New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added the special private key that triggers bug (CVE-2011-4354) in 32… #24235
base: master
Are you sure you want to change the base?
Conversation
Thanks! Could you replace the private key with the output of
This will put it in a format consistent with the other keys. You'll notice the difference because the PEM will start with
instead of
|
@Trust-Worthy I am also guessing the maintainers are gonna want a signed CLA here. @romen what do you think |
-----END PUBLIC KEY----- | ||
|
||
PrivPubKeyPair=ALICE_cf_prime256v1:ALICE_cf_prime256v1_PUB | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For the priv/pub key pair being really useful we will need some testcases added with it. I.e., we need Derive/PeerKey/SharedSecret triplet added. Also the names seem to be duplicate with the following priv/pub keys which is wrong.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
whoops yes name collision thanks @t8m!
but also PrivPubKeyPair
is a test -- it check the consistency of the given key pair.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
.. and in that public-key-from-private-key computation, is exactly where the bug is triggered. I'll get @Trust-Worthy to add a little more detail, at least to this thread, bc without the context it just looks like random KATs going in
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, ok. Then please at least rename the keys
Yes, we will need a signed CLA to be able to accept this PR. |
… bit linux distros running openssl 0.9.8g
d9e83b1
to
ea98595
Compare
I can confirm that recent OpenSSL gives you this
.. and a 32-bit build of 0.9.8g gives you this
So yes, this is a regression test for that CVE. |
@Trust-Worthy when you have time, please take a look at the CLA issue the maintainers mentioned. |
I just emailed my CLA to legal@opensslfoundation.org. Thank you @t8m for your feedback. Also, thank you @bbbrumley for helping me clean up the key. This is the just the first of many successful pull requests! |
… bit linux distros running openssl 0.9.8g
According to this paper, https://eprint.iacr.org/2011/633, the authors (@bbbrumley being one of them) identified a complex and unique EC bug that can be triggered for P-256 & P-384 curves in openssl 0.9.8g on 32 bit systems. @bbbrumley has helped me find a unique private key that can trigger the bug in the aforementioned version. This special private key is included in the changes to the evppkey_ecc.txt file. The correct public key is also included.
This is my first pull request and attempt at writing a regression test. Please let me know any feedback that you may have.
Thanks!
Checklist