The kicker:<p>"the reduction function is called with num set to the bit size, where it should be number of BN_ULONG elements (which are always 8 bytes large, because that is the size of an unsigned long on x64 systems, which is the only architecture which can have AVX512 support). So with the input sizes being 1024 bits, 8192 bytes are accessed (read from or written to) instead of 128."<p>Really unfortunate that a performance optimization like this introduced RCE. Feels like something you would hope would be caught via the use of something like asan/msan or valgrind, at least it was caught relatively quickly after release via fuzzing.<p>A good bit of news is that since this requires AVX512 many CPUs won't hit it, including new Intel chips: <a href="https://www.pcgamer.com/intel-kills-alder-lake-avx-512-support-for-good/" rel="nofollow">https://www.pcgamer.com/intel-kills-alder-lake-avx-512-suppo...</a>
The post says "the vulnerability has only existed for a week." Many Linux systems don't yet have a 3.0.4 package available, but apparently Homebrew is already installing the affected version:<p><a href="https://formulae.brew.sh/formula/openssl@3" rel="nofollow">https://formulae.brew.sh/formula/openssl@3</a>
<a href="https://docs.brew.sh/FAQ#why-does-brew-upgrade-formula-or-brew-install-formula-also-upgrade-a-bunch-of-other-stuff" rel="nofollow">https://docs.brew.sh/FAQ#why-does-brew-upgrade-formula-or-br...</a>
I've been replacing my OpenSSL installations with LibreSSL [1] where possible. I manage a lot of machines and it's just way nicer to not have to do patching whenever these things come up, with the peace of mind that there's not some little-used internal script or feature which ends in privilege escalation or whatever when it's supposed to be a SECURITY product first and foremost. Besides this bug I subscribe to Debian's security announcements list and CVE-2022-2068 was something that came up yesterday for patching [2]<p>I've heard some people moan that "it's not exactly a drop-in replacement" but I've yet to find in my own work a case where this is true.<p>The only off-putting thing to me is the fact that these OpenBSD projects love giving puffy lips for some reason.<p>[1] <a href="https://www.libressl.org/" rel="nofollow">https://www.libressl.org/</a><p>[2] <a href="https://security-tracker.debian.org/tracker/CVE-2022-2068" rel="nofollow">https://security-tracker.debian.org/tracker/CVE-2022-2068</a>