Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
    • Switch to GitLab Next
  • Sign in / Register
GnuTLS
GnuTLS
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 208
    • Issues 208
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
    • Iterations
  • Merge requests 10
    • Merge requests 10
  • Requirements
    • Requirements
    • List
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI/CD
    • Code Review
    • Insights
    • Issue
    • Repository
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • gnutls
  • GnuTLSGnuTLS
  • Issues
  • #630

Closed
Open
Created Nov 28, 2018 by Nikos Mavrogiannopoulos@nmavOwner

RSA pkcs1 decryption and signing is not constant memory access

It was reported by Eyal Ronen, that they can implement an attack against a gnutls RSA-decryption server, variant of the Bleichenbacher attack using cache-based side-channel methods. This attacks apply to gnutls' servers deployed on cloud infrastructure which share CPU with malicious players and which use an RSA key marked for both decryption and signing.

The severity of the issue is expected to be medium or low.

The report is "We have looked at your RSA decryption code. Although you have implemented countermeasures against the Bleichenbacher attack in your code, we think it is still vulnerable to cache attacks. The problems are both at the GnuTLS and the nettle code. In our paper, we are showing how any non-constant time code, including any conditional branch, function call, and memory access might be used to recreate the Bleichenbacher oracle."

Paper describing the attack: http://www.wisdom.weizmann.ac.il/~eyalro/project/cat/cat.pdf

Edited Nov 30, 2018 by Nikos Mavrogiannopoulos
Assignee
Assign to
Release of GnuTLS 3.6.5
Milestone
Release of GnuTLS 3.6.5 (Past due)
Assign milestone
Time tracking