Hubert Kario via RT
2016-07-08 12:28:45 UTC
Current 1.0.1, 1.0.2 and master don't handle malformed Client Key Exchange
messages correctly.
when a malformed message, or message with incorrect parameters is received
openssl server just closes the connection instead of sending an Alert
message
reproducer script:
https://github.com/tomato42/tlsfuzzer/blob/master/scripts/test-ecdhe-rsa-key-exchange-with-bad-messages.py
to reproduce:
openssl req -x509 -newkey rsa -keyout localhost.key -out localhost.crt -subj /CN=localhost -nodes -batch
openssl s_server -key localhost.key -cert localhost.crt -www 2>server.err >server.out &
openssl_pid=$!
git clone https://github.com/tomato42/tlsfuzzer
pushd tlsfuzzer
git clone https://github.com/tomato42/tlslite-ng .tlslite-ng
ln -s .tlslite-ng/tlslite tlslite
git clone https://github.com/warner/python-ecdsa .python-ecdsa
ln -s .python-ecdsa/ecdsa ecdsa
PYTHONPATH=. python scripts/test-ecdhe-rsa-key-exchange-with-bad-messages.py
popd
kill $openssl_pid
messages correctly.
when a malformed message, or message with incorrect parameters is received
openssl server just closes the connection instead of sending an Alert
message
reproducer script:
https://github.com/tomato42/tlsfuzzer/blob/master/scripts/test-ecdhe-rsa-key-exchange-with-bad-messages.py
to reproduce:
openssl req -x509 -newkey rsa -keyout localhost.key -out localhost.crt -subj /CN=localhost -nodes -batch
openssl s_server -key localhost.key -cert localhost.crt -www 2>server.err >server.out &
openssl_pid=$!
git clone https://github.com/tomato42/tlsfuzzer
pushd tlsfuzzer
git clone https://github.com/tomato42/tlslite-ng .tlslite-ng
ln -s .tlslite-ng/tlslite tlslite
git clone https://github.com/warner/python-ecdsa .python-ecdsa
ln -s .python-ecdsa/ecdsa ecdsa
PYTHONPATH=. python scripts/test-ecdhe-rsa-key-exchange-with-bad-messages.py
popd
kill $openssl_pid
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., PurkyÅova 99/71, 612 45, Brno, Czech Republic
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4610
Please log in as guest with password guest if prompted
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., PurkyÅova 99/71, 612 45, Brno, Czech Republic
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4610
Please log in as guest with password guest if prompted