[openssl-dev] [openssl.org #4623] OpenSSL master regression in handling malformed Client Key Exchange messages in RSA key exchange
Hubert Kario via RT
rt at openssl.org
Fri Jul 22 17:21:27 UTC 2016
On Friday, 22 July 2016 17:14:43 CEST Stephen Henson via RT wrote:
> On Fri Jul 22 14:56:11 2016, hkario at redhat.com wrote:
> > the issue is present in master 0ed26acce328ec16a3aa and looks to have
> > been
>
> > introduced in commit:
> I tried what I thought was a fix for this which is to simply delete the
> lines:
>
> if (decrypt_len < 0)
> goto err;
>
> from ssl/statem/statem_srvr.c
>
> However your reproducer still indicates errors. I checked the message logs
> and it should be now sending as many alerts as the original. The difference
> however is that some of them will be sent immediately whereas originally
> they would be at the end of the handshake.
>
> Could your reproducer possibly not be expecting this?
yes, it expects to be hitting the Bleichenbacher workaround - use of different
premaster secret in case of problems with CKE message - as it's the same
behaviour OpenSSL, NSS and GnuTLS exhibit
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4623
Please log in as guest with password guest if prompted
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160722/291b47eb/attachment.sig>
More information about the openssl-dev
mailing list