Skip to content

Commit c55c571

Browse files
harinvadodariaharinvadodaria
committed
Merge branch 'mysql-5.5' into mysql-5.6
2 parents 5fd1620 + 3ce8554 commit c55c571

11 files changed

Lines changed: 342 additions & 20 deletions

File tree

extra/yassl/README

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,16 @@ before calling SSL_new();
1212

1313
*** end Note ***
1414

15+
yaSSL Release notes, version 2.3.7 (12/10/2014)
16+
This release of yaSSL fixes the potential to process duplicate handshake
17+
messages by explicitly marking/checking received handshake messages.
18+
19+
yaSSL Release notes, version 2.3.6 (11/25/2014)
20+
21+
This release of yaSSL fixes some valgrind warnings/errors including
22+
uninitialized reads and off by one index errors induced from fuzzing
23+
the handshake. These were reported by Oracle.
24+
1525
yaSSL Release notes, version 2.3.5 (9/29/2014)
1626

1727
This release of yaSSL fixes an RSA Padding check vulnerability reported by

extra/yassl/examples/client/client.cpp

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,10 @@
1818

1919
/* client.cpp */
2020

21+
// takes an optional command line argument of cipher list to make scripting
22+
// easier
23+
24+
2125
#include "../../testsuite/test.hpp"
2226

2327
//#define TEST_RESUME
@@ -73,11 +77,16 @@ void client_test(void* args)
7377
#ifdef NON_BLOCKING
7478
tcp_set_nonblocking(sockfd);
7579
#endif
76-
7780
SSL_METHOD* method = TLSv1_client_method();
7881
SSL_CTX* ctx = SSL_CTX_new(method);
7982

8083
set_certs(ctx);
84+
if (argc >= 2) {
85+
printf("setting cipher list to %s\n", argv[1]);
86+
if (SSL_CTX_set_cipher_list(ctx, argv[1]) != SSL_SUCCESS) {
87+
ClientError(ctx, NULL, sockfd, "set_cipher_list error\n");
88+
}
89+
}
8190
SSL* ssl = SSL_new(ctx);
8291

8392
SSL_set_fd(ssl, sockfd);

extra/yassl/examples/server/server.cpp

Lines changed: 21 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,9 @@
1818

1919
/* server.cpp */
2020

21+
// takes 2 optional command line argument to make scripting
22+
// if the first command line argument is 'n' client auth is disabled
23+
// if the second command line argument is 'd' DSA certs are used instead of RSA
2124

2225
#include "../../testsuite/test.hpp"
2326

@@ -69,6 +72,9 @@ THREAD_RETURN YASSL_API server_test(void* args)
6972
char** argv = 0;
7073

7174
set_args(argc, argv, *static_cast<func_args*>(args));
75+
#ifdef SERVER_READY_FILE
76+
set_file_ready("server_ready", *static_cast<func_args*>(args));
77+
#endif
7278
tcp_accept(sockfd, clientfd, *static_cast<func_args*>(args));
7379

7480
tcp_close(sockfd);
@@ -77,8 +83,21 @@ THREAD_RETURN YASSL_API server_test(void* args)
7783
SSL_CTX* ctx = SSL_CTX_new(method);
7884

7985
//SSL_CTX_set_cipher_list(ctx, "RC4-SHA:RC4-MD5");
80-
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
81-
set_serverCerts(ctx);
86+
87+
// should we disable client auth
88+
if (argc >= 2 && argv[1][0] == 'n')
89+
printf("disabling client auth\n");
90+
else
91+
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
92+
93+
// are we using DSA certs
94+
if (argc >= 3 && argv[2][0] == 'd') {
95+
printf("using DSA certs\n");
96+
set_dsaServerCerts(ctx);
97+
}
98+
else {
99+
set_serverCerts(ctx);
100+
}
82101
DH* dh = set_tmpDH(ctx);
83102

84103
SSL* ssl = SSL_new(ctx);

extra/yassl/include/openssl/ssl.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@
3434
#include "rsa.h"
3535

3636

37-
#define YASSL_VERSION "2.3.5"
37+
#define YASSL_VERSION "2.3.7"
3838

3939

4040
#if defined(__cplusplus)

extra/yassl/include/yassl_int.hpp

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -107,6 +107,25 @@ enum AcceptState {
107107
};
108108

