projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2c0d295) | patch
Avoid KCI attack for GOST
authorDmitry Belyavsky <beldmit@gmail.com>
Mon, 19 Sep 2016 15:05:53 +0000 (16:05 +0100)
committerMatt Caswell <matt@openssl.org>
Wed, 21 Sep 2016 23:25:58 +0000 (00:25 +0100)
commitab650f07a0dabc01a4410f8f702c3cea7932da62
tree4ce37242a0ab9cdd2e3bd19979d534ddbc34a0d7tree | snapshot
parent2c0d295e26306e15a92eb23a84a1802005c1c137commit | diff
Avoid KCI attack for GOST

Russian GOST ciphersuites are vulnerable to the KCI attack because they use
long-term keys to establish the connection when ssl client authorization is
on. This change brings the GOST implementation into line with the latest
specs in order to avoid the attack. It should not break backwards
compatibility.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
ssl/s3_clnt.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.