OpenSSL hit by forgery bug

The widely used security technology may incorrectly verify bogus signatures

Security researchers have demonstrated a way to bypass OpenSSL security restrictions by forging certain digital signatures, the OpenSSL project has warned. OpenSSL is used in many security products, secure Web servers and virtual private networks (VPNs).

SSL (secure sockets layer) is used to secure e-commerce transactions, among other purposes.

OpenSSL has released a new version fixing the problem, and urged users to upgrade or apply a patch.

The flaw only affects a particular type of signature — PKCS #1 v1.5 signatures — but these are used by some certificate authorities.

"If an RSA key with exponent 3 is used, it may be possible to forge a PKCS #1 v1.5 signature signed by that key," OpenSSL said in an advisory. "Since there are (certificate authorities) using exponent 3 in wide use, and PKCS #1 v1.5 is used in X.509 certificates, all software that uses OpenSSL to verify X.509 certificates is potentially vulnerable."

Versions of OpenSSL up to 0.9.7j and 0.9.8b are affected, according to the advisory.

The signature forgery technique was first demonstrated last month at the Crypto 2006 conference by Daniel Bleichenbacher, a cryptographer with Bell Labs, according to security firm Netcraft. OpenSSL credited Google Security with successfully forging various certificates and providing the fix.

OpenSSL is an open source implementation of the SSL and TLS protocols, with versions available for most Unix-like operating systems and Windows.