The branch OpenSSL_1_0_2-stable has been updated via 512368c9ed4d53fb230000e83071eb81bf628b22 (commit) via ada57746b6b80beae73111fe1291bf8dd89af91c (commit) from 5d786e9e2d08900cb823b73b0095f85eb2cedc7e (commit)
- Log ----------------------------------------------------------------- commit 512368c9ed4d53fb230000e83071eb81bf628b22 Author: Matt Caswell <m...@openssl.org> Date: Mon Aug 10 12:00:29 2015 +0100 Check for 0 modulus in BN_MONT_CTX_set The function BN_MONT_CTX_set was assuming that the modulus was non-zero and therefore that |mod->top| > 0. In an error situation that may not be the case and could cause a seg fault. This is a follow on from CVE-2015-1794. Reviewed-by: Richard Levitte <levi...@openssl.org> commit ada57746b6b80beae73111fe1291bf8dd89af91c Author: Guy Leaver (guleaver) <gulea...@cisco.com> Date: Fri Aug 7 15:45:21 2015 +0100 Fix seg fault with 0 p val in SKE If a client receives a ServerKeyExchange for an anon DH ciphersuite with the value of p set to 0 then a seg fault can occur. This commits adds a test to reject p, g and pub key parameters that have a 0 value (in accordance with RFC 5246) The security vulnerability only affects master and 1.0.2, but the fix is additionally applied to 1.0.1 for additional confidence. CVE-2015-1794 Reviewed-by: Richard Levitte <levi...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_mont.c | 3 +++ ssl/s3_clnt.c | 16 ++++++++++++++++ ssl/ssl.h | 3 +++ ssl/ssl_err.c | 3 +++ 4 files changed, 25 insertions(+) diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index aafd1b8..be95bd5 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -373,6 +373,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) int ret = 0; BIGNUM *Ri, *R; + if (BN_is_zero(mod)) + return 0; + BN_CTX_start(ctx); if ((Ri = BN_CTX_get(ctx)) == NULL) goto err; diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 6af145a..2059151 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1699,6 +1699,12 @@ int ssl3_get_key_exchange(SSL *s) } p += i; + if (BN_is_zero(dh->p)) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_VALUE); + goto f_err; + } + + if (2 > n - param_len) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); goto f_err; @@ -1719,6 +1725,11 @@ int ssl3_get_key_exchange(SSL *s) } p += i; + if (BN_is_zero(dh->g)) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_VALUE); + goto f_err; + } + if (2 > n - param_len) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); goto f_err; @@ -1740,6 +1751,11 @@ int ssl3_get_key_exchange(SSL *s) p += i; n -= param_len; + if (BN_is_zero(dh->pub_key)) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_PUB_KEY_VALUE); + goto f_err; + } + # ifndef OPENSSL_NO_RSA if (alg_a & SSL_aRSA) pkey = diff --git a/ssl/ssl.h b/ssl/ssl.h index 6fe1a24..c6c5bce 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -2846,8 +2846,11 @@ void ERR_load_SSL_strings(void); # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 # define SSL_R_BAD_DECOMPRESSION 107 # define SSL_R_BAD_DH_G_LENGTH 108 +# define SSL_R_BAD_DH_G_VALUE 375 # define SSL_R_BAD_DH_PUB_KEY_LENGTH 109 +# define SSL_R_BAD_DH_PUB_KEY_VALUE 393 # define SSL_R_BAD_DH_P_LENGTH 110 +# define SSL_R_BAD_DH_P_VALUE 395 # define SSL_R_BAD_DIGEST_LENGTH 111 # define SSL_R_BAD_DSA_SIGNATURE 112 # define SSL_R_BAD_ECC_CERT 304 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 1a6030e..202228b 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -386,8 +386,11 @@ static ERR_STRING_DATA SSL_str_reasons[] = { "bad data returned by callback"}, {ERR_REASON(SSL_R_BAD_DECOMPRESSION), "bad decompression"}, {ERR_REASON(SSL_R_BAD_DH_G_LENGTH), "bad dh g length"}, + {ERR_REASON(SSL_R_BAD_DH_G_VALUE), "bad dh g value"}, {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH), "bad dh pub key length"}, + {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_VALUE), "bad dh pub key value"}, {ERR_REASON(SSL_R_BAD_DH_P_LENGTH), "bad dh p length"}, + {ERR_REASON(SSL_R_BAD_DH_P_VALUE), "bad dh p value"}, {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH), "bad digest length"}, {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE), "bad dsa signature"}, {ERR_REASON(SSL_R_BAD_ECC_CERT), "bad ecc cert"}, _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits