OpenSSL vulnerable to the Marvin Attack (CVE-2022-4304)

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. The details of the vulnerability are on the https://people.redhat.com/~hkario/marvin/ page. Script to reproduce it: https://github.com/tlsfuzzer/tlsfuzzer/blob/master/scripts/test-bleichenbacher-timing-pregenerate.py Instructions to the reproducer: https://tlsfuzzer.readthedocs.io/en/latest/timing-analysis.html Credit is acknowledged on the security advisory page: https://www.openssl.org/news/secadv/20230207.txt ## Impact Decryption of captured RSA ciphertexts and signature forgery for endpoints allowing timing of RSA decryption operation (local or remote).