| From 0cde9a9645c949fd0acf657dadc747676245cfaf Mon Sep 17 00:00:00 2001 |
| From: Alexandru Moise <alexandru.moise@windriver.com> |
| Date: Tue, 7 Feb 2017 11:13:19 +0200 |
| Subject: [PATCH 1/2] crypto/evp: harden RC4_MD5 cipher. |
| MIME-Version: 1.0 |
| Content-Type: text/plain; charset=UTF-8 |
| Content-Transfer-Encoding: 8bit |
| |
| Originally a crash in 32-bit build was reported CHACHA20-POLY1305 |
| cipher. The crash is triggered by truncated packet and is result |
| of excessive hashing to the edge of accessible memory (or bogus |
| MAC value is produced if x86 MD5 assembly module is involved). Since |
| hash operation is read-only it is not considered to be exploitable |
| beyond a DoS condition. |
| |
| Thanks to Robert Święcki for report. |
| |
| CVE-2017-3731 |
| |
| Backported from upstream commit: |
| 8e20499629b6bcf868d0072c7011e590b5c2294d |
| |
| Upstream-Status: Backport |
| |
| Reviewed-by: Rich Salz <rsalz@openssl.org> |
| Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com> |
| --- |
| crypto/evp/e_rc4_hmac_md5.c | 2 ++ |
| 1 file changed, 2 insertions(+) |
| |
| diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c |
| index 5e92855..3293419 100644 |
| --- a/crypto/evp/e_rc4_hmac_md5.c |
| +++ b/crypto/evp/e_rc4_hmac_md5.c |
| @@ -269,6 +269,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, |
| len = p[arg - 2] << 8 | p[arg - 1]; |
| |
| if (!ctx->encrypt) { |
| + if (len < MD5_DIGEST_LENGTH) |
| + return -1; |
| len -= MD5_DIGEST_LENGTH; |
| p[arg - 2] = len >> 8; |
| p[arg - 1] = len; |
| -- |
| 2.10.2 |
| |