From 599d349811dcb438ac7969ad3cfbe897b6b6a0c9 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 8 Feb 2016 14:52:29 +0000 Subject: [PATCH 1/3] Included tests for the overflow --- library/rsa.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index fba68ddfc..3cb92f40c 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -529,7 +529,8 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, olen = ctx->len; hlen = mbedtls_md_get_size( md_info ); - if( olen < ilen + 2 * hlen + 2 ) + // first comparison checks for overflow + if( ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); memset( output, 0, olen ); @@ -594,8 +595,9 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); olen = ctx->len; - - if( olen < ilen + 11 ) + + // first comparison checks for overflow + if( ilen + 11 < ilen || olen < ilen + 11 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); nb_pad = olen - 3 - ilen; From 31581985a0965a238ca13fc152dda8bc2c4ad9ba Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 10 Feb 2016 16:25:55 +0000 Subject: [PATCH 2/3] Add Changelog entry for current branch --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 71aa60567..cff532e9c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,10 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.x branch +Security + * Fix potential integer overflow to buffer overflow in + mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt + Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three arguments where the same (in-place doubling). Found and fixed by Janos From 9678b5dccd42d745f734db01a7223007f580982f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 11 Feb 2016 10:35:13 +0100 Subject: [PATCH 3/3] Add precision about exploitability in ChangeLog Also fix some whitespace while at it. --- ChangeLog | 1 + library/rsa.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index cff532e9c..5b88a2506 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,7 @@ mbed TLS ChangeLog (Sorted per branch, date) Security * Fix potential integer overflow to buffer overflow in mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt + (not triggerable remotely in (D)TLS). Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three diff --git a/library/rsa.c b/library/rsa.c index 3cb92f40c..9150e8745 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -595,7 +595,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); olen = ctx->len; - + // first comparison checks for overflow if( ilen + 11 < ilen || olen < ilen + 11 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );