Hi Brian, On Thu, Sep 01, 2016 at 05:41:19PM +1000, Brian May wrote: > Guido Günther <a...@sigxcpu.org> writes: > > > There are exploits mentioned in the paper. I think we should test them > > before releasing a DLA. > > What paper are you referring to here? > > There is the blog post here: > > https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html > > However I don't see any exploits mentioned.
It has a link: "I created a patch against openssl that allows to test this." -> https://github.com/hannob/bignum-fuzz/blob/master/openssl-break-rsa-values.diff This allows to crash the matrix ssl server. > Maybe you know of some other document? No, just the above which I found quiet helpful. Cheers, -- Guido
