[gnutls-devel] GnuTLS | CVE-2018-16868 (!832)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Nov 30 22:21:10 CET 2018


New Merge Request !832

https://gitlab.com/gnutls/gnutls/merge_requests/832

Branches: tmp-fix-CVE-2018-16868 to master
Author:    Simo Sorce
Assignee:  Nikos Mavrogiannopoulos
Approvers: Simon Josefsson, Nikos Mavrogiannopoulos, Dmitry Eremin-Solenikov, Hubert Kario, Tim Rühsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tomáš Mráz, Anderson Sasaki and GnuTLS devel mailing list


This patchset implements mitigations for CVE-2018-16868 a Bleichenbacher-like attack that makes use of cache side-channel leakage.
The mitigations are mostly implemented in Nettle, and GnuTLS has been changed to use a new side-channel silent fucntion exported from Nettle.
Nettle >= 3.4.1 is now required.

Paper describing the attack:
http://www.wisdom.weizmann.ac.il/~eyalro/project/cat/cat.pdf

Resolves #630

## Checklist
 * [X] Code modified for security issue
 * [X] Test suite updated with functionality tests
 * [X] Documentation updated / NEWS entry present (for non-trivial changes)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/832
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181130/69e6c0c9/attachment.html>


More information about the Gnutls-devel mailing list