[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: some crashes on using DSA keys
From: |
Simon Josefsson |
Subject: |
Re: some crashes on using DSA keys |
Date: |
Mon, 20 Apr 2009 16:18:26 +0200 |
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.90 (gnu/linux) |
Miroslav Kratochvil <address@hidden> writes:
>> Hi. Thanks for the report. Is it possible to trigger this remotely?
>
> I'm just giving it some research; exploiting this would allow eeeasy
> remote DoS attack.
> The side that was crashing was always the connecting side, but I guess
> that given fixed client (which I'm gonna test in a few minutes) the
> server would have at least some problems too. Only thing needed is to
> trigger that GNUTLS_E_PK_SIG_VERIFY_FAILED from
> _wrap_gcry_pk_verify().
>
> I'm not really good in investigating this kind of stuff, but I will
> try to do my best ;)
Please see if you can make an unmodified 2.6.5 server crash.
>> Any more details you have would be useful, for example, what exactly do
>> you mean with "use DSA keys in combination with some RSA"?
>
> Triggered only by using DSA CA keypair (selfsigned) that was used for
> signing DSA keypair. My problem is that I probably generated them
> totally wrong, and therefore triggered that hidden error. (see
> help-gnutls mailinglist where I'm gathering help with the original
> issue :D)
I'll try to help there.
It would be great if you could try to reproduce the problem using only
gnutls-cli and gnutls-serv.
/Simon