Commit 99c0fdb5 authored by Robert Golebiowski's avatar Robert Golebiowski

Bug #24740291: YASSL UPDATE TO 2.4.2

parent d933b881
...@@ -12,6 +12,24 @@ before calling SSL_new(); ...@@ -12,6 +12,24 @@ before calling SSL_new();
*** end Note *** *** end Note ***
yaSSL Release notes, version 2.4.2 (9/22/2016)
This release of yaSSL fixes a medium security vulnerability. A fix for
potential AES side channel leaks is included that a local user monitoring
the same CPU core cache could exploit. VM users, hyper-threading users,
and users where potential attackers have access to the CPU cache will need
to update if they utilize AES.
DSA padding fixes for unusual sizes is included as well. Users with DSA
certficiates should update.
yaSSL Release notes, version 2.4.0 (5/20/2016)
This release of yaSSL fixes the OpenSSL compatibility function
SSL_CTX_load_verify_locations() when using the path directory to allow
unlimited path sizes. Minor Windows build fixes are included.
No high level security fixes in this version but we always recommend
updating.
yaSSL Release notes, version 2.3.9b (2/03/2016) yaSSL Release notes, version 2.3.9b (2/03/2016)
This release of yaSSL fixes the OpenSSL compatibility function This release of yaSSL fixes the OpenSSL compatibility function
X509_NAME_get_index_by_NID() to use the actual index of the common name X509_NAME_get_index_by_NID() to use the actual index of the common name
......
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIDqzCCA2ugAwIBAgIJAMGqrgDU6DyhMAkGByqGSM44BAMwgY4xCzAJBgNVBAYT MIIDrzCCA2+gAwIBAgIJAK1zRM7YFcNjMAkGByqGSM44BAMwgZAxCzAJBgNVBAYT
AlVTMQ8wDQYDVQQIDAZPcmVnb24xETAPBgNVBAcMCFBvcnRsYW5kMRAwDgYDVQQK AlVTMQ8wDQYDVQQIDAZPcmVnb24xETAPBgNVBAcMCFBvcnRsYW5kMRAwDgYDVQQK
DAd3b2xmU1NMMRAwDgYDVQQLDAd0ZXN0aW5nMRYwFAYDVQQDDA13d3cueWFzc2wu DAd3b2xmU1NMMRAwDgYDVQQLDAd0ZXN0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTEzMDQyMjIw bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTIy
MDk0NFoXDTE2MDExNzIwMDk0NFowgY4xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZP MjEyMzA0WhcNMjIwMzE1MjEyMzA0WjCBkDELMAkGA1UEBhMCVVMxDzANBgNVBAgM
