request for TLBleed information / non-constant-time vulnerabilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Good afternoon,
Our team is trying to get an accurate understanding of whether or not cryptographic libraries are vulnerable to the kind of non-constant-time attack used by exploits such as the one recently documented here: https://www.vusec.net/wp-content/uploads/2018/07/tlbleed-author-preprint.pdf
Unfortunately, Intel has not provided much guidance in this area but has indicated that software mitigation can and should be implemented by libraries like OpenSSL. We're also not currently aware of any open CVEs or embargos active for this particular side-channel attack. 

Any help or guidance would be appreciated.

Can the openssl community comment on this?

Thanks!

--
/*
 * Michael R. Hines
 * Staff Engineer, DigitalOcean.
 */

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux