[gnutls-devel] GnuTLS | CVE-2018-16868 (!831)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Fri Nov 30 20:02:04 CET 2018
New Merge Request !831
https://gitlab.com/gnutls/gnutls/merge_requests/831
Project:Branches: simo5/gnutls:CVE_2018_16868 to gnutls/gnutls:master
Author: Simo Sorce
Assignee:
This patchset implements mitigations for CVE-2018-16868 a Bleichenbacher-like attack that makes use of cache side-channel leakage.
The mitigations are mostly implemented in Nettle, and GnuTLS has been changed to use a new side-channel silent fucntion exported from Nettle.
Nettle >= 3.4.1 is now required.
## Checklist
* [X] Code modified for security issue
* [X] Test suite updated with functionality tests
* [X] Documentation updated / NEWS entry present (for non-trivial changes)
## Reviewer's checklist:
* [ ] Any issues marked for closing are addressed
* [ ] There is a test suite reasonably covering new functionality or modifications
* [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
* [ ] This feature/change has adequate documentation added
* [ ] No obvious mistakes in the code
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/831
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181130/84dcc179/attachment-0001.html>
More information about the Gnutls-devel
mailing list