CRT and DH+SSL fix from 0.9.6a, ok provos@/deraadt@

2 files changed, 12 insertions, 1 deletions

diff --git a/lib/libssl/src/crypto/rsa/rsa_eay.c b/lib/libssl/src/crypto/rsa/rsa_eay.c
index 8b8a1e279a7..ccaa62b2392 100644
--- a/lib/libssl/src/crypto/rsa/rsa_eay.c
+++ b/lib/libssl/src/crypto/rsa/rsa_eay.c
@@ -419,7 +419,7 @@ err:
 static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
 	{
 	const RSA_METHOD *meth;
-	BIGNUM r1,m1;
+	BIGNUM r1,m1,vrfy;
 	int ret=0;
 	BN_CTX *ctx;
 
@@ -427,6 +427,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
 	if ((ctx=BN_CTX_new()) == NULL) goto err;
 	BN_init(&m1);
 	BN_init(&r1);
+	BN_init(&vrfy);
 
 	if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
 		{
@@ -474,10 +475,19 @@ static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
 	if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err;
 	if (!BN_add(r0,&r1,&m1)) goto err;
 
+	if (rsa->e && rsa->n)
+		{
+		if (!meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err;
+		if (BN_cmp(I, &vrfy) != 0)
+			{
+			if (!meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err;
+			}
+		}
 	ret=1;
 err:
 	BN_clear_free(&m1);
 	BN_clear_free(&r1);
+	BN_clear_free(&vrfy);
 	BN_CTX_free(ctx);
 	return(ret);
 	}
diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c
index bb8cfb31e55..d04232960e3 100644
--- a/lib/libssl/src/ssl/s3_srvr.c
+++ b/lib/libssl/src/ssl/s3_srvr.c
@@ -1414,6 +1414,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
 		s->session->master_key_length=
 			s->method->ssl3_enc->generate_master_secret(s,
 				s->session->master_key,p,i);
+		memset(p,0,i);
 		}
 	else
 #endif