New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix for handling of static RSA padding failures #1229

Merged
merged 1 commit into from Nov 15, 2017

Conversation

Projects
None yet
2 participants
@dgarske
Contributor

dgarske commented Nov 13, 2017

Failures are indistinguishable from from correctly formatted RSA blocks (per RFC5246 section 7.4.7.1).

@dgarske dgarske requested a review from toddouska Nov 13, 2017

@dgarske dgarske assigned toddouska and dgarske and unassigned toddouska and dgarske Nov 14, 2017

Fix for handling of static RSA PKCS formatting failures so they are i…
…ndistinguishable from from correctly formatted RSA blocks (per RFC5246 section 7.4.7.1). Adjusted the static RSA preMasterSecret RNG creation for consistency in client case. Removed obsolete `PMS_VERSION_ERROR`.
@toddouska

thanks!

@toddouska toddouska merged commit 098edc2 into wolfSSL:master Nov 15, 2017

10 checks passed

Clang --enable-all Check Static Analysis - OK
Details
Disable Options Test Disable Options Test - Passed
Details
Enable Options Test Enable Options Test - Passed
Details
Fips Check Fips Check - Passed
Details
Pull Request Manager All Tests Successfully Launched.
Details
Scan-Build Analysis Static Analysis - Good
Details
Testing known customer configurations known configurations - Passed
Details
Valgrind Test Valgrind Test - No Leaks
Details
Visual Studio Build Test Visual Studio Build Test - Passed
Details
fsanitize=address test fsanitize check - OK
Details

jow- added a commit to lede-project/source that referenced this pull request Dec 12, 2017

wolfssl: update to 3.12.2 (1 CVE)
Update wolfssl to the latest release v3.12.2 and backport an upstream
pending fix for CVE-2017-13099 ("ROBOT vulnerability").

Ref: wolfSSL/wolfssl#1229
Ref: https://robotattack.org/

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

jow- added a commit to lede-project/source that referenced this pull request Dec 14, 2017

cyassl: update to wolfssl 3.12.2 (1 CVE)
Update wolfssl to the latest release v3.12.2 and backport an upstream
pending fix for CVE-2017-13099 ("ROBOT vulnerability").

Ref: wolfSSL/wolfssl#1229
Ref: https://robotattack.org/

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit 902961c)

jollaman999 added a commit to jollaman999/openwrt that referenced this pull request Dec 23, 2017

wolfssl: update to 3.12.2 (1 CVE)
Update wolfssl to the latest release v3.12.2 and backport an upstream
pending fix for CVE-2017-13099 ("ROBOT vulnerability").

Ref: wolfSSL/wolfssl#1229
Ref: https://robotattack.org/

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

llun added a commit to llun/lede that referenced this pull request Dec 24, 2017

wolfssl: update to 3.12.2 (1 CVE)
Update wolfssl to the latest release v3.12.2 and backport an upstream
pending fix for CVE-2017-13099 ("ROBOT vulnerability").

Ref: wolfSSL/wolfssl#1229
Ref: https://robotattack.org/

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

handongming added a commit to handongming/source that referenced this pull request Dec 24, 2017

wolfssl: update to 3.12.2 (1 CVE)
Update wolfssl to the latest release v3.12.2 and backport an upstream
pending fix for CVE-2017-13099 ("ROBOT vulnerability").

Ref: wolfSSL/wolfssl#1229
Ref: https://robotattack.org/

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

@dgarske dgarske deleted the dgarske:fix_static_rsa_pad branch Feb 5, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment