Site Navigation

Date:      Tue, 05 Sep 2006 11:56:30 -0400
From:      Mike Tancsa <mike@sentex.net>
To:        freebsd-security@FreeBSD.org
Subject:   Re: http://www.openssl.org/news/secadv_20060905.txt
Message-ID:  <7.0.1.0.0.20060905112743.149f17c8@sentex.net>
In-Reply-To: <7.0.1.0.0.20060905105253.149db9a8@sentex.net>
References:  <7.0.1.0.0.20060905105253.149db9a8@sentex.net>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

--=====================_10086109==_
Content-Type: text/plain; charset="us-ascii"; format=flowed

At 10:53 AM 9/5/2006, Mike Tancsa wrote:
>Does anyone know the practicality of this attack ? i.e. is this 
>trivial to do ?

Also, for RELENG_6, can someone confirm the patch referenced in

http://www.openssl.org/news/patch-CVE-2006-4339.txt

be applied with the one change of


+{ERR_REASON(RSA_R_PKCS1_PADDING_TOO_SHORT),"pkcs1 padding too short"},

to


+{RSA_R_PKCS1_PADDING_TOO_SHORT,"pkcs1 padding too short"},


I manually added in the diffs and everything seems to compile and 
function with some limited testing. I did

cd /usr/src/crypton/openssl/crypto/rsa
patch < p
cd /usr/src/secure
make clean
make obj
make depend
make includes
make
make install





>         ---Mike
>
>--------------------------------------------------------------------
>Mike Tancsa,                                      tel +1 519 651 3400
>Sentex Communications,                            mike@sentex.net
>Providing Internet since 1994                    www.sentex.net
>Cambridge, Ontario Canada                         www.sentex.net/mike
>
>_______________________________________________
>freebsd-security@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-security
>To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

--=====================_10086109==_
Content-Type: application/octet-stream; name="p"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="p"

