On 02/06/2013 03:21 PM, Brad House wrote:
On 02/06/2013 03:07 PM, Holger Weiß wrote:
* Dr. Stephen Henson <st...@openssl.org> [2013-02-06 20:14]:
On Wed, Feb 06, 2013, Brad House wrote:
DHE-RSA-CAMELLIA256-SHA also has the same issue. I'm thinking it may be
a -SHA issue as the only -SHA cipher I've gotten to work so far is RC4-SHA.
Note though the TLSv1.2+HIGH ciphers that use SHA256 and greater look fine.
Hmmm... if it's a problem with the CVE-2013-0169 it would appear when you
select a ciphersuites using a block cipher.
I'm (most probably) seeing the same issue with the pre-shared key cipher
suites PSK-AES256-CBC-SHA, PSK-AES128-CBC-SHA, and PSK-3DES-EDE-CBC-SHA.
PSK-RC4-SHA works fine.
As "git bisect" revealed, the culprit is indeed commit 125093b59f3c.
Reverting it fixes the issue.
I'll revert 125093b59f3c and test as well.
Yes, this did work to revert the entire commit. There were 4 files modified
in the commit:
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=125093b59f3c2a2d33785b5563d929d0472f1721
crypto/evp/c_allc.c
crypto/evp/e_aes_cbc_hmac_sha1.c
ssl/s3_cbc.c
ssl/ssl_algs.c
If I revert all the files _except_ crypto/evp/e_aes_cbc_hmac_sha1.c, we're
still in a good state so the issue doesn't appear to be in that file.
Then if I revert everything _except_ ssl/s3_cbc.c I get
140331120088736:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed
or bad record mac:s3_pkt.c:482:
So I'm thinking the issue is in that file, ssl/s3_cbc.c ...
-Brad
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
