projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6365810) | patch
Avoid KCI attack for GOST
authorDmitry Belyavsky <beldmit@gmail.com>
Mon, 19 Sep 2016 14:53:35 +0000 (15:53 +0100)
committerMatt Caswell <matt@openssl.org>
Thu, 22 Sep 2016 08:28:07 +0000 (09:28 +0100)
commitd3c9d6e99f075e6fbdab94db00b220cfa08b5c4b
tree6266d94b62d7d63a4f7e8cd61e47c813d941f4cftree | snapshot
parent63658103d4441924f8dbfc517b99bb54758a98b9commit | diff
Avoid KCI attack for GOST

Russian GOST ciphersuites are vulnerable to the KCI attack because they use
long-term keys to establish the connection when ssl client authorization is
on. This change brings the GOST implementation into line with the latest
specs in order to avoid the attack. It should not break backwards
compatibility.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
ssl/statem/statem_clnt.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.