From aa377cf11131f6a546c43e58726600de034e031b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 24 Jan 2020 12:11:56 +0100 Subject: [PATCH] Fix incrementing pointer instead of value This was introduced by a hasty search-and-replace that didn't account for C's operator precedence when changing those variables to pointer types. --- ChangeLog | 10 +++++++++- library/ecdsa.c | 4 ++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 79f596d0a..60018b557 100644 --- a/ChangeLog +++ b/ChangeLog @@ -63,7 +63,15 @@ Changes * Reduce RAM consumption during session renegotiation by not storing the peer CRT chain and session ticket twice. -= mbed TLS 2.16.x branch released xxxx-xx-xx += mbed TLS 2.16.5 branch released xxxx-xx-xx + +Security + * Fix potential memory overread when performing an ECDSA signature + operation. The overread only happens with cryptographically low + probability (of the order of 2^-n where n is the bitsize of the curve) + unless the RNG is broken, and could result in information disclosure or + denial of service (application crash or extra resource consumption). + Reported by Peter and Auke (found using static analysis). Bugfix * Fix an unchecked call to mbedtls_md() in the x509write module. diff --git a/library/ecdsa.c b/library/ecdsa.c index 657778594..6cfaa08fe 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -297,7 +297,7 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp, *p_sign_tries = 0; do { - if( *p_sign_tries++ > 10 ) + if( (*p_sign_tries)++ > 10 ) { ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; goto cleanup; @@ -310,7 +310,7 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp, *p_key_tries = 0; do { - if( *p_key_tries++ > 10 ) + if( (*p_key_tries)++ > 10 ) { ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; goto cleanup;