Merge pull request #3001 from from gilles-peskine-arm/coverity-20200115-2.16 into mbedtls-2.16

This commit is contained in:
Janos Follath 2020-01-29 14:49:23 +00:00
commit bac9f1bfb0
6 changed files with 18 additions and 15 deletions

View file

@ -5,6 +5,7 @@ mbed TLS ChangeLog (Sorted per branch, date)
Bugfix Bugfix
* Allow loading symlinked certificates. Fixes #3005. Reported and fixed * Allow loading symlinked certificates. Fixes #3005. Reported and fixed
by Jonathan Bennett <JBennett@incomsystems.biz> via #3008. by Jonathan Bennett <JBennett@incomsystems.biz> via #3008.
* Fix an unchecked call to mbedtls_md() in the x509write module.
Security Security
* Fix potential memory overread when performing an ECDSA signature * Fix potential memory overread when performing an ECDSA signature
@ -14,6 +15,8 @@ Security
denial of service (application crash or extra resource consumption). denial of service (application crash or extra resource consumption).
Found by Auke Zeilstra and Peter Schwabe, using static analysis. Found by Auke Zeilstra and Peter Schwabe, using static analysis.
Bugfix
= mbed TLS 2.16.4 branch released 2020-01-15 = mbed TLS 2.16.4 branch released 2020-01-15
Security Security

View file

@ -361,6 +361,10 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
*olen = 0; *olen = 0;
block_size = mbedtls_cipher_get_block_size( ctx ); block_size = mbedtls_cipher_get_block_size( ctx );
if ( 0 == block_size )
{
return( MBEDTLS_ERR_CIPHER_INVALID_CONTEXT );
}
if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB ) if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB )
{ {
@ -396,11 +400,6 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
} }
#endif #endif
if ( 0 == block_size )
{
return( MBEDTLS_ERR_CIPHER_INVALID_CONTEXT );
}
if( input == output && if( input == output &&
( ctx->unprocessed_len != 0 || ilen % block_size ) ) ( ctx->unprocessed_len != 0 || ilen % block_size ) )
{ {
@ -459,11 +458,6 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
*/ */
if( 0 != ilen ) if( 0 != ilen )
{ {
if( 0 == block_size )
{
return( MBEDTLS_ERR_CIPHER_INVALID_CONTEXT );
}
/* Encryption: only cache partial blocks /* Encryption: only cache partial blocks
* Decryption w/ padding: always keep at least one whole block * Decryption w/ padding: always keep at least one whole block
* Decryption w/o padding: only cache partial blocks * Decryption w/o padding: only cache partial blocks

View file

@ -226,7 +226,9 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s
/* /*
* Prepare signature * Prepare signature
*/ */
mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash ); ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash );
if( ret != 0 )
return( ret );
if( ( ret = mbedtls_pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len, if( ( ret = mbedtls_pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len,
f_rng, p_rng ) ) != 0 ) f_rng, p_rng ) ) != 0 )

View file

@ -527,7 +527,9 @@ void ecdsa_write_restart( int id, char *d_str, int md_alg,
TEST_ASSERT( md_info != NULL ); TEST_ASSERT( md_info != NULL );
hlen = mbedtls_md_get_size( md_info ); hlen = mbedtls_md_get_size( md_info );
mbedtls_md( md_info, (const unsigned char *) msg, strlen( msg ), hash ); TEST_ASSERT( mbedtls_md( md_info,
(const unsigned char *) msg, strlen( msg ),
hash ) == 0 );
mbedtls_ecp_set_max_ops( max_ops ); mbedtls_ecp_set_max_ops( max_ops );

View file

@ -550,8 +550,8 @@ void mbedtls_mpi_lt_mpi_ct( int size_X, char * input_X,
TEST_ASSERT( mbedtls_mpi_read_string( &X, 16, input_X ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &X, 16, input_X ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &Y, 16, input_Y ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &Y, 16, input_Y ) == 0 );
mbedtls_mpi_grow( &X, size_X ); TEST_ASSERT( mbedtls_mpi_grow( &X, size_X ) == 0 );
mbedtls_mpi_grow( &Y, size_Y ); TEST_ASSERT( mbedtls_mpi_grow( &Y, size_Y ) == 0 );
TEST_ASSERT( mbedtls_mpi_lt_mpi_ct( &X, &Y, &ret ) == input_err ); TEST_ASSERT( mbedtls_mpi_lt_mpi_ct( &X, &Y, &ret ) == input_err );
if( input_err == 0 ) if( input_err == 0 )

View file

@ -712,7 +712,9 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str,
TEST_ASSERT( md_info != NULL ); TEST_ASSERT( md_info != NULL );
hlen = mbedtls_md_get_size( md_info ); hlen = mbedtls_md_get_size( md_info );
mbedtls_md( md_info, (const unsigned char *) msg, strlen( msg ), hash ); TEST_ASSERT( mbedtls_md( md_info,
(const unsigned char *) msg, strlen( msg ),
hash ) == 0 );
mbedtls_ecp_set_max_ops( max_ops ); mbedtls_ecp_set_max_ops( max_ops );