mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 05:25:29 +00:00
Merge pull request #3001 from from gilles-peskine-arm/coverity-20200115-2.16 into mbedtls-2.16
This commit is contained in:
commit
bac9f1bfb0
|
@ -5,6 +5,7 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
||||||
Bugfix
|
Bugfix
|
||||||
* Allow loading symlinked certificates. Fixes #3005. Reported and fixed
|
* Allow loading symlinked certificates. Fixes #3005. Reported and fixed
|
||||||
by Jonathan Bennett <JBennett@incomsystems.biz> via #3008.
|
by Jonathan Bennett <JBennett@incomsystems.biz> via #3008.
|
||||||
|
* Fix an unchecked call to mbedtls_md() in the x509write module.
|
||||||
|
|
||||||
Security
|
Security
|
||||||
* Fix potential memory overread when performing an ECDSA signature
|
* Fix potential memory overread when performing an ECDSA signature
|
||||||
|
@ -14,6 +15,8 @@ Security
|
||||||
denial of service (application crash or extra resource consumption).
|
denial of service (application crash or extra resource consumption).
|
||||||
Found by Auke Zeilstra and Peter Schwabe, using static analysis.
|
Found by Auke Zeilstra and Peter Schwabe, using static analysis.
|
||||||
|
|
||||||
|
Bugfix
|
||||||
|
|
||||||
= mbed TLS 2.16.4 branch released 2020-01-15
|
= mbed TLS 2.16.4 branch released 2020-01-15
|
||||||
|
|
||||||
Security
|
Security
|
||||||
|
|
|
@ -361,6 +361,10 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
|
||||||
|
|
||||||
*olen = 0;
|
*olen = 0;
|
||||||
block_size = mbedtls_cipher_get_block_size( ctx );
|
block_size = mbedtls_cipher_get_block_size( ctx );
|
||||||
|
if ( 0 == block_size )
|
||||||
|
{
|
||||||
|
return( MBEDTLS_ERR_CIPHER_INVALID_CONTEXT );
|
||||||
|
}
|
||||||
|
|
||||||
if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB )
|
if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB )
|
||||||
{
|
{
|
||||||
|
@ -396,11 +400,6 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if ( 0 == block_size )
|
|
||||||
{
|
|
||||||
return( MBEDTLS_ERR_CIPHER_INVALID_CONTEXT );
|
|
||||||
}
|
|
||||||
|
|
||||||
if( input == output &&
|
if( input == output &&
|
||||||
( ctx->unprocessed_len != 0 || ilen % block_size ) )
|
( ctx->unprocessed_len != 0 || ilen % block_size ) )
|
||||||
{
|
{
|
||||||
|
@ -459,11 +458,6 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
|
||||||
*/
|
*/
|
||||||
if( 0 != ilen )
|
if( 0 != ilen )
|
||||||
{
|
{
|
||||||
if( 0 == block_size )
|
|
||||||
{
|
|
||||||
return( MBEDTLS_ERR_CIPHER_INVALID_CONTEXT );
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Encryption: only cache partial blocks
|
/* Encryption: only cache partial blocks
|
||||||
* Decryption w/ padding: always keep at least one whole block
|
* Decryption w/ padding: always keep at least one whole block
|
||||||
* Decryption w/o padding: only cache partial blocks
|
* Decryption w/o padding: only cache partial blocks
|
||||||
|
|
|
@ -226,7 +226,9 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s
|
||||||
/*
|
/*
|
||||||
* Prepare signature
|
* Prepare signature
|
||||||
*/
|
*/
|
||||||
mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash );
|
ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash );
|
||||||
|
if( ret != 0 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
if( ( ret = mbedtls_pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len,
|
if( ( ret = mbedtls_pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len,
|
||||||
f_rng, p_rng ) ) != 0 )
|
f_rng, p_rng ) ) != 0 )
|
||||||
|
|
|
@ -527,7 +527,9 @@ void ecdsa_write_restart( int id, char *d_str, int md_alg,
|
||||||
TEST_ASSERT( md_info != NULL );
|
TEST_ASSERT( md_info != NULL );
|
||||||
|
|
||||||
hlen = mbedtls_md_get_size( md_info );
|
hlen = mbedtls_md_get_size( md_info );
|
||||||
mbedtls_md( md_info, (const unsigned char *) msg, strlen( msg ), hash );
|
TEST_ASSERT( mbedtls_md( md_info,
|
||||||
|
(const unsigned char *) msg, strlen( msg ),
|
||||||
|
hash ) == 0 );
|
||||||
|
|
||||||
mbedtls_ecp_set_max_ops( max_ops );
|
mbedtls_ecp_set_max_ops( max_ops );
|
||||||
|
|
||||||
|
|
|
@ -550,8 +550,8 @@ void mbedtls_mpi_lt_mpi_ct( int size_X, char * input_X,
|
||||||
TEST_ASSERT( mbedtls_mpi_read_string( &X, 16, input_X ) == 0 );
|
TEST_ASSERT( mbedtls_mpi_read_string( &X, 16, input_X ) == 0 );
|
||||||
TEST_ASSERT( mbedtls_mpi_read_string( &Y, 16, input_Y ) == 0 );
|
TEST_ASSERT( mbedtls_mpi_read_string( &Y, 16, input_Y ) == 0 );
|
||||||
|
|
||||||
mbedtls_mpi_grow( &X, size_X );
|
TEST_ASSERT( mbedtls_mpi_grow( &X, size_X ) == 0 );
|
||||||
mbedtls_mpi_grow( &Y, size_Y );
|
TEST_ASSERT( mbedtls_mpi_grow( &Y, size_Y ) == 0 );
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_mpi_lt_mpi_ct( &X, &Y, &ret ) == input_err );
|
TEST_ASSERT( mbedtls_mpi_lt_mpi_ct( &X, &Y, &ret ) == input_err );
|
||||||
if( input_err == 0 )
|
if( input_err == 0 )
|
||||||
|
|
|
@ -712,7 +712,9 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str,
|
||||||
TEST_ASSERT( md_info != NULL );
|
TEST_ASSERT( md_info != NULL );
|
||||||
|
|
||||||
hlen = mbedtls_md_get_size( md_info );
|
hlen = mbedtls_md_get_size( md_info );
|
||||||
mbedtls_md( md_info, (const unsigned char *) msg, strlen( msg ), hash );
|
TEST_ASSERT( mbedtls_md( md_info,
|
||||||
|
(const unsigned char *) msg, strlen( msg ),
|
||||||
|
hash ) == 0 );
|
||||||
|
|
||||||
mbedtls_ecp_set_max_ops( max_ops );
|
mbedtls_ecp_set_max_ops( max_ops );
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue