This patchset implements mitigations for CVE-2018-16868 a Bleichenbacher-like attack that makes use of cache side-channel leakage. The mitigations are mostly implemented in Nettle, and GnuTLS has been changed to use a new side-channel silent fucntion exported from Nettle. Nettle >= 3.4.1 is now required.
Paper describing the attack: http://www.wisdom.weizmann.ac.il/~eyalro/project/cat/cat.pdf
Resolves #630 (closed)
Checklist
-
Code modified for security issue -
Test suite updated with functionality tests -
Documentation updated / NEWS entry present (for non-trivial changes)
Reviewer's checklist:
-
Any issues marked for closing are addressed -
There is a test suite reasonably covering new functionality or modifications -
Function naming, parameters, return values, types, etc., are consistent and according to CONTRIBUTION.md -
This feature/change has adequate documentation added -
No obvious mistakes in the code