> Researchers have discovered a timing attack on RSA keys, to which > OpenSSL is generally vulnerable, unless RSA blinding has been turned > on. > > Typically, it will not have been, because it is not easily possible to > do so when using OpenSSL to provide SSL or TLS. ... That 'not easily possible part' is definately true... I'm trying to create a patch for Stunnel that will do this in the case where someone needs to use an older version of OpenSSL for whatever reason. RSA_blinding_on is easy to set if you have access to the RSA key itself. However Stunnel uses the SSL_use_RSA_PrivateKey_file function to read the key. This function creates an RSA which it passed to SSL_use_RSAPrivateKey, but I don't see any good way to get access to that RSA data outside of the OpenSSL code itself. (If I'm reading things right, the RSA struct ends up stuck into an EVP_PKEY inside the cert_str struct inside the SSL/CTX, and it's deep enough that there seems no easy public way to get at it any more.) Does anyone have any method aside from mods to OpenSSL itself to get at the RSA that needs blinding? I'd rather not reimplement SSL_use_RSA_PrivateKEY_file s.t. I have access to the RSA struct before I send it to SSL_use_RSAPrivateKey. -- Brian Hatch Ask me about Systems and microwaving cats Security Engineer for fun and profit. http://www.ifokr.org/bri/ Every message PGP signed
pgp00000.pgp
Description: PGP signature
