summaryrefslogtreecommitdiff
path: root/lib/libssl
diff options
context:
space:
mode:
authorBob Beck <beck@cvs.openbsd.org>2001-08-01 19:51:18 +0000
committerBob Beck <beck@cvs.openbsd.org>2001-08-01 19:51:18 +0000
commit38223f1fe95067b826a997cfe88963e9e93cf6c9 (patch)
tree54b73def4615fc41d3103d101265ee0a2024baa6 /lib/libssl
parent98ba4ab2de5732015ef5842227bc313d6f6c67ae (diff)
merge openssl 0.9.6b-engine
Note that this is a maintenence release, API's appear *not* to have changed. As such, I have only increased the minor number on these libraries
Diffstat (limited to 'lib/libssl')
-rw-r--r--lib/libssl/s3_srvr.c26
-rw-r--r--lib/libssl/shlib_version2
-rw-r--r--lib/libssl/t1_enc.c16
-rw-r--r--lib/libssl/test/Makefile.ssl2
4 files changed, 40 insertions, 6 deletions
diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c
index d04232960e3..258af84867a 100644
--- a/lib/libssl/s3_srvr.c
+++ b/lib/libssl/s3_srvr.c
@@ -1322,14 +1322,15 @@ static int ssl3_get_client_key_exchange(SSL *s)
i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
+ al = -1;
+
if (i != SSL_MAX_MASTER_KEY_LENGTH)
{
al=SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
- goto f_err;
}
- if (!((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
+ if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
{
/* The premaster secret must contain the same version number as the
* ClientHello to detect version rollback attacks (strangely, the
@@ -1347,6 +1348,27 @@ static int ssl3_get_client_key_exchange(SSL *s)
}
}
+ if (al != -1)
+ {
+#if 0
+ goto f_err;
+#else
+ /* Some decryption failure -- use random value instead as countermeasure
+ * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding
+ * (see RFC 2246, section 7.4.7.1).
+ * But note that due to length and protocol version checking, the
+ * attack is impractical anyway (see section 5 in D. Bleichenbacher:
+ * "Chosen Ciphertext Attacks Against Protocols Based on the RSA
+ * Encryption Standard PKCS #1", CRYPTO '98, LNCS 1462, pp. 1-12).
+ */
+ ERR_clear_error();
+ i = SSL_MAX_MASTER_KEY_LENGTH;
+ p[0] = s->client_version >> 8;
+ p[1] = s->client_version & 0xff;
+ RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */
+#endif
+ }
+
s->session->master_key_length=
s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,
diff --git a/lib/libssl/shlib_version b/lib/libssl/shlib_version
index 3066b9771e7..900b4048a96 100644
--- a/lib/libssl/shlib_version
+++ b/lib/libssl/shlib_version
@@ -1,2 +1,2 @@
major=5
-minor=0
+minor=1
diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c
index d10a23af8eb..a0758e92614 100644
--- a/lib/libssl/t1_enc.c
+++ b/lib/libssl/t1_enc.c
@@ -420,7 +420,7 @@ int tls1_enc(SSL *s, int send)
if ((s->session == NULL) || (ds == NULL) ||
(enc == NULL))
{
- memcpy(rec->data,rec->input,rec->length);
+ memmove(rec->data,rec->input,rec->length);
rec->input=rec->data;
}
else
@@ -447,11 +447,21 @@ int tls1_enc(SSL *s, int send)
rec->length+=i;
}
+ if (!send)
+ {
+ if (l == 0 || l%bs != 0)
+ {
+ SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR);
+ return(0);
+ }
+ }
+
EVP_Cipher(ds,rec->data,rec->input,l);
if ((bs != 1) && !send)
{
- ii=i=rec->data[l-1];
+ ii=i=rec->data[l-1]; /* padding_length */
i++;
if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
{
@@ -462,6 +472,8 @@ int tls1_enc(SSL *s, int send)
if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
i--;
}
+ /* TLS 1.0 does not bound the number of padding bytes by the block size.
+ * All of them must have value 'padding_length'. */
if (i > (int)rec->length)
{
SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
diff --git a/lib/libssl/test/Makefile.ssl b/lib/libssl/test/Makefile.ssl
index 9c7b7dd1588..7384243cbdb 100644
--- a/lib/libssl/test/Makefile.ssl
+++ b/lib/libssl/test/Makefile.ssl
@@ -192,7 +192,7 @@ test_bn:
@./$(BNTEST) >tmp.bntest
@echo quit >>tmp.bntest
@echo "running bc"
- @<tmp.bntest sh -c "`sh ./bctest || true`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"'
+ @<tmp.bntest sh -c "`sh ./bctest ignore`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"'
@echo 'test a^b%c implementations'
./$(EXPTEST)