From 6685f2c8afc4775c3656dccc5a37286c01c0e854 Mon Sep 17 00:00:00 2001 From: Steffan Karger Date: Tue, 29 Apr 2014 22:03:43 +0200 Subject: [PATCH 1/1] Check RAND_bytes() return value, fail when getting random fails. When RAND_bytes() does not return success, the buffer contents cannot be used. This patch makes sure the return code is checked, and the connection fails when keys or challenges cannot be trusted. Signed-off-by: Steffan Karger --- src/protocol_auth.c | 13 +++++++++++-- src/protocol_key.c | 10 ++++++++-- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 385e5436..87ba30a3 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -215,7 +215,12 @@ bool send_metakey(connection_t *c) { /* Copy random data to the buffer */ - RAND_bytes((unsigned char *)c->outkey, len); + if (1 != RAND_bytes((unsigned char *)c->outkey, len)) { + int err = ERR_get_error(); + logger(LOG_ERR, "Failed to generate meta key (%s)", "SEND_METAKEY", ERR_error_string(err, NULL)); + return false; + } + /* The message we send must be smaller than the modulus of the RSA key. By definition, for a key of k bits, the following formula holds: @@ -391,7 +396,11 @@ bool send_challenge(connection_t *c) { /* Copy random data to the buffer */ - RAND_bytes((unsigned char *)c->hischallenge, len); + if (1 != RAND_bytes((unsigned char *)c->hischallenge, len)) { + int err = ERR_get_error(); + logger(LOG_ERR, "Failed to generate challenge (%s)", "SEND_CHALLENGE", ERR_error_string(err, NULL)); + return false; // Do not send predictable challenges, let connection attempt fail. + } /* Convert to hex */ diff --git a/src/protocol_key.c b/src/protocol_key.c index 0ba5ad34..b55e8307 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -127,7 +127,8 @@ bool req_key_h(connection_t *c) { /* Check if this key request is for us */ if(to == myself) { /* Yes, send our own key back */ - send_ans_key(from); + if (!send_ans_key(from)) + return false; } else { if(tunnelserver) return true; @@ -156,7 +157,12 @@ bool send_ans_key(node_t *to) { to->inkey = xrealloc(to->inkey, to->inkeylength); // Create a new key - RAND_bytes((unsigned char *)to->inkey, to->inkeylength); + if (1 != RAND_bytes((unsigned char *)to->inkey, to->inkeylength)) { + int err = ERR_get_error(); + logger(LOG_ERR, "Failed to generate random for key (%s)", "SEND_ANS_KEY", ERR_error_string(err, NULL)); + return false; // Do not send insecure keys, let connection attempt fail. + } + if(to->incipher) EVP_DecryptInit_ex(&to->inctx, to->incipher, NULL, (unsigned char *)to->inkey, (unsigned char *)to->inkey + to->incipher->key_len); -- 2.20.1