diff options
Diffstat (limited to 'extra')
| -rw-r--r-- | extra/yassl/README | 29 | ||||
| -rw-r--r-- | extra/yassl/include/openssl/ssl.h | 2 | ||||
| -rw-r--r-- | extra/yassl/include/yassl_error.hpp | 3 | ||||
| -rw-r--r-- | extra/yassl/src/buffer.cpp | 2 | ||||
| -rw-r--r-- | extra/yassl/src/handshake.cpp | 2 | ||||
| -rw-r--r-- | extra/yassl/src/ssl.cpp | 29 | ||||
| -rw-r--r-- | extra/yassl/src/yassl_error.cpp | 4 | ||||
| -rw-r--r-- | extra/yassl/src/yassl_imp.cpp | 15 | ||||
| -rw-r--r-- | extra/yassl/taocrypt/src/asn.cpp | 9 | ||||
| -rw-r--r-- | extra/yassl/taocrypt/src/rsa.cpp | 4 | ||||
| -rw-r--r-- | extra/yassl/testsuite/cipher-test.sh | 1 |
11 files changed, 93 insertions, 7 deletions
diff --git a/extra/yassl/README b/extra/yassl/README index da399c3d141..bf0e1c9f40f 100644 --- a/extra/yassl/README +++ b/extra/yassl/README @@ -12,6 +12,35 @@ before calling SSL_new(); *** end Note *** +yaSSL Release notes, version 2.3.8 (9/17/2015) + This release of yaSSL fixes a high security vulnerability. All users + SHOULD update. If using yaSSL for TLS on the server side with private + RSA keys allowing ephemeral key exchange you MUST update and regenerate + the RSA private keys. This report is detailed in: + https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf + yaSSL now detects RSA signature faults and returns an error. + +yaSSL Patch notes, version 2.3.7e (6/26/2015) + This release of yaSSL includes a fix for Date less than comparison. + Previously yaSSL would return true on less than comparisons if the Dates + were equal. Reported by Oracle. No security problem, but if a cert was + generated right now, a server started using it in the same second, and a + client tried to verify it in the same second it would report not yet valid. + +yaSSL Patch notes, version 2.3.7d (6/22/2015) + This release of yaSSL includes a fix for input_buffer set_current with + index 0. SSL_peek() at front of waiting data could trigger. Robert + Golebiowski of Oracle identified and suggested a fix, thanks! + +yaSSL Patch notes, version 2.3.7c (6/12/2015) + This release of yaSSL does certificate DATE comparisons to the second + instead of to the minute, helpful when using freshly generated certs. + Though keep in mind that time sync differences could still show up. + +yaSSL Patch notes, version 2.3.7b (3/18/2015) + This release of yaSSL fixes a potential crash with corrupted private keys. + Also detects bad keys earlier for user. + yaSSL Release notes, version 2.3.7 (12/10/2014) This release of yaSSL fixes the potential to process duplicate handshake messages by explicitly marking/checking received handshake messages. diff --git a/extra/yassl/include/openssl/ssl.h b/extra/yassl/include/openssl/ssl.h index 404ffa29275..bec22427332 100644 --- a/extra/yassl/include/openssl/ssl.h +++ b/extra/yassl/include/openssl/ssl.h @@ -34,7 +34,7 @@ #include "rsa.h" -#define YASSL_VERSION "2.3.7" +#define YASSL_VERSION "2.3.8" #if defined(__cplusplus) diff --git a/extra/yassl/include/yassl_error.hpp b/extra/yassl/include/yassl_error.hpp index beba7b0b5dd..d63244dca90 100644 --- a/extra/yassl/include/yassl_error.hpp +++ b/extra/yassl/include/yassl_error.hpp @@ -53,7 +53,8 @@ enum YasslError { compress_error = 118, decompress_error = 119, pms_version_error = 120, - sanityCipher_error = 121 + sanityCipher_error = 121, + rsaSignFault_error = 122 // !!!! add error message to .cpp !!!! diff --git a/extra/yassl/src/buffer.cpp b/extra/yassl/src/buffer.cpp index ee5e0cc0793..532da3875a7 100644 --- a/extra/yassl/src/buffer.cpp +++ b/extra/yassl/src/buffer.cpp @@ -165,7 +165,7 @@ void input_buffer::set_error() void input_buffer::set_current(uint i) { - if (error_ == 0 && (i == 0 || check(i - 1, size_) == 0)) + if (error_ == 0 && check(i ? i - 1 : 0, size_) == 0) current_ = i; else error_ = -1; diff --git a/extra/yassl/src/handshake.cpp b/extra/yassl/src/handshake.cpp index 39bcd9745b4..407e4092ccc 100644 --- a/extra/yassl/src/handshake.cpp +++ b/extra/yassl/src/handshake.cpp @@ -1173,6 +1173,8 @@ void sendCertificateVerify(SSL& ssl, BufferOutput buffer) CertificateVerify verify; verify.Build(ssl); + if (ssl.GetError()) return; + RecordLayerHeader rlHeader; HandShakeHeader hsHeader; mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer); diff --git a/extra/yassl/src/ssl.cpp b/extra/yassl/src/ssl.cpp index 111da306b4d..ccc1ad24b39 100644 --- a/extra/yassl/src/ssl.cpp +++ b/extra/yassl/src/ssl.cpp @@ -37,6 +37,8 @@ #include "file.hpp" // for TaoCrypt Source #include "coding.hpp" // HexDecoder #include "helpers.hpp" // for placement new hack +#include "rsa.hpp" // for TaoCrypt RSA key decode +#include "dsa.hpp" // for TaoCrypt DSA key decode #include <stdio.h> #include <time.h> @@ -55,6 +57,8 @@ namespace yaSSL { int read_file(SSL_CTX* ctx, const char* file, int format, CertType type) { + int ret = SSL_SUCCESS; + if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM) return SSL_BAD_FILETYPE; @@ -142,8 +146,31 @@ int read_file(SSL_CTX* ctx, const char* file, int format, CertType type) } } } + + if (type == PrivateKey && ctx->privateKey_) { + // see if key is valid early + TaoCrypt::Source rsaSource(ctx->privateKey_->get_buffer(), + ctx->privateKey_->get_length()); + TaoCrypt::RSA_PrivateKey rsaKey; + rsaKey.Initialize(rsaSource); + + if (rsaSource.GetError().What()) { + // rsa failed see if DSA works + + TaoCrypt::Source dsaSource(ctx->privateKey_->get_buffer(), + ctx->privateKey_->get_length()); + TaoCrypt::DSA_PrivateKey dsaKey; + dsaKey.Initialize(dsaSource); + + if (rsaSource.GetError().What()) { + // neither worked + ret = SSL_FAILURE; + } + } + } + fclose(input); - return SSL_SUCCESS; + return ret; } diff --git a/extra/yassl/src/yassl_error.cpp b/extra/yassl/src/yassl_error.cpp index 36e286a73ce..fec6a3394ca 100644 --- a/extra/yassl/src/yassl_error.cpp +++ b/extra/yassl/src/yassl_error.cpp @@ -148,6 +148,10 @@ void SetErrorString(YasslError error, char* buffer) strncpy(buffer, "sanity check on cipher text size error", max); break; + case rsaSignFault_error: + strncpy(buffer, "rsa signature fault error", max); + break; + // openssl errors case SSL_ERROR_WANT_READ : strncpy(buffer, "the read operation would block", max); diff --git a/extra/yassl/src/yassl_imp.cpp b/extra/yassl/src/yassl_imp.cpp index 5d5632f3ba4..48d0e01b1fa 100644 --- a/extra/yassl/src/yassl_imp.cpp +++ b/extra/yassl/src/yassl_imp.cpp @@ -196,9 +196,16 @@ void DH_Server::build(SSL& ssl) sha.update(tmp.get_buffer(), tmp.get_size()); sha.get_digest(&hash[MD5_LEN]); - if (ssl.getSecurity().get_parms().sig_algo_ == rsa_sa_algo) + if (ssl.getSecurity().get_parms().sig_algo_ == rsa_sa_algo) { auth->sign(signature_, hash, sizeof(hash), ssl.getCrypto().get_random()); + // check for rsa signautre fault + if (!auth->verify(hash, sizeof(hash), signature_, + auth->get_signatureLength())) { + ssl.SetError(rsaSignFault_error); + return; + } + } else { auth->sign(signature_, &hash[MD5_LEN], SHA_LEN, ssl.getCrypto().get_random()); @@ -2159,6 +2166,12 @@ void CertificateVerify::Build(SSL& ssl) memcpy(sig.get(), len, VERIFY_HEADER); rsa.sign(sig.get() + VERIFY_HEADER, hashes_.md5_, sizeof(Hashes), ssl.getCrypto().get_random()); + // check for rsa signautre fault + if (!rsa.verify(hashes_.md5_, sizeof(Hashes), sig.get() + VERIFY_HEADER, + rsa.get_cipherLength())) { + ssl.SetError(rsaSignFault_error); + return; + } } else { // DSA DSS dss(cert.get_privateKey(), cert.get_privateKeyLength(), false); diff --git a/extra/yassl/taocrypt/src/asn.cpp b/extra/yassl/taocrypt/src/asn.cpp index 624148bdac8..d8b133a3f0a 100644 --- a/extra/yassl/taocrypt/src/asn.cpp +++ b/extra/yassl/taocrypt/src/asn.cpp @@ -84,7 +84,7 @@ void ASN1_TIME_extract(const unsigned char* date, unsigned char format, namespace { // locals -// to the minute +// to the second bool operator>(tm& a, tm& b) { if (a.tm_year > b.tm_year) @@ -105,13 +105,18 @@ bool operator>(tm& a, tm& b) a.tm_min > b.tm_min) return true; + if (a.tm_year == b.tm_year && a.tm_mon == b.tm_mon && + a.tm_mday == b.tm_mday && a.tm_hour == b.tm_hour && + a.tm_min == b.tm_min && a.tm_sec > b.tm_sec) + return true; + return false; } bool operator<(tm& a, tm&b) { - return !(a>b); + return (b>a); } diff --git a/extra/yassl/taocrypt/src/rsa.cpp b/extra/yassl/taocrypt/src/rsa.cpp index 79a8a8f1c4f..73f678e2674 100644 --- a/extra/yassl/taocrypt/src/rsa.cpp +++ b/extra/yassl/taocrypt/src/rsa.cpp @@ -140,6 +140,10 @@ word32 RSA_BlockType2::UnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, void RSA_BlockType1::Pad(const byte* input, word32 inputLen, byte* pkcsBlock, word32 pkcsBlockLen, RandomNumberGenerator&) const { + // sanity checks + if (input == NULL || pkcsBlock == NULL) + return; + // convert from bit length to byte length if (pkcsBlockLen % 8 != 0) { diff --git a/extra/yassl/testsuite/cipher-test.sh b/extra/yassl/testsuite/cipher-test.sh index 5ce29459d07..d3e69146097 100644 --- a/extra/yassl/testsuite/cipher-test.sh +++ b/extra/yassl/testsuite/cipher-test.sh @@ -4,6 +4,7 @@ # +no_pid=-1 server_pid=$no_pid |