[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architecture
From:       Marc Deslauriers <marc.deslauriers () canonical ! com>
Date:       2018-11-12 12:24:46
Message-ID: 9bb78f82-8eb4-80c0-2c61-5f3ffd7771e2 () canonical ! com
[Download RAW message or body]

On 2018-11-12 4:34 a.m., Billy Brumley wrote:
> > > If you are a package maintainer, and are putting together a patch set
> > > for this, please reach out to me. My team can help test.
> > > 
> > <snip>
> > 
> > Could you please confirm the following commits are sufficient to fix CVE-2018-5407?
> 
> Some more technical advice below. Hope it helps!
> 
> BBB
> 
> # 1.0.1
> 
> That is EOL. Try your luck with porting the 1.0.2 solution.
> 
> Shameless self plug: read Section 2
> 
> https://eprint.iacr.org/2018/354
> 
> for a related discussion about EOL issues and security in the context
> of OpenSSL.
> 
> # 1.0.2
> 
> Wait until this gets merged into OpenSSL_1_0_2-stable :
> 
> https://github.com/openssl/openssl/pull/7593
> 
> # 1.1.0 up to and including 1.1.0h
> 
> So I went through the process to patch this myself:
> 
> https://github.com/bbbrumley/openssl/tree/bbb_ecc_fix_110h
> 
> Ofc I have no idea what 1.1.0 version you started with, or what
> patches you're applying. So take this as more of a HOWTO build and
> test your own patchset.
> 
> ## CVE-2018-5407
> 
> git checkout OpenSSL_1_1_0h -b bbb_ecc_fix_110h
> git cherry-pick aab7c770353b1dc4ba045938c8fb446dd1c4531e
> git cherry-pick f06437c751d6f6ec7f4176518e2897f44dd58eb0
> git cherry-pick 33588c930d39d67d1128794dc7c85bae71af24ad
> git cherry-pick f916a735bcdce496cebc7653a8ad2e72b333405a
> git cherry-pick b43ad53119c0ac2ecfa6e4356210ccda57e0d16b
> git cherry-pick 2172133d0dc58256bf776da074c0d1944fef15cb
> git cherry-pick cc39f9250957dfe6e9f1b62a4eca1863e8451483
> git cherry-pick 7b3e775a6a78650bbd3e8e19a5aa12981880402b
> git cherry-pick 5eee95a54de6854e60886c8e662a902184b12d04
> git cherry-pick 875ba8b21ecc65ad9a6bdc66971e50461660fcbb
> git checkout --theirs CHANGES
> git add CHANGES
> git cherry-pick --continue
> git checkout OpenSSL_1_1_0h -- CHANGES
> git add CHANGES
> git commit -m "revert changelog diffs"
> git rebase -i OpenSSL_1_1_0h
> 
> (I skipped 926b21117df939241f1cd63f2f9e3ab87819f0ed because it is not
> related to CVE-2018-5407. See
> 
> https://github.com/openssl/openssl/issues/6302
> 
> For a lengthy discussion. I'm not familiar enough with the issue to
> give advice if you need to pick it up or not.)
> 
> All of them cherry pick cleanly except for the last one, but it's only
> a trivial conflict with the changelog.
> 
> I checked the scalar multiplication code paths in ecdsatest with gdb
> (break ec_mult.c:423), and indeed they are early exiting to the new
> function when signing.
> 
> A lot of new regression testing went into 1.1.1. Some of it was
> backported 1.1.0:
> 
> https://github.com/openssl/openssl/commits/OpenSSL_1_1_0-stable/test
> 
> So I fetched these KATs:
> 
> https://raw.githubusercontent.com/openssl/openssl/23fe5c582a83bce394a3cdf0bc8f6f4f2eb71ebb/test/recipes/30-test_evp_data/evppkey_ecc.txt
>  
> To run those tests, you also need to pick up this bug fix for
> evp_test.c (this is for testing, not part of the CVE-2018-5407 fix) :
> 
> git cherry-pick e35e5941e0b2f7af1cd56f07ee8d4eaf2b445132
> 
> Then rebuilt, and ran
> 
> $ test/evp_test /path/to/evppkey_ecc.txt
> 484 tests completed with 0 errors, 0 skipped
> 
> All of those (positive and negative) tests pass; they are for ECC
> keygen and ECDH. I checked the scalar multiplication code paths with
> gdb (break ec_mult.c:423), and indeed they all early exit to the new
> function.
> 
> ## CVE-2018-0735
> 
> Apply this small fix on top:
> 
> git cherry-pick 56fb454d281a023b3f950d969693553d3f3ceea1
> git cherry-pick 003f1bfd185267cc67ac9dc521a27d7a2af0d0ee
> git rebase -i HEAD~2
> 
> Then ofc rerun all the regression testing ("make test", as well as the
> custom EVP tests described above.)
> 

Thank you very much for the info!

Marc.


[prev in list] [next in list] [prev in thread] [next in thread]