Search
j0ke.net Open Build Service
>
Projects
>
home:netmax
:
monitoring
>
openssl1
> openssl-CVE-2014-3572.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File openssl-CVE-2014-3572.patch of Package openssl1
commit ef28c6d6767a6a30df5add36171894c96628fe98 Author: Dr. Stephen Henson <steve@openssl.org> Date: Fri Oct 24 12:30:33 2014 +0100 ECDH downgrade bug fix. Fix bug where an OpenSSL client would accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. Thanks to Karthikeyan Bhargavan for reporting this issue. CVE-2014-3572 Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit b15f8769644b00ef7283521593360b7b2135cb63) Index: openssl-1.0.1i/ssl/s3_clnt.c =================================================================== --- openssl-1.0.1i.orig/ssl/s3_clnt.c 2015-01-08 13:13:24.167899760 +0100 +++ openssl-1.0.1i/ssl/s3_clnt.c 2015-01-08 13:37:47.300042642 +0100 @@ -1295,6 +1295,8 @@ int ssl3_get_key_exchange(SSL *s) int encoded_pt_len = 0; #endif + EVP_MD_CTX_init(&md_ctx); + /* use same message size as in ssl3_get_certificate_request() * as ServerKeyExchange message may be skipped */ n=s->method->ssl_get_message(s, @@ -1305,14 +1307,26 @@ int ssl3_get_key_exchange(SSL *s) &ok); if (!ok) return((int)n); + alg_k=s->s3->tmp.new_cipher->algorithm_mkey; + if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { + /* + * Can't skip server key exchange if this is an ephemeral + * ciphersuite. + */ + if (alg_k & (SSL_kEDH|SSL_kEECDH)) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); + al = SSL_AD_UNEXPECTED_MESSAGE; + goto f_err; + } #ifndef OPENSSL_NO_PSK /* In plain PSK ciphersuite, ServerKeyExchange can be omitted if no identity hint is sent. Set session->sess_cert anyway to avoid problems later.*/ - if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) + if (alg_k & SSL_kPSK) { s->session->sess_cert=ssl_sess_cert_new(); if (s->ctx->psk_identity_hint) @@ -1355,9 +1369,7 @@ int ssl3_get_key_exchange(SSL *s) } param_len=0; - alg_k=s->s3->tmp.new_cipher->algorithm_mkey; alg_a=s->s3->tmp.new_cipher->algorithm_auth; - EVP_MD_CTX_init(&md_ctx); #ifndef OPENSSL_NO_PSK if (alg_k & SSL_kPSK)