projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1dc2ae4) | patch
Fix Timing Oracle in RSA decryption
authorMatt Caswell <matt@openssl.org>
Fri, 20 Jan 2023 15:26:54 +0000 (15:26 +0000)
committerRichard Levitte <levitte@openssl.org>
Fri, 3 Feb 2023 10:22:47 +0000 (11:22 +0100)
commit43d8f88511991533f53680a751e9326999a6a31f
tree2305f02c7dab288ccb92f1eab92544e2c7301927tree | snapshot
parent1dc2ae414f8e34e957c41ac5933d9a033305501dcommit | diff
Fix Timing Oracle in RSA decryption

A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext across
a network in a Bleichenbacher style attack. To achieve a successful
decryption an attacker would have to be able to send a very large number
of trial messages for decryption. The vulnerability affects all RSA
padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.

Patch written by Dmitry Belyavsky and Hubert Kario

CVE-2022-4304

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
crypto/bn/bn_blind.c diff | blob | history
crypto/bn/bn_err.c diff | blob | history
crypto/bn/bn_local.h diff | blob | history
crypto/bn/build.info diff | blob | history
crypto/bn/rsa_sup_mul.c [new file with mode: 0644] blob
crypto/err/openssl.txt diff | blob | history
crypto/rsa/rsa_ossl.c diff | blob | history
include/crypto/bn.h diff | blob | history
include/openssl/bnerr.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.