An Empirical Study Measuring In-The-Wild Cryptographic Microarchitectural Side-Channel Patches

Patching microarchitectural side channels in real-world cryptographic software is a challenging task that does not always result in efficient and secure patches. Despite the continuous efforts of researchers and developers, the security and performance of microarchitectural side-channel patches have not been comprehensively studied before. To systematically study this patching effort, this paper conducts the first measurement study on in-the-wild side-channel patches, yielding the SideBench dataset comprising 165 patches from three mainstream cryptographic libraries (OpenSSL, WolfSSL, and MbedTLS), and offering an automated analysis tool, SideEval, tailored to analyze side-channel patches through a combination of dynamic taint analysis and static symbolic execution. Our analysis reveals that even among patches written by experienced developers, 25 are insecure, leaving residual side-channel leakages potentially unnoticed by developers for years. Furthermore, some patches rashly issued to fix one microarchitectural side channel may inadvertently open new leakages against other side-channel models. We also observed that patches in different cryptographic libraries, even when fixing the same code pattern, can incur drastically different overheads, varying from 10% to 170%. Additionally, our measurements show that recent rule-based and large language model (LLM)-based automated patching tools are not as secure as expected. We summarize our findings and provide insights for developers to fix side channels securely and efficiently.