[openssl-dev] [openssl.org #4623] OpenSSL master regression in handling malformed Client Key Exchange messages in RSA key exchange
Stephen Henson via RT
rt at openssl.org
Fri Jul 22 17:14:43 UTC 2016
On Fri Jul 22 14:56:11 2016, hkario at redhat.com wrote:
> the issue is present in master 0ed26acce328ec16a3aa and looks to have
> been
> introduced in commit:
>
I tried what I thought was a fix for this which is to simply delete the lines:
if (decrypt_len < 0)
goto err;
from ssl/statem/statem_srvr.c
However your reproducer still indicates errors. I checked the message logs and
it should be now sending as many alerts as the original. The difference however
is that some of them will be sent immediately whereas originally they would be
at the end of the handshake.
Could your reproducer possibly not be expecting this?
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4623
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list