diff options
| author | Arun Kuruvila <arun.kuruvila@oracle.com> | 2017-08-24 14:19:38 +0530 |
|---|---|---|
| committer | Arun Kuruvila <arun.kuruvila@oracle.com> | 2017-08-24 14:19:38 +0530 |
| commit | f2f6025a445d9a799ccce27bc9124c3a63c28764 (patch) | |
| tree | fcba66b433dcb5e4294fdadc8479129229112c7a /extra/yassl/src | |
| parent | be901b60ae59c93848c829d1b0b2cb523ab8692e (diff) | |
| download | mariadb-git-f2f6025a445d9a799ccce27bc9124c3a63c28764.tar.gz | |
Bug#26482173: TLS CIPHER NEGOTIATION INCORRECTLY MATCHES ON
LAST BYTE ONLY (YASSL)
Description:- TLS cipher negociation happens incorrectly
leading to the use of a different
Analysis:- YaSSL based MySQL server will compare only the
last byte of each cipher sent in the Client Hello message.
This can cause TLS connections to fail, due to the server
picking a cipher which the client doesn't actually support.
Fix:- A fix for detecting cipher suites with non leading
zeros is included as YaSSL only supports cipher suites with
leading zeros.
Diffstat (limited to 'extra/yassl/src')
| -rw-r--r-- | extra/yassl/src/yassl_imp.cpp | 6 | ||||
| -rw-r--r-- | extra/yassl/src/yassl_int.cpp | 13 |
2 files changed, 14 insertions, 5 deletions
diff --git a/extra/yassl/src/yassl_imp.cpp b/extra/yassl/src/yassl_imp.cpp index f190761604d..c5892388eaf 100644 --- a/extra/yassl/src/yassl_imp.cpp +++ b/extra/yassl/src/yassl_imp.cpp @@ -1,5 +1,5 @@ /* - Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -1578,6 +1578,10 @@ void ServerHello::Process(input_buffer& input, SSL& ssl) ssl.SetError(badVersion_error); return; } + if (cipher_suite_[0] != 0x00) { + ssl.SetError(unknown_cipher); + return; + } ssl.set_pending(cipher_suite_[1]); ssl.set_random(random_, server_end); if (id_len_) diff --git a/extra/yassl/src/yassl_int.cpp b/extra/yassl/src/yassl_int.cpp index f041850f85f..34a1c3b73a2 100644 --- a/extra/yassl/src/yassl_int.cpp +++ b/extra/yassl/src/yassl_int.cpp @@ -1,5 +1,5 @@ /* - Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -1399,12 +1399,17 @@ void SSL::matchSuite(const opaque* peer, uint length) // start with best, if a match we are good, Ciphers are at odd index // since all SSL and TLS ciphers have 0x00 first byte for (uint i = 1; i < secure_.get_parms().suites_size_; i += 2) - for (uint j = 1; j < length; j+= 2) - if (secure_.use_parms().suites_[i] == peer[j]) { + for (uint j = 0; (j + 1) < length; j+= 2) { + if (peer[j] != 0x00) { + continue; // only 0x00 first byte supported + } + + if (secure_.use_parms().suites_[i] == peer[j + 1]) { secure_.use_parms().suite_[0] = 0x00; - secure_.use_parms().suite_[1] = peer[j]; + secure_.use_parms().suite_[1] = peer[j + 1]; return; } + } SetError(match_error); } |