KioqIHJzYS5oLm9sZAlGcmkgRmViIDI1IDAwOjQ5OjQzIDIwMDUKLS0tIHJzYS5oCVR1ZSBTZXAg
IDUgMTE6MzU6MTAgMjAwNgoqKioqKioqKioqKioqKioKKioqIDM1MiwzNTcgKioqKgotLS0gMzUy
LDM1OCAtLS0tCiAgI2RlZmluZSBSU0FfUl9OX0RPRVNfTk9UX0VRVUFMX1BfUQkJCSAxMjcKICAj
ZGVmaW5lIFJTQV9SX09BRVBfREVDT0RJTkdfRVJST1IJCQkgMTIxCiAgI2RlZmluZSBSU0FfUl9Q
QURESU5HX0NIRUNLX0ZBSUxFRAkJCSAxMTQKKyAjZGVmaW5lIFJTQV9SX1BLQ1MxX1BBRERJTkdf
VE9PX1NIT1JUCQkJIDEwNQogICNkZWZpbmUgUlNBX1JfUF9OT1RfUFJJTUUJCQkJIDEyOAogICNk
ZWZpbmUgUlNBX1JfUV9OT1RfUFJJTUUJCQkJIDEyOQogICNkZWZpbmUgUlNBX1JfUlNBX09QRVJB
VElPTlNfTk9UX1NVUFBPUlRFRAkJIDEzMAoqKiogcnNhX2VheS5jLm9sZAlUdWUgU2VwICA1IDEx
OjM0OjUwIDIwMDYKLS0tIHJzYV9lYXkuYwlUdWUgU2VwICA1IDExOjM2OjAwIDIwMDYKKioqKioq
KioqKioqKioqCioqKiA1NjksNTc0ICoqKioKLS0tIDU2OSw1ODQgLS0tLQogIAkJewogIAljYXNl
IFJTQV9QS0NTMV9QQURESU5HOgogIAkJcj1SU0FfcGFkZGluZ19jaGVja19QS0NTMV90eXBlXzEo
dG8sbnVtLGJ1ZixpLG51bSk7CisgCQkvKiBHZW5lcmFsbHkgc2lnbmF0dXJlcyBzaG91bGQgYmUg
YXQgbGVhc3QgMi8zIHBhZGRpbmcsIHRob3VnaAorIAkJICAgdGhpcyBpc24ndCBwb3NzaWJsZSBm
b3IgcmVhbGx5IHNob3J0IGtleXMgYW5kIHNvbWUgc3RhbmRhcmQKKyAJCSAgIHNpZ25hdHVyZSBz
Y2hlbWVzLCBzbyBkb24ndCBjaGVjayBpZiB0aGUgdW5wYWRkZWQgZGF0YSBpcworIAkJICAgc21h
bGwuICovCisgCQlpZihyID4gNDIgJiYgMyo4KnIgPj0gQk5fbnVtX2JpdHMocnNhLT5uKSkKKyAJ
CQl7CisgCQkJUlNBZXJyKFJTQV9GX1JTQV9FQVlfUFVCTElDX0RFQ1JZUFQsIFJTQV9SX1BLQ1Mx
X1BBRERJTkdfVE9PX1NIT1JUKTsKKyAJCQlnb3RvIGVycjsKKyAJCQl9CisgCiAgCQlicmVhazsK
ICAJY2FzZSBSU0FfTk9fUEFERElORzoKICAJCXI9UlNBX3BhZGRpbmdfY2hlY2tfbm9uZSh0byxu
dW0sYnVmLGksbnVtKTsKKioqIHJzYV9lcnIuYy5vbGQJVHVlIFNlcCAgNSAxMTozNjowOSAyMDA2
Ci0tLSByc2FfZXJyLmMJVHVlIFNlcCAgNSAxMTozNjozOSAyMDA2CioqKioqKioqKioqKioqKgoq
KiogMTIwLDEyNSAqKioqCi0tLSAxMjAsMTI2IC0tLS0KICB7UlNBX1JfTl9ET0VTX05PVF9FUVVB
TF9QX1EgICAgICAgICAgICAgICwibiBkb2VzIG5vdCBlcXVhbCBwIHEifSwKICB7UlNBX1JfT0FF
UF9ERUNPRElOR19FUlJPUiAgICAgICAgICAgICAgICwib2FlcCBkZWNvZGluZyBlcnJvciJ9LAog
IHtSU0FfUl9QQURESU5HX0NIRUNLX0ZBSUxFRCAgICAgICAgICAgICAgLCJwYWRkaW5nIGNoZWNr
IGZhaWxlZCJ9LAorIHtSU0FfUl9QS0NTMV9QQURESU5HX1RPT19TSE9SVCAgICAgICAgICAgLCJw
a2NzMSBwYWRkaW5nIHRvbyBzaG9ydCJ9LAogIHtSU0FfUl9QX05PVF9QUklNRSAgICAgICAgICAg
ICAgICAgICAgICAgLCJwIG5vdCBwcmltZSJ9LAogIHtSU0FfUl9RX05PVF9QUklNRSAgICAgICAg
ICAgICAgICAgICAgICAgLCJxIG5vdCBwcmltZSJ9LAogIHtSU0FfUl9SU0FfT1BFUkFUSU9OU19O
T1RfU1VQUE9SVEVEICAgICAgLCJyc2Egb3BlcmF0aW9ucyBub3Qgc3VwcG9ydGVkIn0sCioqKiBy
c2Ffc2lnbi5jLm9sZAlXZWQgT2N0ICAxIDA4OjMyOjM5IDIwMDMKLS0tIHJzYV9zaWduLmMJVHVl
IFNlcCAgNSAxMTozNzoyOSAyMDA2CioqKioqKioqKioqKioqKgoqKiogMTg1LDE5MCAqKioqCi0t
LSAxODUsMjA4IC0tLS0KICAJCXNpZz1kMmlfWDUwOV9TSUcoTlVMTCwmcCwobG9uZylpKTsKICAK
ICAJCWlmIChzaWcgPT0gTlVMTCkgZ290byBlcnI7CisgCisgCQkvKiBFeGNlc3MgZGF0YSBjYW4g
YmUgdXNlZCB0byBjcmVhdGUgZm9yZ2VyaWVzICovCisgCQlpZihwICE9IHMraSkKKyAJCQl7Cisg
CQkJUlNBZXJyKFJTQV9GX1JTQV9WRVJJRlksUlNBX1JfQkFEX1NJR05BVFVSRSk7CisgCQkJZ290
byBlcnI7CisgCQkJfQorIAorIAkJLyogUGFyYW1ldGVycyB0byB0aGUgc2lnbmF0dXJlIGFsZ29y
aXRobSBjYW4gYWxzbyBiZSB1c2VkIHRvCisgCQkgICBjcmVhdGUgZm9yZ2VyaWVzICovCisgCQlp
ZihzaWctPmFsZ29yLT5wYXJhbWV0ZXIKKyAJCSAgICYmIEFTTjFfVFlQRV9nZXQoc2lnLT5hbGdv
ci0+cGFyYW1ldGVyKSAhPSBWX0FTTjFfTlVMTCkKKyAJCQl7CisgCQkJUlNBZXJyKFJTQV9GX1JT
QV9WRVJJRlksUlNBX1JfQkFEX1NJR05BVFVSRSk7CisgCQkJZ290byBlcnI7CisgCQkJfQorIAor
IAogIAkJc2lndHlwZT1PQkpfb2JqMm5pZChzaWctPmFsZ29yLT5hbGdvcml0aG0pOwogIAogIAo=
--=====================_10086109==_--

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7.0.1.0.0.20060905112743.149f17c8>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact