1 files changed, 22 insertions, 0 deletions

diff --git a/gitlab/issues/target_missing/host_missing/accel_missing/2946.toml b/gitlab/issues/target_missing/host_missing/accel_missing/2946.toml
new file mode 100644
index 00000000..8aeac10c
--- /dev/null
+++ b/gitlab/issues/target_missing/host_missing/accel_missing/2946.toml
@@ -0,0 +1,22 @@
+id = 2946
+title = "crypto/aes.c (used for emulating aes instructions) has a timing side-channel"
+state = "opened"
+created_at = "2025-05-02T07:29:06.756Z"
+closed_at = "n/a"
+labels = ["Build System", "Cryptography"]
+url = "https://gitlab.com/qemu-project/qemu/-/issues/2946"
+host-os = "any"
+host-arch = "any"
+qemu-version = "a9cd5bc6399a80fcf233ed0fffe6067b731227d8"
+guest-os = "n/a"
+guest-arch = "x86 or arm, maybe more..."
+description = """https://gitlab.com/qemu-project/qemu/-/blob/a9cd5bc6399a80fcf233ed0fffe6067b731227d8/crypto/aes.c#L1021
+
+much of the code in crypto/aes.c accesses memory arrays where the array index is based on the secret data being encrypted/decrypted. because of cpu caches and other things that can delay memory accesses based on their address, this is a timing side-channel, potentially allowing leaking secrets over a network based on timing how long cryptography operations take.
+
+compare to openssl which uses an algorithm where its execution time doesn't depend on the data being processed:
+https://github.com/openssl/openssl/commit/0051746e03c65f5970d8ca424579d50f58a877e0
+
+I initially reported this as a security issue, but was told that since it's only used by TCG, it isn't a security issue, since TCG isn't considered secure."""
+reproduce = "n/a"
+additional = "n/a"