From d3cbc15951e713f5ca3d7eff916330c4eaa4b95a Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 24 Oct 2016 11:23:36 +0100 Subject: [PATCH 01/44] Fix buffer overreads in mbedtls_pem_read_buffer() --- ChangeLog | 7 +++++++ library/pem.c | 20 +++++++++++--------- 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index d4cf85b7e..ea7ce072f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 1.3.x branch released xxxx-xx-xx + +Bugfix + * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing + the input string in pem format to extract the different components. Found + by Eyal Itkin. + = mbed TLS 1.3.18 branch 2016-10-17 Security diff --git a/library/pem.c b/library/pem.c index 054fcffb8..1fe238726 100644 --- a/library/pem.c +++ b/library/pem.c @@ -250,7 +250,7 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, enc = 0; - if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 ) + if( s2 - s1 >= 22 && memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 ) { #if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \ ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) ) @@ -263,22 +263,22 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, #if defined(POLARSSL_DES_C) - if( memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 ) + if( s2 - s1 >= 23 && memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 ) { enc_alg = POLARSSL_CIPHER_DES_EDE3_CBC; s1 += 23; - if( pem_get_iv( s1, pem_iv, 8 ) != 0 ) + if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8 ) != 0 ) return( POLARSSL_ERR_PEM_INVALID_ENC_IV ); s1 += 16; } - else if( memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 ) + else if( s2 - s1 >= 18 && memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 ) { enc_alg = POLARSSL_CIPHER_DES_CBC; s1 += 18; - if( pem_get_iv( s1, pem_iv, 8) != 0 ) + if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8) != 0 ) return( POLARSSL_ERR_PEM_INVALID_ENC_IV ); s1 += 16; @@ -286,9 +286,11 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, #endif /* POLARSSL_DES_C */ #if defined(POLARSSL_AES_C) - if( memcmp( s1, "DEK-Info: AES-", 14 ) == 0 ) + if( s2 - s1 >= 14 && memcmp( s1, "DEK-Info: AES-", 14 ) == 0 ) { - if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 ) + if( s2 - s1 < 22 ) + return( POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG ); + else if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 ) enc_alg = POLARSSL_CIPHER_AES_128_CBC; else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 ) enc_alg = POLARSSL_CIPHER_AES_192_CBC; @@ -298,7 +300,7 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, return( POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG ); s1 += 22; - if( pem_get_iv( s1, pem_iv, 16 ) != 0 ) + if( s2 - s1 < 32 || pem_get_iv( s1, pem_iv, 16 ) != 0 ) return( POLARSSL_ERR_PEM_INVALID_ENC_IV ); s1 += 32; @@ -317,7 +319,7 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, ( POLARSSL_AES_C || POLARSSL_DES_C ) */ } - if( s1 == s2 ) + if( s1 >= s2 ) return( POLARSSL_ERR_PEM_INVALID_DATA ); len = 0; From fada2e9f3e9f233b889bc711d0325b6be219e846 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 24 Oct 2016 14:31:54 +0100 Subject: [PATCH 02/44] Add tests for overreads in pem_read_buffer() --- ChangeLog | 2 +- tests/suites/test_suite_pem.data | 9 +++++++++ tests/suites/test_suite_pem.function | 24 ++++++++++++++++++------ 3 files changed, 28 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index ea7ce072f..4cfcfeb43 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,7 +4,7 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing - the input string in pem format to extract the different components. Found + the input string in PEM format to extract the different components. Found by Eyal Itkin. = mbed TLS 1.3.18 branch 2016-10-17 diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index 311ea9c15..9c7b30517 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -15,3 +15,12 @@ pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"00010203040506 PEM write (exactly two lines + 1) pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n" + +PEM read (DES-EDE3-CBC + invalid iv) +pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":-4608 + +PEM read (DES-CBC + invalid iv) +pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":-4608 + +PEM read (unknown encryption algorithm) +pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":-4736 diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function index f8aab47c1..e0b767984 100644 --- a/tests/suites/test_suite_pem.function +++ b/tests/suites/test_suite_pem.function @@ -3,12 +3,7 @@ #include "polarssl/pem.h" /* END_HEADER */ -/* BEGIN_DEPENDENCIES - * depends_on:POLARSSL_PEM_WRITE_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:POLARSSL_PEM_WRITE_C */ void pem_write_buffer( char *start, char *end, char *buf_str, char *result_str ) { unsigned char buf[5000]; @@ -38,3 +33,20 @@ exit: polarssl_free( check_buf ); } /* END_CASE */ + +/* BEGIN_CASE depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_AES_C:POLARSSL_DES_C:POLARSSL_MD5_C:POLARSSL_CIPHER_MODE_CBC */ +void pem_read_buffer( char *header, char *footer, char *data, int ret ) +{ + pem_context ctx; + size_t use_len = 0; + + pem_init( &ctx ); + + TEST_ASSERT( pem_read_buffer( &ctx, header, footer, + (const unsigned char *)data, NULL, 0, + &use_len ) == ret ); + +exit: + pem_free( &ctx ); +} +/* END_CASE */ From 593e8b27937c266a38aa8f1eca1dd237d7b63a9d Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 18 Jan 2017 13:56:58 +0000 Subject: [PATCH 03/44] Fix integer overflows in buffer bound checks Fix potential integer overflows in the following functions: * mbedtls_md2_update() to be bypassed and cause * mbedtls_cipher_update() * mbedtls_ctr_drbg_reseed() This overflows would mainly be exploitable in 32-bit systems and could cause buffer bound checks to be bypassed. --- ChangeLog | 10 ++++++++++ library/cipher.c | 4 ++-- library/ctr_drbg.c | 3 ++- library/md2.c | 2 +- 4 files changed, 15 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index d4cf85b7e..fb0d5fef0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,15 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 1.3.x branch released xxxx-xx-xx + +Bugfix + * Fixed potential arithmetic overflow in mbedtls_ctr_drbg_reseed() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflows in mbedtls_cipher_update() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in mbedtls_md2_update() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. + = mbed TLS 1.3.18 branch 2016-10-17 Security diff --git a/library/cipher.c b/library/cipher.c index b69d33106..7ea25cfc2 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -315,9 +315,9 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, * If there is not enough data for a full block, cache it. */ if( ( ctx->operation == POLARSSL_DECRYPT && - ilen + ctx->unprocessed_len <= cipher_get_block_size( ctx ) ) || + ilen <= cipher_get_block_size( ctx ) - ctx->unprocessed_len ) || ( ctx->operation == POLARSSL_ENCRYPT && - ilen + ctx->unprocessed_len < cipher_get_block_size( ctx ) ) ) + ilen < cipher_get_block_size( ctx ) - ctx->unprocessed_len ) ) { memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, ilen ); diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 24adff08f..7b315e888 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -277,7 +277,8 @@ int ctr_drbg_reseed( ctr_drbg_context *ctx, unsigned char seed[CTR_DRBG_MAX_SEED_INPUT]; size_t seedlen = 0; - if( ctx->entropy_len + len > CTR_DRBG_MAX_SEED_INPUT ) + if( ctx->entropy_len > CTR_DRBG_MAX_SEED_INPUT || + len > CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len ) return( POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG ); memset( seed, 0, CTR_DRBG_MAX_SEED_INPUT ); diff --git a/library/md2.c b/library/md2.c index 110cd95bc..2ac7eba61 100644 --- a/library/md2.c +++ b/library/md2.c @@ -155,7 +155,7 @@ void md2_update( md2_context *ctx, const unsigned char *input, size_t ilen ) while( ilen > 0 ) { - if( ctx->left + ilen > 16 ) + if( ilen > 16 - ctx->left ) fill = 16 - ctx->left; else fill = ilen; From 3e3698ca307b0991c573a007e0d773b48c83e862 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 18 Jan 2017 17:21:03 +0000 Subject: [PATCH 04/44] Fix integer overflow in mbedtls_base64_decode() Fix potential integer overflows in the function mbedtls_base64_decode(). This overflow would mainly be exploitable in 32-bit systems and could cause buffer bound checks to be bypassed. --- ChangeLog | 6 ++++++ library/base64.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index d4cf85b7e..124d056fc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 1.x.x branch released xxxx-xx-xx + +Bugfix + * Fixed potential arithmetic overflow in mbedtls_base64_decode() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. + = mbed TLS 1.3.18 branch 2016-10-17 Security diff --git a/library/base64.c b/library/base64.c index 7de87e51c..3de67f090 100644 --- a/library/base64.c +++ b/library/base64.c @@ -198,7 +198,7 @@ int base64_decode( unsigned char *dst, size_t *dlen, return( 0 ); } - n = ( ( n * 6 ) + 7 ) >> 3; + n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); n -= j; if( dst == NULL || *dlen < n ) From e567101f6b4c605cb7b816a202423f0acadd67e3 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 8 Dec 2016 17:08:44 +0000 Subject: [PATCH 05/44] Fix CRL parsing to avoid infinite loop This patch modifies the function mbedtls_x509_crl_parse() to ensure that a CRL in PEM format with trailing characters after the footer does not result in the execution of an infinite loop. --- ChangeLog | 9 +++++++++ library/x509_crl.c | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index d4cf85b7e..2e127855f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,14 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Security + * Fixed potential livelock during the parsing of a CRL in PEM format in + mbedtls_x509_crl_parse(). A string containing a CRL followed by trailing + characters after the footer could result in the execution of an infinite + loop. The issue can be triggered remotely. Found by Greg Zaverucha, + Microsoft. + = mbed TLS 1.3.18 branch 2016-10-17 Security diff --git a/library/x509_crl.c b/library/x509_crl.c index de2079fc7..0d92bb131 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -525,7 +525,7 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen ) pem_free( &pem ); } - else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) + else if( is_pem ) { pem_free( &pem ); return( ret ); From 67c6df4a8a00bbb3be2b432768c9ae1f66c1dc29 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 8 Dec 2016 17:10:38 +0000 Subject: [PATCH 06/44] Add test for infinite loop in CRL parse --- .../crl-malformed-trailing-spaces.pem | 20 +++++++++++++++++++ tests/suites/test_suite_x509parse.data | 4 ++++ tests/suites/test_suite_x509parse.function | 16 +++++++++++++++ 3 files changed, 40 insertions(+) create mode 100644 tests/data_files/crl-malformed-trailing-spaces.pem diff --git a/tests/data_files/crl-malformed-trailing-spaces.pem b/tests/data_files/crl-malformed-trailing-spaces.pem new file mode 100644 index 000000000..9eae3da19 --- /dev/null +++ b/tests/data_files/crl-malformed-trailing-spaces.pem @@ -0,0 +1,20 @@ +-----BEGIN X509 CRL----- +MIIBbzCB9gIBATAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQ +b2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQRcNMTMwOTI0MTYz +MTA4WhcNMjMwOTIyMTYzMTA4WjAUMBICAQoXDTEzMDkyNDE2MjgzOFqgcjBwMG4G +A1UdIwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8oUKkQDA+MQswCQYDVQQGEwJO +TDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMg +Q0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2kAMGYCMQDVG95rrSSl4dJgbJ5vR1GW +svEuEsAh35EhF1WrcadMuCeMQVX9cUPupFfQUpHyMfoCMQCKf0yv8pN9BAoi3FVm +56meWPhUekgLKKMAobt2oJJY6feuiFU2YFGs1aF0rV6Bj+U= +-----END X509 CRL----- +-----BEGIN X509 CRL----- +MIIBcTCB9wIBATAKBggqhkjOPQQDBDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2 +MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu +BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC +TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD +IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwQDaQAwZgIxAL/VFrDIYUECsS0rVpAy +6zt/CqeAZ1sa/l5LTaG1XW286n2Kibipr6EpkYZNYIQILgIxAI0wb3Py1DHPWpYf +/BFBH7C3KYq+nWTrLeEnhrjU1LzG/CiQ8lnuskya6lw/P3lJ/A== +-----END X509 CRL----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index b289fc992..3dc7e0301 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -194,6 +194,10 @@ X509 CRL Information EC, SHA512 Digest depends_on:POLARSSL_PEM_PARSE_C x509_crl_info:"data_files/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA512\n" +X509 CRL Malformed Input (trailing spaces at end of file) +depends_on:POLARSSL_PEM_PARSE_C +x509_crl_parse:"data_files/crl-malformed-trailing-spaces.pem":POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT + X509 CSR Information RSA with MD4 depends_on:POLARSSL_PEM_PARSE_C x509_csr_info:"data_files/server1.req.md4":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\n" diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index eee82412b..4ae3c9fc8 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -167,6 +167,22 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRL_PARSE_C */ +void x509_crl_parse( char *crl_file, int result ) +{ + x509_crl crl; + char buf[2000]; + + x509_crl_init( &crl ); + memset( buf, 0, 2000 ); + + TEST_ASSERT( x509_crl_parse_file( &crl, crl_file ) == result ); + +exit: + x509_crl_free( &crl ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CSR_PARSE_C */ void x509_csr_info( char *csr_file, char *result_str ) { From 2f3fe70f7e362caf1ac88a258d2a370a988486c9 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 20 Jan 2017 17:07:46 +0000 Subject: [PATCH 07/44] Fix verify out flags from x509_crt_verify_top() This change fixes a regression introduced by an earlier commit that modified x509_crt_verify_top() to ensure that valid certificates that are after past or future valid in the chain are processed. However the change introduced a change in behaviour that caused the verification flags BADCERT_EXPIRED and BADCERT_FUTURE to always be set whenever there is a failure in the verification regardless of the cause. The fix maintains both behaviours: * Ensure that valid certificates after future and past are verified * Ensure that the correct verification flags are set. To do so, a temporary pointer to the first future or past valid certificate is maintained while traversing the chain. If a truly valid certificate is found then that one is used, otherwise if no valid certificate is found and the end of the chain is reached, the program reverts back to using the future or past valid certificate. --- ChangeLog | 9 +++++++++ library/x509_crt.c | 31 ++++++++++++++++++++----------- 2 files changed, 29 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index d4cf85b7e..20c8eaf95 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,14 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Fix output certificate verification flags set by x509_crt_verify_top() when + traversing a chain of trusted CA. The issue would cause both flags, + BADCERT_NOT_TRUSTED and BADCERT_EXPIRED, to be set when the verification + conditions are not met regardless of the cause. Found by Harm Verhagen and + inestlerode. #665 #561 + = mbed TLS 1.3.18 branch 2016-10-17 Security diff --git a/library/x509_crt.c b/library/x509_crt.c index 4b831aed3..a3517f64f 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1775,6 +1775,7 @@ static int x509_crt_verify_top( int ca_flags = 0, check_path_cnt; unsigned char hash[POLARSSL_MD_MAX_SIZE]; const md_info_t *md_info; + x509_crt *future_past_ca = NULL; if( x509_time_expired( &child->valid_to ) ) *flags |= BADCERT_EXPIRED; @@ -1823,16 +1824,6 @@ static int x509_crt_verify_top( continue; } - if( x509_time_expired( &trust_ca->valid_to ) ) - { - continue; - } - - if( x509_time_future( &trust_ca->valid_from ) ) - { - continue; - } - if( pk_verify_ext( child->sig_pk, child->sig_opts, &trust_ca->pk, child->sig_md, hash, md_info->size, child->sig.p, child->sig.len ) != 0 ) @@ -1840,11 +1831,23 @@ static int x509_crt_verify_top( continue; } + if( x509_time_expired( &trust_ca->valid_to ) || + x509_time_future( &trust_ca->valid_from ) ) + { + if( future_past_ca == NULL ) + future_past_ca = trust_ca; + continue; + } + + break; + } + + if( trust_ca != NULL || ( trust_ca = future_past_ca ) != NULL ) + { /* * Top of chain is signed by a trusted CA */ *flags &= ~BADCERT_NOT_TRUSTED; - break; } /* @@ -1864,6 +1867,12 @@ static int x509_crt_verify_top( ((void) ca_crl); #endif + if( x509_time_expired( &trust_ca->valid_to ) ) + ca_flags |= BADCERT_EXPIRED; + + if( x509_time_future( &trust_ca->valid_from ) ) + ca_flags |= BADCERT_FUTURE; + if( NULL != f_vrfy ) { if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1, From 28ba747c8caed5ce2082f9b0635327b05b71f857 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 20 Jan 2017 17:09:15 +0000 Subject: [PATCH 08/44] Add tests for out flags from x509_crt_verify_top() The tests load certificate chains from files. The CA chains contain a past or future certificate and an invalid certificate. The test then checks that the flags set are BADCERT_EXPIRED or BADCERT_FUTURE. --- .../test-ca2_cat-future-invalid.crt | 27 +++++++++++++++++++ .../data_files/test-ca2_cat-past-invalid.crt | 27 +++++++++++++++++++ tests/suites/test_suite_x509parse.data | 8 ++++++ 3 files changed, 62 insertions(+) create mode 100644 tests/data_files/test-ca2_cat-future-invalid.crt create mode 100644 tests/data_files/test-ca2_cat-past-invalid.crt diff --git a/tests/data_files/test-ca2_cat-future-invalid.crt b/tests/data_files/test-ca2_cat-future-invalid.crt new file mode 100644 index 000000000..b1cfbf054 --- /dev/null +++ b/tests/data_files/test-ca2_cat-future-invalid.crt @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIICIDCCAaWgAwIBAgIBCjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG +CCqGSM49AwEHA0IABIFZMXZJJPoVraugMW4O7TMR+pElVcGwwZwDcj6Yui2kcjeJ +H0M3jR+OOtjwV+gvT8kApPfbcw+yxgSU0UA7OOOjgZ0wgZowCQYDVR0TBAIwADAd +BgNVHQ4EFgQUfmWPPjMDFOXhvmCy4IV/jOdgK3swbgYDVR0jBGcwZYAUnW0gJEkB +PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh +clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG +CCqGSM49BAMCA2kAMGYCMQCsYTyleBFuI4nizuxo/ie5dxJnD0ynwCnRJ+84PZP4 +AQA3HdUz0qNYs4CZ2am9Gz0CMQDr2TNLFA3C3S3pmgXMT0eKzR1Ca1/Nulf0llQZ +Xj09kLboxuemP40IIqhQnpYptMg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB+zCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0yMzA5MjIxNTQ5NDlaFw0zMDEyMzEyMzU5NTlaMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 +MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 +WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p +w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E +FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ +vH4kydv7NnwwDAYIKoZIzj0EAwIFAANnADBkAjB1ZNdOM7KRJiPo45hP17A1sJSH +qHFPEJbml6KdNevoVZ1HqvP8AoFGcPJRpQVtzC0CMDa7JEqn0dOss8EmW9pVF/N2 ++XvzNczj89mWMgPhJJlT+MONQx3LFQO+TMSI9hLdkw== +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca2_cat-past-invalid.crt b/tests/data_files/test-ca2_cat-past-invalid.crt new file mode 100644 index 000000000..febad7408 --- /dev/null +++ b/tests/data_files/test-ca2_cat-past-invalid.crt @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIB/TCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0wMzA5MjQxNTQ5NDhaFw0xMzA5MjQxNTQ5NDhaMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 +MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 +WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p +w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E +FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ +vH4kydv7NnwwDAYIKoZIzj0EAwIFAANpADBmAjEAvQ/49lXXrLYdOIGtTaYWjpZP +tRBXQiGPMzUvmKBk7gM7bF4iFPsdJikyXHmuwv3RAjEA8vtUX8fAAB3fbh5dEXRm +l7tz0Sw/RW6AHFtaIauGkhHqeKIaKIi6WSgHu6x97uyg +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICIDCCAaWgAwIBAgIBCjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG +CCqGSM49AwEHA0IABIFZMXZJJPoVraugMW4O7TMR+pElVcGwwZwDcj6Yui2kcjeJ +H0M3jR+OOtjwV+gvT8kApPfbcw+yxgSU0UA7OOOjgZ0wgZowCQYDVR0TBAIwADAd +BgNVHQ4EFgQUfmWPPjMDFOXhvmCy4IV/jOdgK3swbgYDVR0jBGcwZYAUnW0gJEkB +PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh +clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG +CCqGSM49BAMCA2kAMGYCMQCsYTyleBFuI4nizuxo/ie5dxJnD0ynwCnRJ+84PZP4 +AQA3HdUz0qNYs4CZ2am9Gz0CMQDr2TNLFA3C3S3pmgXMT0eKzR1Ca1/Nulf0llQZ +Xj09kLboxuemP40IIqhQnpYptMg= +-----END CERTIFICATE----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index b289fc992..a4d65ff75 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -711,6 +711,14 @@ X509 Certificate verification #85 (Not yet valid CA and valid CA) depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" +X509 Certificate verification #86 (Not yet valid CA and invalid CA) +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_SHA1_C:POLARSSL_SHA256_C +x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_FUTURE:"NULL" + +X509 Certificate verification #87 (Expired CA and invalid CA) +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_SHA1_C:POLARSSL_SHA256_C +x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_EXPIRED:"NULL" + X509 Certificate verification callback: trusted EE cert depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_SHA256_C:POLARSSL_ECP_DP_SECP256R1_ENABLED x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL\n" From 2d56a827ccf8d693db34f4cdb37202f34fb4048f Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Feb 2017 08:46:53 +0000 Subject: [PATCH 09/44] Add comment to integer overflow fix in base64.c Adds clarifying comment to the integer overflow fix in base64.c --- library/base64.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/base64.c b/library/base64.c index 3de67f090..ba6926083 100644 --- a/library/base64.c +++ b/library/base64.c @@ -198,6 +198,10 @@ int base64_decode( unsigned char *dst, size_t *dlen, return( 0 ); } + /* The following expression is to calculate the following formula without + * risk of integer overflow in n: + * n = ( ( n * 6 ) + 7 ) >> 3; + */ n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); n -= j; From 6aa732f25a86719d60e56b1b7ff0d7168f298063 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 2 Feb 2017 14:36:49 +0000 Subject: [PATCH 10/44] Fix generate_code.pl to handle escaped : --- tests/scripts/generate_code.pl | 2 +- tests/suites/test_suite_pem.data | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 078e82df9..e13a2d0da 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -139,7 +139,7 @@ while($test_cases =~ /\/\* BEGIN_CASE *([\w:]*) \*\/\n(.*?)\n\/\* END_CASE \*\// $param_defs .= " char *param$i = params[$i];\n"; $param_checks .= " if( verify_string( ¶m$i ) != 0 ) return( 2 );\n"; push @dispatch_params, "param$i"; - $mapping_regex .= ":[^:\n]+"; + $mapping_regex .= ":(?:\\\\.|[^:\n])+"; } else { diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index 9c7b30517..b5f63e550 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -17,10 +17,10 @@ PEM write (exactly two lines + 1) pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n" PEM read (DES-EDE3-CBC + invalid iv) -pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":-4608 +pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":POLARSSL_ERR_PEM_INVALID_ENC_IV PEM read (DES-CBC + invalid iv) -pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":-4608 +pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":POLARSSL_ERR_PEM_INVALID_ENC_IV PEM read (unknown encryption algorithm) -pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":-4736 +pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG From 50b4b12f9f423bcd0dead5c395c69c4ee8acdb8e Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Feb 2017 15:01:24 +0000 Subject: [PATCH 11/44] Fix curves.pl script to build The script, `tests/scripts/curves.pl` was broken, and did not build due to the make command not having been updated with the change from polarssl to mbed TLS. --- tests/scripts/curves.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl index 1f489a387..25e43d896 100755 --- a/tests/scripts/curves.pl +++ b/tests/scripts/curves.pl @@ -34,7 +34,7 @@ for my $curve (@curves) { system( "scripts/config.pl unset $curve" ) and abort "Failed to disable $curve\n"; - system( "make polarssl" ) and abort "Failed to build lib: $curve\n"; + system( "make lib" ) and abort "Failed to build lib: $curve\n"; system( "cd tests && make" ) and abort "Failed to build tests: $curve\n"; system( "make $test" ) and abort "Failed test suite: $curve\n"; From 5cf7f388066dffa0f8ee57ad214b070e6e075472 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 3 Feb 2017 13:00:02 +0000 Subject: [PATCH 12/44] Add lib target to library/CMakeLists.txt --- library/CMakeLists.txt | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 8ccc7a391..d98fc716a 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -136,10 +136,18 @@ endif(USE_SHARED_MBEDTLS_LIBRARY) if(UNIX) add_custom_target(polarssl - DEPENDS mbedtls # TODO: and mbedtls_static is shared is defined + DEPENDS mbedtls COMMAND ${CMAKE_SOURCE_DIR}/scripts/polarssl_symlinks.sh ${CMAKE_BINARY_DIR}/library ) + add_custom_target(lib + DEPENDS polarssl + ) + + set_directory_properties(PROPERTIES + ADDITIONAL_MAKE_CLEAN_FILES "${CMAKE_BINARY_DIR}/library/libpolarssl.a" + ) + if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) add_dependencies(polarssl mbedtls_static) endif() From c71b7eb0e7b9a0ecfe16a418c4c9735af230259f Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 19 Jan 2017 11:24:33 +0000 Subject: [PATCH 13/44] Fix data loss in unsigned int cast in PK This patch introduces some additional checks in the PK module for 64-bit systems only. The problem is that the API functions in the PK abstraction accept a size_t value for the hashlen, while the RSA module accepts an unsigned int for the hashlen. Instead of silently casting size_t to unsigned int, this change checks whether the hashlen overflows an unsigned int and returns an error. --- ChangeLog | 9 ++++++++- library/pk.c | 11 ++++++++++- library/pk_wrap.c | 18 ++++++++++++++++++ 3 files changed, 36 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1e1420ab0..316c5def2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,13 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch xxxx-xx-xx += mbed TLS x.x.x branch released xxxx-xx-xx + +Security + * Add checks to prevent signature forgeries for very large messages while + using RSA through the PK module in 64-bit systems. The issue was caused by + some data loss when casting a size_t to an unsigned int value in the + functions rsa_verify_wrap(), rsa_sign_wrap(), rsa_alt_sign_wrap() and + pk_sign(). Found by Jean-Philippe Aumasson. Bugfix * Fix unused variable/function compilation warnings in pem.c and x509_csr.c diff --git a/library/pk.c b/library/pk.c index 4d78b5745..fc036d2c5 100644 --- a/library/pk.c +++ b/library/pk.c @@ -30,6 +30,8 @@ #include "polarssl/pk.h" #include "polarssl/pk_wrap.h" +#include "polarssl/bignum.h" + #if defined(POLARSSL_RSA_C) #include "polarssl/rsa.h" #endif @@ -40,6 +42,8 @@ #include "polarssl/ecdsa.h" #endif +#include + /* Implementation that should never be optimized out by the compiler */ static void polarssl_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; @@ -208,6 +212,11 @@ int pk_verify_ext( pk_type_t type, const void *options, int ret; const pk_rsassa_pss_options *pss_opts; +#if defined(POLARSSL_HAVE_INT64) + if( md_alg == POLARSSL_MD_NONE && UINT_MAX < hash_len ) + return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); +#endif /* POLARSSL_HAVE_INT64 */ + if( options == NULL ) return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); @@ -231,7 +240,7 @@ int pk_verify_ext( pk_type_t type, const void *options, return( 0 ); #else return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE ); -#endif +#endif /* POLARSSL_RSA_C && POLARSSL_PKCS1_V21 */ } /* General case: no options */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 6068605bf..ceaaad110 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -31,6 +31,7 @@ /* Even if RSA not activated, for the sake of RSA-alt */ #include "polarssl/rsa.h" +#include "polarssl/bignum.h" #include @@ -50,6 +51,8 @@ #define polarssl_free free #endif +#include + /* Implementation that should never be optimized out by the compiler */ static void polarssl_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; @@ -73,6 +76,11 @@ static int rsa_verify_wrap( void *ctx, md_type_t md_alg, { int ret; +#if defined(POLARSSL_HAVE_INT64) + if( md_alg == POLARSSL_MD_NONE && UINT_MAX < hash_len ) + return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); +#endif /* POLARSSL_HAVE_INT64 */ + if( sig_len < ((rsa_context *) ctx)->len ) return( POLARSSL_ERR_RSA_VERIFY_FAILED ); @@ -92,6 +100,11 @@ static int rsa_sign_wrap( void *ctx, md_type_t md_alg, unsigned char *sig, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { +#if defined(POLARSSL_HAVE_INT64) + if( md_alg == POLARSSL_MD_NONE && UINT_MAX < hash_len ) + return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); +#endif /* POLARSSL_HAVE_INT64 */ + *sig_len = ((rsa_context *) ctx)->len; return( rsa_pkcs1_sign( (rsa_context *) ctx, f_rng, p_rng, RSA_PRIVATE, @@ -411,6 +424,11 @@ static int rsa_alt_sign_wrap( void *ctx, md_type_t md_alg, { rsa_alt_context *rsa_alt = (rsa_alt_context *) ctx; +#if defined(POLARSSL_HAVE_INT64) + if( UINT_MAX < hash_len ) + return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); +#endif /* POLARSSL_HAVE_INT64 */ + *sig_len = rsa_alt->key_len_func( rsa_alt->key ); return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, RSA_PRIVATE, From 562bbb6f6a775dc371a641be7b1bd80812e3ca9f Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 20 Jan 2017 11:52:40 +0000 Subject: [PATCH 14/44] Add PK tests to avoid hashlen overflow for RSA --- tests/suites/test_suite_pk.data | 3 +++ tests/suites/test_suite_pk.function | 35 +++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 73694d29d..7915be764 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -150,3 +150,6 @@ Check pair #5 (RSA vs EC) depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_RSA_C pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server1.key":POLARSSL_ERR_PK_TYPE_MISMATCH +RSA hash_len overflow (size_t vs unsigned int) +depends_on:POLARSSL_RSA_C:POLARSSL_HAVE_INT64 +pk_rsa_overflow: diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index cc378c499..435efb43c 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -5,6 +5,9 @@ #include "polarssl/ecp.h" #include "polarssl/rsa.h" +/* For detecting 64-bit compilation */ +#include "polarssl/bignum.h" + static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ); #define RSA_KEY_SIZE 512 @@ -414,6 +417,33 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:POLARSSL_RSA_C:POLARSSL_HAVE_INT64 */ +void pk_rsa_overflow( ) +{ + pk_context pk; + size_t hash_len = (size_t)-1; + + pk_init( &pk ); + + TEST_ASSERT( pk_init_ctx( &pk, pk_info_from_type( POLARSSL_PK_RSA ) ) == 0 ); + +#if defined(POLARSSL_PKCS1_V21) + TEST_ASSERT( pk_verify_ext( POLARSSL_PK_RSASSA_PSS, NULL, &pk, + POLARSSL_MD_NONE, NULL, hash_len, NULL, 0 ) == + POLARSSL_ERR_PK_BAD_INPUT_DATA ); +#endif /* POLARSSL_PKCS1_V21 */ + + TEST_ASSERT( pk_verify( &pk, POLARSSL_MD_NONE, NULL, hash_len, + NULL, 0 ) == POLARSSL_ERR_PK_BAD_INPUT_DATA ); + + TEST_ASSERT( pk_sign( &pk, POLARSSL_MD_NONE, NULL, hash_len, NULL, 0, + rnd_std_rand, NULL ) == POLARSSL_ERR_PK_BAD_INPUT_DATA ); + +exit: + pk_free( &pk ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:POLARSSL_RSA_C */ void pk_rsa_alt( ) { @@ -461,6 +491,11 @@ void pk_rsa_alt( ) /* Test signature */ TEST_ASSERT( pk_sign( &alt, POLARSSL_MD_NONE, hash, sizeof hash, sig, &sig_len, rnd_std_rand, NULL ) == 0 ); +#if defined(POLARSSL_HAVE_INT64) + TEST_ASSERT( pk_sign( &alt, POLARSSL_MD_NONE, hash, (size_t)-1, + NULL, NULL, rnd_std_rand, NULL ) == + POLARSSL_ERR_PK_BAD_INPUT_DATA ); +#endif /* POLARSSL_HAVE_INT64 */ TEST_ASSERT( sig_len == RSA_KEY_LEN ); TEST_ASSERT( pk_verify( &rsa, POLARSSL_MD_NONE, hash, sizeof hash, sig, sig_len ) == 0 ); From d9c8f26f8bfbbc9d704371639124a7f6c2914512 Mon Sep 17 00:00:00 2001 From: Simon B Date: Thu, 10 Nov 2016 13:19:42 +0000 Subject: [PATCH 15/44] Fix for MSVC Compiler warnings Fixes Microsoft Visual C compiler warnings in multiple files. All issues with type mismatches. --- library/ccm.c | 6 ++++-- library/ssl_srv.c | 10 ++++++++++ library/ssl_tls.c | 2 +- library/x509_crt.c | 2 +- 4 files changed, 16 insertions(+), 4 deletions(-) diff --git a/library/ccm.c b/library/ccm.c index e397e0a42..bc3700f09 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -140,7 +140,7 @@ static int ccm_auth_crypt( ccm_context *ctx, int mode, size_t length, { int ret; unsigned char i; - unsigned char q = 16 - 1 - iv_len; + unsigned char q; size_t len_left, olen; unsigned char b[16]; unsigned char y[16]; @@ -163,6 +163,8 @@ static int ccm_auth_crypt( ccm_context *ctx, int mode, size_t length, if( add_len > 0xFF00 ) return( POLARSSL_ERR_CCM_BAD_INPUT ); + q = 16 - 1 - (unsigned char) iv_len; + /* * First block B_0: * 0 .. 0 flags @@ -254,7 +256,7 @@ static int ccm_auth_crypt( ccm_context *ctx, int mode, size_t length, while( len_left > 0 ) { - unsigned char use_len = len_left > 16 ? 16 : len_left; + size_t use_len = len_left > 16 ? 16 : len_left; if( mode == CCM_ENCRYPT ) { diff --git a/library/ssl_srv.c b/library/ssl_srv.c index f0a88fe2d..90d5ac7ff 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2981,7 +2981,17 @@ static int ssl_parse_encrypted_pms( ssl_context *ssl, ssl->handshake->pmslen = 48; /* mask = diff ? 0xff : 0x00 */ + /* MSVC has a warning about unary minus on unsigned, but this is + * well-defined and precisely what we want to do here */ +#if defined(_MSC_VER) +#pragma warning( push ) +#pragma warning( disable : 4146 ) +#endif mask = - ( diff | - diff ) >> ( sizeof( unsigned int ) * 8 - 1 ); +#if defined(_MSC_VER) +#pragma warning( pop ) +#endif + for( i = 0; i < ssl->handshake->pmslen; i++ ) pms[i] = ( mask & fake_pms[i] ) | ( (~mask) & peer_pms[i] ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0dd4a6c56..860499799 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1484,7 +1484,7 @@ static int ssl_decrypt_buf( ssl_context *ssl ) unsigned char add_data[13]; unsigned char taglen = ssl->transform_in->ciphersuite_info->flags & POLARSSL_CIPHERSUITE_SHORT_TAG ? 