generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix for CVE-2010-4180

Browse Source
This commit is contained in:
Dr. Stephen Henson 2010-12-02 18:24:55 +00:00
parent 91e1ff77a0
commit 6d65d44b95
5 changed files with 15 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES
View File

@ -4,6 +4,11 @@
Changes between 1.0.0b and 1.0.0c [xx XXX xxxx] Changes between 1.0.0b and 1.0.0c [xx XXX xxxx]
*) Disable code workaround for ancient and obsolete Netscape browsers
and servers: an attacker can use it in a ciphersuite downgrade attack.
Thanks to Martin Rex for discovering this bug. CVE-2010-4180
[Steve Henson]
*) Fixed J-PAKE implementation error, originally discovered by *) Fixed J-PAKE implementation error, originally discovered by
Sebastien Martini, further info and confirmation from Stefan Sebastien Martini, further info and confirmation from Stefan
Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252 Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252

1
NEWS
View File

@ -7,6 +7,7 @@
Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c: Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c:
o Fix for security issue CVE-2010-4180
o Fix for CVE-2010-4252 o Fix for CVE-2010-4252
o Fix mishandling of absent EC point format extension. o Fix mishandling of absent EC point format extension.
o Fix various platform compilation issues. o Fix various platform compilation issues.

13
doc/ssl/SSL_CTX_set_options.pod
View File

@ -78,18 +78,7 @@ this breaks this server so 16 bytes is the way to go.
=item SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG =item SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
ssl3.netscape.com:443, first a connection is established with RC4-MD5. As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect.
If it is then resumed, we end up using DES-CBC3-SHA. It should be
RC4-MD5 according to 7.6.1.3, 'cipher_suite'.
Netscape-Enterprise/2.01 (https://merchant.netscape.com) has this bug.
It only really shows up when connecting via SSLv2/v3 then reconnecting
via SSLv3. The cipher list changes....
NEW INFORMATION. Try connecting with a cipher list of just
DES-CBC-SHA:RC4-MD5. For some weird reason, each new connection uses
RC4-MD5, but a re-connect tries to use DES-CBC-SHA. So netscape, when
doing a re-connect, always takes the first cipher in the cipher list.
=item SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG =item SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG

3
ssl/s3_clnt.c
View File

@ -866,8 +866,11 @@ int ssl3_get_server_hello(SSL *s)
s->session->cipher_id = s->session->cipher->id; s->session->cipher_id = s->session->cipher->id;
if (s->hit && (s->session->cipher_id != c->id)) if (s->hit && (s->session->cipher_id != c->id))
{ {
/* Workaround is now obsolete */
#if 0
if (!(s->options & if (!(s->options &
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)) SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
#endif
{ {
al=SSL_AD_ILLEGAL_PARAMETER; al=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);

5
ssl/s3_srvr.c
View File

@ -985,6 +985,10 @@ int ssl3_get_client_hello(SSL *s)
break; break;
} }
} }
/* Disabled because it can be used in a ciphersuite downgrade
* attack: CVE-2010-4180.
*/
#if 0
if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
{ {
/* Special case as client bug workaround: the previously used cipher may /* Special case as client bug workaround: the previously used cipher may
@ -999,6 +1003,7 @@ int ssl3_get_client_hello(SSL *s)
j = 1; j = 1;
} }
} }
#endif
if (j == 0) if (j == 0)
{ {
/* we need to have the cipher in the cipher /* we need to have the cipher in the cipher