Loading CHANGES +9 −2 Original line number Diff line number Diff line Loading @@ -123,7 +123,7 @@ whose return value is often ignored. [Steve Henson] Changes between 1.0.0b and 1.0.1 [xx XXX xxxx] Changes between 1.0.0c and 1.0.1 [xx XXX xxxx] *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id. [Steve Henson] Loading Loading @@ -162,7 +162,14 @@ Add command line options to s_client/s_server. [Steve Henson] Changes between 1.0.0a and 1.0.0b [xx XXX xxxx] Changes between 1.0.0b and 1.0.0c [xx XXX xxxx] *) Fixed J-PAKE implementation error, originally discovered by Sebastien Martini, further info and confirmation from Stefan Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252 [Ben Laurie] Changes between 1.0.0a and 1.0.0b [16 Nov 2010] *) Fix extension code to avoid race conditions which can result in a buffer overrun vulnerability: resumed sessions must not be modified as they can Loading crypto/jpake/jpake.c +29 −0 Original line number Diff line number Diff line Loading @@ -282,8 +282,37 @@ int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx) return 1; } /* g^x is a legal value */ static int is_legal(const BIGNUM *gx, const JPAKE_CTX *ctx) { BIGNUM *t; int res; if(BN_is_negative(gx) || BN_is_zero(gx) || BN_cmp(gx, ctx->p.p) >= 0) return 0; t = BN_new(); BN_mod_exp(t, gx, ctx->p.q, ctx->p.p, ctx->ctx); res = BN_is_one(t); BN_free(t); return res; } int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received) { if(!is_legal(received->p1.gx, ctx)) { JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL); return 0; } if(!is_legal(received->p2.gx, ctx)) { JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL); return 0; } /* verify their ZKP(xc) */ if(!verify_zkp(&received->p1, ctx->p.g, ctx)) { Loading crypto/jpake/jpake.h +2 −0 Original line number Diff line number Diff line Loading @@ -115,6 +115,8 @@ void ERR_load_JPAKE_strings(void); #define JPAKE_F_VERIFY_ZKP 100 /* Reason codes. */ #define JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL 108 #define JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL 109 #define JPAKE_R_G_TO_THE_X4_IS_ONE 105 #define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH 106 #define JPAKE_R_HASH_OF_KEY_MISMATCH 107 Loading crypto/jpake/jpake_err.c +3 −1 Original line number Diff line number Diff line /* crypto/jpake/jpake_err.c */ /* ==================================================================== * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. * Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions Loading Loading @@ -80,6 +80,8 @@ static ERR_STRING_DATA JPAKE_str_functs[]= static ERR_STRING_DATA JPAKE_str_reasons[]= { {ERR_REASON(JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL),"g to the x3 is not legal"}, {ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL),"g to the x4 is not legal"}, {ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_ONE) ,"g to the x4 is one"}, {ERR_REASON(JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH),"hash of hash of key mismatch"}, {ERR_REASON(JPAKE_R_HASH_OF_KEY_MISMATCH),"hash of key mismatch"}, Loading Loading
CHANGES +9 −2 Original line number Diff line number Diff line Loading @@ -123,7 +123,7 @@ whose return value is often ignored. [Steve Henson] Changes between 1.0.0b and 1.0.1 [xx XXX xxxx] Changes between 1.0.0c and 1.0.1 [xx XXX xxxx] *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id. [Steve Henson] Loading Loading @@ -162,7 +162,14 @@ Add command line options to s_client/s_server. [Steve Henson] Changes between 1.0.0a and 1.0.0b [xx XXX xxxx] Changes between 1.0.0b and 1.0.0c [xx XXX xxxx] *) Fixed J-PAKE implementation error, originally discovered by Sebastien Martini, further info and confirmation from Stefan Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252 [Ben Laurie] Changes between 1.0.0a and 1.0.0b [16 Nov 2010] *) Fix extension code to avoid race conditions which can result in a buffer overrun vulnerability: resumed sessions must not be modified as they can Loading
crypto/jpake/jpake.c +29 −0 Original line number Diff line number Diff line Loading @@ -282,8 +282,37 @@ int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx) return 1; } /* g^x is a legal value */ static int is_legal(const BIGNUM *gx, const JPAKE_CTX *ctx) { BIGNUM *t; int res; if(BN_is_negative(gx) || BN_is_zero(gx) || BN_cmp(gx, ctx->p.p) >= 0) return 0; t = BN_new(); BN_mod_exp(t, gx, ctx->p.q, ctx->p.p, ctx->ctx); res = BN_is_one(t); BN_free(t); return res; } int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received) { if(!is_legal(received->p1.gx, ctx)) { JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL); return 0; } if(!is_legal(received->p2.gx, ctx)) { JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL); return 0; } /* verify their ZKP(xc) */ if(!verify_zkp(&received->p1, ctx->p.g, ctx)) { Loading
crypto/jpake/jpake.h +2 −0 Original line number Diff line number Diff line Loading @@ -115,6 +115,8 @@ void ERR_load_JPAKE_strings(void); #define JPAKE_F_VERIFY_ZKP 100 /* Reason codes. */ #define JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL 108 #define JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL 109 #define JPAKE_R_G_TO_THE_X4_IS_ONE 105 #define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH 106 #define JPAKE_R_HASH_OF_KEY_MISMATCH 107 Loading
crypto/jpake/jpake_err.c +3 −1 Original line number Diff line number Diff line /* crypto/jpake/jpake_err.c */ /* ==================================================================== * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. * Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions Loading Loading @@ -80,6 +80,8 @@ static ERR_STRING_DATA JPAKE_str_functs[]= static ERR_STRING_DATA JPAKE_str_reasons[]= { {ERR_REASON(JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL),"g to the x3 is not legal"}, {ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL),"g to the x4 is not legal"}, {ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_ONE) ,"g to the x4 is one"}, {ERR_REASON(JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH),"hash of hash of key mismatch"}, {ERR_REASON(JPAKE_R_HASH_OF_KEY_MISMATCH),"hash of key mismatch"}, Loading
