Issues in crypto libraries have raised awareness regarding the security of crypto implementations. The Advanced Threat Research (ATR) team has contributed analysis of such implementations, including SSL/TLS and general purpose crypto libraries.
ASN.1 Parsing Issues in Crypto Libraries: What Could Go Wrong? | 2015-08-26
This presentation focuses on problem authors found in a number of crypto libraries related to ASN.1 parsing functionality. Some of these issues, such as BERserk RSA signature forgery vulnerability in Mozilla NSS library (VU#772676), have already been studied publicly while others, such as ASN.1 parser issues in Oracle Java (CVE-2015-0410) and other crypto/SSL libraries, are largely unknown. Besides detailing specific issues, we discuss a general set of potential issues with ASN.1 parsers used by crypto implementations, ways to avoid making such issues, as well as test crypto libraries for issues in ASN.1 parsers.
Vulnerabilities Related to BERSerk in Other Crypto Libraries | 2014-10-06
The ATR team has been reviewing other crypto libraries for related problems and has found that other libraries are affected by similar vulnerabilities. McAfee PSIRT and CERT/CC continues coordination with the developers of affected crypto libraries under VU#772676. Further details about related vulnerabilities in embedded SSL/crypto libraries:
- RSA PKCS#1 v1.5 padding check vulnerability in WolfSSL CyaSSL
- ASN.1 parsing vulnerability in Oracle Java SE, Java SE Embedded, JRockit (CVE-2015-0410)
- ASN.1 parsing vulnerabilities in MatrixSSL - Open Source Embedded SSL
- RSA PKCS#1 v1.5 padding check and ASN.1 parsing vulnerabilities in axTLS Embedded SSL
BERserk Vulnerability | 2014-10-06
The ATR team and Antoine Delignat-Lavaud (INRIA Paris, PROSECCO) have discovered a critical class of vulnerability in ASN.1 parsing used in a certain crypto libraries, including Mozilla NSS. This vulnerability (dubbed BERserk) allows for attackers to forge RSA signatures, thereby allowing for the bypass of authentication to websites using SSL/TLS. Authentication mechanisms within firmware on specific devices may be compromised as well, allowing attackers to compromise the integrity of software on the device.