8 : 16; - unsigned char explicit_iv_len = ssl->transform_in->ivlen - + size_t explicit_iv_len = ssl->transform_in->ivlen - ssl->transform_in->fixed_ivlen; if( ssl->in_msglen < (size_t) explicit_iv_len + taglen ) diff --git a/library/x509_crt.c b/library/x509_crt.c index b7c73df1d..4b831aed3 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -988,7 +988,7 @@ int x509_crt_parse_path( x509_crt *chain, const char *path ) p = filename + len; filename[len++] = '*'; - w_ret = MultiByteToWideChar( CP_ACP, 0, filename, len, szDir, + w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir, MAX_PATH - 3 ); if( w_ret == 0 ) return( POLARSSL_ERR_X509_BAD_INPUT_DATA ); From 29b43737ba22ce86934cc5f63107b14cd0eb8f79 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 7 Dec 2016 16:08:04 +0000 Subject: [PATCH 16/44] Fix unused variable/function compilation warnings This PR fixes a number of unused variable/function compilation warnings that arise when using a config.h that does not define the macro POLARSSL_PEM_PARSE_C. --- ChangeLog | 3 +++ library/pem.c | 2 +- library/x509_csr.c | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4cfcfeb43..2e25e1ca9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,9 @@ Bugfix * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing the input string in PEM format to extract the different components. Found by Eyal Itkin. + * Fix unused variable/function compilation warnings in pem.c and x509_csr.c + that are reported when building mbed TLS with a config.h that does not + define POLARSSL_PEM_PARSE_C. #562 = mbed TLS 1.3.18 branch 2016-10-17 diff --git a/library/pem.c b/library/pem.c index 1fe238726..b2c16c292 100644 --- a/library/pem.c +++ b/library/pem.c @@ -45,12 +45,12 @@ #define polarssl_free free #endif +#if defined(POLARSSL_PEM_PARSE_C) /* Implementation that should never be optimized out by the compiler */ static void polarssl_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; } -#if defined(POLARSSL_PEM_PARSE_C) void pem_init( pem_context *ctx ) { memset( ctx, 0, sizeof( pem_context ) ); diff --git a/library/x509_csr.c b/library/x509_csr.c index 558b078b7..9bdfe884f 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -260,8 +260,8 @@ int x509_csr_parse_der( x509_csr *csr, */ int x509_csr_parse( x509_csr *csr, const unsigned char *buf, size_t buflen ) { - int ret; #if defined(POLARSSL_PEM_PARSE_C) + int ret; size_t use_len; pem_context pem; #endif From cfad1812508dd8e1baf9c99514c89bda5ab1cd10 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 18 Jan 2017 13:56:58 +0000 Subject: [PATCH 17/44] Fix integer overflows in buffer bound checks Fix potential integer overflows in the following functions: * mbedtls_md2_update() to be bypassed and cause * mbedtls_cipher_update() * mbedtls_ctr_drbg_reseed() This overflows would mainly be exploitable in 32-bit systems and could cause buffer bound checks to be bypassed. --- ChangeLog | 6 ++++++ library/cipher.c | 4 ++-- library/ctr_drbg.c | 3 ++- library/md2.c | 2 +- 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2e25e1ca9..545893fb6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,12 @@ Bugfix * Fix unused variable/function compilation warnings in pem.c and x509_csr.c that are reported when building mbed TLS with a config.h that does not define POLARSSL_PEM_PARSE_C. #562 + * Fixed potential arithmetic overflow in mbedtls_ctr_drbg_reseed() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflows in mbedtls_cipher_update() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in mbedtls_md2_update() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. = mbed TLS 1.3.18 branch 2016-10-17 diff --git a/library/cipher.c b/library/cipher.c index b69d33106..7ea25cfc2 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -315,9 +315,9 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, * If there is not enough data for a full block, cache it. */ if( ( ctx->operation == POLARSSL_DECRYPT && - ilen + ctx->unprocessed_len <= cipher_get_block_size( ctx ) ) || + ilen <= cipher_get_block_size( ctx ) - ctx->unprocessed_len ) || ( ctx->operation == POLARSSL_ENCRYPT && - ilen + ctx->unprocessed_len < cipher_get_block_size( ctx ) ) ) + ilen < cipher_get_block_size( ctx ) - ctx->unprocessed_len ) ) { memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, ilen ); diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 24adff08f..7b315e888 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -277,7 +277,8 @@ int ctr_drbg_reseed( ctr_drbg_context *ctx, unsigned char seed[CTR_DRBG_MAX_SEED_INPUT]; size_t seedlen = 0; - if( ctx->entropy_len + len > CTR_DRBG_MAX_SEED_INPUT ) + if( ctx->entropy_len > CTR_DRBG_MAX_SEED_INPUT || + len > CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len ) return( POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG ); memset( seed, 0, CTR_DRBG_MAX_SEED_INPUT ); diff --git a/library/md2.c b/library/md2.c index 110cd95bc..2ac7eba61 100644 --- a/library/md2.c +++ b/library/md2.c @@ -155,7 +155,7 @@ void md2_update( md2_context *ctx, const unsigned char *input, size_t ilen ) while( ilen > 0 ) { - if( ctx->left + ilen > 16 ) + if( ilen > 16 - ctx->left ) fill = 16 - ctx->left; else fill = ilen; From 7ded99ff6475d04d02344bfab9a00e482526dbe2 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 18 Jan 2017 17:21:03 +0000 Subject: [PATCH 18/44] Fix integer overflow in mbedtls_base64_decode() Fix potential integer overflows in the function mbedtls_base64_decode(). This overflow would mainly be exploitable in 32-bit systems and could cause buffer bound checks to be bypassed. --- ChangeLog | 2 ++ library/base64.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 545893fb6..81af3700a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,8 @@ Bugfix cause buffer bound checks to be bypassed. Found by Eyal Itkin. * Fixed potential arithmetic overflow in mbedtls_md2_update() that could cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in mbedtls_base64_decode() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. = mbed TLS 1.3.18 branch 2016-10-17 diff --git a/library/base64.c b/library/base64.c index 7de87e51c..3de67f090 100644 --- a/library/base64.c +++ b/library/base64.c @@ -198,7 +198,7 @@ int base64_decode( unsigned char *dst, size_t *dlen, return( 0 ); } - n = ( ( n * 6 ) + 7 ) >> 3; + n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); n -= j; if( dst == NULL || *dlen < n ) From b2bad3c79be5712a2213fc13d092898c7889988f Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 1 Feb 2017 12:38:44 +0000 Subject: [PATCH 19/44] Adds dl link library to OpenSSL example builds The example o_p_test uses OpenSSL. On some platforms that fails to build unless the dl library is included as a static link library. --- programs/test/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index da3376e64..500043146 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -31,7 +31,7 @@ install(TARGETS selftest benchmark ssl_test ssl_cert_test if(OPENSSL_FOUND) add_executable(o_p_test o_p_test.c) include_directories(${OPENSSL_INCLUDE_DIR}) - target_link_libraries(o_p_test ${libs} ${OPENSSL_LIBRARIES}) + target_link_libraries(o_p_test ${libs} ${OPENSSL_LIBRARIES} ${CMAKE_DL_LIBS}) install(TARGETS o_p_test DESTINATION "bin" From ba32ebf7f4ad336cb1f5429fba884d70bf94e39d Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Feb 2017 08:46:53 +0000 Subject: [PATCH 20/44] Add comment to integer overflow fix in base64.c Adds clarifying comment to the integer overflow fix in base64.c --- library/base64.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/base64.c b/library/base64.c index 3de67f090..ba6926083 100644 --- a/library/base64.c +++ b/library/base64.c @@ -198,6 +198,10 @@ int base64_decode( unsigned char *dst, size_t *dlen, return( 0 ); } + /* The following expression is to calculate the following formula without + * risk of integer overflow in n: + * n = ( ( n * 6 ) + 7 ) >> 3; + */ n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); n -= j; From e6254531d06763777e2f0ff9ea072847459b42e7 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Feb 2017 15:01:24 +0000 Subject: [PATCH 21/44] Fix curves.pl script to build The script, `tests/scripts/curves.pl` was broken, and did not build due to the make command not having been updated with the change from polarssl to mbed TLS. --- tests/scripts/curves.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl index 1f489a387..25e43d896 100755 --- a/tests/scripts/curves.pl +++ b/tests/scripts/curves.pl @@ -34,7 +34,7 @@ for my $curve (@curves) { system( "scripts/config.pl unset $curve" ) and abort "Failed to disable $curve\n"; - system( "make polarssl" ) and abort "Failed to build lib: $curve\n"; + system( "make lib" ) and abort "Failed to build lib: $curve\n"; system( "cd tests && make" ) and abort "Failed to build tests: $curve\n"; system( "make $test" ) and abort "Failed test suite: $curve\n"; From 851dcc96d4a19b66668abfec1b0a35b6a68c88cd Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Feb 2017 16:53:50 +0000 Subject: [PATCH 22/44] Add credit to Changelog for #562 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 81af3700a..3c7a423b2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,7 +8,7 @@ Bugfix by Eyal Itkin. * Fix unused variable/function compilation warnings in pem.c and x509_csr.c that are reported when building mbed TLS with a config.h that does not - define POLARSSL_PEM_PARSE_C. #562 + define POLARSSL_PEM_PARSE_C. Found by omnium21. #562 * Fixed potential arithmetic overflow in mbedtls_ctr_drbg_reseed() that could cause buffer bound checks to be bypassed. Found by Eyal Itkin. * Fixed potential arithmetic overflows in mbedtls_cipher_update() that could From 63c4fda9cfd52606902565c69692f4d7bdd176db Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 3 Feb 2017 13:00:02 +0000 Subject: [PATCH 23/44] Add lib target to library/CMakeLists.txt --- library/CMakeLists.txt | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 8ccc7a391..d98fc716a 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -136,10 +136,18 @@ endif(USE_SHARED_MBEDTLS_LIBRARY) if(UNIX) add_custom_target(polarssl - DEPENDS mbedtls # TODO: and mbedtls_static is shared is defined + DEPENDS mbedtls COMMAND ${CMAKE_SOURCE_DIR}/scripts/polarssl_symlinks.sh ${CMAKE_BINARY_DIR}/library ) + add_custom_target(lib + DEPENDS polarssl + ) + + set_directory_properties(PROPERTIES + ADDITIONAL_MAKE_CLEAN_FILES "${CMAKE_BINARY_DIR}/library/libpolarssl.a" + ) + if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) add_dependencies(polarssl mbedtls_static) endif() From de6079af8e60fc07ad64747db3e2731388305f53 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 24 Oct 2016 11:23:36 +0100 Subject: [PATCH 24/44] Fix buffer overreads in mbedtls_pem_read_buffer() --- ChangeLog | 3 +++ library/pem.c | 20 +++++++++++--------- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 316c5def2..80c9c09a4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,9 @@ Bugfix * Fix unused variable/function compilation warnings in pem.c and x509_csr.c that are reported when building mbed TLS with a config.h that does not define POLARSSL_PEM_PARSE_C. Found by omnium21. #562 + * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing + the input string in pem format to extract the different components. Found + by Eyal Itkin. = mbed TLS 1.3.18 branch 2016-10-17 diff --git a/library/pem.c b/library/pem.c index ac8311691..b2c16c292 100644 --- a/library/pem.c +++ b/library/pem.c @@ -250,7 +250,7 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, enc = 0; - if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 ) + if( s2 - s1 >= 22 && memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 ) { #if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \ ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) ) @@ -263,22 +263,22 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, #if defined(POLARSSL_DES_C) - if( memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 ) + if( s2 - s1 >= 23 && memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 ) { enc_alg = POLARSSL_CIPHER_DES_EDE3_CBC; s1 += 23; - if( pem_get_iv( s1, pem_iv, 8 ) != 0 ) + if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8 ) != 0 ) return( POLARSSL_ERR_PEM_INVALID_ENC_IV ); s1 += 16; } - else if( memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 ) + else if( s2 - s1 >= 18 && memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 ) { enc_alg = POLARSSL_CIPHER_DES_CBC; s1 += 18; - if( pem_get_iv( s1, pem_iv, 8) != 0 ) + if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8) != 0 ) return( POLARSSL_ERR_PEM_INVALID_ENC_IV ); s1 += 16; @@ -286,9 +286,11 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, #endif /* POLARSSL_DES_C */ #if defined(POLARSSL_AES_C) - if( memcmp( s1, "DEK-Info: AES-", 14 ) == 0 ) + if( s2 - s1 >= 14 && memcmp( s1, "DEK-Info: AES-", 14 ) == 0 ) { - if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 ) + if( s2 - s1 < 22 ) + return( POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG ); + else if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 ) enc_alg = POLARSSL_CIPHER_AES_128_CBC; else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 ) enc_alg = POLARSSL_CIPHER_AES_192_CBC; @@ -298,7 +300,7 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, return( POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG ); s1 += 22; - if( pem_get_iv( s1, pem_iv, 16 ) != 0 ) + if( s2 - s1 < 32 || pem_get_iv( s1, pem_iv, 16 ) != 0 ) return( POLARSSL_ERR_PEM_INVALID_ENC_IV ); s1 += 32; @@ -317,7 +319,7 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, ( POLARSSL_AES_C || POLARSSL_DES_C ) */ } - if( s1 == s2 ) + if( s1 >= s2 ) return( POLARSSL_ERR_PEM_INVALID_DATA ); len = 0; From 480f7e7d5e5996f2bfd9a88aa2a043edae5c0354 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 24 Oct 2016 14:31:54 +0100 Subject: [PATCH 25/44] Add tests for overreads in pem_read_buffer() --- ChangeLog | 2 +- tests/suites/test_suite_pem.data | 9 +++++++++ tests/suites/test_suite_pem.function | 24 ++++++++++++++++++------ 3 files changed, 28 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 80c9c09a4..83fd5ac5f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,7 +14,7 @@ Bugfix that are reported when building mbed TLS with a config.h that does not define POLARSSL_PEM_PARSE_C. Found by omnium21. #562 * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing - the input string in pem format to extract the different components. Found + the input string in PEM format to extract the different components. Found by Eyal Itkin. = mbed TLS 1.3.18 branch 2016-10-17 diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index 311ea9c15..9c7b30517 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -15,3 +15,12 @@ pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"00010203040506 PEM write (exactly two lines + 1) pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n" + +PEM read (DES-EDE3-CBC + invalid iv) +pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":-4608 + +PEM read (DES-CBC + invalid iv) +pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":-4608 + +PEM read (unknown encryption algorithm) +pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":-4736 diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function index f8aab47c1..e0b767984 100644 --- a/tests/suites/test_suite_pem.function +++ b/tests/suites/test_suite_pem.function @@ -3,12 +3,7 @@ #include "polarssl/pem.h" /* END_HEADER */ -/* BEGIN_DEPENDENCIES - * depends_on:POLARSSL_PEM_WRITE_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:POLARSSL_PEM_WRITE_C */ void pem_write_buffer( char *start, char *end, char *buf_str, char *result_str ) { unsigned char buf[5000]; @@ -38,3 +33,20 @@ exit: polarssl_free( check_buf ); } /* END_CASE */ + +/* BEGIN_CASE depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_AES_C:POLARSSL_DES_C:POLARSSL_MD5_C:POLARSSL_CIPHER_MODE_CBC */ +void pem_read_buffer( char *header, char *footer, char *data, int ret ) +{ + pem_context ctx; + size_t use_len = 0; + + pem_init( &ctx ); + + TEST_ASSERT( pem_read_buffer( &ctx, header, footer, + (const unsigned char *)data, NULL, 0, + &use_len ) == ret ); + +exit: + pem_free( &ctx ); +} +/* END_CASE */ From 74ef65077202543b06f1d310d2db3fb69facc0d7 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 18 Jan 2017 13:56:58 +0000 Subject: [PATCH 26/44] Fix integer overflows in buffer bound checks Fix potential integer overflows in the following functions: * mbedtls_md2_update() to be bypassed and cause * mbedtls_cipher_update() * mbedtls_ctr_drbg_reseed() This overflows would mainly be exploitable in 32-bit systems and could cause buffer bound checks to be bypassed. --- ChangeLog | 6 ++++++ library/cipher.c | 4 ++-- library/ctr_drbg.c | 3 ++- library/md2.c | 2 +- 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 83fd5ac5f..6f5d24b72 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,12 @@ Bugfix * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing the input string in PEM format to extract the different components. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in mbedtls_ctr_drbg_reseed() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflows in mbedtls_cipher_update() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in mbedtls_md2_update() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. = mbed TLS 1.3.18 branch 2016-10-17 diff --git a/library/cipher.c b/library/cipher.c index b69d33106..7ea25cfc2 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -315,9 +315,9 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, * If there is not enough data for a full block, cache it. */ if( ( ctx->operation == POLARSSL_DECRYPT && - ilen + ctx->unprocessed_len <= cipher_get_block_size( ctx ) ) || + ilen <= cipher_get_block_size( ctx ) - ctx->unprocessed_len ) || ( ctx->operation == POLARSSL_ENCRYPT && - ilen + ctx->unprocessed_len < cipher_get_block_size( ctx ) ) ) + ilen < cipher_get_block_size( ctx ) - ctx->unprocessed_len ) ) { memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, ilen ); diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 24adff08f..7b315e888 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -277,7 +277,8 @@ int ctr_drbg_reseed( ctr_drbg_context *ctx, unsigned char seed[CTR_DRBG_MAX_SEED_INPUT]; size_t seedlen = 0; - if( ctx->entropy_len + len > CTR_DRBG_MAX_SEED_INPUT ) + if( ctx->entropy_len > CTR_DRBG_MAX_SEED_INPUT || + len > CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len ) return( POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG ); memset( seed, 0, CTR_DRBG_MAX_SEED_INPUT ); diff --git a/library/md2.c b/library/md2.c index 110cd95bc..2ac7eba61 100644 --- a/library/md2.c +++ b/library/md2.c @@ -155,7 +155,7 @@ void md2_update( md2_context *ctx, const unsigned char *input, size_t ilen ) while( ilen > 0 ) { - if( ctx->left + ilen > 16 ) + if( ilen > 16 - ctx->left ) fill = 16 - ctx->left; else fill = ilen; From 59abd301f53d295c9a831fdcf9f97ef2878df72a Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 18 Jan 2017 17:21:03 +0000 Subject: [PATCH 27/44] Fix integer overflow in mbedtls_base64_decode() Fix potential integer overflows in the function mbedtls_base64_decode(). This overflow would mainly be exploitable in 32-bit systems and could cause buffer bound checks to be bypassed. --- ChangeLog | 2 ++ library/base64.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 6f5d24b72..d8b106100 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,8 @@ Bugfix cause buffer bound checks to be bypassed. Found by Eyal Itkin. * Fixed potential arithmetic overflow in mbedtls_md2_update() that could cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in mbedtls_base64_decode() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. = mbed TLS 1.3.18 branch 2016-10-17 diff --git a/library/base64.c b/library/base64.c index 7de87e51c..3de67f090 100644 --- a/library/base64.c +++ b/library/base64.c @@ -198,7 +198,7 @@ int base64_decode( unsigned char *dst, size_t *dlen, return( 0 ); } - n = ( ( n * 6 ) + 7 ) >> 3; + n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); n -= j; if( dst == NULL || *dlen < n ) From 746edf4e75e686075f0659701151582b56cb4ffb Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Feb 2017 08:46:53 +0000 Subject: [PATCH 28/44] Add comment to integer overflow fix in base64.c Adds clarifying comment to the integer overflow fix in base64.c --- library/base64.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/base64.c b/library/base64.c index 3de67f090..ba6926083 100644 --- a/library/base64.c +++ b/library/base64.c @@ -198,6 +198,10 @@ int base64_decode( unsigned char *dst, size_t *dlen, return( 0 ); } + /* The following expression is to calculate the following formula without + * risk of integer overflow in n: + * n = ( ( n * 6 ) + 7 ) >> 3; + */ n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); n -= j; From 22d77a209f05be7a461bf24b9fb1133e662b13f3 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 2 Feb 2017 14:36:49 +0000 Subject: [PATCH 29/44] Fix generate_code.pl to handle escaped : --- tests/scripts/generate_code.pl | 2 +- tests/suites/test_suite_pem.data | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 078e82df9..e13a2d0da 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -139,7 +139,7 @@ while($test_cases =~ /\/\* BEGIN_CASE *([\w:]*) \*\/\n(.*?)\n\/\* END_CASE \*\// $param_defs .= " char *param$i = params[$i];\n"; $param_checks .= " if( verify_string( ¶m$i ) != 0 ) return( 2 );\n"; push @dispatch_params, "param$i"; - $mapping_regex .= ":[^:\n]+"; + $mapping_regex .= ":(?:\\\\.