diff options
author | Robert Golebiowski <robert.golebiowski@oracle.com> | 2015-03-20 15:05:59 +0100 |
---|---|---|
committer | Robert Golebiowski <robert.golebiowski@oracle.com> | 2015-07-08 11:59:27 +0200 |
commit | c9685a78c3960f5822e42e0dc847c72a46528af5 (patch) | |
tree | e1fd7cdd4704e0610bf8849e703d86ef5d6c7e2f | |
parent | bf681d6bb341411a8b17abeda8e723368545d48d (diff) | |
download | mariadb-git-c9685a78c3960f5822e42e0dc847c72a46528af5.tar.gz |
Bug #20168526 YASSL: CORRUPT SSL-KEY CRASHES CLIENT
Affects at least 5.6 and 5.7. In customer case, the "client" happened to
be a replication slave, therefore his server crashed.
Bug-fix:
The bug was in yassl. Todd Ouska has provided us with the patch.
(cherry picked from commit 42ffa91aad898b02f0793b669ffd04f5c178ce39)
-rw-r--r-- | extra/yassl/README | 4 | ||||
-rw-r--r-- | extra/yassl/include/openssl/ssl.h | 2 | ||||
-rw-r--r-- | extra/yassl/src/ssl.cpp | 29 | ||||
-rw-r--r-- | extra/yassl/taocrypt/src/rsa.cpp | 4 | ||||
-rw-r--r-- | extra/yassl/testsuite/cipher-test.sh | 1 |
5 files changed, 38 insertions, 2 deletions
diff --git a/extra/yassl/README b/extra/yassl/README index da399c3d141..d245d20ce5f 100644 --- a/extra/yassl/README +++ b/extra/yassl/README @@ -12,6 +12,10 @@ before calling SSL_new(); *** end Note *** +yaSSL Patch notes, version 2.3.7b (3/18/2015) + This release of yaSSL fixes a potential crash with corrupted private keys. + Also detects bad keys earlier for user. + yaSSL Release notes, version 2.3.7 (12/10/2014) This release of yaSSL fixes the potential to process duplicate handshake messages by explicitly marking/checking received handshake messages. diff --git a/extra/yassl/include/openssl/ssl.h b/extra/yassl/include/openssl/ssl.h index 24acc7e86b9..e10fb5299f7 100644 --- a/extra/yassl/include/openssl/ssl.h +++ b/extra/yassl/include/openssl/ssl.h @@ -35,7 +35,7 @@ #include "rsa.h" -#define YASSL_VERSION "2.3.7" +#define YASSL_VERSION "2.3.7b" #if defined(__cplusplus) diff --git a/extra/yassl/src/ssl.cpp b/extra/yassl/src/ssl.cpp index a47b175e635..845b35bac8b 100644 --- a/extra/yassl/src/ssl.cpp +++ b/extra/yassl/src/ssl.cpp @@ -37,6 +37,8 @@ #include "file.hpp" // for TaoCrypt Source #include "coding.hpp" // HexDecoder #include "helpers.hpp" // for placement new hack +#include "rsa.hpp" // for TaoCrypt RSA key decode +#include "dsa.hpp" // for TaoCrypt DSA key decode #include <stdio.h> #ifdef _WIN32 @@ -54,6 +56,8 @@ namespace yaSSL { int read_file(SSL_CTX* ctx, const char* file, int format, CertType type) { + int ret = SSL_SUCCESS; + if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM) return SSL_BAD_FILETYPE; @@ -141,8 +145,31 @@ int read_file(SSL_CTX* ctx, const char* file, int format, CertType type) } } } + + if (type == PrivateKey && ctx->privateKey_) { + // see if key is valid early + TaoCrypt::Source rsaSource(ctx->privateKey_->get_buffer(), + ctx->privateKey_->get_length()); + TaoCrypt::RSA_PrivateKey rsaKey; + rsaKey.Initialize(rsaSource); + + if (rsaSource.GetError().What()) { + // rsa failed see if DSA works + + TaoCrypt::Source dsaSource(ctx->privateKey_->get_buffer(), + ctx->privateKey_->get_length()); + TaoCrypt::DSA_PrivateKey dsaKey; + dsaKey.Initialize(dsaSource); + + if (rsaSource.GetError().What()) { + // neither worked + ret = SSL_FAILURE; + } + } + } + fclose(input); - return SSL_SUCCESS; + return ret; } diff --git a/extra/yassl/taocrypt/src/rsa.cpp b/extra/yassl/taocrypt/src/rsa.cpp index 79a8a8f1c4f..73f678e2674 100644 --- a/extra/yassl/taocrypt/src/rsa.cpp +++ b/extra/yassl/taocrypt/src/rsa.cpp @@ -140,6 +140,10 @@ word32 RSA_BlockType2::UnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, void RSA_BlockType1::Pad(const byte* input, word32 inputLen, byte* pkcsBlock, word32 pkcsBlockLen, RandomNumberGenerator&) const { + // sanity checks + if (input == NULL || pkcsBlock == NULL) + return; + // convert from bit length to byte length if (pkcsBlockLen % 8 != 0) { diff --git a/extra/yassl/testsuite/cipher-test.sh b/extra/yassl/testsuite/cipher-test.sh index 5ce29459d07..d3e69146097 100644 --- a/extra/yassl/testsuite/cipher-test.sh +++ b/extra/yassl/testsuite/cipher-test.sh @@ -4,6 +4,7 @@ # +no_pid=-1 server_pid=$no_pid |