cmVnb24xETAPBgNVBAcMCFBvcnRsYW5kMRAwDgYDVQQKDAd3b2xmU1NMMRAwDgYD Bk9yZWdvbjERMA8GA1UEBwwIUG9ydGxhbmQxEDAOBgNVBAoMB3dvbGZTU0wxEDAO
VQQLDAd0ZXN0aW5nMRYwFAYDVQQDDA13d3cueWFzc2wuY29tMR8wHQYJKoZIhvcN BgNVBAsMB3Rlc3RpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
AQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBuDCCASwGByqGSM44BAEwggEfAoGBAL1R SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCAbgwggEsBgcqhkjOOAQBMIIBHwKB
7koy4IrH6sbh6nDEUUPPKgfhxxLCWCVexF2+qzANEr+hC9M002haJXFOfeS9DyoO gQC9Ue5KMuCKx+rG4epwxFFDzyoH4ccSwlglXsRdvqswDRK/oQvTNNNoWiVxTn3k
WFbL0qMZOuqv+22CaHnoUWl7q3PjJOAI3JH0P54ZyUPuU1909RzgTdIDp5+ikbr7 vQ8qDlhWy9KjGTrqr/ttgmh56FFpe6tz4yTgCNyR9D+eGclD7lNfdPUc4E3SA6ef
KYjnltL73FQVMbjTZQKthIpPn3MjYcF+4jp2W2zFAhUAkcntYND6MGf+eYzIJDN2 opG6+ymI55bS+9xUFTG402UCrYSKT59zI2HBfuI6dltsxQIVAJHJ7WDQ+jBn/nmM
L7SonHUCgYEAklpxErfqznIZjVvqqHFaq+mgAL5J8QrKVmdhYZh/Y8z4jCjoCA8o yCQzdi+0qJx1AoGBAJJacRK36s5yGY1b6qhxWqvpoAC+SfEKylZnYWGYf2PM+Iwo
TDoFKxf7s2ZzgaPKvglaEKiYqLqic9qY78DYJswzQMLFvjsF4sFZ+pYCBdWPQI4N 6AgPKEw6BSsX+7Nmc4Gjyr4JWhComKi6onPamO/A2CbMM0DCxb47BeLBWfqWAgXV
PgxCiznK6Ce+JH9ikSBvMvG+tevjr2UpawDIHX3+AWYaZBZwKADAaboDgYUAAoGB j0CODT4MQos5yugnviR/YpEgbzLxvrXr469lKWsAyB19/gFmGmQWcCgAwGm6A4GF
AJ3LY89yHyvQ/TsQ6zlYbovjbk/ogndsMqPdNUvL4RuPTgJP/caaDDa0XJ7ak6A7 AAKBgQCdy2PPch8r0P07EOs5WG6L425P6IJ3bDKj3TVLy+Ebj04CT/3Gmgw2tFye
TJ+QheLNwOXoZPYJC4EGFSDAXpYniGhbWIrVTCGe6lmZDfnx40WXS0kk3m/DHaC0 2pOgO0yfkIXizcDl6GT2CQuBBhUgwF6WJ4hoW1iK1UwhnupZmQ358eNFl0tJJN5v
3ElLAiybxVGxyqoUfbT3Zv1JwftWMuiqHH5uADhdXuXVo1AwTjAdBgNVHQ4EFgQU wx2gtNxJSwIsm8VRscqqFH2092b9ScH7VjLoqhx+bgA4XV7l1aNQME4wHQYDVR0O
IJjk416o4v8qpH9LBtXlR9v8gccwHwYDVR0jBBgwFoAUIJjk416o4v8qpH9LBtXl BBYEFCCY5ONeqOL/KqR/SwbV5Ufb/IHHMB8GA1UdIwQYMBaAFCCY5ONeqOL/KqR/
R9v8gccwDAYDVR0TBAUwAwEB/zAJBgcqhkjOOAQDAy8AMCwCFCjGKIdOSV12LcTu SwbV5Ufb/IHHMAwGA1UdEwQFMAMBAf8wCQYHKoZIzjgEAwMvADAsAhQRYSCVN/Ge
k08owGM6YkO1AhQe+K173VuaO/OsDNsxZlKpyH8+1g== agV3mffU3qNZ92fI0QIUPH7Jp+iASI7U1ocaYDc10qXGaGY=
-----END CERTIFICATE----- -----END CERTIFICATE-----
...@@ -35,7 +35,7 @@ ...@@ -35,7 +35,7 @@
#include "rsa.h" #include "rsa.h"
#define YASSL_VERSION "2.3.9b" #define YASSL_VERSION "2.4.2"
#if defined(__cplusplus) #if defined(__cplusplus)
......
