[prev in list] [next in list] [prev in thread] [next in thread] 

List:       libressl
Subject:    Re: Possible Side-Channel Attack
From:       Ridwan Shariffdeen <rshariffdeen () gmail ! com>
Date:       2018-08-03 11:56:27
Message-ID: CAPa9oWXCh7Ke_2vCwrzcUr4mTmpKJdRWkLxgN4TF_wQ8gRbvdQ () mail ! gmail ! com
[Download RAW message or body]

Thanks for the info.

On Fri, Aug 3, 2018 at 7:04 PM Joel Sing <joel@sing.id.au> wrote:

> On Friday 03 August 2018 16:46:00 Ridwan Shariffdeen wrote:
> > Hi,
> >
> > A new issue in OpenSSL has been reported using CVE-2018-0737, of a
> > possibility of a side channel attack in RSA key generation. More
> > information at https://securitytracker.com/id/1040685
> >
> > Looking at the source code in both OpenSSL and LibreSSL it seems to be
> this
> > is applicable for LibreSSL as well.
> >
> > This is the patch for OpenSSL:
> >
> https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6939eab03a6e23d
> > 2bd2c3f5e34fe1d48e542e787
> >
> > Please confirm if this is valid
>
> We fixed this issue in LibreSSL back in January 2017, when it was first
> reported
> to us. The way in which it was fixed was by switching all internal
> operations
> with BIGNUMs to use constant time operations, regardless of the
> BN_FLG_CONSTTIME flag. Some of the related commits are:
>
>
> https://github.com/libressl-portable/openbsd/commit/17b1f1ce28ae8bc5a873951ad6c8aa564b68c0ab
>
> https://github.com/libressl-portable/openbsd/commit/952c1252f58f5f57227f5efaeec0169759c77d72
>
> This change/approach has effectively made us immune to these kinds of
> issues
> (forgetting to set BN_FLG_CONSTTIME has happened numerous times in the
> OpenSSL
> codebase).
>
> Further details are available in the mail that Billy Brumley sent to the
> oss-
> security list earlier this year:
>
>   http://www.openwall.com/lists/oss-security/2018/04/16/3
>
[prev in list] [next in list] [prev in thread] [next in thread]