[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Matt Caswell
matt at openssl.org
Tue Mar 10 10:47:37 UTC 2015
The branch OpenSSL_1_0_2-stable has been updated
via 2b31fcc0b5e7329e13806822a5709dbd51c5c8a4 (commit)
from b65b4c3481d9fc88056cd8373fd693d888ca064f (commit)
- Log -----------------------------------------------------------------
commit 2b31fcc0b5e7329e13806822a5709dbd51c5c8a4
Author: Matt Caswell <matt at openssl.org>
Date: Thu Feb 26 11:56:00 2015 +0000
Prevent handshake with unseeded PRNG
Fix security issue where under certain conditions a client can complete a
handshake with an unseeded PRNG. The conditions are:
- Client is on a platform where the PRNG has not been seeded, and the
user has not seeded manually
- A protocol specific client method version has been used (i.e. not
SSL_client_methodv23)
- A ciphersuite is used that does not require additional random data
from the PRNG beyond the initial ClientHello client random
(e.g. PSK-RC4-SHA)
If the handshake succeeds then the client random that has been used will
have been generated from a PRNG with insufficient entropy and therefore
the output may be predictable.
For example using the following command with an unseeded openssl will
succeed on an unpatched platform:
openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA
CVE-2015-0285
Reviewed-by: Richard Levitte <levitte at openssl.org>
(cherry picked from commit e1b568dd2462f7cacf98f3d117936c34e2849a6b)
-----------------------------------------------------------------------
Summary of changes:
ssl/s3_clnt.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index f186c3c..91053d5 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -717,8 +717,9 @@ int ssl3_client_hello(SSL *s)
} else
i = 1;
- if (i)
- ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random));
+ if (i && ssl_fill_hello_random(s, 0, p,
+ sizeof(s->s3->client_random)) <= 0)
+ goto err;
/* Do the message type and length last */
d = p = ssl_handshake_start(s);
More information about the openssl-commits
mailing list