...@@ -161,7 +161,7 @@ int read_file(SSL_CTX* ctx, const char* file, int format, CertType type) ...@@ -161,7 +161,7 @@ int read_file(SSL_CTX* ctx, const char* file, int format, CertType type)
TaoCrypt::DSA_PrivateKey dsaKey; TaoCrypt::DSA_PrivateKey dsaKey;
dsaKey.Initialize(dsaSource); dsaKey.Initialize(dsaSource);
if (rsaSource.GetError().What()) { if (dsaSource.GetError().What()) {
// neither worked // neither worked
ret = SSL_FAILURE; ret = SSL_FAILURE;
} }
...@@ -784,40 +784,67 @@ int SSL_CTX_load_verify_locations(SSL_CTX* ctx, const char* file, ...@@ -784,40 +784,67 @@ int SSL_CTX_load_verify_locations(SSL_CTX* ctx, const char* file,
WIN32_FIND_DATA FindFileData; WIN32_FIND_DATA FindFileData;
HANDLE hFind; HANDLE hFind;
char name[MAX_PATH + 1]; // directory specification const int DELIMITER_SZ = 2;
strncpy(name, path, MAX_PATH - 3); const int DELIMITER_STAR_SZ = 3;
strncat(name, "\\*", 3); int pathSz = (int)strlen(path);
int nameSz = pathSz + DELIMITER_STAR_SZ + 1; // plus 1 for terminator
char* name = NEW_YS char[nameSz]; // directory specification
memset(name, 0, nameSz);
strncpy(name, path, nameSz - DELIMITER_STAR_SZ - 1);
strncat(name, "\\*", DELIMITER_STAR_SZ);
hFind = FindFirstFile(name, &FindFileData); hFind = FindFirstFile(name, &FindFileData);
if (hFind == INVALID_HANDLE_VALUE) return SSL_BAD_PATH; if (hFind == INVALID_HANDLE_VALUE) {
ysArrayDelete(name);
return SSL_BAD_PATH;
}
do { do {
if (FindFileData.dwFileAttributes != FILE_ATTRIBUTE_DIRECTORY) { if (!(FindFileData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)) {
strncpy(name, path, MAX_PATH - 2 - HALF_PATH); int curSz = (int)strlen(FindFileData.cFileName);
strncat(name, "\\", 2); if (pathSz + curSz + DELIMITER_SZ + 1 > nameSz) {
strncat(name, FindFileData.cFileName, HALF_PATH); ysArrayDelete(name);
// plus 1 for terminator
nameSz = pathSz + curSz + DELIMITER_SZ + 1;
name = NEW_YS char[nameSz];
}
memset(name, 0, nameSz);
strncpy(name, path, nameSz - curSz - DELIMITER_SZ - 1);
strncat(name, "\\", DELIMITER_SZ);
strncat(name, FindFileData.cFileName,
nameSz - pathSz - DELIMITER_SZ - 1);
ret = read_file(ctx, name, SSL_FILETYPE_PEM, CA); ret = read_file(ctx, name, SSL_FILETYPE_PEM, CA);
} }
} while (ret == SSL_SUCCESS && FindNextFile(hFind, &FindFileData)); } while (ret == SSL_SUCCESS && FindNextFile(hFind, &FindFileData));
ysArrayDelete(name);
FindClose(hFind); FindClose(hFind);
#else // _WIN32 #else // _WIN32
const int MAX_PATH = 260;
DIR* dir = opendir(path); DIR* dir = opendir(path);
if (!dir) return SSL_BAD_PATH; if (!dir) return SSL_BAD_PATH;
struct dirent* entry; struct dirent* entry;
struct stat buf; struct stat buf;
char name[MAX_PATH + 1]; const int DELIMITER_SZ = 1;
int pathSz = (int)strlen(path);
int nameSz = pathSz + DELIMITER_SZ + 1; //plus 1 for null terminator
char* name = NEW_YS char[nameSz]; // directory specification
while (ret == SSL_SUCCESS && (entry = readdir(dir))) { while (ret == SSL_SUCCESS && (entry = readdir(dir))) {
strncpy(name, path, MAX_PATH - 1 - HALF_PATH); int curSz = (int)strlen(entry->d_name);
strncat(name, "/", 1); if (pathSz + curSz + DELIMITER_SZ + 1 > nameSz) {
strncat(name, entry->d_name, HALF_PATH); ysArrayDelete(name);
nameSz = pathSz + DELIMITER_SZ + curSz + 1;
name = NEW_YS char[nameSz];
}
memset(name, 0, nameSz);
strncpy(name, path, nameSz - curSz - 1);
strncat(name, "/", DELIMITER_SZ);
strncat(name, entry->d_name, nameSz - pathSz - DELIMITER_SZ - 1);
if (stat(name, &buf) < 0) { if (stat(name, &buf) < 0) {
ysArrayDelete(name);
closedir(dir); closedir(dir);
return SSL_BAD_STAT; return SSL_BAD_STAT;
} }
...@@ -826,6 +853,7 @@ int SSL_CTX_load_verify_locations(SSL_CTX* ctx, const char* file, ...@@ -826,6 +853,7 @@ int SSL_CTX_load_verify_locations(SSL_CTX* ctx, const char* file,
ret = read_file(ctx, name, SSL_FILETYPE_PEM, CA); ret = read_file(ctx, name, SSL_FILETYPE_PEM, CA);
} }
ysArrayDelete(name);
closedir(dir); closedir(dir);
#endif #endif
......
