[gnutls-devel] GnuTLS | CVE-2018-16868 (!832)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Fri Nov 30 22:21:10 CET 2018
New Merge Request !832
Branches: tmp-fix-CVE-2018-16868 to master
Author: Simo Sorce
Assignee: Nikos Mavrogiannopoulos
Approvers: Simon Josefsson, Nikos Mavrogiannopoulos, Dmitry Eremin-Solenikov, Hubert Kario, Tim Rühsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tomáš Mráz, Anderson Sasaki and GnuTLS devel mailing list
This patchset implements mitigations for CVE-2018-16868 a Bleichenbacher-like attack that makes use of cache side-channel leakage.
The mitigations are mostly implemented in Nettle, and GnuTLS has been changed to use a new side-channel silent fucntion exported from Nettle.
Nettle >= 3.4.1 is now required.
Paper describing the attack:
* [X] Code modified for security issue
* [X] Test suite updated with functionality tests
* [X] Documentation updated / NEWS entry present (for non-trivial changes)
## Reviewer's checklist:
* [ ] Any issues marked for closing are addressed
* [ ] There is a test suite reasonably covering new functionality or modifications
* [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
* [ ] This feature/change has adequate documentation added
* [ ] No obvious mistakes in the code
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/832
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnutls-devel