[xmlsec] Fixed HMAC vuln with small values of HMAC length
- From: Aleksey Sanin <aleksey src gnome org>
- To: svn-commits-list gnome org
- Subject: [xmlsec] Fixed HMAC vuln with small values of HMAC length
- Date: Mon, 22 Jun 2009 12:54:05 -0400 (EDT)
commit 34b349675af9f72eb822837a8772cc1ead7115c7
Author: Aleksey Sanin <aleksey aleksey com>
Date: Mon Jun 15 10:45:36 2009 -0700
Fixed HMAC vuln with small values of HMAC length
ChangeLog | 3 ++
docs/download.html | 6 +----
docs/index.html | 38 +--------------------------------
docs/news.html | 1 +
include/xmlsec/gnutls/crypto.h | 4 +++
include/xmlsec/nss/crypto.h | 4 +++
include/xmlsec/openssl/crypto.h | 4 +++
src/gnutls/hmac.c | 45 ++++++++++++++++++++++++++++++++++++++-
src/nss/hmac.c | 45 ++++++++++++++++++++++++++++++++++++++-
src/openssl/hmac.c | 45 ++++++++++++++++++++++++++++++++++++++-
10 files changed, 150 insertions(+), 45 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index e6d53f3..1377f92 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,9 @@
* configure.in docs/download.html docs/index.html docs/news.html
include/xmlsec/version.h: preparation for new 1.2.12 release
+2009-06-15 Aleksey Sanin <aleksey aleksey com>
+ * fixed HMAC vuln with small values of HMAC length
+
2009-06-13 Aleksey Sanin <aleksey aleksey com>
* fixing gnutls detection (bug #585629)
diff --git a/docs/download.html b/docs/download.html
index c953247..6ce4215 100644
--- a/docs/download.html
+++ b/docs/download.html
@@ -51,11 +51,7 @@
<ul>
<li>
<a href="http://www.aleksey.com/xmlsec/download/xmlsec1-1.2.12.tar.gz";>Sources
- for latest version</a>
- (<a href="ftp://ftp.xmlsoft.org/xmlsec/releases";>XMLSoft.org</a> mirrors).
- </li>
- <li>Fedora 7 RPM
- <a href="http://www.aleksey.com/xmlsec/download/";>xmlsec1 packages</a>.
+ for latest version</a>.
</li>
<li>
<a href="http://www.zlatkovic.com/projects/libxml/index.html";>Windows
diff --git a/docs/index.html b/docs/index.html
index fd89ad0..953ac5d 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -76,6 +76,7 @@
The new <a href="download.html">XML Security Library 1.2.12</a> release
includes the following changes (see ChangeLog for the complete list of changes):
<ul>
+ <li>Fixed HMAC vulnerability with small values of HMAC length.</li>
<li>Added an option to return the replaced (based on the patch from Frank Gross)</li>
<li>Added new function xmlSecNodeEncodeAndSetContent for encoding
special chars in the node content.</li>
@@ -107,43 +108,6 @@
<li>Bug fixes</li>
</ul>
</li>
-<br><li>July 12 2005<br>
- The new <a href="download.html">XML Security Library 1.2.9</a> release
- includes few bug fixes and adds support for the recently released
- <a href="http://www.openssl.org";>OpenSSL 0.9.8</a> including several
- new algorithms for <a href="xmldsig.html">xmlsec-openssl</a>:
- <ul>
-<li>SHA224/SHA256/SHA384/SHA512</li>
- <li>HMAC-SHA224/SHA256/SHA384/SHA512</li>
- <li>RSA-MD5/RIPEMD160/SHA224/SHA256/SHA384/SHA512</li>
- </ul>
-</li>
-<br><li>March 30 2005<br>
- The new <a href="download.html">XML Security Library 1.2.8</a> release
- merges OpenOffice.org changes to xmlsec-mscrypto and xmlsec-nss into
- main xmlsec source tree.
-</li>
-<br><li>February 23 2005<br>
- The new <a href="download.html">XML Security Library 1.2.7</a> release
- includes several bug fixes and minor enchancements:
- <ul>
-<li>(core) added xmlSecSimpleKeysStoreGetKeys() function;</li>
- <li>(core) added functions to create <X509Data/> node children
- in the signature template;</li>
- <li>(core) fixed xmlSecGenerateID() function;</li>
- <li>(core) fixed dynamic linking initialization/shutdown when custom memory
- allocation functions are used;</li>
- <li>(core) fixed encrypted text parsing and xmlParseInNodeContext() function;</li>
- <li>(openssl) fixed parsing quoted values in the certificate subject;</li>
- <li>(mscrypto) negative numbers support in xmlSecBnFromString()/xmlSecBnToString() functions.</li>
- </ul>
-</li>
-
-<br><li>August 25 2004<br>
- The new <a href="download.html">XML Security Library 1.2.6</a>
- fixes several minor bugs and adds support for loading keys and
- certificates from memory.
