CVE 2023 5992

CVE-2023-5992: Marvin: Side-channel leaks while stripping encryption PKCS#1.5 padding in OpenSC

The OpenSC code handling the PKCS#1.5 encryption padding removal is not implemented in side-channel resistant way, which can lead to decryption of previously captured RSA ciphertexts and forging of signatures based on the timing data.

The code is executed in the common case, where the smart cards implement only raw RSA key operation and the de-padding in decryption case is handled by the OpenSC code.

Affected versions: all before 0.25.0

Fixed with Constant time RSA PKCS#1 v1.5 depadding

b9e1d344df1f850a9b15bce6294f72c1620d0b45
708ce24c6b9f92a9f39bb7accda601b2891304a3
1a6a18c51a1d6239850b61d19aed6424afd4912f
a8ac5930ab8f2da5cb93793d05389761c342f995
32cdab44f6b1e6343f029879a8ab32de4f32743f
1fe1a78610b00b9db83a03396762c72c1371bd02
306dc92bd4d2d74203f53cf3d9ea68c223115375
aa6bf2b65fe432e8f234a132268b79ea54d5d74b
fixes from Coverity issues
- 7309b37eb82496e7324671283a39f9291be09830
- fd80ba7c00bb87f52a63f628509955ccee5b09e4

Originally reported by Hubert Kario (Red Hat)

Independently reported by Michal Shagam and Eyal Ronen (Tel-Aviv University)

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L (5.6)

Warning: Due to attempts to plant malicious links to our wiki, it is no longer open to anyone to edit. If you want to contribute to this, wiki, please open a pull request here: https://github.com/OpenSC/Wiki

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE 2023 5992

CVE-2023-5992: Marvin: Side-channel leaks while stripping encryption PKCS#1.5 padding in OpenSC

Quick Start

User Documentation

Developer Documentation

Clone this wiki locally