|[^:\n])+"; } else { diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index 9c7b30517..b5f63e550 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -17,10 +17,10 @@ PEM write (exactly two lines + 1) pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n" PEM read (DES-EDE3-CBC + invalid iv) -pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":-4608 +pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":POLARSSL_ERR_PEM_INVALID_ENC_IV PEM read (DES-CBC + invalid iv) -pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":-4608 +pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":POLARSSL_ERR_PEM_INVALID_ENC_IV PEM read (unknown encryption algorithm) -pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":-4736 +pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG From dcd49ec05a85cc465af30be5366435626418fcd2 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 3 Feb 2017 13:00:02 +0000 Subject: [PATCH 30/44] Add lib target to library/CMakeLists.txt --- library/CMakeLists.txt | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 8ccc7a391..d98fc716a 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -136,10 +136,18 @@ endif(USE_SHARED_MBEDTLS_LIBRARY) if(UNIX) add_custom_target(polarssl - DEPENDS mbedtls # TODO: and mbedtls_static is shared is defined + DEPENDS mbedtls COMMAND ${CMAKE_SOURCE_DIR}/scripts/polarssl_symlinks.sh ${CMAKE_BINARY_DIR}/library ) + add_custom_target(lib + DEPENDS polarssl + ) + + set_directory_properties(PROPERTIES + ADDITIONAL_MAKE_CLEAN_FILES "${CMAKE_BINARY_DIR}/library/libpolarssl.a" + ) + if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) add_dependencies(polarssl mbedtls_static) endif() From 7346a7e55a4fb936da97044bc261bd460e92e511 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 26 Feb 2017 02:01:49 +0000 Subject: [PATCH 31/44] Fix formatting in ChangeLog --- ChangeLog | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index beb4dca7e..6ff5cc183 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,11 +3,11 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 1.3.x branch released xxxx-xx-xx Security - * Add checks to prevent signature forgeries for very large messages while - using RSA through the PK module in 64-bit systems. The issue was caused by - some data loss when casting a size_t to an unsigned int value in the - functions rsa_verify_wrap(), rsa_sign_wrap(), rsa_alt_sign_wrap() and - pk_sign(). Found by Jean-Philippe Aumasson. + * Add checks to prevent signature forgeries for very large messages while + using RSA through the PK module in 64-bit systems. The issue was caused by + some data loss when casting a size_t to an unsigned int value in the + functions rsa_verify_wrap(), rsa_sign_wrap(), rsa_alt_sign_wrap() and + pk_sign(). Found by Jean-Philippe Aumasson. * Fixed potential livelock during the parsing of a CRL in PEM format in mbedtls_x509_crl_parse(). A string containing a CRL followed by trailing characters after the footer could result in the execution of an infinite From 03af0e0151b82e93fb43100dc44fa57c5742278d Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 23 Jan 2017 14:58:27 +0000 Subject: [PATCH 32/44] Fix memory leak in x509_crl_parse() The memory leak call was caused by missing calls to pem_free(). --- ChangeLog | 3 +++ library/x509_crl.c | 5 +++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index fd7a3f5b6..12c541cde 100644 --- a/ChangeLog +++ b/ChangeLog @@ -37,6 +37,9 @@ Bugfix cause buffer bound checks to be bypassed. Found by Eyal Itkin. * Fixed potential arithmetic overflow in mbedtls_base64_decode() that could cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fix potential memory leak in x509_crl_parse(). The leak was caused by + missing calls to pem_free() in cases when a + POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was encountered. = mbed TLS 1.3.18 branch 2016-10-17 diff --git a/library/x509_crl.c b/library/x509_crl.c index 0d92bb131..b2b0bed6e 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -520,16 +520,17 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen ) if( ( ret = x509_crl_parse_der( chain, pem.buf, pem.buflen ) ) != 0 ) { + pem_free( &pem ); return( ret ); } - - pem_free( &pem ); } else if( is_pem ) { pem_free( &pem ); return( ret ); } + + pem_free( &pem ); } while( is_pem && buflen > 0 ); From bfef0ce5e46473e41de87482e81c775e0c766e3b Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 28 Feb 2017 16:36:22 +0000 Subject: [PATCH 33/44] Fix credit in ChangeLog for #722 --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 12c541cde..e26caed4a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -39,7 +39,8 @@ Bugfix cause buffer bound checks to be bypassed. Found by Eyal Itkin. * Fix potential memory leak in x509_crl_parse(). The leak was caused by missing calls to pem_free() in cases when a - POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was encountered. + POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was encountered. Found and + fix proposed by Guido Vranken. #722 = mbed TLS 1.3.18 branch 2016-10-17 From 0990a8b4c54a39a30f143d1cf7ff35575c957fa8 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 27 Jan 2017 15:51:14 +0000 Subject: [PATCH 34/44] Add invalid key tests for curve SECP224K1 This curve has special arithmetic on 64 bit platforms and an untested path lead to trying to free a buffer on the stack. For the sake of completeness, a test case for a point with non-affine coordinates has been added as well. --- tests/suites/test_suite_ecp.data | 12 ++++++++++-- tests/suites/test_suite_ecp.function | 7 ++++--- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index a5dc528e4..1a6c241b7 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -161,11 +161,19 @@ ecp_small_check_pub:10:25:1:POLARSSL_ERR_ECP_INVALID_KEY ECP check pubkey Montgomery #1 (too big) depends_on:POLARSSL_ECP_DP_M255_ENABLED -ecp_check_pub_mx:POLARSSL_ECP_DP_M255:"010000000000000000000000000000000000000000000000000000000000000000":POLARSSL_ERR_ECP_INVALID_KEY +ecp_check_pub:POLARSSL_ECP_DP_M255:"010000000000000000000000000000000000000000000000000000000000000000":"0":"1":POLARSSL_ERR_ECP_INVALID_KEY ECP check pubkey Montgomery #2 (biggest) depends_on:POLARSSL_ECP_DP_M255_ENABLED -ecp_check_pub_mx:POLARSSL_ECP_DP_M255:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":0 +ecp_check_pub:POLARSSL_ECP_DP_M255:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":"0":"1":0 + +ECP check pubkey Koblitz #1 (point not on curve) +depends_on:POLARSSL_ECP_DP_SECP224K1_ENABLED +ecp_check_pub:POLARSSL_ECP_DP_SECP224K1:"E2000000000000BB3A13D43B323337383935321F0603551D":"100101FF040830060101FF02010A30220603551D0E041B04636FC0C0":"1":POLARSSL_ERR_ECP_INVALID_KEY + +ECP check pubkey Koblitz #2 (coordinate not affine) +depends_on:POLARSSL_ECP_DP_SECP224K1_ENABLED +ecp_check_pub:POLARSSL_ECP_DP_SECP224K1:"E2000000000000BB3A13D43B323337383935321F0603551D":"100101FF040830060101FF02010A30220603551D0E041B04636FC0C0":"101":POLARSSL_ERR_ECP_INVALID_KEY ECP write binary #0 (zero, bad format) depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 696c5977e..edb4b61d6 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -196,7 +196,7 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void ecp_check_pub_mx( int grp_id, char *key_hex, int ret ) +void ecp_check_pub( int grp_id, char *x_hex, char *y_hex, char *z_hex, int ret ) { ecp_group grp; ecp_point P; @@ -206,8 +206,9 @@ void ecp_check_pub_mx( int grp_id, char *key_hex, int ret ) TEST_ASSERT( ecp_use_known_dp( &grp, grp_id ) == 0 ); - TEST_ASSERT( mpi_read_string( &P.X, 16, key_hex ) == 0 ); - TEST_ASSERT( mpi_lset( &P.Z, 1 ) == 0 ); + TEST_ASSERT( mpi_read_string( &P.X, 16, x_hex ) == 0 ); + TEST_ASSERT( mpi_read_string( &P.Y, 16, y_hex ) == 0 ); + TEST_ASSERT( mpi_read_string( &P.Z, 16, z_hex ) == 0 ); TEST_ASSERT( ecp_check_pubkey( &grp, &P ) == ret ); From f5ffc79896681daddf7530646c0908f51a887dbd Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 27 Jan 2017 16:05:20 +0000 Subject: [PATCH 35/44] ECP: Prevent freeing a buffer on stack The function ecp_mod_koblitz computed the space for the result of a multiplication optimally for that specific case, but unfortunately the function mbedtls_mpi_mul_mpi performs a generic, suboptimal calculation and needs one more limb for the result. Since the result's buffer is on the stack, the best case scenario is that the program stops. This only happened on 64 bit platforms. Fixes #569 --- ChangeLog | 6 ++++++ library/ecp_curves.c | 6 +++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index e26caed4a..e657ebeee 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,12 @@ Security characters after the footer could result in the execution of an infinite loop. The issue can be triggered remotely. Found by Greg Zaverucha, Microsoft. + * Fixed a bug that caused freeing a buffer that was allocated on the stack, + when verifying the validity of a key on secp224k1. This could be + triggered remotely for example with a maliciously constructed certificate + and might have led to remote code execution on some exotic embedded + platforms. Reported independently by rongsaws and Regina Wilson. + CVE-2017-2784 Bugfix * Fix output certificate verification flags set by x509_crt_verify_top() when diff --git a/library/ecp_curves.c b/library/ecp_curves.c index f5afe44b5..db6ad3ced 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -1264,7 +1264,7 @@ static inline int ecp_mod_koblitz( mpi *N, t_uint *Rp, size_t p_limbs, int ret; size_t i; mpi M, R; - t_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R]; + t_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1]; if( N->n < p_limbs ) return( 0 ); @@ -1286,7 +1286,7 @@ static inline int ecp_mod_koblitz( mpi *N, t_uint *Rp, size_t p_limbs, memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( t_uint ) ); if( shift != 0 ) MPI_CHK( mpi_shift_r( &M, shift ) ); - M.n += R.n - adjust; /* Make room for multiplication by R */ + M.n += R.n; /* Make room for multiplication by R */ /* N = A0 */ if( mask != 0 ) @@ -1308,7 +1308,7 @@ static inline int ecp_mod_koblitz( mpi *N, t_uint *Rp, size_t p_limbs, memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( t_uint ) ); if( shift != 0 ) MPI_CHK( mpi_shift_r( &M, shift ) ); - M.n += R.n - adjust; /* Make room for multiplication by R */ + M.n += R.n; /* Make room for multiplication by R */ /* N = A0 */ if( mask != 0 ) From 866a447784cf8ec9fcc337cd2afd8aad0ac9cba5 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 28 Feb 2017 18:47:27 +0000 Subject: [PATCH 36/44] Clarify ChangeLog for #569 --- ChangeLog | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index e657ebeee..4ccba2fff 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,9 +16,8 @@ Security * Fixed a bug that caused freeing a buffer that was allocated on the stack, when verifying the validity of a key on secp224k1. This could be triggered remotely for example with a maliciously constructed certificate - and might have led to remote code execution on some exotic embedded - platforms. Reported independently by rongsaws and Regina Wilson. - CVE-2017-2784 + and potentially could lead to remote code execution on some platforms. + Reported independently by rongsaws and Regina Wilson. #569 CVE-2017-2784 Bugfix * Fix output certificate verification flags set by x509_crt_verify_top() when From 5b6002555ed32e987ee132835661549757c0c73a Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 1 Mar 2017 22:17:49 +0000 Subject: [PATCH 37/44] Fix Visual Studio template files Adds interim directories to the Visual Studio project files to avoid warning MSB8028 in Visual Studio 2015, where shared directories of intermediate files between project files generate the warning. --- .../data_files/vs2010-app-template.vcxproj | 28 +++++++++++-------- .../data_files/vs2010-main-template.vcxproj | 4 +++ 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/scripts/data_files/vs2010-app-template.vcxproj b/scripts/data_files/vs2010-app-template.vcxproj index 593c22df9..806130a10 100644 --- a/scripts/data_files/vs2010-app-template.vcxproj +++ b/scripts/data_files/vs2010-app-template.