...@@ -60,6 +60,7 @@ private: ...@@ -60,6 +60,7 @@ private:
static const word32 Te[5][256]; static const word32 Te[5][256];
static const word32 Td[5][256]; static const word32 Td[5][256];
static const byte CTd4[256];
static const word32* Te0; static const word32* Te0;
static const word32* Te1; static const word32* Te1;
...@@ -80,11 +81,68 @@ private: ...@@ -80,11 +81,68 @@ private:
void ProcessAndXorBlock(const byte*, const byte*, byte*) const; void ProcessAndXorBlock(const byte*, const byte*, byte*) const;
word32 PreFetchTe() const;
word32 PreFetchTd() const;
word32 PreFetchCTd4() const;
AES(const AES&); // hide copy AES(const AES&); // hide copy
AES& operator=(const AES&); // and assign AES& operator=(const AES&); // and assign
}; };
#if defined(__x86_64__) || defined(_M_X64) || \
(defined(__ILP32__) && (__ILP32__ >= 1))
#define TC_CACHE_LINE_SZ 64
#else
/* default cache line size */
#define TC_CACHE_LINE_SZ 32
#endif
inline word32 AES::PreFetchTe() const
{
word32 x = 0;
/* 4 tables of 256 entries */
for (int i = 0; i < 4; i++) {
/* each entry is 4 bytes */
for (int j = 0; j < 256; j += TC_CACHE_LINE_SZ/4) {
x &= Te[i][j];
}
}
return x;
}
inline word32 AES::PreFetchTd() const
{
word32 x = 0;
/* 4 tables of 256 entries */
for (int i = 0; i < 4; i++) {
/* each entry is 4 bytes */
for (int j = 0; j < 256; j += TC_CACHE_LINE_SZ/4) {
x &= Td[i][j];
}
}
return x;
}
inline word32 AES::PreFetchCTd4() const
{
word32 x = 0;
int i;
for (i = 0; i < 256; i += TC_CACHE_LINE_SZ) {
x &= CTd4[i];
}
return x;
}
typedef BlockCipher<ENCRYPTION, AES, ECB> AES_ECB_Encryption; typedef BlockCipher<ENCRYPTION, AES, ECB> AES_ECB_Encryption;
typedef BlockCipher<DECRYPTION, AES, ECB> AES_ECB_Decryption; typedef BlockCipher<DECRYPTION, AES, ECB> AES_ECB_Decryption;
......
...@@ -119,6 +119,9 @@ namespace TaoCrypt { ...@@ -119,6 +119,9 @@ namespace TaoCrypt {
#ifdef _WIN32
#undef max // avoid name clash
#endif
// general MAX // general MAX
template<typename T> inline template<typename T> inline
const T& max(const T& a, const T& b) const T& max(const T& a, const T& b)
......
This diff is collapsed.
