[gnutls-devel] Problem with proxied connections on 3.5.3
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Sat Sep 17 11:51:48 CEST 2016
On Sat, Sep 17, 2016 at 11:49 AM, Nikos Mavrogiannopoulos
<n.mavrogiannopoulos at gmail.com> wrote:
>> Date: Mon Aug 1 10:48:46 2016 +0200
>>
>> nettle: use rsa_*_key_prepare
>>
>> Previously we calculated the size of the key directly, but
>> by using the rsa_*_key_prepare we benefit from any checks that
>> may be introduced in the future. Specifically any checks for
>> invalid
>> public keys (e.g., keys that may crash the underlying gmp
>> functions).
> Thank you. Could I have a capture of the session? My speculation is
> that the user is under man-in-the-middle attack and the presented RSA
> public key in the certificate is rejected by rsa_public_key_prepare().
> If that is run with nettle 3.2, then only check is whether the N is <
> 96 bits which is way too small even for an attacker. Later versions (in
> git) have an additional check for N being even. A capture and the
> nettle version used will shed some light on the issue.
In the following merge request I've introduced separate error codes to
easier detect such invalid cases:
https://gitlab.com/gnutls/gnutls/merge_requests/84
regards,
Nikos
More information about the Gnutls-devel
mailing list