mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2026-04-18 01:48:48 +02:00
Merge pull request #10670 from gilles-peskine-arm/security-md-mention-compiler-4.x
mbedtls: Mention compiler optimization in the threat model
This commit is contained in:
David Horstmann
2
ChangeLog.d/security-advice.txt
Normal file
2
ChangeLog.d/security-advice.txt
Normal file
@@ -0,0 +1,2 @@
|
||||
Security
|
||||
* Added advice about compiler options in SECURITY.md.
|
||||
@@ -107,6 +107,12 @@ model, they need to be mitigated by physical countermeasures.
|
||||
|
||||
### Caveats
|
||||
|
||||
#### Compiler-induced side channels
|
||||
|
||||
Mbed TLS is mostly written in C. We use standard C except with known compilers, so we do not expect compilers to introduce direct vulnerabilities. However, compilers can introduce [timing side channels](#timing-attacks) in code that was intended to be constant-time. Mbed TLS includes countermeasures to try to prevent this. But given the diversity of compilers, compiler options and target platforms, this prevention may not be complete.
|
||||
|
||||
We recommend compiling Mbed TLS with commonly used levels of optimizations, such as `-O2` or `-Os`. We will generally treat exploitable timing side channels as a vulnerability if they appear with a common compiler at a common level of optimization. Higher levels of optimization such as `-O3` or `-Oz` are still likely to be safe but are less scrutinized. We do not recommend using individual options that might introduce data-dependent timing, and we will not try to work around such optimizations if they are not part of a commonly used level.
|
||||
|
||||
#### Out-of-scope countermeasures
|
||||
|
||||
Mbed TLS has evolved organically and a well defined threat model hasn't always
|
||||
|
||||
Reference in New Issue
Block a user