summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordelphij <delphij@FreeBSD.org>2011-09-08 09:33:49 +0000
committerdelphij <delphij@FreeBSD.org>2011-09-08 09:33:49 +0000
commit41cd87c13ef2eae05c70bdf24dd18c20d8722a21 (patch)
treec78ebae8f592503cd02c7bf8762ca3a1bdf05cce
parent3f2d6e22bf0098f8f5abd77b7d5d13f5d6d9606b (diff)
downloadFreeBSD-src-41cd87c13ef2eae05c70bdf24dd18c20d8722a21.zip
FreeBSD-src-41cd87c13ef2eae05c70bdf24dd18c20d8722a21.tar.gz
Fix SSL memory handlig for (EC)DH cipher suites, in particular for
multi-threaded use of ECDH. Security: CVE-2011-3210 Reviewed by: stas Obtained from: OpenSSL CVS Approved by: re (kib)
-rw-r--r--crypto/openssl/ssl/s3_lib.c6
-rw-r--r--crypto/openssl/ssl/s3_srvr.c22
2 files changed, 21 insertions, 7 deletions
diff --git a/crypto/openssl/ssl/s3_lib.c b/crypto/openssl/ssl/s3_lib.c
index 8fa4ab0..e6091ef 100644
--- a/crypto/openssl/ssl/s3_lib.c
+++ b/crypto/openssl/ssl/s3_lib.c
@@ -1722,11 +1722,17 @@ void ssl3_clear(SSL *s)
}
#ifndef OPENSSL_NO_DH
if (s->s3->tmp.dh != NULL)
+ {
DH_free(s->s3->tmp.dh);
+ s->s3->tmp.dh = NULL;
+ }
#endif
#ifndef OPENSSL_NO_ECDH
if (s->s3->tmp.ecdh != NULL)
+ {
EC_KEY_free(s->s3->tmp.ecdh);
+ s->s3->tmp.ecdh = NULL;
+ }
#endif
rp = s->s3->rbuf.buf;
diff --git a/crypto/openssl/ssl/s3_srvr.c b/crypto/openssl/ssl/s3_srvr.c
index e2d570f..b9f4292 100644
--- a/crypto/openssl/ssl/s3_srvr.c
+++ b/crypto/openssl/ssl/s3_srvr.c
@@ -710,9 +710,7 @@ int ssl3_check_client_hello(SSL *s)
if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
{
/* Throw away what we have done so far in the current handshake,
- * which will now be aborted. (A full SSL_clear would be too much.)
- * I hope that tmp.dh is the only thing that may need to be cleared
- * when a handshake is not completed ... */
+ * which will now be aborted. (A full SSL_clear would be too much.) */
#ifndef OPENSSL_NO_DH
if (s->s3->tmp.dh != NULL)
{
@@ -720,6 +718,13 @@ int ssl3_check_client_hello(SSL *s)
s->s3->tmp.dh = NULL;
}
#endif
+#ifndef OPENSSL_NO_ECDH
+ if (s->s3->tmp.ecdh != NULL)
+ {
+ EC_KEY_free(s->s3->tmp.ecdh);
+ s->s3->tmp.ecdh = NULL;
+ }
+#endif
return 2;
}
return 1;
@@ -1329,7 +1334,6 @@ int ssl3_send_server_key_exchange(SSL *s)
if (s->s3->tmp.dh != NULL)
{
- DH_free(dh);
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -1390,7 +1394,6 @@ int ssl3_send_server_key_exchange(SSL *s)
if (s->s3->tmp.ecdh != NULL)
{
- EC_KEY_free(s->s3->tmp.ecdh);
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -1401,12 +1404,11 @@ int ssl3_send_server_key_exchange(SSL *s)
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
goto err;
}
- if (!EC_KEY_up_ref(ecdhp))
+ if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
{
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
goto err;
}
- ecdh = ecdhp;
s->s3->tmp.ecdh=ecdh;
if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
@@ -2262,6 +2264,12 @@ int ssl3_get_client_key_exchange(SSL *s)
/* Get encoded point length */
i = *p;
p += 1;
+ if (n != 1 + i)
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ ERR_R_EC_LIB);
+ goto err;
+ }
if (EC_POINT_oct2point(group,
clnt_ecpoint, p, i, bn_ctx) == 0)
{
OpenPOWER on IntegriCloud