cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Is libcurl/curl affected by OpenSSL "DH small subgroups (CVE-2016-0701)"?

From: Dana Burd <danaburd_at_icontrol.com>
Date: Sat, 6 Feb 2016 19:09:19 +0000

>On 1/29/2016 1:38 AM, Dana Burd wrote:
>> There¹s a new ³high severity² vulnerability in OpenSSL 1.0.2:
>> https://www.openssl.org/news/secadv/20160128.txt
>>
>> I¹m curious if curl-7.40.0 is affected at all. I poked around the
>> source, but it¹s a bit over my head. Any insights appreciatedŠ
>> If curl-7.40.0 is affected, pointers on how to patch with the right
>> OpenSSL option is even more appreciated!
>>
>
>CVE-2016-0701 looks primarily like a server issue. The server generated
>the weak primes and libcurl doesn't have anything to do with that as far
>as I can tell [1]. The responsibility to fix this seems to me to be on
>the server. In other words you updating libcurl w/OpenSSL isn't going to
>fix this or stop someone from possibly decrypting your traffic to a
>vulnerable server. But you should update anyway, for every other
>security reason. I'd hoped someone more knowledgeable about this would
>reply, but it's been a week...
>
>
>[1]:
>http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on
>-dh-small.html

Thanks for the note & link, Ray.

I, too, figured this was mostly a server issue, but have a nagging
concern: an attacker could impersonate the server, and force the curl
client to give up its private key. This is obviously a much harder attack
vector than with a server vulnerability, but... is it possible???
Perhaps, if curl plays into the OpenSSL flaw, which requires curl to both:
  1. reuse the key for DHE ciphers suites or use static DH cipher suites,
and
  2. Have DH configured with non-safe primes

Looking at the curl source, I can¹t figure out if the above two things are
done. To be honest, I barely understand what they mean!
I am hoping someone familiar with the curl security model can weigh in,
and say ³nope, curl doesn¹t do those 2 things so you¹re safe,² or ³yep,
curl is vulnerable, you need to add SSL_OP_SINGLE_DH_USE (or something
else) at such and such a place.²

(I would happily upgrade OpenSSL to solve this issue, but for a variety of
reasons this isn¹t an option.)

Thanks!
-Dana

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-02-06