summary refs log tree commit diff stats
path: root/gitlab/issues_text/target_missing/host_missing/accel_missing/2946
diff options
context:
space:
mode:
Diffstat (limited to 'gitlab/issues_text/target_missing/host_missing/accel_missing/2946')
-rw-r--r--gitlab/issues_text/target_missing/host_missing/accel_missing/294610
1 files changed, 0 insertions, 10 deletions
diff --git a/gitlab/issues_text/target_missing/host_missing/accel_missing/2946 b/gitlab/issues_text/target_missing/host_missing/accel_missing/2946
deleted file mode 100644
index 953717b95..000000000
--- a/gitlab/issues_text/target_missing/host_missing/accel_missing/2946
+++ /dev/null
@@ -1,10 +0,0 @@
-crypto/aes.c (used for emulating aes instructions) has a timing side-channel
-Description of problem:
-https://gitlab.com/qemu-project/qemu/-/blob/a9cd5bc6399a80fcf233ed0fffe6067b731227d8/crypto/aes.c#L1021
-
-much of the code in crypto/aes.c accesses memory arrays where the array index is based on the secret data being encrypted/decrypted. because of cpu caches and other things that can delay memory accesses based on their address, this is a timing side-channel, potentially allowing leaking secrets over a network based on timing how long cryptography operations take.
-
-compare to openssl which uses an algorithm where its execution time doesn't depend on the data being processed:
-https://github.com/openssl/openssl/commit/0051746e03c65f5970d8ca424579d50f58a877e0
-
-I initially reported this as a security issue, but was told that since it's only used by TCG, it isn't a security issue, since TCG isn't considered secure.