...@@ -1209,17 +1209,17 @@ word32 DecodeDSA_Signature(byte* decoded, const byte* encoded, word32 sz) ...@@ -1209,17 +1209,17 @@ word32 DecodeDSA_Signature(byte* decoded, const byte* encoded, word32 sz)
} }
word32 rLen = GetLength(source); word32 rLen = GetLength(source);
if (rLen != 20) { if (rLen != 20) {
if (rLen == 21) { // zero at front, eat while (rLen > 20 && source.remaining() > 0) { // zero's at front, eat
source.next(); source.next();
--rLen; --rLen;
} }
else if (rLen == 19) { // add zero to front so 20 bytes if (rLen < 20) { // add zero's to front so 20 bytes
word32 tmpLen = rLen;
while (tmpLen < 20) {
decoded[0] = 0; decoded[0] = 0;
decoded++; decoded++;
tmpLen++;
} }
else {
source.SetError(DSA_SZ_E);
return 0;
} }
} }
memcpy(decoded, source.get_buffer() + source.get_index(), rLen); memcpy(decoded, source.get_buffer() + source.get_index(), rLen);
...@@ -1232,17 +1232,17 @@ word32 DecodeDSA_Signature(byte* decoded, const byte* encoded, word32 sz) ...@@ -1232,17 +1232,17 @@ word32 DecodeDSA_Signature(byte* decoded, const byte* encoded, word32 sz)
} }
word32 sLen = GetLength(source); word32 sLen = GetLength(source);
if (sLen != 20) { if (sLen != 20) {
if (sLen == 21) { while (sLen > 20 && source.remaining() > 0) {
source.next(); // zero at front, eat source.next(); // zero's at front, eat
--sLen; --sLen;
} }
else if (sLen == 19) { if (sLen < 20) { // add zero's to front so 20 bytes
decoded[rLen] = 0; // add zero to front so 20 bytes word32 tmpLen = sLen;
while (tmpLen < 20) {
decoded[rLen] = 0;
decoded++; decoded++;
tmpLen++;
} }
else {
source.SetError(DSA_SZ_E);
return 0;
} }
} }
memcpy(decoded + rLen, source.get_buffer() + source.get_index(), sLen); memcpy(decoded + rLen, source.get_buffer() + source.get_index(), sLen);
......
...@@ -172,6 +172,7 @@ word32 DSA_Signer::Sign(const byte* sha_digest, byte* sig, ...@@ -172,6 +172,7 @@ word32 DSA_Signer::Sign(const byte* sha_digest, byte* sig,
const Integer& q = key_.GetSubGroupOrder(); const Integer& q = key_.GetSubGroupOrder();
const Integer& g = key_.GetSubGroupGenerator(); const Integer& g = key_.GetSubGroupGenerator();
const Integer& x = key_.GetPrivatePart(); const Integer& x = key_.GetPrivatePart();
byte* tmpPtr = sig; // initial signature output
Integer k(rng, 1, q - 1); Integer k(rng, 1, q - 1);
...@@ -187,22 +188,23 @@ word32 DSA_Signer::Sign(const byte* sha_digest, byte* sig, ...@@ -187,22 +188,23 @@ word32 DSA_Signer::Sign(const byte* sha_digest, byte* sig,
return -1; return -1;
int rSz = r_.ByteCount(); int rSz = r_.ByteCount();
int tmpSz = rSz;
if (rSz == 19) { while (tmpSz++ < SHA::DIGEST_SIZE) {
sig[0] = 0; *sig++ = 0;
sig++;
} }
r_.Encode(sig, rSz); r_.Encode(sig, rSz);
sig = tmpPtr + SHA::DIGEST_SIZE; // advance sig output to s
int sSz = s_.ByteCount(); int sSz = s_.ByteCount();
tmpSz = sSz;
if (sSz == 19) { while (tmpSz++ < SHA::DIGEST_SIZE) {
sig[rSz] = 0; *sig++ = 0;
sig++;
} }
s_.Encode(sig + rSz, sSz); s_.Encode(sig, sSz);
return 40; return 40;
} }
......
...@@ -1277,6 +1277,9 @@ int dsa_test() ...@@ -1277,6 +1277,9 @@ int dsa_test()
if (!verifier.Verify(digest, decoded)) if (!verifier.Verify(digest, decoded))
return -90; return -90;
if (!verifier.Verify(digest, signature))
return -91;
return 0; return 0;
} }
......
...@@ -22,7 +22,6 @@ ...@@ -22,7 +22,6 @@
#define yaSSL_TEST_HPP #define yaSSL_TEST_HPP
#include "runtime.hpp" #include "runtime.hpp"
#include "openssl/ssl.h" /* openssl compatibility test */
#include "error.hpp" #include "error.hpp"
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
...@@ -56,6 +55,7 @@ ...@@ -56,6 +55,7 @@
#endif #endif
#define SOCKET_T int #define SOCKET_T int
#endif /* _WIN32 */ #endif /* _WIN32 */
#include "openssl/ssl.h" /* openssl compatibility test */
#ifdef _MSC_VER #ifdef _MSC_VER
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment