[gnutls-dev] Re: Variant of Bleichenbacher's crypto 06 rump session attack

Simon Josefsson jas at extundo.com
Tue Sep 12 15:42:10 CEST 2006

Andreas Metzler <ametzler at downhill.at.eu.org> writes:

>> Can you reproduce it in gnutls 1.4.x?
> I have now been able to reproduce this after building gnutls13,
> libgcrypt11 and mutt on my worksystem. (Still no idea why it did not
> crash in my Debian/unstable chroot.)

I've also been able to reproduce it.

>> Could you debug this and find
>> out exactly what instruction is crashing?
> If I single step though it after
> result = asn1_read_value (dinfo, "digestAlgorithm.parameters", NULL, &len)
> strange things happen. - Once the function is entered the second
> argument (digestAlgorithm.parameters) seems to be corrupted.
> PUT_VALUE (value, value_size, node->value + len3, len2);
> is the actual crashing command.

Right.  The call is incorrect, but I don't know why it doesn't always

>> If you change the line into:
>>   result = asn1_read_value (dinfo, "digestAlgorithm.parameters", digest, &len);
>> does it work?
> Yes, this makes it unreproducible for me (with gnutls 1.4.3).

It is the correct fix.

However, the patch in 1.4.3 to fix this was too restrictive -- the
patch doesn't permit the parameters field to be present but empty
(which is typically the case).  The consequence is that many OK
certificates are rejected.  I'll be releasing 1.4.4 shortly that fix
this.  There are self tests in the gnutls 1.5.x branch that trigger
the problem, which will help everyone to verify if their gnutls
suffers from a problem or not.


More information about the Gnutls-devel mailing list