Stunnel.org  
   
Home
About
News
Faq
Examples
Download
Patches
Support
Related
<Patch List> <Patch Directory>
Patch info for openssl-rsablinding

Patch info for openssl-rsablinding

CreatorOpenSSL Development Team
Patch to Version4.04
TypeBugfix
Patchopenssl-rsablinding.patch
Description

(Full Text)

This is a patch to OpenSSL versions 0.9.7a and earlier, and 0.9.6i and earlier. It forces RSA blinding, which can defeat a recently discovered timing attack that could allow a cracker to brute force your private RSA keys. You do not need this if you use Stunnel 4.05 or later, or OpenSSL-0.9.7b or later or OpenSSL-0.9.6j or later.

Author Comments



WARNING WARNING WARNING WARNING

This patch may or may not be thread safe.  It may or may
not cause unexplained errors throughout your running program.
See http://marc.theaimsgroup.com/?l=openssl-users&m=104975783631697&w=2
for one note about it's potential non-thread-safe nature.

WARNING WARNING WARNING WARNING


Date: Mon, 17 Mar 2003 08:47:01 +0000
From: Ben Laurie <ben@algroup.co.uk>
Subject: [ADVISORY] Timing Attack on OpenSSL



OpenSSL v0.9.7a and 0.9.6i vulnerability
----------------------------------------

Researchers have discovered a timing attack on RSA keys, to which
OpenSSL is generally vulnerable, unless RSA blinding has been turned
on.

Typically, it will not have been, because it is not easily possible to
do so when using OpenSSL to provide SSL or TLS.

The enclosed patch switches blinding on by default. Applications that
wish to can remove the blinding with RSA_blinding_off(), but this is
not generally advised. It is also possible to disable it completely by
defining OPENSSL_NO_FORCE_RSA_BLINDING at compile-time.

The performance impact of blinding appears to be small (a few
percent).

This problem affects many applications using OpenSSL, in particular,
almost all SSL-enabled Apaches. You should rebuild and reinstall
OpenSSL, and all affected applications.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0147 to this issue.

We strongly advise upgrading OpenSSL in all cases, as a precaution.

This website makes patches available for use by the Internet community. However it does not endorse any of the patches contained herein. They could be work perfectly, or totally foul up everything. We don't know. Contact the authors if you have any questions. Use at your own risk.

The Stunnel software package does not contain any cryptography itself, however please remember that import and/or export of cryptographic software, code providing hooks to cryptographic algorithms, and discussion about cryptography is illegal in some countries. It is imperative for you to know your local laws governing cryptography. We're not liable for anything you do that violates your local laws.