Broadwell专用蒙哥马利乘法OpenSSL1.0.2和1.1.0c前处理输入长度除以256比特分析显示不可能攻击RSA、DSA和DH私钥这是因为子程序不用于私钥本身操作和攻击者直接选择输入错误表现为瞬态认证和密钥谈判失效或复制公钥操作错误结果并特制输入EC算法中只有脑池P512曲线受到影响,并可能攻击ECDH密钥商谈未详细分析撞击问题,因为攻击前条件被认为不太可能即多客户选择相关曲线,服务器分享私钥,两者均非默认行为即便如此,只有选择曲线的客户方才会受到影响
https://access.redhat.com/errata/RHSA-2018:2185
https://access.redhat.com/errata/RHSA-2018:2186
https://access.redhat.com/errata/RHSA-2018:2187
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03752en_us
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc
https://security.gentoo.org/glsa/201702-07
https://www.openssl.org/news/secadv/20161110.txt
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
//www.yyueer.com/security/tns-2017-04
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html