You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are multiple places where an RSA private-key is encoded or decoded with Base64 using standard Swift library functions. Since these functions do not guarantee constant-time processing of the input, there is a potential side-channel that may leak information about the private-key.
I did not investigate the code thoroughly, but here are the potentially insecure uses I found at first glance:
There are multiple places where an RSA private-key is encoded or decoded with Base64 using standard Swift library functions. Since these functions do not guarantee constant-time processing of the input, there is a potential side-channel that may leak information about the private-key.
I did not investigate the code thoroughly, but here are the potentially insecure uses I found at first glance:
https://github.com/IBM-Swift/BlueRSA/blob/9435e102af2838aa29c1f52a843ee1886876c379/Sources/CryptorRSA/CryptorRSAKey.swift#L392
https://github.com/IBM-Swift/BlueRSA/blob/9435e102af2838aa29c1f52a843ee1886876c379/Sources/CryptorRSA/CryptorRSAKey.swift#L631
https://github.com/IBM-Swift/BlueRSA/blob/9435e102af2838aa29c1f52a843ee1886876c379/Sources/CryptorRSA/CryptorRSAKey.swift#L676
https://github.com/IBM-Swift/BlueRSA/blob/9435e102af2838aa29c1f52a843ee1886876c379/Sources/CryptorRSA/CryptorRSAKey.swift#L739
The text was updated successfully, but these errors were encountered: