Two Vulnerabilities Recently Found, An Attack on RSA using CRT and DoS Vulnerability With DTLS

Attack on RSA CRT:

A recent paper written by Florian Weimer of the Red Hat Product Security group shows a fault attack on RSA. Many cryptographic libraries that perform RSA operations use an optimization called CRT (Chinese Remainder Theorem). The attack is based off of creating a fault during the CRT process, for example; by causing the system to overheat, using a race condition, or simply a faulty CPU. With the introduction of this attack the function wc_RsaSSL_VerifyInline is now used to verify no fault has happened, this verify function is now automatically used on all TLS connections that were previously affected.

Only a small subset of wolfSSL embedded SSL/TLS builds were affected by the attack on RSA CRT. Those using wolfSSL for TLS connections on the server side with private RSA keys, allowing the use of ephemeral key exchange and without using the low memory setting are affected. An example of this is a wolfSSL TLS server side that uses the suite ECDHE-RSA-AES256-SHA256 having ephemeral key exchange and loading in a private RSA to create the connection, the client side of this connection is not affected. We recommend updating to the most recent wolfSSL release 3.6.8 and renewing all RSA private keys if you meet the affected criteria. If using wolfSSL on the client side this attack is not an issue.

CVE-2015-7744 has been assigned to this vulnerability.

DoS on DTLS:

Recently a researcher (thanks to Sebastian Ramacher from the Institute for Applied Information Processing and Communications at Graz University of Technology) notified wolfSSL of the potential to amplify a DTLS denial of service attack. The original cookie generation callback used a hash of the current socket peer’s IP address and port number. Now the cookie is based on the client’s hello message per the RFC (client IP address, client port number, version, random, cipher suites, compression) and HMACed with an application provided secret.

Only those using DTLS on the server side of a publicly accessible machine are affected. We recommend affected servers to update to release 3.6.8 which now generates an unpredictable cookie using HMAC.

CVE-2015-6925 has been assigned to this vulnerability.

For any questions contact us at
Link to paper written about the RSA-CRT attack