projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 96e77bd) | patch
Fix Timing Oracle in RSA decryption
authorDmitry Belyavskiy <beldmit@gmail.com>
Wed, 30 Nov 2022 13:48:40 +0000 (14:48 +0100)
committerTomas Mraz <tomas@openssl.org>
Tue, 7 Feb 2023 16:05:10 +0000 (17:05 +0100)
commitb1892d21f8f0435deb0250f24a97915dc641c807
tree2eadabfbdecbb72afcccf2bb71fbbfced32058e4tree | snapshot
parent96e77bd32786209a7c7975eb8aedd6485b79e4e0commit | diff
Fix Timing Oracle in RSA decryption

A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext across
a network in a Bleichenbacher style attack. To achieve a successful
decryption an attacker would have to be able to send a very large number
of trial messages for decryption. The vulnerability affects all RSA
padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.

Patch written by Dmitry Belyavsky and Hubert Kario

CVE-2022-4304

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
crypto/bn/bn_blind.c diff | blob | history
crypto/bn/bn_local.h diff | blob | history
crypto/bn/build.info diff | blob | history
crypto/bn/rsa_sup_mul.c [new file with mode: 0644] blob
crypto/rsa/rsa_ossl.c diff | blob | history
include/crypto/bn.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.