mirror of
				https://github.com/yuzu-emu/mbedtls.git
				synced 2025-10-26 05:07:35 +00:00 
			
		
		
		
	Merge pull request #296 from ARMmbed/polarssl-1.2-restricted
Merge of polarssl-1.2-restricted
This commit is contained in:
		
						commit
						d107e20c7a
					
				|  | @ -2,6 +2,14 @@ PolarSSL ChangeLog | |||
| 
 | ||||
| = Version 1.2.16 released 2015-??-?? | ||||
| 
 | ||||
| Security | ||||
|    * Fix possible client-side NULL pointer dereference (read) when the client | ||||
|      tries to continue the handshake after it failed (a misuse of the API). | ||||
|      (Found by GDS Labs using afl-fuzz.) | ||||
|    * Add countermeasure against Lenstra's RSA-CRT attack for PKCS#1 v1.5 | ||||
|      signatures. (Found by Florian Weimer, Red Hat.) | ||||
|      https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/ | ||||
| 
 | ||||
| Bugfix | ||||
|    * Fix unused function warning when using MBEDTLS_MDx_ALT or | ||||
|      MBEDTLS_SHAxxx_ALT (found by Henrik) (#239) | ||||
|  |  | |||
|  | @ -919,6 +919,11 @@ int rsa_rsassa_pkcs1_v15_sign( rsa_context *ctx, | |||
| { | ||||
|     size_t nb_pad, olen; | ||||
|     unsigned char *p = sig; | ||||
|     unsigned char *sig_try = NULL, *verif = NULL; | ||||
|     size_t i; | ||||
|     unsigned char diff; | ||||
|     volatile unsigned char diff_no_optimize; | ||||
|     int ret; | ||||
| 
 | ||||
|     if( ctx->padding != RSA_PKCS_V15 ) | ||||
|         return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); | ||||
|  | @ -1021,9 +1026,39 @@ int rsa_rsassa_pkcs1_v15_sign( rsa_context *ctx, | |||
|             return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); | ||||
|     } | ||||
| 
 | ||||
|     return( ( mode == RSA_PUBLIC ) | ||||
|             ? rsa_public(  ctx, sig, sig ) | ||||
|             : rsa_private( ctx, f_rng, p_rng, sig, sig ) ); | ||||
|     if( mode == RSA_PUBLIC ) | ||||
|         return( rsa_public(  ctx, sig, sig ) ); | ||||
| 
 | ||||
|     /*
 | ||||
|      * In order to prevent Lenstra's attack, make the signature in a | ||||
|      * temporary buffer and check it before returning it. | ||||
|      */ | ||||
|     sig_try = malloc( ctx->len ); | ||||
|     verif   = malloc( ctx->len ); | ||||
|     if( sig_try == NULL || verif == NULL ) | ||||
|         return( POLARSSL_ERR_MPI_MALLOC_FAILED ); | ||||
| 
 | ||||
|     MPI_CHK( rsa_private( ctx, f_rng, p_rng, sig, sig_try ) ); | ||||
|     MPI_CHK( rsa_public( ctx, sig_try, verif ) ); | ||||
| 
 | ||||
|     /* Compare in constant time just in case */ | ||||
|     for( diff = 0, i = 0; i < ctx->len; i++ ) | ||||
|         diff |= verif[i] ^ sig[i]; | ||||
|     diff_no_optimize = diff; | ||||
| 
 | ||||
|     if( diff_no_optimize != 0 ) | ||||
|     { | ||||
|         ret = POLARSSL_ERR_RSA_PRIVATE_FAILED; | ||||
|         goto cleanup; | ||||
|     } | ||||
| 
 | ||||
|     memcpy( sig, sig_try, ctx->len ); | ||||
| 
 | ||||
| cleanup: | ||||
|     free( sig_try ); | ||||
|     free( verif ); | ||||
| 
 | ||||
|     return( ret ); | ||||
| } | ||||
| 
 | ||||
| /*
 | ||||
|  |  | |||
|  | @ -693,6 +693,12 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) | |||
|         return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); | ||||
|     } | ||||
| 
 | ||||
|     if( ssl->session_negotiate->peer_cert == NULL ) | ||||
|     { | ||||
|         SSL_DEBUG_MSG( 2, ( "certificate required" ) ); | ||||
|         return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE ); | ||||
|     } | ||||
| 
 | ||||
|     SSL_DEBUG_BUF( 3,   "server key exchange", ssl->in_msg + 4, ssl->in_hslen - 4 ); | ||||
| 
 | ||||
|     /*
 | ||||
|  | @ -1119,6 +1125,12 @@ static int ssl_write_client_key_exchange( ssl_context *ssl ) | |||
|         /*
 | ||||
|          * RSA key exchange -- send rsa_public(pkcs1 v1.5(premaster)) | ||||
|          */ | ||||
|         if( ssl->session_negotiate->peer_cert == NULL ) | ||||
|         { | ||||
|             SSL_DEBUG_MSG( 2, ( "certificate required" ) ); | ||||
|             return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE ); | ||||
|         } | ||||
| 
 | ||||
|         ssl->handshake->premaster[0] = (unsigned char) ssl->max_major_ver; | ||||
|         ssl->handshake->premaster[1] = (unsigned char) ssl->max_minor_ver; | ||||
|         ssl->handshake->pmslen = 48; | ||||
|  |  | |||
							
								
								
									
										2876
									
								
								library/ssl_cli.c.orig
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										2876
									
								
								library/ssl_cli.c.orig
									
									
									
									
									
										Normal file
									
								
							
										
											
												File diff suppressed because it is too large
												Load diff
											
										
									
								
							
		Loading…
	
		Reference in a new issue