Skip to content

Commit

Permalink
crypto/evp: harden RC4_MD5 cipher.
Browse files Browse the repository at this point in the history
Originally a crash in 32-bit build was reported CHACHA20-POLY1305
cipher. The crash is triggered by truncated packet and is result
of excessive hashing to the edge of accessible memory (or bogus
MAC value is produced if x86 MD5 assembly module is involved). Since
hash operation is read-only it is not considered to be exploitable
beyond a DoS condition.

Thanks to Robert Święcki for report.

CVE-2017-3731

Reviewed-by: Rich Salz <rsalz@openssl.org>
  • Loading branch information
Andy Polyakov authored and mattcaswell committed Jan 26, 2017
1 parent b8552dc commit f3a7e57
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions crypto/evp/e_rc4_hmac_md5.c
Original file line number Diff line number Diff line change
Expand Up @@ -219,6 +219,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
len = p[arg - 2] << 8 | p[arg - 1];

if (!EVP_CIPHER_CTX_encrypting(ctx)) {
if (len < MD5_DIGEST_LENGTH)
return -1;
len -= MD5_DIGEST_LENGTH;
p[arg - 2] = len >> 8;
p[arg - 1] = len;
Expand Down

0 comments on commit f3a7e57

Please sign in to comment.