IKEv2 & openssl

Justin Ferguson Fri, 26 Aug 2011 02:43:14 -0700

I think you guys will want to check your usage of the OpenSSL APIs in
iked/ikev2 for stuff like this:


ssize_t
dsa_verify_final(struct iked_dsa *dsa, void *buf, size_t len)
{
        u_int8_t         sig[EVP_MAX_MD_SIZE];
        u_int            siglen = sizeof(sig);

        if (dsa->dsa_hmac) {
                HMAC_Final(dsa->dsa_ctx, sig, &siglen);
                if (siglen != len || memcmp(buf, sig, siglen) != 0)
                        return (-1);
        } else {
                if (!EVP_VerifyFinal(dsa->dsa_ctx, buf, len,
                    dsa->dsa_key)) {
                        ca_sslerror();
                        return (-1);
                }
        }

        return (0);
}

"RETURN VALUES

EVP_VerifyInit_ex() and EVP_VerifyUpdate() return 1 for success and 0 for
failure.

EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if
some other error occurred.
"

Furthermore, some background can be found in CVE-2009-0021 or
http://xorl.wordpress.com/2009/03/11/cve-2009-0021-ntp-ssltls-validation-bypa
ss/

Cheers,

Justin N. Ferguson

IKEv2 & openssl

Reply via email to