Fwd: Potential Crypto++ security bug against AES hardening and timing attacks
41 views
Skip to first unread message
Jeffrey Walton
Apr 7, 2016, 8:02:51 PM4/7/16
to Crypto++ Users List
FYI... This was sent to our package maintainers.
---------- Forwarded message ----------
From: Jeffrey Walton <nolo...@gmail.com>
Date: Thu, Apr 7, 2016 at 7:22 PM
Subject: Re: Potential Crypto++ security bug against AES hardening and
timing attacks
To: ...
Hi Everyone,
We checked in the fix for the issue at:
* http://github.com/weidai11/cryptopp/commit/9f335d719ebc27f58251559240de0077ec42c583
We also picked up the improvement for constant propagation:
* http://github.com/weidai11/cryptopp/commit/50e5c14c18671726d23479b5e0cadc4224100259
We have not received feedback on the imperativeness of a CVE, so we
are going to handle this as a normal bug fix.
Jeff
On Wed, Apr 6, 2016 at 4:35 PM, Jeffrey Walton <nolo...@gmail.com> wrote:
> Hi Everyone,
>
> We are tracking a potential security bug in Crypto++. The issue was
> reported at http://github.com/weidai11/cryptopp/issues/146.
>
> The bug is due to the optimizer discarding some code that was intended
> to harden AES against some side channel attacks. Its hard to gauge
> impact, but I'm guessing it could leave to key recovering in some
> circumstances.
>
> We will have a patch shortly.
>
> If it merits a CVE, then we will likely release Crypto++ 5.6.4 in the
> next 15 to 30 days. I'm waiting to hear back from some Red Hat folks
> on the need for a CVE.
>
> László - any thoughts on a CVE from Debian's perspective?
---------- Forwarded message ----------
From: Jeffrey Walton <nolo...@gmail.com>
Date: Thu, Apr 7, 2016 at 7:22 PM
Subject: Re: Potential Crypto++ security bug against AES hardening and
timing attacks
To: ...
Hi Everyone,
We checked in the fix for the issue at:
* http://github.com/weidai11/cryptopp/commit/9f335d719ebc27f58251559240de0077ec42c583
We also picked up the improvement for constant propagation:
* http://github.com/weidai11/cryptopp/commit/50e5c14c18671726d23479b5e0cadc4224100259
We have not received feedback on the imperativeness of a CVE, so we
are going to handle this as a normal bug fix.
Jeff
On Wed, Apr 6, 2016 at 4:35 PM, Jeffrey Walton <nolo...@gmail.com> wrote:
> Hi Everyone,
>
> We are tracking a potential security bug in Crypto++. The issue was
> reported at http://github.com/weidai11/cryptopp/issues/146.
>
> The bug is due to the optimizer discarding some code that was intended
> to harden AES against some side channel attacks. Its hard to gauge
> impact, but I'm guessing it could leave to key recovering in some
> circumstances.
>
> We will have a patch shortly.
>
> If it merits a CVE, then we will likely release Crypto++ 5.6.4 in the
> next 15 to 30 days. I'm waiting to hear back from some Red Hat folks
> on the need for a CVE.
>
> László - any thoughts on a CVE from Debian's perspective?
Jeffrey Walton
Apr 11, 2016, 3:00:50 AM4/11/16
to Crypto++ Users List
FYI... It looks like the CVE was assigned, so we will be pushing 5.6.4 shortly.
On Mon, Apr 11, 2016 at 2:41 AM, Jeffrey Walton <nolo...@gmail.com> wrote:
> On Mon, Apr 11, 2016 at 2:20 AM, László Böszörményi (GCS)
> <g...@debian.org> wrote:
>> Debian/Sid[2], will update (old-)stable releases as well in the
>> afternoon.
>
> OK, thanks.
>
> I'll ramp up for the 5.6.4 release and the extended testing. Expect it
> in roughly 2 to 4 weeks.
>
> We are ahead of the game at the moment because we are clean under
> Compiler Warnings, Valgrind, Enterprise Analysis and Covertiy (Master
> was tested with Valgrind and Coverity earlier tonight).
>
On Mon, Apr 11, 2016 at 2:41 AM, Jeffrey Walton <nolo...@gmail.com> wrote:
> On Mon, Apr 11, 2016 at 2:20 AM, László Böszörményi (GCS)
> <g...@debian.org> wrote:
>> On Fri, Apr 8, 2016 at 1:22 AM, Jeffrey Walton <nolo...@gmail.com> wrote:
>>> We checked in the fix for the issue at:
>>>
>>> * http://github.com/weidai11/cryptopp/commit/9f335d719ebc27f58251559240de0077ec42c583
>>>
>>> We also picked up the improvement for constant propagation:
>>>
>>> * http://github.com/weidai11/cryptopp/commit/50e5c14c18671726d23479b5e0cadc4224100259
>>>
>>> We have not received feedback on the imperativeness of a CVE, so we
>>> are going to handle this as a normal bug fix.
>> The CVE-2016-3995 vulnerability id recently assigned[1]. Fixed for
>>> We checked in the fix for the issue at:
>>>
>>> * http://github.com/weidai11/cryptopp/commit/9f335d719ebc27f58251559240de0077ec42c583
>>>
>>> We also picked up the improvement for constant propagation:
>>>
>>> * http://github.com/weidai11/cryptopp/commit/50e5c14c18671726d23479b5e0cadc4224100259
>>>
>>> We have not received feedback on the imperativeness of a CVE, so we
>>> are going to handle this as a normal bug fix.
>> Debian/Sid[2], will update (old-)stable releases as well in the
>> afternoon.
>
> OK, thanks.
>
> I'll ramp up for the 5.6.4 release and the extended testing. Expect it
> in roughly 2 to 4 weeks.
>
> We are ahead of the game at the moment because we are clean under
> Compiler Warnings, Valgrind, Enterprise Analysis and Covertiy (Master
> was tested with Valgrind and Coverity earlier tonight).
>
Reply all
Reply to author
Forward
0 new messages