On Fri, Aug 26, 2011 at 02:22 -0700, Justin Ferguson wrote:
> I think you guys will want to check your usage of the OpenSSL APIs in
> iked/ikev2 for stuff like this:
>
> ssize_t
> dsa_verify_final(struct iked_dsa *dsa, void *buf, size_t len)
> {
> u_int8_t sig[EVP_MAX_MD_SIZE];
> u_int siglen = sizeof(sig);
>
> if (dsa->dsa_hmac) {
> HMAC_Final(dsa->dsa_ctx, sig, &siglen);
> if (siglen != len || memcmp(buf, sig, siglen) != 0)
> return (-1);
> } else {
> if (!EVP_VerifyFinal(dsa->dsa_ctx, buf, len,
> dsa->dsa_key)) {
> ca_sslerror();
> return (-1);
> }
> }
>
> return (0);
> }
>
> "RETURN VALUES
>
> EVP_VerifyInit_ex() and EVP_VerifyUpdate() return 1 for success and 0 for
> failure.
>
> EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if
> some other error occurred.
> "
>
> Furthermore, some background can be found in CVE-2009-0021 or
> http://xorl.wordpress.com/2009/03/11/cve-2009-0021-ntp-ssltls-validation-bypa
> ss/
>
> Cheers,
>
> Justin N. Ferguson
>
Hi,
Thanks a lot for reporting this. The patch is being reviewed.
Cheers,
Mike
