FreSSH Information for VU#997481

Cryptographic libraries and applications do not adequately defend against timing attacks



Vendor Statement

FreSSH has a "replaceable crypto module" framework that was originally intended to let commercial users use RSA BSAFE if they wished to, rather than the OpenSSL library we used for development.

The crypto module we ship as the default uses OpenSSL with its default settings for all cryptographic operations. So the vulnerability of FreSSH to this (or any other) timing attack is exactly that of the core OpenSSL RSA operations, for whatever version of OpenSSL a given user has built FreSSH with -- or that of whatever cryptographic library the user has replaced the default OpenSSL crypto module with, if the user has done so.

We could do more to blind cryptographic operations within FreSSH itself. Code in our CVS repository already does so, so if we release a new version of FreSSH at some point in the future, that release will include further blinding of cryptographic operations.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.