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/scripts/data_files/vs2010-main-template.vcxproj b/scripts/data_files/vs2010-main-template.vcxproj index 6e30ffe15..773b58a33 100644 --- a/scripts/data_files/vs2010-main-template.vcxproj +++ b/scripts/data_files/vs2010-main-template.vcxproj @@ -65,15 +65,19 @@ true + $(Configuration)\$(TargetName)\ true + $(Configuration)\$(TargetName)\ false + $(Configuration)\$(TargetName)\ false + $(Configuration)\$(TargetName)\ From c1526faaeed0013601752a8eb8858118c02080b6 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 1 Mar 2017 23:18:38 +0000 Subject: [PATCH 38/44] Update of the Visual Studio files Contains additional project file, ecdh_curve25519.vcxproj, as well as fix for intermediate files causing the warning MSB8028 with Visual Studio 2015. --- visualc/VS2010/aescrypt2.vcxproj | 28 ++++++++++++---------- visualc/VS2010/benchmark.vcxproj | 28 ++++++++++++---------- visualc/VS2010/cert_app.vcxproj | 28 ++++++++++++---------- visualc/VS2010/cert_req.vcxproj | 28 ++++++++++++---------- visualc/VS2010/cert_write.vcxproj | 28 ++++++++++++---------- visualc/VS2010/crl_app.vcxproj | 28 ++++++++++++---------- visualc/VS2010/crypt_and_hash.vcxproj | 28 ++++++++++++---------- visualc/VS2010/dh_client.vcxproj | 28 ++++++++++++---------- visualc/VS2010/dh_genprime.vcxproj | 28 ++++++++++++---------- visualc/VS2010/dh_server.vcxproj | 28 ++++++++++++---------- visualc/VS2010/ecdsa.vcxproj | 28 ++++++++++++---------- visualc/VS2010/gen_entropy.vcxproj | 28 ++++++++++++---------- visualc/VS2010/gen_key.vcxproj | 28 ++++++++++++---------- visualc/VS2010/gen_random_ctr_drbg.vcxproj | 28 ++++++++++++---------- visualc/VS2010/gen_random_havege.vcxproj | 28 ++++++++++++---------- visualc/VS2010/generic_sum.vcxproj | 28 ++++++++++++---------- visualc/VS2010/hello.vcxproj | 28 ++++++++++++---------- visualc/VS2010/key_app.vcxproj | 28 ++++++++++++---------- visualc/VS2010/key_app_writer.vcxproj | 28 ++++++++++++---------- visualc/VS2010/mbedTLS.vcxproj | 4 ++++ visualc/VS2010/md5sum.vcxproj | 28 ++++++++++++---------- visualc/VS2010/mini_client.vcxproj | 28 ++++++++++++---------- visualc/VS2010/mpi_demo.vcxproj | 28 ++++++++++++---------- visualc/VS2010/pem2der.vcxproj | 28 ++++++++++++---------- visualc/VS2010/pk_decrypt.vcxproj | 28 ++++++++++++---------- visualc/VS2010/pk_encrypt.vcxproj | 28 ++++++++++++---------- visualc/VS2010/pk_sign.vcxproj | 28 ++++++++++++---------- visualc/VS2010/pk_verify.vcxproj | 28 ++++++++++++---------- visualc/VS2010/req_app.vcxproj | 28 ++++++++++++---------- visualc/VS2010/rsa_decrypt.vcxproj | 28 ++++++++++++---------- visualc/VS2010/rsa_encrypt.vcxproj | 28 ++++++++++++---------- visualc/VS2010/rsa_genkey.vcxproj | 28 ++++++++++++---------- visualc/VS2010/rsa_sign.vcxproj | 28 ++++++++++++---------- visualc/VS2010/rsa_sign_pss.vcxproj | 28 ++++++++++++---------- visualc/VS2010/rsa_verify.vcxproj | 28 ++++++++++++---------- visualc/VS2010/rsa_verify_pss.vcxproj | 28 ++++++++++++---------- visualc/VS2010/selftest.vcxproj | 28 ++++++++++++---------- visualc/VS2010/sha1sum.vcxproj | 28 ++++++++++++---------- visualc/VS2010/sha2sum.vcxproj | 28 ++++++++++++---------- visualc/VS2010/ssl_cert_test.vcxproj | 28 ++++++++++++---------- visualc/VS2010/ssl_client1.vcxproj | 28 ++++++++++++---------- visualc/VS2010/ssl_client2.vcxproj | 28 ++++++++++++---------- visualc/VS2010/ssl_fork_server.vcxproj | 28 ++++++++++++---------- visualc/VS2010/ssl_mail_client.vcxproj | 28 ++++++++++++---------- visualc/VS2010/ssl_server.vcxproj | 28 ++++++++++++---------- visualc/VS2010/ssl_server2.vcxproj | 28 ++++++++++++---------- visualc/VS2010/ssl_test.vcxproj | 28 ++++++++++++---------- visualc/VS2010/strerror.vcxproj | 28 ++++++++++++---------- 48 files changed, 756 insertions(+), 564 deletions(-) diff --git a/visualc/VS2010/aescrypt2.vcxproj b/visualc/VS2010/aescrypt2.vcxproj index afbfe48c7..644ef751b 100644 --- a/visualc/VS2010/aescrypt2.vcxproj +++ b/visualc/VS2010/aescrypt2.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/benchmark.vcxproj b/visualc/VS2010/benchmark.vcxproj index ee3ada3be..2655c657c 100644 --- a/visualc/VS2010/benchmark.vcxproj +++ b/visualc/VS2010/benchmark.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/cert_app.vcxproj b/visualc/VS2010/cert_app.vcxproj index 0988a298a..e73b5eb2a 100644 --- a/visualc/VS2010/cert_app.vcxproj +++ b/visualc/VS2010/cert_app.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/cert_req.vcxproj b/visualc/VS2010/cert_req.vcxproj index ef3ed2ea2..d378271df 100644 --- a/visualc/VS2010/cert_req.vcxproj +++ b/visualc/VS2010/cert_req.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/cert_write.vcxproj b/visualc/VS2010/cert_write.vcxproj index 43c009325..39a3239fc 100644 --- a/visualc/VS2010/cert_write.vcxproj +++ b/visualc/VS2010/cert_write.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/crl_app.vcxproj b/visualc/VS2010/crl_app.vcxproj index d7599990d..d4055982e 100644 --- a/visualc/VS2010/crl_app.vcxproj +++ b/visualc/VS2010/crl_app.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/crypt_and_hash.vcxproj b/visualc/VS2010/crypt_and_hash.vcxproj index d9d70ea39..35d4a7b9b 100644 --- a/visualc/VS2010/crypt_and_hash.vcxproj +++ b/visualc/VS2010/crypt_and_hash.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/dh_client.vcxproj b/visualc/VS2010/dh_client.vcxproj index c211badd0..4774caed8 100644 --- a/visualc/VS2010/dh_client.vcxproj +++ b/visualc/VS2010/dh_client.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/dh_genprime.vcxproj b/visualc/VS2010/dh_genprime.vcxproj index 4e2ee2049..ae8754c0b 100644 --- a/visualc/VS2010/dh_genprime.vcxproj +++ b/visualc/VS2010/dh_genprime.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/dh_server.vcxproj b/visualc/VS2010/dh_server.vcxproj index 025c54874..ee219971d 100644 --- a/visualc/VS2010/dh_server.vcxproj +++ b/visualc/VS2010/dh_server.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ecdsa.vcxproj b/visualc/VS2010/ecdsa.vcxproj index 5d83e1f40..786b838d5 100644 --- a/visualc/VS2010/ecdsa.vcxproj +++ b/visualc/VS2010/ecdsa.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/gen_entropy.vcxproj b/visualc/VS2010/gen_entropy.vcxproj index d3eee21cb..00905666d 100644 --- a/visualc/VS2010/gen_entropy.vcxproj +++ b/visualc/VS2010/gen_entropy.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/gen_key.vcxproj b/visualc/VS2010/gen_key.vcxproj index e72d47521..c7ee53f57 100644 --- a/visualc/VS2010/gen_key.vcxproj +++ b/visualc/VS2010/gen_key.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/gen_random_ctr_drbg.vcxproj b/visualc/VS2010/gen_random_ctr_drbg.vcxproj index cffbc434c..78da2dfcb 100644 --- a/visualc/VS2010/gen_random_ctr_drbg.vcxproj +++ b/visualc/VS2010/gen_random_ctr_drbg.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/gen_random_havege.vcxproj b/visualc/VS2010/gen_random_havege.vcxproj index 729f8fe60..7e638e3c5 100644 --- a/visualc/VS2010/gen_random_havege.vcxproj +++ b/visualc/VS2010/gen_random_havege.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/generic_sum.vcxproj b/visualc/VS2010/generic_sum.vcxproj index 3ff156304..b6438610a 100644 --- a/visualc/VS2010/generic_sum.vcxproj +++ b/visualc/VS2010/generic_sum.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/hello.vcxproj b/visualc/VS2010/hello.vcxproj index 1d368951e..e0692d9e2 100644 --- a/visualc/VS2010/hello.vcxproj +++ b/visualc/VS2010/hello.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/key_app.vcxproj b/visualc/VS2010/key_app.vcxproj index ecd1154ab..47e1b2936 100644 --- a/visualc/VS2010/key_app.vcxproj +++ b/visualc/VS2010/key_app.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/key_app_writer.vcxproj b/visualc/VS2010/key_app_writer.vcxproj index 6443005dc..c434baeb6 100644 --- a/visualc/VS2010/key_app_writer.vcxproj +++ b/visualc/VS2010/key_app_writer.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 0ee568a30..6e1119a04 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -65,15 +65,19 @@ true + $(Configuration)\$(TargetName)\ true + $(Configuration)\$(TargetName)\ false + $(Configuration)\$(TargetName)\ false + $(Configuration)\$(TargetName)\ diff --git a/visualc/VS2010/md5sum.vcxproj b/visualc/VS2010/md5sum.vcxproj index 02fae33d1..a70e6619f 100644 --- a/visualc/VS2010/md5sum.vcxproj +++ b/visualc/VS2010/md5sum.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/mini_client.vcxproj b/visualc/VS2010/mini_client.vcxproj index e3007d75b..4dbeb9d62 100644 --- a/visualc/VS2010/mini_client.vcxproj +++ b/visualc/VS2010/mini_client.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/mpi_demo.vcxproj b/visualc/VS2010/mpi_demo.vcxproj index 881ea2350..dfb68eb9c 100644 --- a/visualc/VS2010/mpi_demo.vcxproj +++ b/visualc/VS2010/mpi_demo.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/pem2der.vcxproj b/visualc/VS2010/pem2der.vcxproj index 50f877d90..3823107e8 100644 --- a/visualc/VS2010/pem2der.vcxproj +++ b/visualc/VS2010/pem2der.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/pk_decrypt.vcxproj b/visualc/VS2010/pk_decrypt.vcxproj index 17f0ffe90..9b689bf8f 100644 --- a/visualc/VS2010/pk_decrypt.vcxproj +++ b/visualc/VS2010/pk_decrypt.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/pk_encrypt.vcxproj b/visualc/VS2010/pk_encrypt.vcxproj index 2e49348da..c58c1d954 100644 --- a/visualc/VS2010/pk_encrypt.vcxproj +++ b/visualc/VS2010/pk_encrypt.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/pk_sign.vcxproj b/visualc/VS2010/pk_sign.vcxproj index 1549dfdc5..4b22d3e21 100644 --- a/visualc/VS2010/pk_sign.vcxproj +++ b/visualc/VS2010/pk_sign.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/pk_verify.vcxproj b/visualc/VS2010/pk_verify.vcxproj index 1aee7aeb7..6d9654c6a 100644 --- a/visualc/VS2010/pk_verify.vcxproj +++ b/visualc/VS2010/pk_verify.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/req_app.vcxproj b/visualc/VS2010/req_app.vcxproj index 1d3809527..5c6870ce1 100644 --- a/visualc/VS2010/req_app.vcxproj +++ b/visualc/VS2010/req_app.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/rsa_decrypt.vcxproj b/visualc/VS2010/rsa_decrypt.vcxproj index 67404ef20..fb3f4441c 100644 --- a/visualc/VS2010/rsa_decrypt.vcxproj +++ b/visualc/VS2010/rsa_decrypt.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/rsa_encrypt.vcxproj b/visualc/VS2010/rsa_encrypt.vcxproj index 8fab1d5ef..779c020cd 100644 --- a/visualc/VS2010/rsa_encrypt.vcxproj +++ b/visualc/VS2010/rsa_encrypt.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/rsa_genkey.vcxproj b/visualc/VS2010/rsa_genkey.vcxproj index 87e67f47c..756b597b4 100644 --- a/visualc/VS2010/rsa_genkey.vcxproj +++ b/visualc/VS2010/rsa_genkey.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/rsa_sign.vcxproj b/visualc/VS2010/rsa_sign.vcxproj index b24d3a1e3..cf15c7045 100644 --- a/visualc/VS2010/rsa_sign.vcxproj +++ b/visualc/VS2010/rsa_sign.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/rsa_sign_pss.vcxproj b/visualc/VS2010/rsa_sign_pss.vcxproj index d4b605c38..67246d12f 100644 --- a/visualc/VS2010/rsa_sign_pss.vcxproj +++ b/visualc/VS2010/rsa_sign_pss.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/rsa_verify.vcxproj b/visualc/VS2010/rsa_verify.vcxproj index daaa29da6..8aa85cb3f 100644 --- a/visualc/VS2010/rsa_verify.vcxproj +++ b/visualc/VS2010/rsa_verify.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/rsa_verify_pss.vcxproj b/visualc/VS2010/rsa_verify_pss.vcxproj index f8b8c807e..a046fe212 100644 --- a/visualc/VS2010/rsa_verify_pss.vcxproj +++ b/visualc/VS2010/rsa_verify_pss.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/selftest.vcxproj b/visualc/VS2010/selftest.vcxproj index 44268d21b..ae85181b0 100644 --- a/visualc/VS2010/selftest.vcxproj +++ b/visualc/VS2010/selftest.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/sha1sum.vcxproj b/visualc/VS2010/sha1sum.vcxproj index f0b927d65..fab781d08 100644 --- a/visualc/VS2010/sha1sum.vcxproj +++ b/visualc/VS2010/sha1sum.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/sha2sum.vcxproj b/visualc/VS2010/sha2sum.vcxproj index 030bebbf9..f8353ffec 100644 --- a/visualc/VS2010/sha2sum.vcxproj +++ b/visualc/VS2010/sha2sum.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ssl_cert_test.vcxproj b/visualc/VS2010/ssl_cert_test.vcxproj index 187c2ec4c..158f2366a 100644 --- a/visualc/VS2010/ssl_cert_test.vcxproj +++ b/visualc/VS2010/ssl_cert_test.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ssl_client1.vcxproj b/visualc/VS2010/ssl_client1.vcxproj index 479ca94cc..390593085 100644 --- a/visualc/VS2010/ssl_client1.vcxproj +++ b/visualc/VS2010/ssl_client1.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ssl_client2.vcxproj b/visualc/VS2010/ssl_client2.vcxproj index a956922d5..4fcb6adb7 100644 --- a/visualc/VS2010/ssl_client2.vcxproj +++ b/visualc/VS2010/ssl_client2.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ssl_fork_server.vcxproj b/visualc/VS2010/ssl_fork_server.vcxproj index 18c916557..389097684 100644 --- a/visualc/VS2010/ssl_fork_server.vcxproj +++ b/visualc/VS2010/ssl_fork_server.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ssl_mail_client.vcxproj b/visualc/VS2010/ssl_mail_client.vcxproj index c1856175c..e85cfcbf8 100644 --- a/visualc/VS2010/ssl_mail_client.vcxproj +++ b/visualc/VS2010/ssl_mail_client.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ssl_server.vcxproj b/visualc/VS2010/ssl_server.vcxproj index 09888b750..cf2b258aa 100644 --- a/visualc/VS2010/ssl_server.vcxproj +++ b/visualc/VS2010/ssl_server.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ssl_server2.vcxproj b/visualc/VS2010/ssl_server2.vcxproj index b39ce5dce..5cac05ef9 100644 --- a/visualc/VS2010/ssl_server2.vcxproj +++ b/visualc/VS2010/ssl_server2.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ssl_test.vcxproj b/visualc/VS2010/ssl_test.vcxproj index 33200ab78..56db6fd00 100644 --- a/visualc/VS2010/ssl_test.vcxproj +++ b/visualc/VS2010/ssl_test.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/strerror.vcxproj b/visualc/VS2010/strerror.vcxproj index 58feabceb..927942ffe 100644 --- a/visualc/VS2010/strerror.vcxproj +++ b/visualc/VS2010/strerror.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + From dccf7433658514e38efcdfc30e237bedb79260ef Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Mar 2017 09:18:09 +0000 Subject: [PATCH 39/44] Add fix and credit for #742 to the ChangeLog --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 4ccba2fff..03bad2ce1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -46,6 +46,9 @@ Bugfix missing calls to pem_free() in cases when a POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was encountered. Found and fix proposed by Guido Vranken. #722 + * Fixed the templates used to generate project and solution files for Visual + Studio 2015 as well as the files themselves, to remove a build warning + generated in Visual Studio 2015. Reported by Steve Valliere. #742 = mbed TLS 1.3.18 branch 2016-10-17 From c066af670baa44378878bff985728f2ec958d03b Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 1 Mar 2017 13:22:46 +0000 Subject: [PATCH 40/44] Fix failing pkparse test case The first three test cases from test_suites_pkparse.data failed because the key file they read requires DES to be read. However, POLARSSL_DES_C was missing from the dependency list. --- tests/suites/test_suite_pkparse.data | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index aab568d18..f9a35fc11 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -1,13 +1,13 @@ Parse RSA Key #1 (No password when required) -depends_on:POLARSSL_MD5_C:POLARSSL_PEM_PARSE_C:POLARSSL_CIPHER_MODE_CBC +depends_on:POLARSSL_MD5_C:POLARSSL_PEM_PARSE_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_DES_C pk_parse_keyfile_rsa:"data_files/test-ca.key":"NULL":POLARSSL_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #2 (Correct password) -depends_on:POLARSSL_MD5_C:POLARSSL_PEM_PARSE_C:POLARSSL_CIPHER_MODE_CBC +depends_on:POLARSSL_MD5_C:POLARSSL_PEM_PARSE_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_DES_C pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLTest":0 Parse RSA Key #3 (Wrong password) -depends_on:POLARSSL_MD5_C:POLARSSL_PEM_PARSE_C:POLARSSL_CIPHER_MODE_CBC +depends_on:POLARSSL_MD5_C:POLARSSL_PEM_PARSE_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_DES_C pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLWRONG":POLARSSL_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #4 (DES Encrypted) From 2b2fc115df493296ea9dd047d6b52aec7297c0cc Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 1 Mar 2017 14:04:08 +0000 Subject: [PATCH 41/44] Fix buffer overflow in mpi_write_string() Fix a buffer overflow when writting a string representation of an MPI number to a buffer in hexadecimal. The problem occurs because hex digits are written in pairs and this is not accounted for in the calculation of the required buffer size when the number of digits is odd. --- ChangeLog | 3 +++ library/bignum.c | 7 ++++++- tests/suites/test_suite_mpi.data | 3 +++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 03bad2ce1..8b9e4a6b4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -49,6 +49,9 @@ Bugfix * Fixed the templates used to generate project and solution files for Visual Studio 2015 as well as the files themselves, to remove a build warning generated in Visual Studio 2015. Reported by Steve Valliere. #742 + * Fix 1 byte buffer overflow in mpi_write_string() when the MPI number to + write in hexadecimal is negative and requires an odd number of digits. + Found and fixed by Guido Vranken. = mbed TLS 1.3.18 branch 2016-10-17 diff --git a/library/bignum.c b/library/bignum.c index 4fe841c34..afde19bd5 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -538,7 +538,12 @@ int mpi_write_string( const mpi *X, int radix, char *s, size_t *slen ) n = mpi_msb( X ); if( radix >= 4 ) n >>= 1; if( radix >= 16 ) n >>= 1; - n += 3; + /* + * Round up the buffer length to an even value to ensure that there is + * enough room for hexadecimal values that can be represented in an odd + * number of digits. + */ + n += 3 + ( ( n + 1 ) & 1 ); if( *slen < n ) { diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index a8da378f0..81fc73f32 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -46,6 +46,9 @@ mpi_read_write_string:16:"":16:"00":4:0:0 Test mpi_read_write_string #9 (Empty MPI -> dec) mpi_read_write_string:16:"":10:"0":4:0:0 +Test mpi_write_string #10 (Negative hex with odd number of digits) +mpi_read_write_string:16:"-1":16:"":3:0:POLARSSL_ERR_MPI_BUFFER_TOO_SMALL + Base test mpi_read_binary #1 mpi_read_binary:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924" From d2d6316afc28e2285068ae59b6c10d13e59a00de Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 3 Mar 2017 16:08:27 +0000 Subject: [PATCH 42/44] Removed duplicate entry in ChangeLog --- ChangeLog | 3 --- 1 file changed, 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8b9e4a6b4..215263d20 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,9 +31,6 @@ Bugfix * Fix unused variable/function compilation warnings in pem.c and x509_csr.c that are reported when building mbed TLS with a config.h that does not define POLARSSL_PEM_PARSE_C. Found by omnium21. #562 - * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing - the input string in PEM format to extract the different components. Found - by Eyal Itkin. * Fixed potential arithmetic overflow in mbedtls_ctr_drbg_reseed() that could cause buffer bound checks to be bypassed. Found by Eyal Itkin. * Fixed potential arithmetic overflows in mbedtls_cipher_update() that could From 4c5154d0c0d28353e4f311d869b20e959acac24a Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 8 Mar 2017 17:22:34 +0000 Subject: [PATCH 43/44] Updated version number to 1.3.19 for release --- ChangeLog | 2 +- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/polarssl/version.h | 8 ++++---- library/CMakeLists.txt | 2 +- tests/suites/test_suite_version.data | 4 ++-- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index 215263d20..1ff98d9ce 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 1.3.x branch released xxxx-xx-xx += mbed TLS 1.3.19 branch released 2017-03-08 Security * Add checks to prevent signature forgeries for very large messages while diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index efc583904..5a4de619c 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -4,7 +4,7 @@ */ /** - * @mainpage mbed TLS v1.3.18 source code documentation + * @mainpage mbed TLS v1.3.19 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 3a62380e4..15df9425e 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v1.3.18" +PROJECT_NAME = "mbed TLS v1.3.19" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/polarssl/version.h b/include/polarssl/version.h index d0ef7676b..7b4478c18 100644 --- a/include/polarssl/version.h +++ b/include/polarssl/version.h @@ -40,16 +40,16 @@ */ #define POLARSSL_VERSION_MAJOR 1 #define POLARSSL_VERSION_MINOR 3 -#define POLARSSL_VERSION_PATCH 18 +#define POLARSSL_VERSION_PATCH 19 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define POLARSSL_VERSION_NUMBER 0x01031200 -#define POLARSSL_VERSION_STRING "1.3.18" -#define POLARSSL_VERSION_STRING_FULL "mbed TLS 1.3.18" +#define POLARSSL_VERSION_NUMBER 0x01031300 +#define POLARSSL_VERSION_STRING "1.3.19" +#define POLARSSL_VERSION_STRING_FULL "mbed TLS 1.3.19" #if defined(POLARSSL_VERSION_C) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index d98fc716a..105c8fed2 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -117,7 +117,7 @@ endif() if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedtls SHARED ${src}) - set_target_properties(mbedtls PROPERTIES VERSION 1.3.18 SOVERSION 9) + set_target_properties(mbedtls PROPERTIES VERSION 1.3.19 SOVERSION 9) target_link_libraries(mbedtls ${libs}) diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index 1b2fd9eda..86d728118 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"1.3.18" +check_compiletime_version:"1.3.19" Check runtime library version -check_runtime_version:"1.3.18" +check_runtime_version:"1.3.19" Check for POLARSSL_VERSION_C check_feature:"POLARSSL_VERSION_C":0 From bb4bebc26a8d2f0060422a21cc2ab9a3598efa18 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 10 Mar 2017 20:31:09 +0000 Subject: [PATCH 44/44] Correct function names in the ChangeLog from backported fixed --- ChangeLog | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1ff98d9ce..509908177 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,14 +31,14 @@ Bugfix * Fix unused variable/function compilation warnings in pem.c and x509_csr.c that are reported when building mbed TLS with a config.h that does not define POLARSSL_PEM_PARSE_C. Found by omnium21. #562 - * Fixed potential arithmetic overflow in mbedtls_ctr_drbg_reseed() that could - cause buffer bound checks to be bypassed. Found by Eyal Itkin. - * Fixed potential arithmetic overflows in mbedtls_cipher_update() that could - cause buffer bound checks to be bypassed. Found by Eyal Itkin. - * Fixed potential arithmetic overflow in mbedtls_md2_update() that could - cause buffer bound checks to be bypassed. Found by Eyal Itkin. - * Fixed potential arithmetic overflow in mbedtls_base64_decode() that could - cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in ctr_drbg_reseed() that could cause + buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflows in cipher_update() that could cause + buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in md2_update() that could cause buffer + bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in base64_decode() that could cause + buffer bound checks to be bypassed. Found by Eyal Itkin. * Fix potential memory leak in x509_crl_parse(). The leak was caused by missing calls to pem_free() in cases when a POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was encountered. Found and