RSA, DH, ECDH computation failures due to CVE-2016-7055 on the Intel CPU of Broadwell or later #9594
Description
- Version: 7.x, 6.x and 4.x
- Platform: all
- Subsystem: crypto
As for recent openssl-1.1.0 security advisory in https://www.openssl.org/news/secadv/20161110.txt,
"Montgomery multiplication may produce incorrect results (CVE-2016-7055)" is also affect openssl-1.0.2 and it is scored as low severity.
It is already fixed in the current 1.0.2 branch as openssl/openssl@57c4b9f but it is not released yet due to its low severity.
The original issue report is openssl/openssl#1774 and Node is affected in RSA, DH and ECDH computing in the crypto module when Intel CPU later than Browdwell is used. We confirmed that a RSA encryption/decryption failure in Node by using the reported data on Skylake. The failure depends on its crypto parameters, data and CPU but we don't know how much users are affected.
The release date of new openssl-1.0.2k is not yet announced. If it is reported that some of users are affected to this issue, we can fix it by applying a floating patch before the official release of openssl.