[Cryptography] Montgomery multiplication bug in OpenSSL?

Ben Laurie ben at links.org
Mon Dec 7 06:36:50 EST 2015

On Sun, 6 Dec 2015 at 23:43 Hanno Böck <hanno at hboeck.de> wrote:

> On Sun, 6 Dec 2015 18:07:09 -0500
> "Perry E. Metzger" <perry at piermont.com> wrote:
> > The latest OpenSSL security announcement alluded to a bug in carries
> > in the Montgomery multiplication code. This is a sufficiently
> > unusual security bug in cryptographic code that it piqued my
> > interest. Does anyone know details that they're willing to share with
> > the list, both about the bug itself and what the likely implications
> > are?
> I'm the one who discovered this bug. Here's a writeup:
> https://blog.fuzzing-project.org/31-Fuzzing-Math-miscalculations-in-OpenSSLs-BN_mod_exp-CVE-2015-3193.html
> It is still an open question whether this is really exploitable. The DH
> case seems to be the most plausible exploit scenario.
> Also I have reason to believe this is not that unusual. We already had
> a bug in BN_sqr earlier this year. I think testing bignum libraries is
> something that needs to be done more thoroughly.

Another data point: many years ago I found a bug in BN_div() - the
manifestation of the bug was that a particular proven prime tested as
non-prime. The underlying reason was that there's an edge case where a
"digit" is all 1s which was not correctly handles. All 1 digits do not
occur at all often in random numbers and in any case, discarding the
occasional random prime isn't that much of a problem, but this proven prime
was full of them.

> --
> Hanno Böck
> http://hboeck.de/
> mail/jabber: hanno at hboeck.de
> GPG: BBB51E42
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151207/89d509f9/attachment.html>

More information about the cryptography mailing list