The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS
mode is enabled, does not properly validate a public parameter, which makes
it easier for man-in-the-middle attackers to obtain the shared secret key
by modifying network traffic, a related issue to CVE-2011-1923.
Author | Note |
---|---|
jdstrand | RedHat fixed this with the openssl-fips-0.9.8e-dh-check.patch patch in 0.9.8e-20.el5 by adding the DH_check_pub_key() check to fips/dh/fips_dh_key.c:compute_key() code not present in 1.0 series and the existing dh_key.c code already uses DH_check_pub_key() (as does the dh_key.c code in 0.9.8, but this is not used when compiled in fips mode). For details of 1.0’s FIPS status, see http://www.openssl.org/docs/fips/fipsvalidation.html for details upstream has not included RedHat’s patch in their 0.9.8 series fips_dh_key.c not compiled in Ubuntu |