blob: 04ef526826e747c5d623bc675d6d6714a11f9f6c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
From 0cde9a9645c949fd0acf657dadc747676245cfaf Mon Sep 17 00:00:00 2001
From: Alexandru Moise <alexandru.moise@windriver.com>
Date: Tue, 7 Feb 2017 11:13:19 +0200
Subject: [PATCH 1/2] crypto/evp: harden RC4_MD5 cipher.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Originally a crash in 32-bit build was reported CHACHA20-POLY1305
cipher. The crash is triggered by truncated packet and is result
of excessive hashing to the edge of accessible memory (or bogus
MAC value is produced if x86 MD5 assembly module is involved). Since
hash operation is read-only it is not considered to be exploitable
beyond a DoS condition.
Thanks to Robert Święcki for report.
CVE-2017-3731
Backported from upstream commit:
8e20499629b6bcf868d0072c7011e590b5c2294d
Upstream-Status: Backport
Reviewed-by: Rich Salz <rsalz@openssl.org>
Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com>
---
crypto/evp/e_rc4_hmac_md5.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c
index 5e92855..3293419 100644
--- a/crypto/evp/e_rc4_hmac_md5.c
+++ b/crypto/evp/e_rc4_hmac_md5.c
@@ -269,6 +269,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
len = p[arg - 2] << 8 | p[arg - 1];
if (!ctx->encrypt) {
+ if (len < MD5_DIGEST_LENGTH)
+ return -1;
len -= MD5_DIGEST_LENGTH;
p[arg - 2] = len >> 8;
p[arg - 1] = len;
--
2.10.2
|
