Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix for handling of static RSA padding failures #1229

Merged
merged 1 commit into from Nov 15, 2017

Conversation

dgarske
Copy link
Contributor

@dgarske dgarske commented Nov 13, 2017

Failures are indistinguishable from from correctly formatted RSA blocks (per RFC5246 section 7.4.7.1).

…ndistinguishable from from correctly formatted RSA blocks (per RFC5246 section 7.4.7.1). Adjusted the static RSA preMasterSecret RNG creation for consistency in client case. Removed obsolete `PMS_VERSION_ERROR`.
Copy link
Contributor

@toddouska toddouska left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks!

@toddouska toddouska merged commit 098edc2 into wolfSSL:master Nov 15, 2017
jow- added a commit to lede-project/source that referenced this pull request Dec 12, 2017
Update wolfssl to the latest release v3.12.2 and backport an upstream
pending fix for CVE-2017-13099 ("ROBOT vulnerability").

Ref: wolfSSL/wolfssl#1229
Ref: https://robotattack.org/

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
jow- added a commit to lede-project/source that referenced this pull request Dec 14, 2017
Update wolfssl to the latest release v3.12.2 and backport an upstream
pending fix for CVE-2017-13099 ("ROBOT vulnerability").

Ref: wolfSSL/wolfssl#1229
Ref: https://robotattack.org/

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit 902961c)
jollaman999 pushed a commit to jollaman999/openwrt that referenced this pull request Dec 23, 2017
Update wolfssl to the latest release v3.12.2 and backport an upstream
pending fix for CVE-2017-13099 ("ROBOT vulnerability").

Ref: wolfSSL/wolfssl#1229
Ref: https://robotattack.org/

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
llun pushed a commit to llun/lede that referenced this pull request Dec 24, 2017
Update wolfssl to the latest release v3.12.2 and backport an upstream
pending fix for CVE-2017-13099 ("ROBOT vulnerability").

Ref: wolfSSL/wolfssl#1229
Ref: https://robotattack.org/

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
@dgarske dgarske deleted the fix_static_rsa_pad branch February 5, 2018 20:01
ArtelMike pushed a commit to ArtelMike/openwrt-1 that referenced this pull request Jan 31, 2023
Update wolfssl to the latest release v3.12.2 and backport an upstream
pending fix for CVE-2017-13099 ("ROBOT vulnerability").

Ref: wolfSSL/wolfssl#1229
Ref: https://robotattack.org/

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit aa091cd)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants