Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix for handling of static RSA padding failures #1229

Merged
merged 1 commit into from Nov 15, 2017

Conversation

@dgarske
Copy link
Contributor

@dgarske dgarske commented Nov 13, 2017

Failures are indistinguishable from from correctly formatted RSA blocks (per RFC5246 section 7.4.7.1).

@dgarske dgarske requested a review from toddouska Nov 13, 2017
@dgarske dgarske force-pushed the dgarske:fix_static_rsa_pad branch from 1170363 to 2bfb356 Nov 13, 2017
@dgarske dgarske assigned toddouska and dgarske and unassigned toddouska and dgarske Nov 14, 2017
…ndistinguishable from from correctly formatted RSA blocks (per RFC5246 section 7.4.7.1). Adjusted the static RSA preMasterSecret RNG creation for consistency in client case. Removed obsolete `PMS_VERSION_ERROR`.
@dgarske dgarske force-pushed the dgarske:fix_static_rsa_pad branch from 7c600eb to fd455d5 Nov 14, 2017
Copy link
Contributor

@toddouska toddouska left a comment

thanks!

@toddouska toddouska merged commit 098edc2 into wolfSSL:master Nov 15, 2017
10 checks passed
10 checks passed
Clang --enable-all Check Static Analysis - OK
Details
Disable Options Test Disable Options Test - Passed
Details
Enable Options Test Enable Options Test - Passed
Details
Fips Check Fips Check - Passed
Details
Pull Request Manager All Tests Successfully Launched.
Details
Scan-Build Analysis Static Analysis - Good
Details
Testing known customer configurations known configurations - Passed
Details
Valgrind Test Valgrind Test - No Leaks
Details
Visual Studio Build Test Visual Studio Build Test - Passed
Details
fsanitize=address test fsanitize check - OK
Details
jow- added a commit to lede-project/source that referenced this pull request Dec 12, 2017
Update wolfssl to the latest release v3.12.2 and backport an upstream
pending fix for CVE-2017-13099 ("ROBOT vulnerability").

Ref: wolfSSL/wolfssl#1229
Ref: https://robotattack.org/

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
jow- added a commit to lede-project/source that referenced this pull request Dec 14, 2017
Update wolfssl to the latest release v3.12.2 and backport an upstream
pending fix for CVE-2017-13099 ("ROBOT vulnerability").

Ref: wolfSSL/wolfssl#1229
Ref: https://robotattack.org/

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit 902961c)
jollaman999 added a commit to jollaman999/openwrt that referenced this pull request Dec 23, 2017
Update wolfssl to the latest release v3.12.2 and backport an upstream
pending fix for CVE-2017-13099 ("ROBOT vulnerability").

Ref: wolfSSL/wolfssl#1229
Ref: https://robotattack.org/

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
llun added a commit to llun/lede that referenced this pull request Dec 24, 2017
Update wolfssl to the latest release v3.12.2 and backport an upstream
pending fix for CVE-2017-13099 ("ROBOT vulnerability").

Ref: wolfSSL/wolfssl#1229
Ref: https://robotattack.org/

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
@dgarske dgarske deleted the dgarske:fix_static_rsa_pad branch Feb 5, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants
You can’t perform that action at this time.