-</li>
</ul>
</td></tr></table></td>
diff --git a/docs/news.html b/docs/news.html
index 3677071..5c77903 100644
--- a/docs/news.html
+++ b/docs/news.html
@@ -51,6 +51,7 @@
The new <a href="download.html">XML Security Library 1.2.12</a> release
includes the following changes (see ChangeLog for the complete list of changes):
<ul>
+ <li>Fixed HMAC vulnerability with small values of HMAC length.</li>
<li>Added an option to return the replaced (based on the patch from Frank Gross)</li>
<li>Added new function xmlSecNodeEncodeAndSetContent for encoding
special chars in the node content.</li>
diff --git a/include/xmlsec/gnutls/crypto.h b/include/xmlsec/gnutls/crypto.h
index dd80436..f7fbbad 100644
--- a/include/xmlsec/gnutls/crypto.h
+++ b/include/xmlsec/gnutls/crypto.h
@@ -113,6 +113,10 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformDes3CbcGetKlass(void
*
*******************************************************************/
#ifndef XMLSEC_NO_HMAC
+
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSHmacGetMinOutputLength();
+XMLSEC_CRYPTO_EXPORT void xmlSecGnuTLSHmacSetMinOutputLength(int min_length);
+
/**
* xmlSecGnuTLSKeyDataHmacId:
*
diff --git a/include/xmlsec/nss/crypto.h b/include/xmlsec/nss/crypto.h
index f1cd44e..381ee1f 100644
--- a/include/xmlsec/nss/crypto.h
+++ b/include/xmlsec/nss/crypto.h
@@ -191,6 +191,10 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformDsaSha1GetKlass(void);
*
*******************************************************************/
#ifndef XMLSEC_NO_HMAC
+
+XMLSEC_CRYPTO_EXPORT int xmlSecNssHmacGetMinOutputLength();
+XMLSEC_CRYPTO_EXPORT void xmlSecNssHmacSetMinOutputLength(int min_length);
+
/**
* xmlSecNssKeyDataHmacId:
*
diff --git a/include/xmlsec/openssl/crypto.h b/include/xmlsec/openssl/crypto.h
index 2274e35..3b50b40 100644
--- a/include/xmlsec/openssl/crypto.h
+++ b/include/xmlsec/openssl/crypto.h
@@ -200,6 +200,10 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformDsaSha1GetKlass(voi
*
*******************************************************************/
#ifndef XMLSEC_NO_HMAC
+
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLHmacGetMinOutputLength();
+XMLSEC_CRYPTO_EXPORT void xmlSecOpenSSLHmacSetMinOutputLength(int min_length);
+
/**
* xmlSecOpenSSLKeyDataHmacId:
*
diff --git a/src/gnutls/hmac.c b/src/gnutls/hmac.c
index 1119110..5a0940c 100644
--- a/src/gnutls/hmac.c
+++ b/src/gnutls/hmac.c
@@ -23,10 +23,40 @@
#include <xmlsec/gnutls/app.h>
#include <xmlsec/gnutls/crypto.h>
+#define XMLSEC_GNUTLS_MIN_HMAC_SIZE 64
#define XMLSEC_GNUTLS_MAX_HMAC_SIZE 128
/**************************************************************************
*
+ * Configuration
+ *
+ *****************************************************************************/
+static int g_xmlsec_gnutls_hmac_min_length = XMLSEC_GNUTLS_MIN_HMAC_SIZE;
+
+/**
+ * xmlSecGnuTLSHmacGetMinOutputLength:
+ *
+ * Returns the min HMAC output length
+ */
+int xmlSecGnuTLSHmacGetMinOutputLength()
+{
+ return g_xmlsec_gnutls_hmac_min_length;
+}
+
+/**
+ * xmlSecGnuTLSHmacSetMinOutputLength:
+ *
+ * @min_length: the new min length
+ *
+ * Sets the min HMAC output length
+ */
+void xmlSecGnuTLSHmacSetMinOutputLength(int min_length)
+{
+ g_xmlsec_gnutls_hmac_min_length = min_length;
+}
+
+/**************************************************************************
+ *
* Internal GNUTLS HMAC CTX
*
*****************************************************************************/
@@ -178,7 +208,20 @@ xmlSecGnuTLSHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTr
ctx->dgstSize = atoi((char*)content);
xmlFree(content);
}
- /* todo: error if dgstSize == 0 ?*/
+
+ /* Ensure that HMAC length is greater than min specified.
