hi, i applied the above patch and sslv2 was able to communicate with
SSL_VERIFY_PEER.
below are the concern of my team , can anybody comment on the below
risk ?
I can't tell what exactly this code is doing, but it does look initially
OK. 'p' should point to a buffer that contains *at least* 3 bytes (max 6
bytes?), so doing 'p++' and then 'n2s(p,i)' should be OK (n2s references
p[0] and p[1], and thus is inside the bounds of the buffer).
My only concern is that p (which has been incremented by 2 by the n2s macro)
now potentially points beyond the read number of bytes and is then (if ' i
!= SSL2_PE_NO_CERTIFICATE' is false) passed to s->msg_callback - potential
use of uninitialised data?
<...>
#define n2s(c,s) ((s=(((unsigned int)(c[0]))<< 8)| \
(((unsigned int)(c[1])) )),c+=2)
<...>
if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_C)
{
p=(unsigned char *)s->init_buf->data;
i=ssl2_read(s,(char *)&(p[s->init_num]),6-s->init_num); /* try to
read 6 octets ... */
* if (i < 3-s->init_num) /* ... but don't call ssl2_part_read now if
we got at least 3*
* (probably NO-CERTIFICATE-ERROR) */
{
ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);
goto end;
}
*// p now contains at least 3 bytes, possibly 6*
s->init_num += i;
if ((s->init_num >= 3) && (p[0] == SSL2_MT_ERROR))
{
* p++;*
* n2s(p,i); // does p+=2 - p now points beyond end of read data
(potentially)*
if (i != SSL2_PE_NO_CERTIFICATE)
{
/* not the error message we expected -- let ssl2_part_read
handle it */
s->init_num -= 3;
ret = ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE, 3);
goto end;
}
if (s->msg_callback)
* s->msg_callback(0, s->version, 0, p, 3, s,
s->msg_callback_arg); /* ERROR */*
What does msg_callback do with p?
Thanks
Anil
On Thu, Apr 9, 2009 at 4:40 PM, Ger Hobbelt <g...@hobbelt.com> wrote:
> Patch for PR696 looks fine to me, though attached patch alternative
> may be considered .1% 'better' as it more closely mimicks the other
> side of the fence: the transmission code in s2_clnt.c:
>
> p=buf;
> *(p++)=SSL2_MT_ERROR;
> s2n(SSL2_PE_NO_CERTIFICATE,p);
>
> -->
>
> --- /home/ger/prj/1original/openssl/openssl/./ssl/s2_srvr.c 2009-01-08
> 00:44:26.000000000 +0100
> +++ ./ssl/s2_srvr.c 2009-04-09 13:02:09.000000000 +0200
> @@ -970,6 +970,7 @@
>
> if ((s->init_num >= 3) && (p[0] == SSL2_MT_ERROR))
> {
> + p++; /* [i_a] fix PR696: see
> http://rt.openssl.org/Ticket/Display.html?id=696 */
> n2s(p,i);
> if (i != SSL2_PE_NO_CERTIFICATE)
> {
>
> 'tis the same as the original fix posted then; just different wording.
> (And to answer the then comment in there: no, definitely do NOT use
> n2l3 here: that's serving a different purpose. Here a 16-bit integer
> code should be retrieved, so the only thing missing was the pointer
> increment before doing so.
>
>
> You might want to submit this to the bug tracker at r...@openssl.org
> (while referring to PR696 and the current mail trail in users@
> here...)
>
>
>
>
> On Thu, Apr 9, 2009 at 12:22 PM, Anil Tambe <tambe.a...@gmail.com> wrote:
> > Thanks .. the information was helpful ..
> > i found one patch which resolves this issue .. ( Please read
> > the Disclaimer)
> > http://rt.openssl.org/Ticket/Display.html?id=696&user=guest&pass=guest
> > i applied that patch and sslv2 client was able to do successful
> > communication without passing the certificate ..
> > Request you all to review the patch and let us know your thoughts on it
> ...
> > Thanks
> > Anil
> >
> > On Wed, Apr 8, 2009 at 6:06 AM, Dave Thompson
> > <dave.thomp...@princetonpayments.com> wrote:
> >>
> >> > From: owner-openssl-us...@openssl.org On Behalf Of Anil Tambe
> >> > Sent: Tuesday, 07 April, 2009 03:23
> >> > i am using the latest openssl 0.9.8k. the -verify option works fine
> >> > with ssl3 , but handshake fails if i use -ssl2 .
> >>
> >> > ./openssl s_server -verify 0 -debug
> >>
> >> > ./openssl s_client -ssl3 -debug [ works fine .]
> >>
> >> > > ./openssl s_client -ssl2
> >> (snip certs)
> >> > 22360:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake
> >> failure:s2_pkt.c:428:
> >>
> >> Use -msg and you should see before that something like
> >> <<< SSL 2.0 [length 0012], REQUEST-CERTIFICATE
> >> 07 01 69 de b1 89 f9 f4 db 0d 12 f2 34 3b 1a a5
> >> 50 90
> >> >>> SSL 2.0 [length 0003], ERROR: NO-CERTIFICATE-ERROR
> >> 00 00 02
> >>
> >> or look at the server output and you should see
> >> 10233:error:140710CA:SSL routines:REQUEST_CERTIFICATE:peer error no
> >> certificate:s2_pkt.c:675:
> >>
> >> Apparently SSLv2 doesn't support optional client auth;
> >> if the server requests it (which s_server -verify does)
> >> the client must provide it (so give it -key & pw & -cert).
> >>
> >> v2 is way old, and less functional in numerous ways.
> >> This is apparently one, although I didn't remember it
> >> specifically. Prefer v3/TLS if you have a choice.
> >>
> >>
> >>
> >> ______________________________________________________________________
> >> OpenSSL Project http://www.openssl.org
> >> User Support Mailing List openssl-users@openssl.org
> >> Automated List Manager majord...@openssl.org
> >
> >
>
>
>
> --
> Met vriendelijke groeten / Best regards,
>
> Ger Hobbelt
>
> --------------------------------------------------
> web: http://www.hobbelt.com/
> http://www.hebbut.net/
> mail: g...@hobbelt.com
> mobile: +31-6-11 120 978
> --------------------------------------------------
>
