[Pkg-openssl-devel] openssl 1.0.0e vulnerability

Florian Weimer fw at deneb.enyo.de
Thu Oct 6 12:23:31 UTC 2011


* Julian Gilbey:

> In the file crypto/rsa/rsa_eay.c, at line 850, if the CRT-based
> modular exponentiation has failed, a second attempt is tried using
> bn_mod_exp (line 862 or 866).  However, the results of this attempt
> are NOT then verified.  The paper then describes how this weakness can
> be exploited.

IIRC, this requires faulty hardware, on a very thin line where the
system still mostly works, but the modular exponentiation fail
nevertheless.  This seems rather unlikely.  In addition, such an
attack wouldn't work against TLS servers because they do not perform
RSA signing.

I always thought that this paper was a great compliment to the OpenSSL
authors---usually, you don't have to resort to faulty hardware to
uncover security issues. 8-)



More information about the Pkg-openssl-devel mailing list