[gnutls-dev] Re: Variant of Bleichenbacher's crypto 06 rump session attack

Simon Josefsson jas at extundo.com
Tue Sep 12 16:30:21 CEST 2006


Simon Josefsson <jas at extundo.com> writes:

> However, the patch in 1.4.3 to fix this was too restrictive -- the
> patch doesn't permit the parameters field to be present but empty
> (which is typically the case).  The consequence is that many OK
> certificates are rejected.  I'll be releasing 1.4.4 shortly that fix
> this.  There are self tests in the gnutls 1.5.x branch that trigger
> the problem, which will help everyone to verify if their gnutls
> suffers from a problem or not.

For reference, the (hopefully!) final patch between GnuTLS 1.4.2 and
GnuTLS 1.4.4 which address this problem AND doesn't cause a crash or
incorrect verification rejections is as below.

It seems that I was too trigger happy to release 1.4.3, sorry about
that.

/Simon

Index: verify.c
===================================================================
RCS file: /cvs/gnutls/gnutls/lib/x509/verify.c,v
retrieving revision 1.52
retrieving revision 1.55
diff -u -p -r1.52 -r1.55
--- verify.c	7 Nov 2005 23:28:02 -0000	1.52
+++ verify.c	12 Sep 2006 13:11:23 -0000	1.55
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2003, 2004, 2005 Free Software Foundation
+ * Copyright (C) 2003, 2004, 2005, 2006 Free Software Foundation
  *
  * Author: Nikos Mavroyanopoulos
  *
@@ -505,6 +505,19 @@ decode_ber_digest_info (const gnutls_dat
       return GNUTLS_E_UNKNOWN_HASH_ALGORITHM;
     }
 
+  len = sizeof (str) - 1;
+  result = asn1_read_value (dinfo, "digestAlgorithm.parameters", str, &len);
+  /* To avoid permitting garbage in the parameters field, either the
+     parameters field is not present, or it contains 0x05 0x00. */
+  if (!(result == ASN1_ELEMENT_NOT_FOUND ||
+	(result == ASN1_SUCCESS && len == 2 &&
+	 str[0] == 0x05 && str[1] == 0x00)))
+    {
+      gnutls_assert ();
+      asn1_delete_structure (&dinfo);
+      return GNUTLS_E_ASN1_GENERIC_ERROR;
+    }
+
   result = asn1_read_value (dinfo, "digest", digest, digest_size);
   if (result != ASN1_SUCCESS)
     {




More information about the Gnutls-devel mailing list