CVE-2018-16868 (!831) · Merge requests · gnutls / GnuTLS

Simo Sorce requested to merge simo5/gnutls:CVE_2018_16868 into master Nov 30, 2018

This patchset implements mitigations for CVE-2018-16868 a Bleichenbacher-like attack that makes use of cache side-channel leakage. The mitigations are mostly implemented in Nettle, and GnuTLS has been changed to use a new side-channel silent fucntion exported from Nettle. Nettle >= 3.4.1 is now required.

Paper describing the attack: http://www.wisdom.weizmann.ac.il/~eyalro/project/cat/cat.pdf

Resolves #630 (closed)

Checklist

Code modified for security issue
Test suite updated with functionality tests
Documentation updated / NEWS entry present (for non-trivial changes)

Reviewer's checklist:

Any issues marked for closing are addressed
There is a test suite reasonably covering new functionality or modifications
Function naming, parameters, return values, types, etc., are consistent and according to CONTRIBUTION.md
This feature/change has adequate documentation added
No obvious mistakes in the code

Edited Nov 30, 2018 by Nikos Mavrogiannopoulos

CVE-2018-16868

Checklist

Reviewer's checklist:

Merge request reports