From: Leo Famulari <leo@famulari.name>
To: 31831@debbugs.gnu.org
Subject: bug#31831: CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto Libraries
Date: Thu, 14 Jun 2018 15:22:11 -0400 [thread overview]
Message-ID: <20180614192211.GA21522@jasmine.lan> (raw)
[-- Attachment #1: Type: text/plain, Size: 1480 bytes --]
Recently a new side-channel key extraction technique was published as
CVE-2018-0495, and it affects a lot of the cryptographic libraries we
package:
https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/?style=Cyber+Security
An excerpt from that advisory:
------
We analyzed the source code of several open source cryptographic
libraries to see if they contain the vulnerable code pattern in the code
for ECDSA, DSA, or both. This list is accurate to the best of our
knowledge, but it is not exhaustive. Only the first group was affected
by this finding; the other three groups are not thought to be
vulnerable.
Contains vulnerable pattern: CryptLib (Both), LibreSSL (Both), Mozilla
NSS (Both), Botan (ECDSA), OpenSSL (ECDSA), WolfCrypt (ECDSA), Libgcrypt
(ECDSA), LibTomCrypt (ECDSA), LibSunEC (ECDSA), MatrixSSL (ECDSA),
BoringSSL (DSA)
Non-constant math, but different pattern: BouncyCastle, Crypto++, Golang
crypto/tls, C#/Mono, mbedTLS, Trezor Crypto, Nettle (DSA)
Constant time-math: Nettle (ECDSA), BearSSL, Libsecp256k1
Does not implement either: NaCl
------
Note that libtomcrypt is bundled in the Dropbear SSH implementation.
I'm going to test the libgcrypt update now.
I'd like for other Guix hackers to "claim" an affected package in this
thread, and then investigate and test the fixes. Please make new debbugs
tickets on guix-patches for each bug-fix patch you propose, and send the
links to those tickets here.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next reply other threads:[~2018-06-14 19:24 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-14 19:22 Leo Famulari [this message]
2018-06-14 19:50 ` bug#31831: CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto Libraries Leo Famulari
2018-06-14 19:53 ` Gábor Boskovits
2018-06-14 20:06 ` Leo Famulari
2018-06-14 20:44 ` Gábor Boskovits
2018-06-14 20:45 ` Leo Famulari
2018-06-18 16:35 ` Leo Famulari
2018-07-16 6:20 ` Leo Famulari
2018-07-16 6:53 ` Gábor Boskovits
2018-07-16 17:14 ` Leo Famulari
2018-07-16 17:39 ` Leo Famulari
2019-02-26 2:01 ` Leo Famulari
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180614192211.GA21522@jasmine.lan \
--to=leo@famulari.name \
--cc=31831@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).