GNU bug report logs - #31831
CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto Libraries

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Thu, 14 Jun 2018 19:24:02 UTC

Severity: normal

Tags: security

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: bug-guix <at> gnu.org
Subject: CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto Libraries
Date: Thu, 14 Jun 2018 15:22:11 -0400

[Message part 1 (text/plain, inline)]
Recently a new side-channel key extraction technique was published as
CVE-2018-0495, and it affects a lot of the cryptographic libraries we
package:

https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/?style=Cyber+Security

An excerpt from that advisory:

------
We analyzed the source code of several open source cryptographic
libraries to see if they contain the vulnerable code pattern in the code
for ECDSA, DSA, or both. This list is accurate to the best of our
knowledge, but it is not exhaustive. Only the first group was affected
by this finding; the other three groups are not thought to be
vulnerable.

Contains vulnerable pattern: CryptLib (Both), LibreSSL (Both), Mozilla
NSS (Both), Botan (ECDSA), OpenSSL (ECDSA), WolfCrypt (ECDSA), Libgcrypt
(ECDSA), LibTomCrypt (ECDSA), LibSunEC (ECDSA), MatrixSSL (ECDSA),
BoringSSL (DSA)

Non-constant math, but different pattern: BouncyCastle, Crypto++, Golang
crypto/tls, C#/Mono, mbedTLS, Trezor Crypto, Nettle (DSA)

Constant time-math: Nettle (ECDSA), BearSSL, Libsecp256k1

Does not implement either: NaCl
------

Note that libtomcrypt is bundled in the Dropbear SSH implementation.

I'm going to test the libgcrypt update now.

I'd like for other Guix hackers to "claim" an affected package in this
thread, and then investigate and test the fixes. Please make new debbugs
tickets on guix-patches for each bug-fix patch you propose, and send the
links to those tickets here.

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 6 years and 84 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.