+ Otherwise, an attacker can set this lenght to 0 or very
+ small value
+ */
+ if(ctx->dgstSize < xmlSecGnuTLSHmacGetMinOutputLength()) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecNodeHMACOutputLength,
+ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
+ "HMAC output length is too small");
+ return(-1);
+ }
+
cur = xmlSecGetNextElementNode(cur->next);
}
diff --git a/src/nss/hmac.c b/src/nss/hmac.c
index f67ec9d..a7c2018 100644
--- a/src/nss/hmac.c
+++ b/src/nss/hmac.c
@@ -26,10 +26,40 @@
#include <xmlsec/nss/app.h>
#include <xmlsec/nss/crypto.h>
+#define XMLSEC_NSS_MIN_HMAC_SIZE 64
#define XMLSEC_NSS_MAX_HMAC_SIZE 128
/**************************************************************************
*
+ * Configuration
+ *
+ *****************************************************************************/
+static int g_xmlsec_nss_hmac_min_length = XMLSEC_NSS_MIN_HMAC_SIZE;
+
+/**
+ * xmlSecNssHmacGetMinOutputLength:
+ *
+ * Returns the min HMAC output length
+ */
+int xmlSecNssHmacGetMinOutputLength()
+{
+ return g_xmlsec_nss_hmac_min_length;
+}
+
+/**
+ * xmlSecNssHmacSetMinOutputLength:
+ *
+ * @min_length: the new min length
+ *
+ * Sets the min HMAC output length
+ */
+void xmlSecNssHmacSetMinOutputLength(int min_length)
+{
+ g_xmlsec_nss_hmac_min_length = min_length;
+}
+
+/**************************************************************************
+ *
* Internal NSS HMAC CTX
*
*****************************************************************************/
@@ -162,7 +192,20 @@ xmlSecNssHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTrans
ctx->dgstSize = atoi((char*)content);
xmlFree(content);
}
- /* todo: error if dgstSize == 0 ?*/
+
+ /* Ensure that HMAC length is greater than min specified.
+ Otherwise, an attacker can set this lenght to 0 or very
+ small value
+ */
+ if(ctx->dgstSize < xmlSecNssHmacGetMinOutputLength()) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecNodeHMACOutputLength,
+ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
+ "HMAC output length is too small");
+ return(-1);
+ }
+
cur = xmlSecGetNextElementNode(cur->next);
}
diff --git a/src/openssl/hmac.c b/src/openssl/hmac.c
index 492663b..76fca0e 100644
--- a/src/openssl/hmac.c
+++ b/src/openssl/hmac.c
@@ -32,6 +32,36 @@
#include <xmlsec/openssl/crypto.h>
+#define XMLSEC_OPENSSL_MIN_HMAC_SIZE 64
+
+/**************************************************************************
+ *
+ * Configuration
+ *
+ *****************************************************************************/
+static int g_xmlsec_openssl_hmac_min_length = XMLSEC_OPENSSL_MIN_HMAC_SIZE;
+
+/**
+ * xmlSecOpenSSLHmacGetMinOutputLength:
+ *
+ * Returns the min HMAC output length
+ */
+int xmlSecOpenSSLHmacGetMinOutputLength()
+{
+ return g_xmlsec_openssl_hmac_min_length;
+}
+
+/**
+ * xmlSecOpenSSLHmacSetMinOutputLength:
+ *
+ * @min_length: the new min length
+ *
+ * Sets the min HMAC output length
+ */
+void xmlSecOpenSSLHmacSetMinOutputLength(int min_length)
+{
+ g_xmlsec_openssl_hmac_min_length = min_length;
+}
/**************************************************************************
*
@@ -240,7 +270,20 @@ xmlSecOpenSSLHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecT
ctx->dgstSize = atoi((char*)content);
xmlFree(content);
}
- /* todo: error if dgstSize == 0 ?*/
+
+ /* Ensure that HMAC length is greater than min specified.
+ Otherwise, an attacker can set this lenght to 0 or very
+ small value
+ */
+ if(ctx->dgstSize < xmlSecOpenSSLHmacGetMinOutputLength()) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecNodeHMACOutputLength,
+ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
+ "HMAC output length is too small");
+ return(-1);
+ }
+
cur = xmlSecGetNextElementNode(cur->next);
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
