Security update of nettle
Ola Lundqvist
ola at inguza.com
Tue Aug 9 13:47:37 UTC 2016
Hi Niels
Thank you for the information.
// Ola
On Tue, Aug 9, 2016 at 3:32 PM, Niels Möller <nisse at lysator.liu.se> wrote:
> Ola Lundqvist <ola at inguza.com> writes:
>
>> However I was referring to the side-channel problem that was reported
>> in the CVE and not to the unintended side-effect of the correction.
>
> I see.
>
>> Do you know a way to trigger the problem reported in the CVE, please
>> let me know.
>
> I'm afraid it's not so easy.
>
> One approach is to try some attack tool to attack another process via
> the cache, but I'd expect that to be a little research project to set
> up.
>
> Another approach is to use valgrind. Insert valgrind annotations to mark
> the secret exponent as uninitialized data prior to calling the
> supposedly side-channel-silent operation. Then valgrind's memchecker
> will complain on unsafe instructions, nameley branches and memory
> addresses depending on the secret, and these are precisely the
> operations that may leak via timing or via the cache. One would also
> need to mark the output areas as valid and defined at the end of the
> signature functions. Unfortunately, one might get some warnings even
> after the fix, it probably doesn't make the computation *completely*
> silent.
>
> Regards,
> /Niels
>
> --
> Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
> Internet email is subject to wholesale government surveillance.
--
--- Inguza Technology AB --- MSc in Information Technology ----
/ ola at inguza.com Folkebogatan 26 \
| opal at debian.org 654 68 KARLSTAD |
| http://inguza.com/ Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
More information about the Pkg-gnutls-maint
mailing list