diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2015-02-06 09:58:53 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2015-02-06 09:58:53 +0000 |
| commit | 2a56e905e0b8006c40e7903cb0751cefbf44d74e (patch) | |
| tree | 592d047e5ee707ade12fe990f61e5b38297a0e0e /lib | |
| parent | dc60f9dd97f6ad45ee20e4277d05084ac0f68a5c (diff) | |
Add additional checks to ssl3_send_client_key_exchange() that ensures
ephemeral keys exist for SSL_kDHE and SSL_kECDHE.
This would have prevented CVE-2014-3572.
ok doug@
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libssl/src/ssl/s3_clnt.c | 43 |
1 files changed, 25 insertions, 18 deletions
diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c index 1a64a7e5f29..b2c75175980 100644 --- a/lib/libssl/src/ssl/s3_clnt.c +++ b/lib/libssl/src/ssl/s3_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_clnt.c,v 1.105 2015/02/06 08:30:23 jsing Exp $ */ +/* $OpenBSD: s3_clnt.c,v 1.106 2015/02/06 09:58:52 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1968,16 +1968,15 @@ ssl3_send_client_key_exchange(SSL *s) } else if (alg_k & SSL_kDHE) { DH *dh_srvr, *dh_clnt; - if (s->session->sess_cert->peer_dh_tmp != NULL) - dh_srvr = s->session->sess_cert->peer_dh_tmp; - else { - /* We get them from the cert. */ + /* Ensure that we have an ephemeral key for DHE. */ + if (s->session->sess_cert->peer_dh_tmp == NULL) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); goto err; } + dh_srvr = s->session->sess_cert->peer_dh_tmp; /* Generate a new random key. */ if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) { @@ -2057,22 +2056,30 @@ ssl3_send_client_key_exchange(SSL *s) */ } - if (s->session->sess_cert->peer_ecdh_tmp != NULL) { - tkey = s->session->sess_cert->peer_ecdh_tmp; - } else { + /* Ensure that we have an ephemeral key for ECDHE. */ + if ((alg_k & SSL_kECDHE) && + s->session->sess_cert->peer_ecdh_tmp == NULL) { + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_HANDSHAKE_FAILURE); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto err; + } + tkey = s->session->sess_cert->peer_ecdh_tmp; + + if (alg_k & (SSL_kECDHr|SSL_kECDHe)) { /* Get the Server Public Key from Cert */ srvr_pub_pkey = X509_get_pubkey(s->session-> \ sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); - if ((srvr_pub_pkey == NULL) || - (srvr_pub_pkey->type != EVP_PKEY_EC) || - (srvr_pub_pkey->pkey.ec == NULL)) { - SSLerr( - SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - goto err; - } + if (srvr_pub_pkey != NULL && + srvr_pub_pkey->type == EVP_PKEY_EC) + tkey = srvr_pub_pkey->pkey.ec; + } - tkey = srvr_pub_pkey->pkey.ec; + if (tkey == NULL) { + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto err; } srvr_group = EC_KEY_get0_group(tkey); @@ -2314,7 +2321,7 @@ ssl3_send_client_key_exchange(SSL *s) ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); + ERR_R_INTERNAL_ERROR); goto err; } |