CRT and DH+SSL fix from 0.9.6a, ok provos@/deraadt@

4 files changed, 24 insertions, 2 deletions

diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index 8b8a1e279a..ccaa62b239 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -419,7 +419,7 @@ err:
 static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
         {
         const RSA_METHOD *meth;
-        BIGNUM r1,m1;
+        BIGNUM r1,m1,vrfy;
         int ret=0;
         BN_CTX *ctx;
 
@@ -427,6 +427,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
         if ((ctx=BN_CTX_new()) == NULL) goto err;
         BN_init(&m1);
         BN_init(&r1);
+        BN_init(&vrfy);
 
         if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
                 {
@@ -474,10 +475,19 @@ static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
         if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err;
         if (!BN_add(r0,&r1,&m1)) goto err;
 
+        if (rsa->e && rsa->n)
+                {
+                if (!meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err;
+                if (BN_cmp(I, &vrfy) != 0)
+                        {
+                        if (!meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err;
+                        }
+                }
         ret=1;
 err:
         BN_clear_free(&m1);
         BN_clear_free(&r1);
+        BN_clear_free(&vrfy);
         BN_CTX_free(ctx);
         return(ret);
         }
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index bb8cfb31e5..d04232960e 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1414,6 +1414,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                 s->session->master_key_length=
                         s->method->ssl3_enc->generate_master_secret(s,
                                 s->session->master_key,p,i);
+                memset(p,0,i);
                 }
         else
 #endif
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_eay.c b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
index 8b8a1e279a..ccaa62b239 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_eay.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
@@ -419,7 +419,7 @@ err:
 static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
         {
         const RSA_METHOD *meth;
-        BIGNUM r1,m1;
+        BIGNUM r1,m1,vrfy;
         int ret=0;
         BN_CTX *ctx;
 
@@ -427,6 +427,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
         if ((ctx=BN_CTX_new()) == NULL) goto err;
         BN_init(&m1);
         BN_init(&r1);
+        BN_init(&vrfy);
 
         if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
                 {
@@ -474,10 +475,19 @@ static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
         if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err;
         if (!BN_add(r0,&r1,&m1)) goto err;
 
+        if (rsa->e && rsa->n)
+                {
+                if (!meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err;
+                if (BN_cmp(I, &vrfy) != 0)
+                        {
+                        if (!meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err;
+                        }
+                }
         ret=1;
 err:
         BN_clear_free(&m1);
         BN_clear_free(&r1);
+        BN_clear_free(&vrfy);
         BN_CTX_free(ctx);
         return(ret);
         }
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index bb8cfb31e5..d04232960e 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1414,6 +1414,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                 s->session->master_key_length=
                         s->method->ssl3_enc->generate_master_secret(s,
                                 s->session->master_key,p,i);
+                memset(p,0,i);
                 }
         else
 #endif