TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / d741cf4cca0ad04d4300966011c30c4ab080aec1^! / .
commitd741cf4cca0ad04d4300966011c30c4ab080aec1[log] [tgz]
authorPaul Bakker <p.j.bakker@polarssl.org>Mon Feb 28 21:10:41 2011 +0000
committerPaul Bakker <p.j.bakker@polarssl.org>Mon Feb 28 21:10:41 2011 +0000
tree8c76afef72997aa8beae567e27b19c1ca244720a
parent02710261aef8e36a7ab3be6fad202173ae022b7c [diff]
 - Replaced function that fixes man-in-the-middle attack
 - Added message to indicate inclusion of man-in-the-middle attack (Reported by Larry Highsmith, Subreption LLC)
 - Released version 0.14.2


diff --git a/ChangeLog b/ChangeLog
index 50b5a2b..79540c9 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -1,6 +1,7 @@
 PolarSSL ChangeLog
 
-= Version 0.14.1 released on 2011-02-22
+= Version 0.14.2 released on 2011-02-28
+This release replaces version 0.14.1 which had possible copyright issues.
 Bugfixes
    * Corrected parsing of UTCTime dates before 1990 and
      after 1950
@@ -13,6 +14,11 @@
      to negotiate anonymous connection (Fixes ticket #12,
 	 found by Boris Krasnovskiy)
 
+Security fixes
+   * Fixed a possible Man-in-the-Middle attack on the
+     Diffie Hellman key exchange (thanks to Larry Highsmith,
+	 Subreption LLC)
+
 = Version 0.14.0 released on 2010-08-16
 Features
    * Added support for SSL_EDH_RSA_AES_128_SHA and

diff --git a/include/polarssl/version.h b/include/polarssl/version.h
index 294258d..d13f01c 100644
--- a/include/polarssl/version.h
+++ b/include/polarssl/version.h

@@ -36,16 +36,16 @@
  */
 #define POLARSSL_VERSION_MAJOR  0
 #define POLARSSL_VERSION_MINOR  14
-#define POLARSSL_VERSION_PATCH  1
+#define POLARSSL_VERSION_PATCH  2
 
 /**
  * The single version number has the following structure:
  *    MMNNPP00
  *    Major version | Minor version | Patch version
  */
-#define POLARSSL_VERSION_NUMBER         0x000E0100
-#define POLARSSL_VERSION_STRING         "0.14.1"
-#define POLARSSL_VERSION_STRING_FULL    "PolarSSL 0.14.1"
+#define POLARSSL_VERSION_NUMBER         0x000E0200
+#define POLARSSL_VERSION_STRING         "0.14.2"
+#define POLARSSL_VERSION_STRING_FULL    "PolarSSL 0.14.2"
 
 #if defined(POLARSSL_VERSION_C)
 

diff --git a/library/dhm.c b/library/dhm.c
index b587fa6..9b99a2b 100644
--- a/library/dhm.c
+++ b/library/dhm.c

@@ -63,34 +63,32 @@
 }
 
 /*
- * Verify sanity of public value with regards to P
+ * Verify sanity of public parameter with regards to P
+ *
+ * Public parameter should be: 2 <= public_param <= P - 2
+ *
+ * For more information on the attack, see:
+ *  http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf
+ *  http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2643
  */
-static int dhm_verifypub( const mpi *P,  const mpi *pub_value )
+static int dhm_check_range( const mpi *public_param, const mpi *P )
 {
-    mpi X;
+    mpi L, U;
+    int ret = POLARSSL_ERR_DHM_BAD_INPUT_DATA;
 
-    mpi_init( &X, NULL );
-    mpi_lset( &X, 1 );
+    mpi_init( &L, &U, NULL );
+    mpi_lset( &L, 2 );
+    mpi_sub_int( &U, P, 2 );
 
-    /* Check G^Y or G^X is valid */
-    if( mpi_cmp_mpi( pub_value, &X ) <= 0 )
+    if( mpi_cmp_mpi( public_param, &L ) >= 0 &&
+        mpi_cmp_mpi( public_param, &U ) <= 0 )
     {
-        mpi_free( &X, NULL );
-        return( POLARSSL_ERR_DHM_BAD_INPUT_DATA );
+        ret = 0;
     }
 
-    /* Reset: x = P - 1 */
-    mpi_sub_int( &X, P, 1 );
+    mpi_free( &L, &U, NULL );
 
-    if( mpi_cmp_mpi( pub_value, &X ) >= 0 )
-    {
-        mpi_free( &X, NULL );
-        return( POLARSSL_ERR_DHM_BAD_INPUT_DATA );
-    }
-
-    mpi_free( &X, NULL );
-
-    return( 0 );
+    return( ret );
 }
 
 /*
@@ -109,6 +107,9 @@
         ( ret = dhm_read_bignum( &ctx->GY, p, end ) ) != 0 )
         return( ret );
 
+    if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
+        return( ret );
+
     ctx->len = mpi_size( &ctx->P );
 
     if( end - *p < 2 )
@@ -120,9 +121,6 @@
     if( end != *p + n )
         return( POLARSSL_ERR_DHM_BAD_INPUT_DATA );
 
-    if( ( ret = dhm_verifypub( &ctx->P, &ctx->GY ) ) != 0 )
-        return( ret );
-
     return( 0 );
 }
 
@@ -156,7 +154,7 @@
     MPI_CHK( mpi_exp_mod( &ctx->GX, &ctx->G, &ctx->X,
                           &ctx->P , &ctx->RP ) );
 
-    if( ( ret = dhm_verifypub( &ctx->P, &ctx->GX ) ) != 0 )
+    if( ( ret = dhm_check_range( &ctx->GX, &ctx->P ) ) != 0 )
         return( ret );
 
     /*
@@ -235,8 +233,8 @@
     MPI_CHK( mpi_exp_mod( &ctx->GX, &ctx->G, &ctx->X,
                           &ctx->P , &ctx->RP ) );
 
-    if( dhm_verifypub( &ctx->P, &ctx->GX ) != 0 )
-        return( POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED );
+    if( ( ret = dhm_check_range( &ctx->GX, &ctx->P ) ) != 0 )
+        return( ret );
 
     MPI_CHK( mpi_write_binary( &ctx->GX, output, olen ) );
 
@@ -262,7 +260,7 @@
     MPI_CHK( mpi_exp_mod( &ctx->K, &ctx->GY, &ctx->X,
                           &ctx->P, &ctx->RP ) );
 
-    if( ( ret = dhm_verifypub( &ctx->P, &ctx->GY ) ) != 0 )
+    if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
         return( ret );
 
     *olen = mpi_size( &ctx->K );

diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 2561250..b6c9ab6 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data

@@ -1,5 +1,5 @@
 Check compiletime library version
-check_compiletime_version:"0.14.1"
+check_compiletime_version:"0.14.2"
 
 Check runtime library version
-check_runtime_version:"0.14.1"
+check_runtime_version:"0.14.2"