109109

110+
// track received messages to explicitly disallow duplicate messages
111+
struct RecvdMessages {
112+
uint8 gotClientHello_;
113+
uint8 gotServerHello_;
114+
uint8 gotCert_;
115+
uint8 gotServerKeyExchange_;
116+
uint8 gotCertRequest_;
117+
uint8 gotServerHelloDone_;
118+
uint8 gotCertVerify_;
119+
uint8 gotClientKeyExchange_;
120+
uint8 gotFinished_;
121+
RecvdMessages() : gotClientHello_(0), gotServerHello_(0), gotCert_(0),
122+
gotServerKeyExchange_(0), gotCertRequest_(0),
123+
gotServerHelloDone_(0), gotCertVerify_(0),
124+
gotClientKeyExchange_(0), gotFinished_(0)
125+
{}
126+
};
127+
128+
110129
// combines all states
111130
class States {
112131
RecordLayerState recordLayer_;
@@ -115,6 +134,7 @@ class States {
115134
ServerState serverState_;
116135
ConnectState connectState_;
117136
AcceptState acceptState_;
137+
RecvdMessages recvdMessages_;
118138
char errorString_[MAX_ERROR_SZ];
119139
YasslError what_;
120140
public:
@@ -137,6 +157,7 @@ class States {
137157
AcceptState& UseAccept();
138158
char* useString();
139159
void SetError(YasslError);
160+
int SetMessageRecvd(HandShakeType);
140161
private:
141162
States(const States&); // hide copy
142163
States& operator=(const States&); // and assign

extra/yassl/src/yassl_imp.cpp

Lines changed: 23 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -242,6 +242,7 @@ void EncryptedPreMasterSecret::read(SSL& ssl, input_buffer& input)
242242
}
243243

244244
opaque preMasterSecret[SECRET_LEN];
245+
memset(preMasterSecret, 0, sizeof(preMasterSecret));
245246
rsa.decrypt(preMasterSecret, secret_, length_,
246247
ssl.getCrypto().get_random());
247248

@@ -300,6 +301,11 @@ void ClientDiffieHellmanPublic::read(SSL& ssl, input_buffer& input)
300301
tmp[1] = input[AUTO];
301302
ato16(tmp, keyLength);
302303

304+
if (keyLength < dh.get_agreedKeyLength()/2) {
305+
ssl.SetError(bad_input);
306+
return;
307+
}
308+
303309
alloc(keyLength);
304310
input.read(Yc_, keyLength);
305311
if (input.get_error()) {
@@ -408,6 +414,10 @@ void DH_Server::read(SSL& ssl, input_buffer& input)
408414
tmp[1] = input[AUTO];
409415
ato16(tmp, length);
410416

417+
if (length == 0) {
418+
ssl.SetError(bad_input);
419+
return;
420+
}
411421
signature_ = NEW_YS byte[length];
412422
input.read(signature_, length);
413423
if (input.get_error()) {
@@ -864,6 +874,12 @@ void ChangeCipherSpec::Process(input_buffer& input, SSL& ssl)
864874
return;
865875
}
866876

877+
// detect duplicate change_cipher
878+
if (ssl.getSecurity().get_parms().pending_ == false) {
879+
ssl.order_error();
880+
return;
881+
}
882+
867883
ssl.useSecurity().use_parms().pending_ = false;
868884
if (ssl.getSecurity().get_resuming()) {
869885
if (ssl.getSecurity().get_parms().entity_ == client_end)
@@ -2047,12 +2063,8 @@ input_buffer& operator>>(input_buffer& input, CertificateRequest& request)
20472063
tmp[0] = input[AUTO];
20482064
tmp[1] = input[AUTO];
20492065
ato16(tmp, dnSz);
2050-
2051-
DistinguishedName dn;
2052-
request.certificate_authorities_.push_back(dn = NEW_YS
2053-
byte[REQUEST_HEADER + dnSz]);
2054-
memcpy(dn, tmp, REQUEST_HEADER);
2055-
input.read(&dn[REQUEST_HEADER], dnSz);
2066+
2067+
input.set_current(input.get_current() + dnSz);
20562068

20572069
sz -= dnSz + REQUEST_HEADER;
20582070

@@ -2191,6 +2203,11 @@ input_buffer& operator>>(input_buffer& input, CertificateVerify& request)
21912203
ato16(tmp, sz);
21922204
request.set_length(sz);
21932205

2206+
if (sz == 0) {
2207+
input.set_error();
2208+
return input;
2209+
}
2210+
21942211
request.signature_ = NEW_YS byte[sz];
21952212
input.read(request.signature_, sz);
21962213

extra/yassl/src/yassl_int.cpp

Lines changed: 76 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -256,6 +256,77 @@ void States::SetError(YasslError ye)
256256
}
257257

258258

259+
// mark message recvd, check for duplicates, return 0 on success
260+
int States::SetMessageRecvd(HandShakeType hst)
261+
{
262+
switch (hst) {
263+
case hello_request:
264+
break; // could send more than one
265+
266+
case client_hello:
267+
if (recvdMessages_.gotClientHello_)
268+
return -1;
269+
recvdMessages_.gotClientHello_ = 1;
270+
break;
271+
272+
case server_hello:
273+
if (recvdMessages_.gotServerHello_)
274+
return -1;
275+
recvdMessages_.gotServerHello_ = 1;
276+
break;
277+
278+
case certificate:
279+
if (recvdMessages_.gotCert_)
280+
return -1;
281+
recvdMessages_.gotCert_ = 1;
282+
break;
283+
284+
case server_key_exchange:
285+
if (recvdMessages_.gotServerKeyExchange_)
286+
return -1;
287+
recvdMessages_.gotServerKeyExchange_ = 1;
288+
break;
289+
290+
case certificate_request:
291+
if (recvdMessages_.gotCertRequest_)
292+
return -1;
293+
recvdMessages_.gotCertRequest_ = 1;
294+
break;
295+
296+
case server_hello_done:
297+
if (recvdMessages_.gotServerHelloDone_)
298+
return -1;
299+
recvdMessages_.gotServerHelloDone_ = 1;
300+
break;
301+
302+
case certificate_verify:
303+
if (recvdMessages_.gotCertVerify_)
304+
return -1;
305+
recvdMessages_.gotCertVerify_ = 1;
306+
break;
307+
308+
case client_key_exchange:
309+
if (recvdMessages_.gotClientKeyExchange_)
310+
return -1;
311+
recvdMessages_.gotClientKeyExchange_ = 1;
312+
break;
313+
314+
case finished:
315+
if (recvdMessages_.gotFinished_)
316+
return -1;
317+
recvdMessages_.gotFinished_ = 1;
318+
break;
319+
320+
321+
default:
322+
return -1;
323+
324+
}
325+
326+
return 0;
327+
}
328+
329+
259330
sslFactory::sslFactory() :
260331
messageFactory_(InitMessageFactory),
261332
handShakeFactory_(InitHandShakeFactory),
@@ -1251,6 +1322,11 @@ void SSL::verifyState(const HandShakeHeader& hsHeader)
12511322
return;
12521323
}
12531324

1325+
if (states_.SetMessageRecvd(hsHeader.get_handshakeType()) != 0) {
1326+
order_error();
1327+
return;
1328+
}
1329+
12541330
if (secure_.get_parms().entity_ == client_end)
12551331
verifyClientState(hsHeader.get_handshakeType());
12561332
else

extra/yassl/taocrypt/src/asn.cpp

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -685,7 +685,7 @@ word32 CertDecoder::GetSignature()
685685
}
686686

687687
sigLength_ = GetLength(source_);
688-
if (sigLength_ == 0 || source_.IsLeft(sigLength_) == false) {
688+
if (sigLength_ <= 1 || source_.IsLeft(sigLength_) == false) {
689689
source_.SetError(CONTENT_E);
690690
return 0;
691691
}
@@ -1016,11 +1016,17 @@ bool CertDecoder::ConfirmSignature(Source& pub)
10161016
RSA_PublicKey pubKey(pub);
10171017
RSAES_Encryptor enc(pubKey);
10181018

1019+
if (pubKey.FixedCiphertextLength() != sigLength_) {
1020+
source_.SetError(SIG_LEN_E);
1021+
return false;
1022+
}
1023+
10191024
return enc.SSL_Verify(build.get_buffer(), build.size(), signature_);
10201025
}
10211026
else { // DSA
10221027
// extract r and s from sequence
10231028
byte seqDecoded[DSA_SIG_SZ];
1029+
memset(seqDecoded, 0, sizeof(seqDecoded));
10241030
DecodeDSA_Signature(seqDecoded, signature_, sigLength_);
10251031

10261032
DSA_PublicKey pubKey(pub);

extra/yassl/taocrypt/src/integer.cpp

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2601,18 +2601,20 @@ void Integer::Decode(Source& source)
26012601
void Integer::Decode(const byte* input, unsigned int inputLen, Signedness s)
26022602
{
26032603
unsigned int idx(0);
2604-
byte b = input[idx++];
2604+
byte b = 0;
2605+
if (inputLen>0)
2606+
b = input[idx]; // peek
26052607
sign_ = ((s==SIGNED) && (b & 0x80)) ? NEGATIVE : POSITIVE;
26062608

26072609
while (inputLen>0 && (sign_==POSITIVE ? b==0 : b==0xff))
26082610
{
2609-
inputLen--;
2610-
b = input[idx++];
2611+
idx++; // skip
2612+
if (--inputLen>0)
2613+
b = input[idx]; // peek
26112614
}
26122615

26132616
reg_.CleanNew(RoundupSize(BytesToWords(inputLen)));
26142617

2615-
--idx;
26162618
for (unsigned int i=inputLen; i > 0; i--)
26172619
{
26182620
b = input[idx++];

0 commit comments

Comments
 (0)