generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Clean Kerberos pre-master secret

Browse Source 
Ensure the Kerberos pre-master secret has OPENSSL_cleanse called on it.

With thanks to the Open Crypto Audit Project for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Matt Caswell 2015-06-04 11:41:30 +01:00
parent 3610719931
commit 4e3dbe37ca
1 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
ssl/s3_srvr.c
View File

@ -2411,6 +2411,7 @@ int ssl3_get_client_key_exchange(SSL *s)
int padl, outl; int padl, outl;
krb5_timestamp authtime = 0; krb5_timestamp authtime = 0;
krb5_ticket_times ttimes; krb5_ticket_times ttimes;
int kerr = 0;
EVP_CIPHER_CTX_init(&ciph_ctx); EVP_CIPHER_CTX_init(&ciph_ctx);
@ -2514,23 +2515,27 @@ int ssl3_get_client_key_exchange(SSL *s)
{ {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DECRYPTION_FAILED); SSL_R_DECRYPTION_FAILED);
goto err; kerr = 1;
goto kclean;
} }
if (outl > SSL_MAX_MASTER_KEY_LENGTH) { if (outl > SSL_MAX_MASTER_KEY_LENGTH) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DATA_LENGTH_TOO_LONG); SSL_R_DATA_LENGTH_TOO_LONG);
goto err; kerr = 1;
goto kclean;
} }
if (!EVP_DecryptFinal_ex(&ciph_ctx, &(pms[outl]), &padl)) { if (!EVP_DecryptFinal_ex(&ciph_ctx, &(pms[outl]), &padl)) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DECRYPTION_FAILED); SSL_R_DECRYPTION_FAILED);
goto err; kerr = 1;
goto kclean;
} }
outl += padl; outl += padl;
if (outl > SSL_MAX_MASTER_KEY_LENGTH) { if (outl > SSL_MAX_MASTER_KEY_LENGTH) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DATA_LENGTH_TOO_LONG); SSL_R_DATA_LENGTH_TOO_LONG);
goto err; kerr = 1;
goto kclean;
} }
if (!((pms[0] == (s->client_version >> 8)) if (!((pms[0] == (s->client_version >> 8))
&& (pms[1] == (s->client_version & 0xff)))) { && (pms[1] == (s->client_version & 0xff)))) {
@ -2547,7 +2552,8 @@ int ssl3_get_client_key_exchange(SSL *s)
if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG)) { if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG)) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_AD_DECODE_ERROR); SSL_AD_DECODE_ERROR);
goto err; kerr = 1;
goto kclean;
} }
} }
@ -2573,6 +2579,11 @@ int ssl3_get_client_key_exchange(SSL *s)
* kssl_ctx = kssl_ctx_free(kssl_ctx); * kssl_ctx = kssl_ctx_free(kssl_ctx);
* if (s->kssl_ctx) s->kssl_ctx = NULL; * if (s->kssl_ctx) s->kssl_ctx = NULL;
*/ */
kclean:
OPENSSL_cleanse(pms, sizeof(pms));
if (kerr)
goto err;
} else } else
#endif /* OPENSSL_NO_KRB5 */ #endif /* OPENSSL_NO_KRB5 */