Skip to content


Simo Sorce requested to merge tmp-fix-CVE-2018-16868 into master

This patchset implements mitigations for CVE-2018-16868 a Bleichenbacher-like attack that makes use of cache side-channel leakage. The mitigations are mostly implemented in Nettle, and GnuTLS has been changed to use a new side-channel silent fucntion exported from Nettle. Nettle >= 3.4.1 is now required.

Paper describing the attack:

Resolves #630 (closed)


  • Code modified for security issue
  • Test suite updated with functionality tests
  • Documentation updated / NEWS entry present (for non-trivial changes)

Reviewer's checklist:

  • Any issues marked for closing are addressed
  • There is a test suite reasonably covering new functionality or modifications
  • Function naming, parameters, return values, types, etc., are consistent and according to
  • This feature/change has adequate documentation added
  • No obvious mistakes in the code
Edited by Nikos Mavrogiannopoulos

Merge request reports