Quantcast

IKEv2 & openssl

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

IKEv2 & openssl

Justin Ferguson-3
I think you guys will want to check your usage of the OpenSSL APIs in
iked/ikev2 for stuff like this:

ssize_t
dsa_verify_final(struct iked_dsa *dsa, void *buf, size_t len)
{
        u_int8_t sig[EVP_MAX_MD_SIZE];
        u_int siglen = sizeof(sig);

        if (dsa->dsa_hmac) {
                HMAC_Final(dsa->dsa_ctx, sig, &siglen);
                if (siglen != len || memcmp(buf, sig, siglen) != 0)
                        return (-1);
        } else {
                if (!EVP_VerifyFinal(dsa->dsa_ctx, buf, len,
                    dsa->dsa_key)) {
                        ca_sslerror();
                        return (-1);
                }
        }

        return (0);
}

"RETURN VALUES

EVP_VerifyInit_ex() and EVP_VerifyUpdate() return 1 for success and 0 for
failure.

EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if
some other error occurred.
"

Furthermore, some background can be found in CVE-2009-0021 or
http://xorl.wordpress.com/2009/03/11/cve-2009-0021-ntp-ssltls-validation-bypa
ss/

Cheers,

Justin N. Ferguson

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: IKEv2 & openssl

Mike Belopuhov
On Fri, Aug 26, 2011 at 02:22 -0700, Justin Ferguson wrote:

> I think you guys will want to check your usage of the OpenSSL APIs in
> iked/ikev2 for stuff like this:
>
> ssize_t
> dsa_verify_final(struct iked_dsa *dsa, void *buf, size_t len)
> {
> u_int8_t sig[EVP_MAX_MD_SIZE];
> u_int siglen = sizeof(sig);
>
> if (dsa->dsa_hmac) {
> HMAC_Final(dsa->dsa_ctx, sig, &siglen);
> if (siglen != len || memcmp(buf, sig, siglen) != 0)
> return (-1);
> } else {
> if (!EVP_VerifyFinal(dsa->dsa_ctx, buf, len,
>    dsa->dsa_key)) {
> ca_sslerror();
> return (-1);
> }
> }
>
> return (0);
> }
>
> "RETURN VALUES
>
> EVP_VerifyInit_ex() and EVP_VerifyUpdate() return 1 for success and 0 for
> failure.
>
> EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if
> some other error occurred.
> "
>
> Furthermore, some background can be found in CVE-2009-0021 or
> http://xorl.wordpress.com/2009/03/11/cve-2009-0021-ntp-ssltls-validation-bypa
> ss/
>
> Cheers,
>
> Justin N. Ferguson
>

Hi,

Thanks a lot for reporting this.  The patch is being reviewed.

Cheers,
Mike

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: IKEv2 & openssl

Justin Ferguson-3
> Hi,
>
> Thanks a lot for reporting this.  The patch is being reviewed.
>
> Cheers,
> Mike

No worries at all, please let me know when the patch is done. While I noticed
it on my own time something tells me my company is going to refuse to let me
get out of this without an advisory :/

Justin

Loading...