Brad Bishop | 37a0e4d | 2017-12-04 01:01:44 -0500 | [diff] [blame^] | 1 | From 0cde9a9645c949fd0acf657dadc747676245cfaf Mon Sep 17 00:00:00 2001 |
| 2 | From: Alexandru Moise <alexandru.moise@windriver.com> |
| 3 | Date: Tue, 7 Feb 2017 11:13:19 +0200 |
| 4 | Subject: [PATCH 1/2] crypto/evp: harden RC4_MD5 cipher. |
| 5 | MIME-Version: 1.0 |
| 6 | Content-Type: text/plain; charset=UTF-8 |
| 7 | Content-Transfer-Encoding: 8bit |
| 8 | |
| 9 | Originally a crash in 32-bit build was reported CHACHA20-POLY1305 |
| 10 | cipher. The crash is triggered by truncated packet and is result |
| 11 | of excessive hashing to the edge of accessible memory (or bogus |
| 12 | MAC value is produced if x86 MD5 assembly module is involved). Since |
| 13 | hash operation is read-only it is not considered to be exploitable |
| 14 | beyond a DoS condition. |
| 15 | |
| 16 | Thanks to Robert Święcki for report. |
| 17 | |
| 18 | CVE-2017-3731 |
| 19 | |
| 20 | Backported from upstream commit: |
| 21 | 8e20499629b6bcf868d0072c7011e590b5c2294d |
| 22 | |
| 23 | Upstream-Status: Backport |
| 24 | |
| 25 | Reviewed-by: Rich Salz <rsalz@openssl.org> |
| 26 | Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com> |
| 27 | --- |
| 28 | crypto/evp/e_rc4_hmac_md5.c | 2 ++ |
| 29 | 1 file changed, 2 insertions(+) |
| 30 | |
| 31 | diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c |
| 32 | index 5e92855..3293419 100644 |
| 33 | --- a/crypto/evp/e_rc4_hmac_md5.c |
| 34 | +++ b/crypto/evp/e_rc4_hmac_md5.c |
| 35 | @@ -269,6 +269,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, |
| 36 | len = p[arg - 2] << 8 | p[arg - 1]; |
| 37 | |
| 38 | if (!ctx->encrypt) { |
| 39 | + if (len < MD5_DIGEST_LENGTH) |
| 40 | + return -1; |
| 41 | len -= MD5_DIGEST_LENGTH; |
| 42 | p[arg - 2] = len >> 8; |
| 43 | p[arg - 1] = len; |
| 44 | -- |
| 45 | 2.10.2 |
| 46 | |