[gnutls-devel] Problem with proxied connections on 3.5.3

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Sat Sep 17 11:51:48 CEST 2016


On Sat, Sep 17, 2016 at 11:49 AM, Nikos Mavrogiannopoulos
<n.mavrogiannopoulos at gmail.com> wrote:
>> Date:   Mon Aug 1 10:48:46 2016 +0200
>>
>>     nettle: use rsa_*_key_prepare
>>
>>     Previously we calculated the size of the key directly, but
>>     by using the rsa_*_key_prepare we benefit from any checks that
>>     may be introduced in the future. Specifically any checks for
>> invalid
>>     public keys (e.g., keys that may crash the underlying gmp
>> functions).
> Thank you. Could I have a capture of the session? My speculation is
> that the user is under man-in-the-middle attack and the presented RSA
> public key in the certificate is rejected by rsa_public_key_prepare().
> If that is run with nettle 3.2, then only check is whether the N is <
> 96 bits which is way too small even for an attacker. Later versions (in
> git) have an additional check for N being even. A capture and the
> nettle version used will shed some light on the issue.

In the following merge request I've introduced separate error codes to
easier detect such invalid cases:
https://gitlab.com/gnutls/gnutls/merge_requests/84

regards,
Nikos



More information about the Gnutls-devel mailing list