apply J-PKAKE fix to HEAD (original by Ben)
This commit is contained in:
parent
ae3fff5034
commit
300b1d76fe
4 changed files with 43 additions and 3 deletions
11
CHANGES
11
CHANGES
|
@ -123,7 +123,7 @@
|
|||
whose return value is often ignored.
|
||||
[Steve Henson]
|
||||
|
||||
Changes between 1.0.0b and 1.0.1 [xx XXX xxxx]
|
||||
Changes between 1.0.0c and 1.0.1 [xx XXX xxxx]
|
||||
|
||||
*) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
|
||||
[Steve Henson]
|
||||
|
@ -162,7 +162,14 @@
|
|||
Add command line options to s_client/s_server.
|
||||
[Steve Henson]
|
||||
|
||||
Changes between 1.0.0a and 1.0.0b [xx XXX xxxx]
|
||||
Changes between 1.0.0b and 1.0.0c [xx XXX xxxx]
|
||||
|
||||
*) Fixed J-PAKE implementation error, originally discovered by
|
||||
Sebastien Martini, further info and confirmation from Stefan
|
||||
Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
|
||||
[Ben Laurie]
|
||||
|
||||
Changes between 1.0.0a and 1.0.0b [16 Nov 2010]
|
||||
|
||||
*) Fix extension code to avoid race conditions which can result in a buffer
|
||||
overrun vulnerability: resumed sessions must not be modified as they can
|
||||
|
|
|
@ -282,8 +282,37 @@ int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx)
|
|||
return 1;
|
||||
}
|
||||
|
||||
/* g^x is a legal value */
|
||||
static int is_legal(const BIGNUM *gx, const JPAKE_CTX *ctx)
|
||||
{
|
||||
BIGNUM *t;
|
||||
int res;
|
||||
|
||||
if(BN_is_negative(gx) || BN_is_zero(gx) || BN_cmp(gx, ctx->p.p) >= 0)
|
||||
return 0;
|
||||
|
||||
t = BN_new();
|
||||
BN_mod_exp(t, gx, ctx->p.q, ctx->p.p, ctx->ctx);
|
||||
res = BN_is_one(t);
|
||||
BN_free(t);
|
||||
|
||||
return res;
|
||||
}
|
||||
|
||||
int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received)
|
||||
{
|
||||
if(!is_legal(received->p1.gx, ctx))
|
||||
{
|
||||
JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if(!is_legal(received->p2.gx, ctx))
|
||||
{
|
||||
JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* verify their ZKP(xc) */
|
||||
if(!verify_zkp(&received->p1, ctx->p.g, ctx))
|
||||
{
|
||||
|
|
|
@ -115,6 +115,8 @@ void ERR_load_JPAKE_strings(void);
|
|||
#define JPAKE_F_VERIFY_ZKP 100
|
||||
|
||||
/* Reason codes. */
|
||||
#define JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL 108
|
||||
#define JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL 109
|
||||
#define JPAKE_R_G_TO_THE_X4_IS_ONE 105
|
||||
#define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH 106
|
||||
#define JPAKE_R_HASH_OF_KEY_MISMATCH 107
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/* crypto/jpake/jpake_err.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
|
@ -80,6 +80,8 @@ static ERR_STRING_DATA JPAKE_str_functs[]=
|
|||
|
||||
static ERR_STRING_DATA JPAKE_str_reasons[]=
|
||||
{
|
||||
{ERR_REASON(JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL),"g to the x3 is not legal"},
|
||||
{ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL),"g to the x4 is not legal"},
|
||||
{ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_ONE) ,"g to the x4 is one"},
|
||||
{ERR_REASON(JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH),"hash of hash of key mismatch"},
|
||||
{ERR_REASON(JPAKE_R_HASH_OF_KEY_MISMATCH),"hash of key mismatch"},
|
||||
|
|
Loading…
Reference in a new issue