Updated yassl to yassl-2.3.8

259cf3dc · Robert Golebiowski · 0632dae7 · 259cf3dc · 259cf3dc · 259cf3dc
Commit 259cf3dc authored Sep 18, 2015 by Robert Golebiowski
6 changed files
--- a/extra/yassl/README
+++ b/extra/yassl/README
@@ -12,6 +12,14 @@ before calling SSL_new();
 *** end Note ***
+yaSSL Release notes, version 2.3.8 (9/17/2015)
+    This release of yaSSL fixes a high security vulnerability.  All users
+    SHOULD update.  If using yaSSL for TLS on the server side with private
+    RSA keys allowing ephemeral key exchange you MUST update and regenerate
+    the RSA private keys.  This report is detailed in:
+    https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf
+    yaSSL now detects RSA signature faults and returns an error.
 yaSSL Patch notes, version 2.3.7e (6/26/2015)
    This release of yaSSL includes a fix for Date less than comparison.
    Previously yaSSL would return true on less than comparisons if the Dates

--- a/extra/yassl/include/openssl/ssl.h
+++ b/extra/yassl/include/openssl/ssl.h
@@ -35,7 +35,7 @@
 #include "rsa.h"
-#define YASSL_VERSION "2.3.7e"
+#define YASSL_VERSION "2.3.8"
 #if defined(__cplusplus)

--- a/extra/yassl/include/yassl_error.hpp
+++ b/extra/yassl/include/yassl_error.hpp
@@ -53,7 +53,8 @@ enum YasslError {
    compress_error      = 118,
    decompress_error    = 119,
    pms_version_error   = 120,
-    sanityCipher_error  = 121
+    sanityCipher_error  = 121,
+    rsaSignFault_error  = 122
    // !!!! add error message to .cpp !!!!

--- a/extra/yassl/src/handshake.cpp
+++ b/extra/yassl/src/handshake.cpp
@@ -1172,6 +1172,8 @@ void sendCertificateVerify(SSL& ssl, BufferOutput buffer)
    CertificateVerify  verify;
    verify.Build(ssl);
+    if (ssl.GetError()) return;
    RecordLayerHeader  rlHeader;
    HandShakeHeader    hsHeader;
    mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer);

--- a/extra/yassl/src/yassl_error.cpp
+++ b/extra/yassl/src/yassl_error.cpp
@@ -148,6 +148,10 @@ void SetErrorString(YasslError error, char* buffer)
        strncpy(buffer, "sanity check on cipher text size error", max);
        break;
+    case rsaSignFault_error:
+        strncpy(buffer, "rsa signature fault error", max);
+        break;
        // openssl errors
    case SSL_ERROR_WANT_READ :
        strncpy(buffer, "the read operation would block", max);

--- a/extra/yassl/src/yassl_imp.cpp
+++ b/extra/yassl/src/yassl_imp.cpp
@@ -196,9 +196,16 @@ void DH_Server::build(SSL& ssl)
    sha.update(tmp.get_buffer(), tmp.get_size());
    sha.get_digest(&hash[MD5_LEN]);
-    if (ssl.getSecurity().get_parms().sig_algo_ == rsa_sa_algo)
+    if (ssl.getSecurity().get_parms().sig_algo_ == rsa_sa_algo) {
        auth->sign(signature_, hash, sizeof(hash),
                   ssl.getCrypto().get_random());
+        // check for rsa signautre fault
+        if (!auth->verify(hash, sizeof(hash), signature_,
+                                              auth->get_signatureLength())) {
+            ssl.SetError(rsaSignFault_error);
+            return;
+        }
+    }
    else {
        auth->sign(signature_, &hash[MD5_LEN], SHA_LEN,
                   ssl.getCrypto().get_random());
@@ -2159,6 +2166,12 @@ void CertificateVerify::Build(SSL& ssl)
        memcpy(sig.get(), len, VERIFY_HEADER);
        rsa.sign(sig.get() + VERIFY_HEADER, hashes_.md5_, sizeof(Hashes),
                 ssl.getCrypto().get_random());
+        // check for rsa signautre fault
+        if (!rsa.verify(hashes_.md5_, sizeof(Hashes), sig.get() + VERIFY_HEADER,
+                                                      rsa.get_cipherLength())) {
+            ssl.SetError(rsaSignFault_error);
+            return;
+        }
    }
    else {  // DSA
        DSS dss(cert.get_privateKey(), cert.get_privateKeyLength(), false);