|
|
|
|
|
|
by Nimi
1222 days ago
|
|
|
Is there a writeup describing the exact timing side channel?
The advisory states that the vulnerability affects all RSA padding modes, which seems to imply non-constant-time BigNum operations. However, OpenSSL implemented RSA blinding even before the fix, which is supposed to prevent those class of problems. So this should be interesting :-) (I did find the commit fixing it, but it's huge, and I can't follow the change:
https://github.com/openssl/openssl/commit/b1892d21f8f0435deb... |
|
|