diff --git a/ChangeLog b/ChangeLog index 19180e9dc..ae8d1ba1c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,8 @@ Bugfix without providing a list of CAs. This was due to an overly strict bounds check in parsing the CertificateRequest message, introduced in Mbed TLS 2.12.0. Fixes #1954. + * Fix undefined shifts with negative values in certificates parsing + (found by Catena cyber using oss-fuzz) = mbed TLS 2.1.14 branch released 2018-07-25 diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 4d8288e54..8e5c02b25 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -3098,8 +3098,8 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); - lifetime = ( msg[0] << 24 ) | ( msg[1] << 16 ) | - ( msg[2] << 8 ) | ( msg[3] ); + lifetime = ( ((uint32_t) msg[0]) << 24 ) | ( msg[1] << 16 ) | + ( msg[2] << 8 ) | ( msg[3] ); ticket_len = ( msg[4] << 8 ) | ( msg[5] ); diff --git a/library/x509_crt.c b/library/x509_crt.c index 3d0765ab6..1eaa55bcd 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -152,6 +152,9 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb = static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile, mbedtls_md_type_t md_alg ) { + if( md_alg == MBEDTLS_MD_NONE ) + return( -1 ); + if( ( profile->allowed_mds & MBEDTLS_X509_ID_FLAG( md_alg ) ) != 0 ) return( 0 ); @@ -165,6 +168,9 @@ static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile, static int x509_profile_check_pk_alg( const mbedtls_x509_crt_profile *profile, mbedtls_pk_type_t pk_alg ) { + if( pk_alg == MBEDTLS_PK_NONE ) + return( -1 ); + if( ( profile->allowed_pks & MBEDTLS_X509_ID_FLAG( pk_alg ) ) != 0 ) return( 0 ); @@ -196,6 +202,9 @@ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile, { mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id; + if( gid == MBEDTLS_ECP_DP_NONE ) + return( -1 ); + if( ( profile->allowed_curves & MBEDTLS_X509_ID_FLAG( gid ) ) != 0 ) return( 0 );