Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
1 年多 前同步成功

通知 10
Star 18
Fork 1
T
Third Party Openssl
提交 b15f8769 编写于 作者: D Dr. Stephen Henson
浏览文件
操作

ECDH downgrade bug fix. 

Fix bug where an OpenSSL client would accept a handshake using an
ephemeral ECDH ciphersuites with the server key exchange message omitted.

Thanks to Karthikeyan Bhargavan for reporting this issue.

CVE-2014-3572
Reviewed-by: NMatt Caswell <matt@openssl.org>
上级 b5526482
隐藏空白更改
内联 并排
Showing with 22 addition and 3 deletion
CHANGES
浏览文件 @ b15f8769
...@@ -659,6 +659,13 @@ ...@@ -659,6 +659,13 @@
Changes between 1.0.1j and 1.0.1k [xx XXX xxxx] Changes between 1.0.1j and 1.0.1k [xx XXX xxxx]
*) Abort handshake if server key exchange message is omitted for ephemeral
ECDH ciphersuites.
Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2014-3572)
[Steve Henson]
*) Ensure that the session ID context of an SSL is updated when its *) Ensure that the session ID context of an SSL is updated when its
SSL_CTX is updated via SSL_set_SSL_CTX. SSL_CTX is updated via SSL_set_SSL_CTX.
......
ssl/s3_clnt.c
浏览文件 @ b15f8769
...@@ -1376,6 +1376,8 @@ int ssl3_get_key_exchange(SSL *s) ...@@ -1376,6 +1376,8 @@ int ssl3_get_key_exchange(SSL *s)
int encoded_pt_len = 0; int encoded_pt_len = 0;
#endif #endif
EVP_MD_CTX_init(&md_ctx);
/* use same message size as in ssl3_get_certificate_request() /* use same message size as in ssl3_get_certificate_request()
* as ServerKeyExchange message may be skipped */ * as ServerKeyExchange message may be skipped */
n=s->method->ssl_get_message(s, n=s->method->ssl_get_message(s,
...@@ -1386,14 +1388,26 @@ int ssl3_get_key_exchange(SSL *s) ...@@ -1386,14 +1388,26 @@ int ssl3_get_key_exchange(SSL *s)
&ok); &ok);
if (!ok) return((int)n); if (!ok) return((int)n);
alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE)
{ {
/*
* Can't skip server key exchange if this is an ephemeral
* ciphersuite.
*/
if (alg_k & (SSL_kDHE|SSL_kECDHE))
{
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
al = SSL_AD_UNEXPECTED_MESSAGE;
goto f_err;
}
#ifndef OPENSSL_NO_PSK #ifndef OPENSSL_NO_PSK
/* In plain PSK ciphersuite, ServerKeyExchange can be /* In plain PSK ciphersuite, ServerKeyExchange can be
omitted if no identity hint is sent. Set omitted if no identity hint is sent. Set
session->sess_cert anyway to avoid problems session->sess_cert anyway to avoid problems
later.*/ later.*/
if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) if (alg_k & SSL_kPSK)
{ {
s->session->sess_cert=ssl_sess_cert_new(); s->session->sess_cert=ssl_sess_cert_new();
if (s->ctx->psk_identity_hint) if (s->ctx->psk_identity_hint)
...@@ -1438,9 +1452,7 @@ int ssl3_get_key_exchange(SSL *s) ...@@ -1438,9 +1452,7 @@ int ssl3_get_key_exchange(SSL *s)
/* Total length of the parameters including the length prefix */ /* Total length of the parameters including the length prefix */
param_len=0; param_len=0;
alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
alg_a=s->s3->tmp.new_cipher->algorithm_auth; alg_a=s->s3->tmp.new_cipher->algorithm_auth;
EVP_MD_CTX_init(&md_ctx);
al=SSL_AD_DECODE_ERROR; al=SSL_AD_DECODE_ERROR;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册