diff options
| author | delphij <delphij@FreeBSD.org> | 2011-09-08 09:33:49 +0000 |
|---|---|---|
| committer | delphij <delphij@FreeBSD.org> | 2011-09-08 09:33:49 +0000 |
| commit | 41cd87c13ef2eae05c70bdf24dd18c20d8722a21 (patch) | |
| tree | c78ebae8f592503cd02c7bf8762ca3a1bdf05cce | |
| parent | 3f2d6e22bf0098f8f5abd77b7d5d13f5d6d9606b (diff) | |
| download | FreeBSD-src-41cd87c13ef2eae05c70bdf24dd18c20d8722a21.zip FreeBSD-src-41cd87c13ef2eae05c70bdf24dd18c20d8722a21.tar.gz | |
Fix SSL memory handlig for (EC)DH cipher suites, in particular for
multi-threaded use of ECDH.
Security: CVE-2011-3210
Reviewed by: stas
Obtained from: OpenSSL CVS
Approved by: re (kib)
| -rw-r--r-- | crypto/openssl/ssl/s3_lib.c | 6 | ||||
| -rw-r--r-- | crypto/openssl/ssl/s3_srvr.c | 22 |
2 files changed, 21 insertions, 7 deletions
diff --git a/crypto/openssl/ssl/s3_lib.c b/crypto/openssl/ssl/s3_lib.c index 8fa4ab0..e6091ef 100644 --- a/crypto/openssl/ssl/s3_lib.c +++ b/crypto/openssl/ssl/s3_lib.c @@ -1722,11 +1722,17 @@ void ssl3_clear(SSL *s) } #ifndef OPENSSL_NO_DH if (s->s3->tmp.dh != NULL) + { DH_free(s->s3->tmp.dh); + s->s3->tmp.dh = NULL; + } #endif #ifndef OPENSSL_NO_ECDH if (s->s3->tmp.ecdh != NULL) + { EC_KEY_free(s->s3->tmp.ecdh); + s->s3->tmp.ecdh = NULL; + } #endif rp = s->s3->rbuf.buf; diff --git a/crypto/openssl/ssl/s3_srvr.c b/crypto/openssl/ssl/s3_srvr.c index e2d570f..b9f4292 100644 --- a/crypto/openssl/ssl/s3_srvr.c +++ b/crypto/openssl/ssl/s3_srvr.c @@ -710,9 +710,7 @@ int ssl3_check_client_hello(SSL *s) if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) { /* Throw away what we have done so far in the current handshake, - * which will now be aborted. (A full SSL_clear would be too much.) - * I hope that tmp.dh is the only thing that may need to be cleared - * when a handshake is not completed ... */ + * which will now be aborted. (A full SSL_clear would be too much.) */ #ifndef OPENSSL_NO_DH if (s->s3->tmp.dh != NULL) { @@ -720,6 +718,13 @@ int ssl3_check_client_hello(SSL *s) s->s3->tmp.dh = NULL; } #endif +#ifndef OPENSSL_NO_ECDH + if (s->s3->tmp.ecdh != NULL) + { + EC_KEY_free(s->s3->tmp.ecdh); + s->s3->tmp.ecdh = NULL; + } +#endif return 2; } return 1; @@ -1329,7 +1334,6 @@ int ssl3_send_server_key_exchange(SSL *s) if (s->s3->tmp.dh != NULL) { - DH_free(dh); SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; } @@ -1390,7 +1394,6 @@ int ssl3_send_server_key_exchange(SSL *s) if (s->s3->tmp.ecdh != NULL) { - EC_KEY_free(s->s3->tmp.ecdh); SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; } @@ -1401,12 +1404,11 @@ int ssl3_send_server_key_exchange(SSL *s) SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); goto err; } - if (!EC_KEY_up_ref(ecdhp)) + if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) { SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); goto err; } - ecdh = ecdhp; s->s3->tmp.ecdh=ecdh; if ((EC_KEY_get0_public_key(ecdh) == NULL) || @@ -2262,6 +2264,12 @@ int ssl3_get_client_key_exchange(SSL *s) /* Get encoded point length */ i = *p; p += 1; + if (n != 1 + i) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + ERR_R_EC_LIB); + goto err; + } if (EC_POINT_oct2point(group, clnt_ecpoint, p, i, bn_ctx) == 0) { |
