yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-24 22:15:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch for fix for #502 - Unchecked calls

Browse source
This commit is contained in:
Simon Butcher 2016-10-14 01:10:02 +01:00
parent 8a1a91f3da d1ebdf56be
commit 60371454bd
2 changed files with 25 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
ChangeLog
View file

@ -7,7 +7,7 @@ Security
with RFC5116 and could lead to session key recovery in very long TLS with RFC5116 and could lead to session key recovery in very long TLS
sessions. (H. Bock, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic - sessions. (H. Bock, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic -
"Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM in TLS") "Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM in TLS")
* Fix potential stack corruption in mbedtls_x509write_crt_der() and * Fix potential stack corruption in mbedtls_x509write_crt_der() and
mbedtls_x509write_csr_der() when the signature is copied to the buffer mbedtls_x509write_csr_der() when the signature is copied to the buffer
without checking whether there is enough space in the destination. The without checking whether there is enough space in the destination. The
issue cannot be triggered remotely. (found by Jethro Beekman) issue cannot be triggered remotely. (found by Jethro Beekman)
@ -30,6 +30,10 @@ Bugfix
* Fix documentation and implementation missmatch for function arguments of * Fix documentation and implementation missmatch for function arguments of
mbedtls_gcm_finish(). Found by cmiatpaar. #602 mbedtls_gcm_finish(). Found by cmiatpaar. #602
* Guarantee that P>Q at RSA key generation. Found by inestlerode. #558 * Guarantee that P>Q at RSA key generation. Found by inestlerode. #558
* Fix missing return code check after call to md_init_ctx() that could
result in usage of invalid md_ctx in rsa_rsaes_oaep_encrypt(),
rsa_rsaes_oaep_decrypt(), rsa_rsassa_pss_sign() and
rsa_rsassa_pss_verify_ext(). Fixed by Brian J. Murray. #502
Changes Changes
* Add compile time option for relaxed X509 time verification to enable * Add compile time option for relaxed X509 time verification to enable

24
library/rsa.c
View file

@ -547,7 +547,11 @@ int rsa_rsaes_oaep_encrypt( rsa_context *ctx,
memcpy( p, input, ilen ); memcpy( p, input, ilen );
md_init( &md_ctx ); md_init( &md_ctx );
md_init_ctx( &md_ctx, md_info ); if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
{
md_free( &md_ctx );
return( ret );
}
// maskedDB: Apply dbMask to DB // maskedDB: Apply dbMask to DB
// //
@ -728,7 +732,11 @@ int rsa_rsaes_oaep_decrypt( rsa_context *ctx,
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
md_init( &md_ctx ); md_init( &md_ctx );
md_init_ctx( &md_ctx, md_info ); if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
{
md_free( &md_ctx );
return( ret );
}
/* Generate lHash */ /* Generate lHash */
md( md_info, label, label_len, lhash ); md( md_info, label, label_len, lhash );
@ -974,7 +982,11 @@ int rsa_rsassa_pss_sign( rsa_context *ctx,
p += slen; p += slen;
md_init( &md_ctx ); md_init( &md_ctx );
md_init_ctx( &md_ctx, md_info ); if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
{
md_free( &md_ctx );
return( ret );
}
// Generate H = Hash( M' ) // Generate H = Hash( M' )
// //
@ -1247,7 +1259,11 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx,
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
md_init( &md_ctx ); md_init( &md_ctx );
md_init_ctx( &md_ctx, md_info ); if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
{
md_free( &md_ctx );
return( ret );
}
mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx ); mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx );