[openssl-dev] [openssl.org #4511] s_server does not send Alert messages upon receiving malformed Client Key Exchange messages in DHE key exchange
Hubert Kario via RT
rt at openssl.org
Fri Jul 22 14:28:24 UTC 2016
On Friday, 15 April 2016 13:22:52 CEST Hubert Kario via RT wrote:
> Using either current 1.0.1 or 1.0.2 branch (7a433893a and 9676402c3a
> respectively) openssl s_server command does not send Alert message upon
> receiving a malformed or invalid Client Key Exchange message in DHE key
> exchange.
>
> That applies to messages that are longer and shorter than needed as well
> as messages that include client key shares bigger than the prime selected
> by server.
the issue is still present in master 0ed26acce328ec16a3aa
Reproducer:
===========
(requires Python 2.6, 3.2 or later)
git clone https://github.com/tomato42/tlsfuzzer.git
pushd tlsfuzzer
git clone https://github.com/warner/python-ecdsa .python-ecdsa
ln -s .python-ecdsa/ecdsa ecdsa
git clone https://github.com/tomato42/tlslite-ng.git .tlslite-ng
pushd .tlslite-ng
popd
ln -s .tlslite-ng/tlslite tlslite
popd
openssl req -x509 -newkey rsa -keyout localhost.key -out localhost.crt \
-nodes -batch -subj /CN=localhost openssl s_server -www -key localhost.key \
-cert localhost.crt
# in another terminal, same directory
PYTHONPATH=tlsfuzzer python
tlsfuzzer/scripts/test-dhe-rsa-key-exchange-with-bad-messages.py
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4511
Please log in as guest with password guest if prompted
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160722/36a04647/attachment.sig>
More information about the openssl-dev
mailing list