WARNING! Gitlab maintenance operation scheduled for Thursday, 18 June between 19:00 and 20:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.

Commit b4831062 authored Jan 24, 2013 by Dr. Stephen Henson

Don't try and verify signatures if key is NULL (CVE-2013-0166)

Add additional check to catch this in ASN1_item_verify too.
(cherry picked from commit 66e8211c0b1347970096e04b18aa52567c325200)

parent 5a49001b

CHANGES

+4 −0

Original line number	Diff line number	Diff line
		@@ -2038,6 +2038,10 @@
		This fixes a DoS attack. (CVE-2013-0166)
		[Steve Henson]

		*) Return an error when checking OCSP signatures when key is NULL.
		This fixes a DoS attack. (CVE-2013-0166)
		[Steve Henson]

		*) Call OCSP Stapling callback after ciphersuite has been chosen, so
		the right response is stapled. Also change SSL_get_certificate()
		so it returns the certificate actually sent.

crypto/asn1/a_verify.c

+6 −0

Original line number	Diff line number	Diff line
		@@ -140,6 +140,12 @@ int ASN1_item_verify(const ASN1_ITEM it, X509_ALGOR a,

		int mdnid, pknid;

		if (!pkey)
		{
		ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
		return -1;
		}

		EVP_MD_CTX_init(&ctx);

		/* Convert signature OID into digest and public key OIDs */

crypto/ocsp/ocsp_vfy.c

+6 −3

Original line number	Diff line number	Diff line
		@@ -91,9 +91,12 @@ int OCSP_basic_verify(OCSP_BASICRESP bs, STACK_OF(X509) certs,
		{
		EVP_PKEY *skey;
		skey = X509_get_pubkey(signer);
		if (skey)
		{
		ret = OCSP_BASICRESP_verify(bs, skey, 0);
		EVP_PKEY_free(skey);
		if(ret <= 0)
		}
		if(!skey \|\| ret <= 0)
		{
		OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
		goto end;