WARNING WARNING WARNING WARNING This patch may or may not be thread safe. It may or may not cause unexplained errors throughout your running program. See http://marc.theaimsgroup.com/?l=openssl-users&m=104975783631697&w=2 for one note about it's potential non-thread-safe nature. WARNING WARNING WARNING WARNING Date: Mon, 17 Mar 2003 08:47:01 +0000 From: Ben Laurie Subject: [ADVISORY] Timing Attack on OpenSSL OpenSSL v0.9.7a and 0.9.6i vulnerability ---------------------------------------- Researchers have discovered a timing attack on RSA keys, to which OpenSSL is generally vulnerable, unless RSA blinding has been turned on. Typically, it will not have been, because it is not easily possible to do so when using OpenSSL to provide SSL or TLS. The enclosed patch switches blinding on by default. Applications that wish to can remove the blinding with RSA_blinding_off(), but this is not generally advised. It is also possible to disable it completely by defining OPENSSL_NO_FORCE_RSA_BLINDING at compile-time. The performance impact of blinding appears to be small (a few percent). This problem affects many applications using OpenSSL, in particular, almost all SSL-enabled Apaches. You should rebuild and reinstall OpenSSL, and all affected applications. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0147 to this issue. We strongly advise upgrading OpenSSL in all cases, as a precaution.