.Customers of AWS services do not need to take action.
aws-lc-syscontainscode from AWS-LC. Applications using
aws-lc-sysshould upgrade to the mostrecent release of
aws-lc-sys.Workarounds
In the special cases of using AES-CCM with (M=4, L=2), (M=8, L=2), or
(M=16, L=2), applications can workaround this issue by using AES-CCM through
the EVP AEAD API using implementations
EVP_aead_aes_128_ccm_bluetooth,EVP_aead_aes_128_ccm_bluetooth_8, andEVP_aead_aes_128_ccm_matterrespectively.
Otherwise, there is no workaround and applications using
aws-lc-sysshouldupgrade to the most recent release.
See advisory page for additional details.