git.openssl.org Git - openssl.git/commit

author	Matt Caswell <matt@openssl.org>
	Thu, 26 Feb 2015 11:56:00 +0000 (11:56 +0000)
committer	Matt Caswell <matt@openssl.org>
	Tue, 10 Mar 2015 10:45:52 +0000 (10:45 +0000)
commit	2b31fcc0b5e7329e13806822a5709dbd51c5c8a4
tree	df36f6fc3ad34dbb3302413d11a3d655dfab265e	tree \| snapshot
parent	b65b4c3481d9fc88056cd8373fd693d888ca064f	commit \| diff

Prevent handshake with unseeded PRNG

Fix security issue where under certain conditions a client can complete a
handshake with an unseeded PRNG. The conditions are:
- Client is on a platform where the PRNG has not been seeded, and the
user has not seeded manually
- A protocol specific client method version has been used (i.e. not
SSL_client_methodv23)
- A ciphersuite is used that does not require additional random data
from the PRNG beyond the initial ClientHello client random
(e.g. PSK-RC4-SHA)

If the handshake succeeds then the client random that has been used will
have been generated from a PRNG with insufficient entropy and therefore
the output may be predictable.

For example using the following command with an unseeded openssl will
succeed on an unpatched platform:

openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA

CVE-2015-0285

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit e1b568dd2462f7cacf98f3d117936c34e2849a6b)