Feed Advanced Search

Jun 2 2020

werner closed T4541: C implementation of AES is vulnerable to side-channel attacks as Wontfix.

As of now we doubt that the proposed patch helps and we even fear that it could make things worst. Thus, as long as there is we have no description of an attack we won't do anything about it.

Jun 2 2020, 10:29 AM · side-channel, libgcrypt, Bug Report

Sep 1 2019

olf added a comment to T4541: C implementation of AES is vulnerable to side-channel attacks.

... https://lists.gnupg.org/pipermail/gcrypt-devel/2019-July/004760.html

Sep 1 2019, 11:33 PM · side-channel, libgcrypt, Bug Report

Jul 10 2019

werner added a comment to T4541: C implementation of AES is vulnerable to side-channel attacks.

Check out the mailing list gcrypt-devel@

Jul 10 2019, 7:23 PM · side-channel, libgcrypt, Bug Report
ware added a comment to T4541: C implementation of AES is vulnerable to side-channel attacks.

Folks, I was just wondering if I could get an update on where we are with this bug. It seems we aren't sure if it's a real issue or not. What's the latest thought?

Jul 10 2019, 7:17 PM · side-channel, libgcrypt, Bug Report

Jun 23 2019

slandden added a comment to T4541: C implementation of AES is vulnerable to side-channel attacks.

Werner, I interpreted jwilik's patch as admission of a problem from upstream, and reported it as such to CVE. I felt that since this does not effect the main platforms (ARM and x86_64) it would not be a big deal. If I interpreted wrong, I am sorry.

Jun 23 2019, 7:52 PM · side-channel, libgcrypt, Bug Report
slandden added a comment to T4541: C implementation of AES is vulnerable to side-channel attacks.

I assigned the CVE, but yes it needs more facts.

Jun 23 2019, 5:48 PM · side-channel, libgcrypt, Bug Report
werner added a comment to T4541: C implementation of AES is vulnerable to side-channel attacks.

Andreas, I wonder on which grounds you assigned a CVE for this claimed side-channel attack. The mentioned paper is about an old RSA side-channel and not on AES. I would like to see more facts than the reference to a guy who knows PPC pretty well.

Jun 23 2019, 5:45 PM · side-channel, libgcrypt, Bug Report

Jun 22 2019

ametzler1 added a comment to T4541: C implementation of AES is vulnerable to side-channel attacks.

This bug has been assigned CVE-2019-12904. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12904

Jun 22 2019, 6:36 AM · side-channel, libgcrypt, Bug Report

Jun 6 2019

slandden updated the task description for T4541: C implementation of AES is vulnerable to side-channel attacks.
Jun 6 2019, 6:40 PM · side-channel, libgcrypt, Bug Report
jukivili added a commit to T4541: C implementation of AES is vulnerable to side-channel attacks: rCa4c561aab101: GCM: move look-up table to .data section and unshare between processes.
Jun 6 2019, 6:28 PM · side-channel, libgcrypt, Bug Report
jukivili added a commit to T4541: C implementation of AES is vulnerable to side-channel attacks: rCdaedbbb5541c: AES: move look-up tables to .data section and unshare between processes.
Jun 6 2019, 6:28 PM · side-channel, libgcrypt, Bug Report

May 30 2019

slandden updated the task description for T4541: C implementation of AES is vulnerable to side-channel attacks.
May 30 2019, 3:46 PM · side-channel, libgcrypt, Bug Report

May 29 2019

werner added a project to T4541: C implementation of AES is vulnerable to side-channel attacks: side-channel.
May 29 2019, 8:29 AM · side-channel, libgcrypt, Bug Report
werner set the color for side-channel to Grey.
May 29 2019, 8:29 AM