mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-01 19:28:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix the RC4-MD5 cipher

Browse Source 
A copy&paste error meant that the RC4-MD5 cipher (used in TLS) used the TLS
AAD data as the MAC key.

CVE-2022-1434

Fixes #18112

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
This commit is contained in:
Matt Caswell 2022-04-15 10:22:59 +01:00
parent 6ee1f4f40b
commit 33219939c7
3 changed files with 3 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
providers/implementations/ciphers/cipher_rc4_hmac_md5.c
View File

@ -183,7 +183,7 @@ static int rc4_hmac_md5_set_ctx_params(void *vctx, const OSSL_PARAM params[])
} }
ctx->tls_aad_pad_sz = sz; ctx->tls_aad_pad_sz = sz;
} }
p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD); p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_MAC_KEY);
if (p != NULL) { if (p != NULL) {
if (p->data_type != OSSL_PARAM_OCTET_STRING) { if (p->data_type != OSSL_PARAM_OCTET_STRING) {
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);

22
test/recipes/30-test_evp_data/evpciph_aes_stitched.txt
View File

@ -124,25 +124,3 @@ TLSVersion = 0x0302
Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f
Ciphertext = 261cd0c88a4d4e6db7fc263257a9f6d0ce83c1ff5f2680dc57ffd8eefdbb9c00d3d507672d105a990b2b78509978625b9d93c2bd41e3fb721abd1496553c583c67dad9b662b3d58c8540e10ed9c5ed1a7f33ce9e9a41c30836651d73ee2c003af03a919eb41a6d70ef814e184e740f8a96221b924d9d025ef5e7150d4ca76921a025dd146fef87da738877313f11ec8f4c558b878c28ce6a9a5011d70f58c5dbd3412cf0a32154f5a4286958a5a50a86f15119835ceccf432601e4cc688cdd682ac9620500b60c0760bb93209859823778a7f2b5bab1af259bda13d84f952af9d2f07f500dadedc41a2b6a737a1296e0b2fb96ac4da4bf71fe2f0c4a1b6fc4dd251087e4c03d2e28c85a9b4a835ef166b48e5b7690f332a1d8db7bd9380221891f31ee82f4b8dd9ebf540cab583a0f33 Ciphertext = 261cd0c88a4d4e6db7fc263257a9f6d0ce83c1ff5f2680dc57ffd8eefdbb9c00d3d507672d105a990b2b78509978625b9d93c2bd41e3fb721abd1496553c583c67dad9b662b3d58c8540e10ed9c5ed1a7f33ce9e9a41c30836651d73ee2c003af03a919eb41a6d70ef814e184e740f8a96221b924d9d025ef5e7150d4ca76921a025dd146fef87da738877313f11ec8f4c558b878c28ce6a9a5011d70f58c5dbd3412cf0a32154f5a4286958a5a50a86f15119835ceccf432601e4cc688cdd682ac9620500b60c0760bb93209859823778a7f2b5bab1af259bda13d84f952af9d2f07f500dadedc41a2b6a737a1296e0b2fb96ac4da4bf71fe2f0c4a1b6fc4dd251087e4c03d2e28c85a9b4a835ef166b48e5b7690f332a1d8db7bd9380221891f31ee82f4b8dd9ebf540cab583a0f33
NextIV = 1f31ee82f4b8dd9ebf540cab583a0f33 NextIV = 1f31ee82f4b8dd9ebf540cab583a0f33
Title = RC4-HMAC-MD5 test vectors
Availablein = legacy
Cipher = RC4-HMAC-MD5
Key = d48ecc0a163a06626bd1b7e172dfb5b3
MACKey = 5973581f63768353af37d3f51ec9f6ef
TLSAAD = 90a1b2c3e4f506172803010050
TLSVersion = 0x0301
Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
Ciphertext = eea8eba927d9b16c640958f922b3ca43b197eea520674aa1d059156dfd4c12249e2890e8f3c72676e20fe4a30848c1cc6c12f4596d6e290b5f84745ac36959645ea4acabc84e748b2fd5e4228a2fe4f8d44460dfb9a0fce1faf00f1fc7159c3c
Operation = ENCRYPT
Availablein = legacy
Cipher = RC4-HMAC-MD5
Key = d48ecc0a163a06626bd1b7e172dfb5b3
MACKey = 5973581f63768353af37d3f51ec9f6ef
TLSAAD = 90a1b2c3e4f506172803010060
TLSVersion = 0x0301
Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
Ciphertext = eea8eba927d9b16c640958f922b3ca43b197eea520674aa1d059156dfd4c12249e2890e8f3c72676e20fe4a30848c1cc6c12f4596d6e290b5f84745ac36959645ea4acabc84e748b2fd5e4228a2fe4f8d44460dfb9a0fce1faf00f1fc7159c3c
Operation = DECRYPT

4
test/recipes/30-test_evp_data/evpciph_rc4_stitched.txt
View File

@ -7,7 +7,7 @@ MACKey = 5973581f63768353af37d3f51ec9f6ef
TLSAAD = 90a1b2c3e4f506172803010050 TLSAAD = 90a1b2c3e4f506172803010050
TLSVersion = 0x0301 TLSVersion = 0x0301
Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
Ciphertext = eea8eba927d9b16c640958f922b3ca43b197eea520674aa1d059156dfd4c12249e2890e8f3c72676e20fe4a30848c1cc6c12f4596d6e290b5f84745ac36959645ea4acabc84e748b2fd5e4228a2fe4f8d44460dfb9a0fce1faf00f1fc7159c3c Ciphertext = eea8eba927d9b16c640958f922b3ca43b197eea520674aa1d059156dfd4c12249e2890e8f3c72676e20fe4a30848c1cc6c12f4596d6e290b5f84745ac36959645ea4acabc84e748b2fd5e4228a2fe4f8c5792501fca9d8455160d626dc1a9716
# DECRYPT must be a separate entry due to change in TLSAAD value # DECRYPT must be a separate entry due to change in TLSAAD value
Operation = ENCRYPT Operation = ENCRYPT
@ -18,5 +18,5 @@ MACKey = 5973581f63768353af37d3f51ec9f6ef
TLSAAD = 90a1b2c3e4f506172803010060 TLSAAD = 90a1b2c3e4f506172803010060
TLSVersion = 0x0301 TLSVersion = 0x0301
Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
Ciphertext = eea8eba927d9b16c640958f922b3ca43b197eea520674aa1d059156dfd4c12249e2890e8f3c72676e20fe4a30848c1cc6c12f4596d6e290b5f84745ac36959645ea4acabc84e748b2fd5e4228a2fe4f8d44460dfb9a0fce1faf00f1fc7159c3c Ciphertext = eea8eba927d9b16c640958f922b3ca43b197eea520674aa1d059156dfd4c12249e2890e8f3c72676e20fe4a30848c1cc6c12f4596d6e290b5f84745ac36959645ea4acabc84e748b2fd5e4228a2fe4f8c5792501fca9d8455160d626dc1a9716
Operation = DECRYPT Operation = DECRYPT