I'm writing a command-line tool for SSL/TLS vulnerability testing and so far I was able to implement testing for all vulnerabilities that I need, except Poodle TLS. Is there any way I could utilize OpenSSL library to make a quick and reliable test for Poodle TLS? Advice and/or code is highly appreciated, thanks!
Asked
Active
Viewed 556 times
1 Answers
1
The way I made it work is by copying SSL_write implementation and manually modifying padding after encryption. SSL_write uses other non-public functions (from a couple of files) and few macros, those must be copied as well. Correct implementation of TLS protocol must check padding size and all bytes must be set to the same value (by default it's zeros in OpenSSL). Poodle TLS vulnerable implementations don't check padding contents or size. So I just added an extra block with garbage to existing padding in the encryption function. If TLS implementation is not vulnerable then the server will abort the connection or proceed if it's vulnerable.
// increase padding size
i += bs;
// fill padding with junk to test TLS protocol compliance
for(size_t j = 0; j < i; ++j) {
rec->input[rec->length + j] = rand() % 256;
}
rec->length += i;
rec->input[l - 1] = (i - 1);
Alexander Voloshyn
- 157
- 6