[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: matrixssl

Hi Brian,
On Thu, Sep 01, 2016 at 05:41:19PM +1000, Brian May wrote:
> Guido Günther <agx@sigxcpu.org> writes:
> 
> > There are exploits mentioned in the paper. I think we should test them
> > before releasing a DLA.
> 
> What paper are you referring to here?
> 
> There is the blog post here:
> 
> https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html
> 
> However I don't see any exploits mentioned.

It has a link:

"I created a patch against openssl that allows to test this." ->
https://github.com/hannob/bignum-fuzz/blob/master/openssl-break-rsa-values.diff

This allows to crash the matrix ssl server.

> Maybe you know of some other document?

No, just the above which I found quiet helpful.
Cheers,
 -- Guido
Reply to: