Update: Fixed in 1.1
Background
MatrixSSL does not currently support RSA Blinding, a technique used to combat a specific timing attack against the RSA math operations. Information on the RSA timing attack is available in this PDF. The attack works by sending millions of specific handshake messages to an SSL server and measuring the response times. If network latency variations are low, the time taken to do the RSA operation on each handshake can be used to statistically determine the RSA private key.
Solution
The most well regarded solution for this issue is to "blind" the operation by including a calculation based on random data for each RSA operation. This will make it impossible to guess the keys based on timing the operation. We are looking to provide this solution on a future MatrixSSL release.
Workarounds
In the short term, a workaround that is suitable for many embedded devices is to throttle the number of SSL connections per second to limit the number of attack messages that can be sent. Alternately, forcing the response time for the handshake message to, for example, 100ms can provide blinding as well.
We've released a minor update to 1.0. Support has been added for validation of X.509 certificates with serial numbers using more than 32 bits, improving compatibility with more certificates. This change affects the public sslCertInfo_t structure serialNumber field type and adds a new element, serialNumberLen to the structure.
