diff options
author | Guy Leaver (guleaver) <guleaver@cisco.com> | 2015-08-07 15:45:21 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-08-11 19:57:01 +0100 |
commit | 61e72d761c945e128ca13599a98a187ac23650dd (patch) | |
tree | 0b44d9a8ab9565b493f6281db36ac0aa15bd4b0e /ssl | |
parent | 870063c83db6514b0cb637b86cadbc9f5c2270a9 (diff) |
Fix seg fault with 0 p val in SKE
If a client receives a ServerKeyExchange for an anon DH ciphersuite with the
value of p set to 0 then a seg fault can occur. This commits adds a test to
reject p, g and pub key parameters that have a 0 value (in accordance with
RFC 5246)
The security vulnerability only affects master and 1.0.2, but the fix is
additionally applied to 1.0.1 for additional confidence.
CVE-2015-1794
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_clnt.c | 16 | ||||
-rw-r--r-- | ssl/ssl_err.c | 3 |
2 files changed, 19 insertions, 0 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index cd6918aa6b..1661b0ef8c 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1693,6 +1693,12 @@ int ssl3_get_key_exchange(SSL *s) } p += i; + if (BN_is_zero(dh->p)) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_VALUE); + goto f_err; + } + + if (2 > n - param_len) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); goto f_err; @@ -1713,6 +1719,11 @@ int ssl3_get_key_exchange(SSL *s) } p += i; + if (BN_is_zero(dh->g)) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_VALUE); + goto f_err; + } + if (2 > n - param_len) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); goto f_err; @@ -1734,6 +1745,11 @@ int ssl3_get_key_exchange(SSL *s) p += i; n -= param_len; + if (BN_is_zero(dh->pub_key)) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_PUB_KEY_VALUE); + goto f_err; + } + if (!ssl_security(s, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_DH_KEY_TOO_SMALL); diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 2e1497bd85..21836d831d 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -345,8 +345,11 @@ static ERR_STRING_DATA SSL_str_reasons[] = { "bad data returned by callback"}, {ERR_REASON(SSL_R_BAD_DECOMPRESSION), "bad decompression"}, {ERR_REASON(SSL_R_BAD_DH_G_LENGTH), "bad dh g length"}, + {ERR_REASON(SSL_R_BAD_DH_G_VALUE), "bad dh g value"}, {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH), "bad dh pub key length"}, + {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_VALUE), "bad dh pub key value"}, {ERR_REASON(SSL_R_BAD_DH_P_LENGTH), "bad dh p length"}, + {ERR_REASON(SSL_R_BAD_DH_P_VALUE), "bad dh p value"}, {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH), "bad digest length"}, {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE), "bad dsa signature"}, {ERR_REASON(SSL_R_BAD_ECC_CERT), "bad ecc cert"}, |