Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
compat-openssl098.6133
openssl-CVE-2014-3572.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-CVE-2014-3572.patch of Package compat-openssl098.6133
commit e42a2abadc90664e2615dc63ba7f79cf163f780a Author: Dr. Stephen Henson <steve@openssl.org> Date: Fri Oct 24 12:30:33 2014 +0100 ECDH downgrade bug fix. Fix bug where an OpenSSL client would accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. Thanks to Karthikeyan Bhargavan for reporting this issue. CVE-2014-3572 Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit b15f8769644b00ef7283521593360b7b2135cb63) Conflicts: CHANGES ssl/s3_clnt.c Index: openssl-0.9.8j/ssl/s3_clnt.c =================================================================== --- openssl-0.9.8j.orig/ssl/s3_clnt.c 2015-01-08 14:25:23.608531470 +0100 +++ openssl-0.9.8j/ssl/s3_clnt.c 2015-01-08 14:25:24.833546429 +0100 @@ -1109,8 +1109,21 @@ int ssl3_get_key_exchange(SSL *s) if (!ok) return((int)n); + alg=s->s3->tmp.new_cipher->algorithms; + EVP_MD_CTX_init(&md_ctx); + if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { + /* + * Can't skip server key exchange if this is an ephemeral + * ciphersuite. + */ + if (alg & (SSL_kEDH|SSL_kECDHE)) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); + al = SSL_AD_UNEXPECTED_MESSAGE; + goto f_err; + } s->s3->tmp.reuse_message=1; return(1); } @@ -1147,8 +1160,6 @@ int ssl3_get_key_exchange(SSL *s) } param_len=0; - alg=s->s3->tmp.new_cipher->algorithms; - EVP_MD_CTX_init(&md_ctx); #ifndef OPENSSL_NO_RSA if (alg & SSL_kRSA)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor