projects / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ae3fff5)
apply J-PKAKE fix to HEAD (original by Ben)
authorDr. Stephen Henson <steve@openssl.org>
Mon, 29 Nov 2010 18:32:05 +0000 (18:32 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 29 Nov 2010 18:32:05 +0000 (18:32 +0000)
CHANGES patch | blob | history
crypto/jpake/jpake.c patch | blob | history
crypto/jpake/jpake.h patch | blob | history
crypto/jpake/jpake_err.c patch | blob | history

diff --git a/CHANGES b/CHANGES
index b8e18dc1e280ef8aebab36a5f0c811cf9374a4a4..6157a1ef0db391fe3d9c34f9810821731064d2ff 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -123,7 +123,7 @@
      whose return value is often ignored. 
      [Steve Henson]
   
      whose return value is often ignored. 
      [Steve Henson]
   
- Changes between 1.0.0b and 1.0.1  [xx XXX xxxx]
+ Changes between 1.0.0c and 1.0.1  [xx XXX xxxx]
 
   *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
      [Steve Henson]
 
   *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
      [Steve Henson]
@@ -162,7 +162,14 @@
        Add command line options to s_client/s_server.
      [Steve Henson]
 
        Add command line options to s_client/s_server.
      [Steve Henson]
 
- Changes between 1.0.0a and 1.0.0b  [xx XXX xxxx]
+ Changes between 1.0.0b and 1.0.0c  [xx XXX xxxx]
+
+  *) Fixed J-PAKE implementation error, originally discovered by
+     Sebastien Martini, further info and confirmation from Stefan
+     Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
+     [Ben Laurie]
+
+ Changes between 1.0.0a and 1.0.0b  [16 Nov 2010]
 
   *) Fix extension code to avoid race conditions which can result in a buffer
      overrun vulnerability: resumed sessions must not be modified as they can
 
   *) Fix extension code to avoid race conditions which can result in a buffer
      overrun vulnerability: resumed sessions must not be modified as they can
diff --git a/crypto/jpake/jpake.c b/crypto/jpake/jpake.c
index 086d9f47e065f7b9dd67ebd0a7db51c6415d6940..8e4b633ccc5310f85f2f242f73560e51f0c44260 100644 (file)
--- a/crypto/jpake/jpake.c
+++ b/crypto/jpake/jpake.c
@@ -282,8 +282,37 @@ int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx)
     return 1;
     }
 
     return 1;
     }
 
+/* g^x is a legal value */
+static int is_legal(const BIGNUM *gx, const JPAKE_CTX *ctx)
+    {
+    BIGNUM *t;
+    int res;
+    
+    if(BN_is_negative(gx) || BN_is_zero(gx) || BN_cmp(gx, ctx->p.p) >= 0)
+       return 0;
+
+    t = BN_new();
+    BN_mod_exp(t, gx, ctx->p.q, ctx->p.p, ctx->ctx);
+    res = BN_is_one(t);
+    BN_free(t);
+
+    return res;
+    }
+
 int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received)
     {
 int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received)
     {
+    if(!is_legal(received->p1.gx, ctx))
+       {
+       JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL);
+       return 0;
+       }
+
+    if(!is_legal(received->p2.gx, ctx))
+       {
+       JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL);
+       return 0;
+       }
+
    /* verify their ZKP(xc) */
     if(!verify_zkp(&received->p1, ctx->p.g, ctx))
        {
    /* verify their ZKP(xc) */
     if(!verify_zkp(&received->p1, ctx->p.g, ctx))
        {
diff --git a/crypto/jpake/jpake.h b/crypto/jpake/jpake.h
index 693ea188cb82d5325fb641fffc7e79357541637e..fd143b4d9bdd2dca64ab95a6dfcb80aa8940e8f9 100644 (file)
--- a/crypto/jpake/jpake.h
+++ b/crypto/jpake/jpake.h
@@ -115,6 +115,8 @@ void ERR_load_JPAKE_strings(void);
 #define JPAKE_F_VERIFY_ZKP                              100
 
 /* Reason codes. */
 #define JPAKE_F_VERIFY_ZKP                              100
 
 /* Reason codes. */
+#define JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL                108
+#define JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL                109
 #define JPAKE_R_G_TO_THE_X4_IS_ONE                      105
 #define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH            106
 #define JPAKE_R_HASH_OF_KEY_MISMATCH                    107
 #define JPAKE_R_G_TO_THE_X4_IS_ONE                      105
 #define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH            106
 #define JPAKE_R_HASH_OF_KEY_MISMATCH                    107
diff --git a/crypto/jpake/jpake_err.c b/crypto/jpake/jpake_err.c
index 1b9506796799a81130adcb14da6c403b780926af..a9a9dee75c14fc24ef9f28fb242a8d072081fe33 100644 (file)
--- a/crypto/jpake/jpake_err.c
+++ b/crypto/jpake/jpake_err.c
@@ -1,6 +1,6 @@
 /* crypto/jpake/jpake_err.c */
 /* ====================================================================
 /* crypto/jpake/jpake_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2010 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -80,6 +80,8 @@ static ERR_STRING_DATA JPAKE_str_functs[]=
 
 static ERR_STRING_DATA JPAKE_str_reasons[]=
        {
 
 static ERR_STRING_DATA JPAKE_str_reasons[]=
        {
+{ERR_REASON(JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL),"g to the x3 is not legal"},
+{ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL),"g to the x4 is not legal"},
 {ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_ONE)  ,"g to the x4 is one"},
 {ERR_REASON(JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH),"hash of hash of key mismatch"},
 {ERR_REASON(JPAKE_R_HASH_OF_KEY_MISMATCH),"hash of key mismatch"},
 {ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_ONE)  ,"g to the x4 is one"},
 {ERR_REASON(JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH),"hash of hash of key mismatch"},
 {ERR_REASON(JPAKE_R_HASH_OF_KEY_MISMATCH),"hash of key mismatch"},
Unnamed repository; edit this file 'description' to name the repository.