On 11 June 2014 06:47, Otto Moerbeek <o...@drijf.net> wrote: > On Tue, Jun 10, 2014 at 11:35:06PM +0100, Matt Caswell wrote: > >> On 10 June 2014 21:52, Kurt Roeckx <k...@roeckx.be> wrote: >> >> As far as I can see this is SSLv3 only, and only about the Finish >> >> message. >> >> >> >> So it seems that function return the length of the digest, and in >> >> some error cases 0. We'll end up with a wrong value in >> >> (peer_)finish_md_len. >> >> >> >> It should then result in this error: >> >> if (i != n) >> >> { >> >> al=SSL_AD_DECODE_ERROR; >> >> SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_BAD_DIGEST_LENGTH); >> >> goto f_err; >> >> } >> >> >> >> So at first look there doesn't seem to be anything wrong with the >> >> current code. But their patch doesn't do anything wrong either. >> > >> > So to clarify this a little more. ssl3_final_finish_mac() returns >> > 0 on an internal error, or the length of the digest. In case of SSLv3 >> > it's both an MD5 and SHA1. In ssl3_final_finish_mac() they only >> > get calculated and the length is returned. The check that they >> > are correct happens just after the if I quoted above. >> >> I can't see a way that this could be exploited. It is a bug though. >> >> I've just pushed a fix: >> https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2f1dffa88e1b120add4f0b3a794fbca65aa7768d >> >> Matt >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> Development Mailing List openssl-dev@openssl.org >> Automated List Manager majord...@openssl.org > > It's common courtecy to attribute fixes to the original author or at > least the project.
Well the fix itself was mine, although admittedly it is very similar to the original fix (there are only so many ways you can write that), and differs only in variable names etc. My apologies. I probably should have at least acknowledged the original source. Sorry Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org