Skip to content

Latest commit

 

History

History
34 lines (25 loc) · 1.8 KB

CVE-2023-5992.md

File metadata and controls

34 lines (25 loc) · 1.8 KB

CVE-2023-5992: Marvin: Side-channel leaks while stripping encryption PKCS#1.5 padding in OpenSC

The OpenSC code handling the PKCS#1.5 encryption padding removal is not implemented in side-channel resistant way, which can lead to decryption of previously captured RSA ciphertexts and forging of signatures based on the timing data.

The code is executed in the common case, where the smart cards implement only raw RSA key operation and the de-padding in decryption case is handled by the OpenSC code.

Affected versions: all before 0.25.0

Fixed with Constant time RSA PKCS#1 v1.5 depadding

  • b9e1d344df1f850a9b15bce6294f72c1620d0b45
  • 708ce24c6b9f92a9f39bb7accda601b2891304a3
  • 1a6a18c51a1d6239850b61d19aed6424afd4912f
  • a8ac5930ab8f2da5cb93793d05389761c342f995
  • 32cdab44f6b1e6343f029879a8ab32de4f32743f
  • 1fe1a78610b00b9db83a03396762c72c1371bd02
  • 306dc92bd4d2d74203f53cf3d9ea68c223115375
  • aa6bf2b65fe432e8f234a132268b79ea54d5d74b
  • fixes from Coverity issues
    • 7309b37eb82496e7324671283a39f9291be09830
    • fd80ba7c00bb87f52a63f628509955ccee5b09e4

Originally reported by Hubert Kario (Red Hat)

Independently reported by Michal Shagam and Eyal Ronen (Tel-Aviv University)

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L (5.6)