projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b8d2439) | patch
Avoid KCI attack for GOST
authorDmitry Belyavsky <beldmit@gmail.com>
Mon, 19 Sep 2016 14:53:35 +0000 (15:53 +0100)
committerMatt Caswell <matt@openssl.org>
Thu, 22 Sep 2016 08:27:45 +0000 (09:27 +0100)
commit41b42807726e340538701021cdc196672330f4db
tree219799f2a1dc4a79e5369c0053fa17fd8e83d514tree | snapshot
parentb8d243956296458d1782af0d6e7ecfe6deae038acommit | diff
Avoid KCI attack for GOST

Russian GOST ciphersuites are vulnerable to the KCI attack because they use
long-term keys to establish the connection when ssl client authorization is
on. This change brings the GOST implementation into line with the latest
specs in order to avoid the attack. It should not break backwards
compatibility.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
ssl/statem/statem_clnt.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.