emacs-bug-tracker
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debbugs-tracker] bug#31831: closed (CVE-2018-0495 Key Extraction Side C

From: GNU bug Tracking System
Subject: [debbugs-tracker] bug#31831: closed (CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto Libraries)
Date: Tue, 26 Feb 2019 02:02:02 +0000 
Your message dated Mon, 25 Feb 2019 21:01:08 -0500
with message-id <address@hidden>
and subject line Re: bug#31831: CVE-2018-0495 Key Extraction Side Channel in 
Multiple Crypto Libraries
has caused the debbugs.gnu.org bug report #31831,
regarding CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto Libraries
to be marked as done.

(If you believe you have received this mail in error, please contact
address@hidden)


-- 
31831: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=31831
GNU Bug Tracking System
Contact address@hidden with problems
--- Begin Message --- Subject: CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto Libraries Date: Thu, 14 Jun 2018 15:22:11 -0400 User-agent: Mutt/1.10.0 (2018-05-17) 
Recently a new side-channel key extraction technique was published as
CVE-2018-0495, and it affects a lot of the cryptographic libraries we
package:

https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/?style=Cyber+Security

An excerpt from that advisory:

------
We analyzed the source code of several open source cryptographic
libraries to see if they contain the vulnerable code pattern in the code
for ECDSA, DSA, or both. This list is accurate to the best of our
knowledge, but it is not exhaustive. Only the first group was affected
by this finding; the other three groups are not thought to be
vulnerable.

Contains vulnerable pattern: CryptLib (Both), LibreSSL (Both), Mozilla
NSS (Both), Botan (ECDSA), OpenSSL (ECDSA), WolfCrypt (ECDSA), Libgcrypt
(ECDSA), LibTomCrypt (ECDSA), LibSunEC (ECDSA), MatrixSSL (ECDSA),
BoringSSL (DSA)

Non-constant math, but different pattern: BouncyCastle, Crypto++, Golang
crypto/tls, C#/Mono, mbedTLS, Trezor Crypto, Nettle (DSA)

Constant time-math: Nettle (ECDSA), BearSSL, Libsecp256k1

Does not implement either: NaCl
------

Note that libtomcrypt is bundled in the Dropbear SSH implementation.

I'm going to test the libgcrypt update now.

I'd like for other Guix hackers to "claim" an affected package in this
thread, and then investigate and test the fixes. Please make new debbugs
tickets on guix-patches for each bug-fix patch you propose, and send the
links to those tickets here.

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- Subject: Re: bug#31831: CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto Libraries Date: Mon, 25 Feb 2019 21:01:08 -0500 User-agent: Mutt/1.11.3 (2019-02-01) 
On Mon, Jul 16, 2018 at 01:14:30PM -0400, Leo Famulari wrote:
> There is a new release of Crypto++ available. I'm not sure if this
> addresses whatever issue was mentioned in the original advisory.

Crypto++ was updated to 8.0.0 in January 2019.

https://www.cryptopp.com/release800.html

> mbedTLS's changelog doesn't mention anything related to key extraction
> side channels.

mbedTLS has been updated several times since this bug was opened, and is
currently at 2.16.0.

https://github.com/ARMmbed/mbedtls/blob/fb1972db23da39bd11d4f9c9ea6266eee665605b/ChangeLog

Neither of those upstreams have mentioned CVE-2018-0495, as far as I can
tell. The original advisory said they do not use the vulnerable pattern,
but do use "non-constant math, but different pattern".

Overall, I don't think there is anything left for us to do as a distro
in response to CVE-2018-0495, so I am closing this bug.

Attachment: signature.asc
Description: PGP signature


--- End Message ---
reply via email to
[Prev in Thread] Current Thread [Next in Thread]