[gnutls-devel] GnuTLS | CVE-2018-16868 (!832)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Fri Nov 30 22:21:10 CET 2018
New Merge Request !832
https://gitlab.com/gnutls/gnutls/merge_requests/832
Branches: tmp-fix-CVE-2018-16868 to master
Author: Simo Sorce
Assignee: Nikos Mavrogiannopoulos
Approvers: Simon Josefsson, Nikos Mavrogiannopoulos, Dmitry Eremin-Solenikov, Hubert Kario, Tim Rühsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tomáš Mráz, Anderson Sasaki and GnuTLS devel mailing list
This patchset implements mitigations for CVE-2018-16868 a Bleichenbacher-like attack that makes use of cache side-channel leakage.
The mitigations are mostly implemented in Nettle, and GnuTLS has been changed to use a new side-channel silent fucntion exported from Nettle.
Nettle >= 3.4.1 is now required.
Paper describing the attack:
http://www.wisdom.weizmann.ac.il/~eyalro/project/cat/cat.pdf
Resolves #630
## Checklist
* [X] Code modified for security issue
* [X] Test suite updated with functionality tests
* [X] Documentation updated / NEWS entry present (for non-trivial changes)
## Reviewer's checklist:
* [ ] Any issues marked for closing are addressed
* [ ] There is a test suite reasonably covering new functionality or modifications
* [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
* [ ] This feature/change has adequate documentation added
* [ ] No obvious mistakes in the code
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/832
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181130/69e6c0c9/attachment.html>
More information about the Gnutls-devel
mailing list