Hi there, I believe the following memcmp call is vulnerable to a remote timing attack.
https://github.com/openssl/openssl/blob/master/ssl/ssl_lib.c#L1974 static int ssl_session_cmp(const SSL_SESSION *a,const SSL_SESSION *b) { if (a->ssl_version != b->ssl_version) return(1); if (a->session_id_length != b->session_id_length) return(1); return(memcmp(a->session_id,b->session_id,a->session_id_length)); } For more information on memcmp timing attacks please see: http://rdist.root.org/2010/08/05/optimized-memcmp-leaks-useful-timing-differences/ && https://lkml.org/lkml/2013/2/10/131 Regards, Peter. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
