-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello!
I think that to hit this function you need to match session ids hashes first, but it seem to be possible indeed. What would attacker be able to do if they would know the session id? I think knowing it without knowing the master key and other session parameters is useless? Btw, I am just curious why do we are not using all bytes of session id for computation of the hash? l=(unsigned long) ((unsigned int) a->session_id[0] )| ((unsigned int) a->session_id[1]<< 8L)| ((unsigned long)a->session_id[2]<<16L)| ((unsigned long)a->session_id[3]<<24L); Cheers, Fedor. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTT6/MAAoJEPsOEJWxeXmZFowP/i6UlY00oZfSQmpkxRnOLs0C 8ALrT4inpm6EjwJhGi4VdX0nBWosCyHaz8lROVZ+kfUjwrn2b2YO/Rcxoe+lildm eQWmv1m/dyusXwS6nNwRwBJ+5HwJ34E9iTw/zoJG6k3LMp9d5+QEKYctEV6wVFml cOePePven4f8tOC7hEQLLS8E3S8wj9mPENM8t11siCE++r2Vm2CEB+jByKDSZc1Y N4p/yyB/FxuAxfycbTZv5mK8DDlKLKtLtlMp4AvAge8OmJKevozSymlsDbw9XGxH Z8Lxukx1llApv5S5S+aPYSlRZBNnWke5NrgaAZA8gZIHt2gppqoF81FAjnoHst7/ TGLpzNP7CikMwINlsnhh7Fykfu5lxQpIZ9c/jYceqF0W6bNpOX7fKobqOa+TmnoK Km15QZCjrvmGYfQCelwG1sV1EI7slTcqcrvPjOPBRvqs6HdwWwJaDVfLU10nFx1F iSST4/TlmPVBQI5C7clCLkWY7qRUeHDmR7jHysPzxsKnH3qrhFx4zLgyl3Xwwoed KVgyDtXjlXr/EGGlpqBus5UxV9WVhFzBQDF6673yzDqvlD6uCm68kS5Qbf9eJvy1 291u5BzQGfX/Xm7PXicQX4T7mK8KPCEAUNGdPQA16UquImcB7ukH+6M4cY/mihTn bb2yF8frnmQ7F2hGFB24 =FcXu -----END PGP SIGNATURE----- On Thu, Apr 17, 2014 at 11:40 AM, Peter Malone via RT <[email protected]>wrote: > Hi there, > > I believe the following memcmp call is vulnerable to a remote timing > attack. > > https://github.com/openssl/openssl/blob/master/ssl/ssl_lib.c#L1974 > > static int ssl_session_cmp(const SSL_SESSION *a,const SSL_SESSION *b) > { > if (a->ssl_version != b->ssl_version) > return(1); > if (a->session_id_length != b->session_id_length) > return(1); > return(memcmp(a->session_id,b->session_id,a->session_id_length)); > } > > For more information on memcmp timing attacks please see: > > http://rdist.root.org/2010/08/05/optimized-memcmp-leaks-useful-timing-differences/ > && > https://lkml.org/lkml/2013/2/10/131 > > Regards, > Peter. > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [email protected] > Automated List Manager [email protected] >
