Daniel Kahn Gillmor <[email protected]> writes: > I'm experimenting with using valgrind on the testsuite on the debian > platform. on x86_64, testing 3.9.1 as built on debian (debian package > version 3.9.1-2, built and run against libgmp10 debian package > 2:6.3.0+dfsg-2), all valgrind tests succeed except for > rsa-sec-decrypt-test.c. It looks like there are some branch accesses > based on input data. Do you have any recommendations for further > debugging, or steps we should take to improve the situation?
Hi, that's a bug, let me give some background. Valgrind can be used to test for side channel silence, or more precisely, branches or memory addresses depending on secret data, by telling valgrind to treat the secret data as "undefined". I added logic to do that to some tests, including rsa-sec-decrypt-test, automatically enabled if the test is run under valgrind. But then that test was was broken in a later fix to add more input validation. Durign the last few months, I've reorganized and expanding those test to have that needed instrumentation only when tests are run as part of the sc-*-test scripts, and those tests are also run by default if valgrind is available, including by the x86_86 native builds in the ci system. Also, it's possible to hook valgrind into the tests by running make check EMULATOR='valgrind ...' (that will invoke test binaries with valgrind, but not test shell scripts). So my advice would be to either ignore that error, or do further tests on the master branch in the git repo. Then there are some details that are somewhat unclear. For the input validation in rsa_sec_decrypt, since the cryptotext c is presumably known by the attacker, it should not be a problem if the comparison c < n leaks information about it. But then maybe the side-channel test shouldn't mark the cryptotext input as secret at all, only the private key? Regards, /Niels -- Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677. Internet email is subject to wholesale government surveillance. _______________________________________________ nettle-bugs mailing list -- [email protected] To unsubscribe send an email to [email protected]
