mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-21 01:21:08 +00:00
Merge pull request #296 from ARMmbed/polarssl-1.2-restricted
Merge of polarssl-1.2-restricted
This commit is contained in:
commit
d107e20c7a
|
@ -2,6 +2,14 @@ PolarSSL ChangeLog
|
||||||
|
|
||||||
= Version 1.2.16 released 2015-??-??
|
= Version 1.2.16 released 2015-??-??
|
||||||
|
|
||||||
|
Security
|
||||||
|
* Fix possible client-side NULL pointer dereference (read) when the client
|
||||||
|
tries to continue the handshake after it failed (a misuse of the API).
|
||||||
|
(Found by GDS Labs using afl-fuzz.)
|
||||||
|
* Add countermeasure against Lenstra's RSA-CRT attack for PKCS#1 v1.5
|
||||||
|
signatures. (Found by Florian Weimer, Red Hat.)
|
||||||
|
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Fix unused function warning when using MBEDTLS_MDx_ALT or
|
* Fix unused function warning when using MBEDTLS_MDx_ALT or
|
||||||
MBEDTLS_SHAxxx_ALT (found by Henrik) (#239)
|
MBEDTLS_SHAxxx_ALT (found by Henrik) (#239)
|
||||||
|
|
|
@ -919,6 +919,11 @@ int rsa_rsassa_pkcs1_v15_sign( rsa_context *ctx,
|
||||||
{
|
{
|
||||||
size_t nb_pad, olen;
|
size_t nb_pad, olen;
|
||||||
unsigned char *p = sig;
|
unsigned char *p = sig;
|
||||||
|
unsigned char *sig_try = NULL, *verif = NULL;
|
||||||
|
size_t i;
|
||||||
|
unsigned char diff;
|
||||||
|
volatile unsigned char diff_no_optimize;
|
||||||
|
int ret;
|
||||||
|
|
||||||
if( ctx->padding != RSA_PKCS_V15 )
|
if( ctx->padding != RSA_PKCS_V15 )
|
||||||
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
|
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
|
||||||
|
@ -1021,9 +1026,39 @@ int rsa_rsassa_pkcs1_v15_sign( rsa_context *ctx,
|
||||||
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
|
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
|
||||||
}
|
}
|
||||||
|
|
||||||
return( ( mode == RSA_PUBLIC )
|
if( mode == RSA_PUBLIC )
|
||||||
? rsa_public( ctx, sig, sig )
|
return( rsa_public( ctx, sig, sig ) );
|
||||||
: rsa_private( ctx, f_rng, p_rng, sig, sig ) );
|
|
||||||
|
/*
|
||||||
|
* In order to prevent Lenstra's attack, make the signature in a
|
||||||
|
* temporary buffer and check it before returning it.
|
||||||
|
*/
|
||||||
|
sig_try = malloc( ctx->len );
|
||||||
|
verif = malloc( ctx->len );
|
||||||
|
if( sig_try == NULL || verif == NULL )
|
||||||
|
return( POLARSSL_ERR_MPI_MALLOC_FAILED );
|
||||||
|
|
||||||
|
MPI_CHK( rsa_private( ctx, f_rng, p_rng, sig, sig_try ) );
|
||||||
|
MPI_CHK( rsa_public( ctx, sig_try, verif ) );
|
||||||
|
|
||||||
|
/* Compare in constant time just in case */
|
||||||
|
for( diff = 0, i = 0; i < ctx->len; i++ )
|
||||||
|
diff |= verif[i] ^ sig[i];
|
||||||
|
diff_no_optimize = diff;
|
||||||
|
|
||||||
|
if( diff_no_optimize != 0 )
|
||||||
|
{
|
||||||
|
ret = POLARSSL_ERR_RSA_PRIVATE_FAILED;
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
|
memcpy( sig, sig_try, ctx->len );
|
||||||
|
|
||||||
|
cleanup:
|
||||||
|
free( sig_try );
|
||||||
|
free( verif );
|
||||||
|
|
||||||
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -693,6 +693,12 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
|
||||||
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if( ssl->session_negotiate->peer_cert == NULL )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_MSG( 2, ( "certificate required" ) );
|
||||||
|
return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
|
||||||
|
}
|
||||||
|
|
||||||
SSL_DEBUG_BUF( 3, "server key exchange", ssl->in_msg + 4, ssl->in_hslen - 4 );
|
SSL_DEBUG_BUF( 3, "server key exchange", ssl->in_msg + 4, ssl->in_hslen - 4 );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -1119,6 +1125,12 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
|
||||||
/*
|
/*
|
||||||
* RSA key exchange -- send rsa_public(pkcs1 v1.5(premaster))
|
* RSA key exchange -- send rsa_public(pkcs1 v1.5(premaster))
|
||||||
*/
|
*/
|
||||||
|
if( ssl->session_negotiate->peer_cert == NULL )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_MSG( 2, ( "certificate required" ) );
|
||||||
|
return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
|
||||||
|
}
|
||||||
|
|
||||||
ssl->handshake->premaster[0] = (unsigned char) ssl->max_major_ver;
|
ssl->handshake->premaster[0] = (unsigned char) ssl->max_major_ver;
|
||||||
ssl->handshake->premaster[1] = (unsigned char) ssl->max_minor_ver;
|
ssl->handshake->premaster[1] = (unsigned char) ssl->max_minor_ver;
|
||||||
ssl->handshake->pmslen = 48;
|
ssl->handshake->pmslen = 48;
|
||||||
|
|
2876
library/ssl_cli.c.orig
Normal file
2876
library/ssl_cli.c.orig
Normal file
File diff suppressed because it is too large
Load diff
Loading…
Reference in a new issue