1 files changed, 40 insertions, 0 deletions

diff --git a/results/classifier/118/none/2946 b/results/classifier/118/none/2946
new file mode 100644
index 00000000..d826b4d2
--- /dev/null
+++ b/results/classifier/118/none/2946
@@ -0,0 +1,40 @@
+graphic: 0.762
+network: 0.728
+device: 0.599
+semantic: 0.394
+TCG: 0.371
+vnc: 0.305
+architecture: 0.277
+ppc: 0.258
+i386: 0.239
+x86: 0.238
+mistranslation: 0.217
+permissions: 0.216
+socket: 0.194
+files: 0.189
+performance: 0.185
+register: 0.134
+PID: 0.133
+VMM: 0.109
+debug: 0.105
+risc-v: 0.100
+boot: 0.090
+virtual: 0.071
+arm: 0.069
+peripherals: 0.062
+user-level: 0.061
+hypervisor: 0.059
+KVM: 0.056
+kernel: 0.043
+assembly: 0.018
+
+crypto/aes.c (used for emulating aes instructions) has a timing side-channel
+Description of problem:
+https://gitlab.com/qemu-project/qemu/-/blob/a9cd5bc6399a80fcf233ed0fffe6067b731227d8/crypto/aes.c#L1021
+
+much of the code in crypto/aes.c accesses memory arrays where the array index is based on the secret data being encrypted/decrypted. because of cpu caches and other things that can delay memory accesses based on their address, this is a timing side-channel, potentially allowing leaking secrets over a network based on timing how long cryptography operations take.
+
+compare to openssl which uses an algorithm where its execution time doesn't depend on the data being processed:
+https://github.com/openssl/openssl/commit/0051746e03c65f5970d8ca424579d50f58a877e0
+
+I initially reported this as a security issue, but was told that since it's only used by TCG, it isn't a security issue, since TCG isn't considered secure.