Lib.rs

RSA › Reviews
RUSTSEC-2023-0071 on 2023-11-22: Marvin Attack: potential key recovery through timing sidechannels

Impact

Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key.

Patches

No patch is yet available, however work is underway to migrate to a fully constant-time implementation.

Workarounds

The only currently available workaround is to avoid using the rsa crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer is fine.

References

This vulnerability was discovered as part of the "Marvin Attack", which revealed several implementations of RSA including OpenSSL had not properly mitigated timing sidechannel attacks.

https://people.redhat.com/~hkario/marvin/

CVE-2023-49092

GHSA-c38w-74pg-36hr

GHSA-4grx-2x9w-596c

This review is from cargo-vet. To add your review, set up cargo-vet and submit your URL to its registry.

The current version of RSA is 0.10.0-pre.1.

cargo-vet does not verify reviewers' identity. You have to fully trust the source the audits are from.

unknown

May have been packaged automatically without a review

Lib.rs has been able to verify that all files in the crate's tarball are in the crate's repository. Please note that this check is still in beta, and absence of this confirmation does not mean that the files don't match.

Crates in the crates.io registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories, so there is a possibility that published crates have a misleading repository URL, or contain different code from the code in the repository.

To review the actual code of the crate, it's best to use cargo crev open rsa. Alternatively, you can download the tarball of rsa v0.10.0-pre.1 or view the source online.