Unauthenticated DH client certificate fix.
authorDr. Stephen Henson <steve@openssl.org>
Thu, 23 Oct 2014 19:36:17 +0000 (20:36 +0100)
committerMatt Caswell <matt@openssl.org>
Thu, 8 Jan 2015 15:46:42 +0000 (15:46 +0000)
Fix to prevent use of DH client certificates without sending
certificate verify message.

If we've used a client certificate to generate the premaster secret
ssl3_get_client_key_exchange returns 2 and ssl3_get_cert_verify is
never called.

We can only skip the certificate verify message in
ssl3_get_cert_verify if the client didn't send a certificate.

Thanks to Karthikeyan Bhargavan for reporting this issue.
CVE-2015-0205
Reviewed-by: Matt Caswell <matt@openssl.org>
ssl/s3_srvr.c

index 9a10a7cbfae295464c75d31079d7ea62e4d70b9f..230a36f80c1d41c3b5f9d000c2b01aa9dc7f5a86 100644 (file)
@@ -3016,7 +3016,7 @@ int ssl3_get_cert_verify(SSL *s)
        if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
                {
                s->s3->tmp.reuse_message=1;
-               if ((peer != NULL) && (type & EVP_PKT_SIGN))
+               if (peer != NULL)
                        {
                        al=SSL_AD_UNEXPECTED_MESSAGE;
                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);