mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-05 14:35:35 +00:00
ECP: Prevent freeing a buffer on stack
The function ecp_mod_koblitz computed the space for the result of a multiplication optimally for that specific case, but unfortunately the function mbedtls_mpi_mul_mpi performs a generic, suboptimal calculation and needs one more limb for the result. Since the result's buffer is on the stack, the best case scenario is that the program stops. This only happened on 64 bit platforms. Fixes #569
This commit is contained in:
parent
28fff14113
commit
7dadc2f259
|
@ -12,6 +12,14 @@ Security
|
||||||
CertificateVerify messages, to prevent SLOTH attacks against TLS 1.2.
|
CertificateVerify messages, to prevent SLOTH attacks against TLS 1.2.
|
||||||
Introduced by interoperability fix for #513.
|
Introduced by interoperability fix for #513.
|
||||||
|
|
||||||
|
Security
|
||||||
|
* Fixed a bug that caused freeing a buffer that was allocated on the stack,
|
||||||
|
when verifying the validity of a key on secp224k1. This could be
|
||||||
|
triggered remotely for example with a maliciously constructed certificate
|
||||||
|
and might have led to remote code execution on some exotic embedded
|
||||||
|
platforms. Reported independently by rongsaws and Regina Wilson.
|
||||||
|
CVE-2017-2784
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Fix output certificate verification flags set by x509_crt_verify_top() when
|
* Fix output certificate verification flags set by x509_crt_verify_top() when
|
||||||
traversing a chain of trusted CA. The issue would cause both flags,
|
traversing a chain of trusted CA. The issue would cause both flags,
|
||||||
|
|
|
@ -1213,7 +1213,7 @@ static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t
|
||||||
int ret;
|
int ret;
|
||||||
size_t i;
|
size_t i;
|
||||||
mbedtls_mpi M, R;
|
mbedtls_mpi M, R;
|
||||||
mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R];
|
mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1];
|
||||||
|
|
||||||
if( N->n < p_limbs )
|
if( N->n < p_limbs )
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
@ -1235,7 +1235,7 @@ static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t
|
||||||
memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) );
|
memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) );
|
||||||
if( shift != 0 )
|
if( shift != 0 )
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) );
|
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) );
|
||||||
M.n += R.n - adjust; /* Make room for multiplication by R */
|
M.n += R.n; /* Make room for multiplication by R */
|
||||||
|
|
||||||
/* N = A0 */
|
/* N = A0 */
|
||||||
if( mask != 0 )
|
if( mask != 0 )
|
||||||
|
@ -1257,7 +1257,7 @@ static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t
|
||||||
memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) );
|
memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) );
|
||||||
if( shift != 0 )
|
if( shift != 0 )
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) );
|
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) );
|
||||||
M.n += R.n - adjust; /* Make room for multiplication by R */
|
M.n += R.n; /* Make room for multiplication by R */
|
||||||
|
|
||||||
/* N = A0 */
|
/* N = A0 */
|
||||||
if( mask != 0 )
|
if( mask != 0 )
|
||||||
|
|
Loading…
Reference in a new issue