Fix Timing Oracle in RSA decryption
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. Patch written by Dmitry Belyavsky and Hubert Kario CVE-2022-4304 Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> Signed-off-by: Ncode4lala <fengziteng2@huawei.com> Change-Id: Ib81f15484fa3374bf5f50baece50bb36d105d6d7
Showing
crypto/bn/rsa_sup_mul.c
0 → 100644
想要评论请 注册 或 登录