blob: d826b4d20ba62df494c0e365e643d7abc7be4ff6 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
graphic: 0.762
network: 0.728
device: 0.599
semantic: 0.394
TCG: 0.371
vnc: 0.305
architecture: 0.277
ppc: 0.258
i386: 0.239
x86: 0.238
mistranslation: 0.217
permissions: 0.216
socket: 0.194
files: 0.189
performance: 0.185
register: 0.134
PID: 0.133
VMM: 0.109
debug: 0.105
risc-v: 0.100
boot: 0.090
virtual: 0.071
arm: 0.069
peripherals: 0.062
user-level: 0.061
hypervisor: 0.059
KVM: 0.056
kernel: 0.043
assembly: 0.018
crypto/aes.c (used for emulating aes instructions) has a timing side-channel
Description of problem:
https://gitlab.com/qemu-project/qemu/-/blob/a9cd5bc6399a80fcf233ed0fffe6067b731227d8/crypto/aes.c#L1021
much of the code in crypto/aes.c accesses memory arrays where the array index is based on the secret data being encrypted/decrypted. because of cpu caches and other things that can delay memory accesses based on their address, this is a timing side-channel, potentially allowing leaking secrets over a network based on timing how long cryptography operations take.
compare to openssl which uses an algorithm where its execution time doesn't depend on the data being processed:
https://github.com/openssl/openssl/commit/0051746e03c65f5970d8ca424579d50f58a877e0
I initially reported this as a security issue, but was told that since it's only used by TCG, it isn't a security issue, since TCG isn't considered secure.
|