[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: some crashes on using DSA keys
|
From: |
Miroslav Kratochvil |
|
Subject: |
Re: some crashes on using DSA keys |
|
Date: |
Mon, 20 Apr 2009 16:05:33 +0200 |
> Hi. Thanks for the report. Is it possible to trigger this remotely?
I'm just giving it some research; exploiting this would allow eeeasy
remote DoS attack.
The side that was crashing was always the connecting side, but I guess
that given fixed client (which I'm gonna test in a few minutes) the
server would have at least some problems too. Only thing needed is to
trigger that GNUTLS_E_PK_SIG_VERIFY_FAILED from
_wrap_gcry_pk_verify().
I'm not really good in investigating this kind of stuff, but I will
try to do my best ;)
> Any more details you have would be useful, for example, what exactly do
> you mean with "use DSA keys in combination with some RSA"?
Triggered only by using DSA CA keypair (selfsigned) that was used for
signing DSA keypair. My problem is that I probably generated them
totally wrong, and therefore triggered that hidden error. (see
help-gnutls mailinglist where I'm gathering help with the original
issue :D)
best regards,
Mirek Kratochvil
PS. I responded to Nikos Mavrogiannopoulos in roughly the same
spirit, but forgot to add gnutls-devel to Cc. Sorry if it caused any
trouble.
- some crashes on using DSA keys, Miroslav Kratochvil, 2009/04/20
- Re: some crashes on using DSA keys, Nikos Mavrogiannopoulos, 2009/04/20
- Re: some crashes on using DSA keys, Simon Josefsson, 2009/04/20
- Re: some crashes on using DSA keys,
Miroslav Kratochvil <=
- Re: some crashes on using DSA keys, Simon Josefsson, 2009/04/20
- Re: some crashes on using DSA keys, Miroslav Kratochvil, 2009/04/20
- Re: some crashes on using DSA keys, Miroslav Kratochvil, 2009/04/20
- Re: some crashes on using DSA keys, Simon Josefsson, 2009/04/20
- Re: some crashes on using DSA keys, Simon Josefsson, 2009/04/23