diff options
| author | Harin Vadodaria <harin.vadodaria@oracle.com> | 2013-02-15 12:35:54 +0530 |
|---|---|---|
| committer | Harin Vadodaria <harin.vadodaria@oracle.com> | 2013-02-15 12:35:54 +0530 |
| commit | 795b8acc2a50e9d47945841ce2c3f08d4ad9db03 (patch) | |
| tree | 4243c0b0e9b78e4275da795731aca81adbebb553 /extra/yassl/src/handshake.cpp | |
| parent | eb3814b0b346a57a3ed0b79e10f2fe18515b8494 (diff) | |
| download | mariadb-git-795b8acc2a50e9d47945841ce2c3f08d4ad9db03.tar.gz | |
Bug#16218104: MYSQL YASSL - LUCKY THIRTEEN: BREAKING THE
TLS AND DTLS RECORD PROTOCOLS
Description: In yassl, decryption phase in TLS protocol
depends on type of padding. This patch
removes this dependancy and makes error
generation/decryption process independent
of padding type.
Diffstat (limited to 'extra/yassl/src/handshake.cpp')
| -rw-r--r-- | extra/yassl/src/handshake.cpp | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/extra/yassl/src/handshake.cpp b/extra/yassl/src/handshake.cpp index c7dbaf86071..4b1ed3d7fef 100644 --- a/extra/yassl/src/handshake.cpp +++ b/extra/yassl/src/handshake.cpp @@ -221,12 +221,45 @@ void buildSHA(SSL& ssl, Finished& fin, const opaque* sender) } +// sanity checks on encrypted message size +static int sanity_check_message(SSL& ssl, uint msgSz) +{ + uint minSz = 0; + + if (ssl.getSecurity().get_parms().cipher_type_ == block) { + uint blockSz = ssl.getCrypto().get_cipher().get_blockSize(); + if (msgSz % blockSz) + return -1; + + minSz = ssl.getSecurity().get_parms().hash_size_ + 1; // pad byte too + if (blockSz > minSz) + minSz = blockSz; + + if (ssl.isTLSv1_1()) + minSz += blockSz; // explicit IV + } + else { // stream + minSz = ssl.getSecurity().get_parms().hash_size_; + } + + if (msgSz < minSz) + return -1; + + return 0; +} + + // decrypt input message in place, store size in case needed later void decrypt_message(SSL& ssl, input_buffer& input, uint sz) { input_buffer plain(sz); opaque* cipher = input.get_buffer() + input.get_current(); + if (sanity_check_message(ssl, sz) != 0) { + ssl.SetError(sanityCipher_error); + return; + } + ssl.useCrypto().use_cipher().decrypt(plain.get_buffer(), cipher, sz); memcpy(cipher, plain.get_buffer(), sz); ssl.useSecurity().use_parms().encrypt_size_ = sz; @@ -774,6 +807,8 @@ int DoProcessReply(SSL& ssl) return 0; } decrypt_message(ssl, buffer, hdr.length_); + if (ssl.GetError()) + return 0; } mySTL::auto_ptr<Message> msg(mf.CreateObject(hdr.type_)); |