Re: matrixssl
Hi Brian,
On Thu, Sep 01, 2016 at 05:41:19PM +1000, Brian May wrote:
> Guido Günther <agx@sigxcpu.org> writes:
>
> > There are exploits mentioned in the paper. I think we should test them
> > before releasing a DLA.
>
> What paper are you referring to here?
>
> There is the blog post here:
>
> https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html
>
> However I don't see any exploits mentioned.
It has a link:
"I created a patch against openssl that allows to test this." ->
https://github.com/hannob/bignum-fuzz/blob/master/openssl-break-rsa-values.diff
This allows to crash the matrix ssl server.
> Maybe you know of some other document?
No, just the above which I found quiet helpful.
Cheers,
-- Guido
Reply to: