Patrick Williams | f1e5d69 | 2016-03-30 15:21:19 -0500 | [diff] [blame] | 1 | From d81a1600588b726c2bdccda7efad3cc7a87d6245 Mon Sep 17 00:00:00 2001 |
| 2 | From: Viktor Dukhovni <openssl-users@dukhovni.org> |
| 3 | Date: Wed, 30 Dec 2015 22:44:51 -0500 |
| 4 | Subject: [PATCH] Better SSLv2 cipher-suite enforcement |
| 5 | |
| 6 | Based on patch by: Nimrod Aviram <nimrod.aviram@gmail.com> |
| 7 | |
| 8 | CVE-2015-3197 |
| 9 | |
| 10 | Reviewed-by: Tim Hudson <tjh@openssl.org> |
| 11 | Reviewed-by: Richard Levitte <levitte@openssl.org> |
| 12 | |
| 13 | Upstream-Status: Backport |
| 14 | https://github.com/openssl/openssl/commit/d81a1600588b726c2bdccda7efad3cc7a87d6245 |
| 15 | |
| 16 | CVE: CVE-2015-3197 |
| 17 | Signed-off-by: Armin Kuster <akuster@mvista.com> |
| 18 | |
| 19 | --- |
| 20 | ssl/s2_srvr.c | 15 +++++++++++++-- |
| 21 | 1 file changed, 13 insertions(+), 2 deletions(-) |
| 22 | |
| 23 | Index: openssl-1.0.2d/ssl/s2_srvr.c |
| 24 | =================================================================== |
| 25 | --- openssl-1.0.2d.orig/ssl/s2_srvr.c |
| 26 | +++ openssl-1.0.2d/ssl/s2_srvr.c |
| 27 | @@ -402,7 +402,7 @@ static int get_client_master_key(SSL *s) |
| 28 | } |
| 29 | |
| 30 | cp = ssl2_get_cipher_by_char(p); |
| 31 | - if (cp == NULL) { |
| 32 | + if (cp == NULL || sk_SSL_CIPHER_find(s->session->ciphers, cp) < 0) { |
| 33 | ssl2_return_error(s, SSL2_PE_NO_CIPHER); |
| 34 | SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH); |
| 35 | return (-1); |
| 36 | @@ -687,8 +687,12 @@ static int get_client_hello(SSL *s) |
| 37 | prio = cs; |
| 38 | allow = cl; |
| 39 | } |
| 40 | + |
| 41 | + /* Generate list of SSLv2 ciphers shared between client and server */ |
| 42 | for (z = 0; z < sk_SSL_CIPHER_num(prio); z++) { |
| 43 | - if (sk_SSL_CIPHER_find(allow, sk_SSL_CIPHER_value(prio, z)) < 0) { |
| 44 | + const SSL_CIPHER *cp = sk_SSL_CIPHER_value(prio, z); |
| 45 | + if ((cp->algorithm_ssl & SSL_SSLV2) == 0 || |
| 46 | + sk_SSL_CIPHER_find(allow, cp) < 0) { |
| 47 | (void)sk_SSL_CIPHER_delete(prio, z); |
| 48 | z--; |
| 49 | } |
| 50 | @@ -697,6 +701,13 @@ static int get_client_hello(SSL *s) |
| 51 | sk_SSL_CIPHER_free(s->session->ciphers); |
| 52 | s->session->ciphers = prio; |
| 53 | } |
| 54 | + |
| 55 | + /* Make sure we have at least one cipher in common */ |
| 56 | + if (sk_SSL_CIPHER_num(s->session->ciphers) == 0) { |
| 57 | + ssl2_return_error(s, SSL2_PE_NO_CIPHER); |
| 58 | + SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_NO_CIPHER_MATCH); |
| 59 | + return -1; |
| 60 | + } |
| 61 | /* |
| 62 | * s->session->ciphers should now have a list of ciphers that are on |
| 63 | * both the client and server. This list is ordered by the order the |