summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--CHANGES7
-rw-r--r--ssl/s3_clnt.c15
2 files changed, 20 insertions, 2 deletions
diff --git a/CHANGES b/CHANGES
index 60a45965d3..75da406b62 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,13 @@
Changes between 0.9.8zc and 0.9.8zd [xx XXX xxxx]
+ *) Abort handshake if server key exchange message is omitted for ephemeral
+ ECDH ciphersuites.
+
+ Thanks to Karthikeyan Bhargavan for reporting this issue.
+ (CVE-2014-3572)
+ [Steve Henson]
+
*) Fix various certificate fingerprint issues.
By using non-DER or invalid encodings outside the signed portion of a
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 4828937566..256fc94e26 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1123,8 +1123,21 @@ int ssl3_get_key_exchange(SSL *s)
if (!ok) return((int)n);
+ alg=s->s3->tmp.new_cipher->algorithms;
+ EVP_MD_CTX_init(&md_ctx);
+
if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE)
{
+ /*
+ * Can't skip server key exchange if this is an ephemeral
+ * ciphersuite.
+ */
+ if (alg & (SSL_kEDH|SSL_kECDHE))
+ {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ goto f_err;
+ }
s->s3->tmp.reuse_message=1;
return(1);
}
@@ -1162,8 +1175,6 @@ int ssl3_get_key_exchange(SSL *s)
/* Total length of the parameters including the length prefix */
param_len=0;
- alg=s->s3->tmp.new_cipher->algorithms;
- EVP_MD_CTX_init(&md_ctx);
al=SSL_AD_DECODE_ERROR;
#ifndef OPENSSL_NO_RSA
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-21 00:13:11 +0000