[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security update of nettle



Hi Niels

Thank you for the information.

// Ola

On Tue, Aug 9, 2016 at 3:32 PM, Niels Möller <nisse@lysator.liu.se> wrote:
> Ola Lundqvist <ola@inguza.com> writes:
>
>> However I was referring to the side-channel problem that was reported
>> in the CVE and not to the unintended side-effect of the correction.
>
> I see.
>
>> Do you know a way to trigger the problem reported in the CVE, please
>> let me know.
>
> I'm afraid it's not so easy.
>
> One approach is to try some attack tool to attack another process via
> the cache, but I'd expect that to be a little research project to set
> up.
>
> Another approach is to use valgrind. Insert valgrind annotations to mark
> the secret exponent as uninitialized data prior to calling the
> supposedly side-channel-silent operation. Then valgrind's memchecker
> will complain on unsafe instructions, nameley branches and memory
> addresses depending on the secret, and these are precisely the
> operations that may leak via timing or via the cache. One would also
> need to mark the output areas as valid and defined at the end of the
> signature functions. Unfortunately, one might get some warnings even
> after the fix, it probably doesn't make the computation *completely*
> silent.
>
> Regards,
> /Niels
>
> --
> Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
> Internet email is subject to wholesale government surveillance.



-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola@inguza.com                    Folkebogatan 26            \
|  opal@debian.org                   654 68 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------


Reply to: