From d3cbc15951e713f5ca3d7eff916330c4eaa4b95a Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 24 Oct 2016 11:23:36 +0100 Subject: [PATCH 01/44] Fix buffer overreads in mbedtls_pem_read_buffer() --- ChangeLog | 7 +++++++ library/pem.c | 20 +++++++++++--------- 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index d4cf85b7e6..ea7ce072fc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 1.3.x branch released xxxx-xx-xx + +Bugfix + * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing + the input string in pem format to extract the different components. Found + by Eyal Itkin. + = mbed TLS 1.3.18 branch 2016-10-17 Security diff --git a/library/pem.c b/library/pem.c index 054fcffb8b..1fe238726c 100644 --- a/library/pem.c +++ b/library/pem.c @@ -250,7 +250,7 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, enc = 0; - if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 ) + if( s2 - s1 >= 22 && memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 ) { #if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \ ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) ) @@ -263,22 +263,22 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, #if defined(POLARSSL_DES_C) - if( memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 ) + if( s2 - s1 >= 23 && memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 ) { enc_alg = POLARSSL_CIPHER_DES_EDE3_CBC; s1 += 23; - if( pem_get_iv( s1, pem_iv, 8 ) != 0 ) + if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8 ) != 0 ) return( POLARSSL_ERR_PEM_INVALID_ENC_IV ); s1 += 16; } - else if( memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 ) + else if( s2 - s1 >= 18 && memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 ) { enc_alg = POLARSSL_CIPHER_DES_CBC; s1 += 18; - if( pem_get_iv( s1, pem_iv, 8) != 0 ) + if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8) != 0 ) return( POLARSSL_ERR_PEM_INVALID_ENC_IV ); s1 += 16; @@ -286,9 +286,11 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, #endif /* POLARSSL_DES_C */ #if defined(POLARSSL_AES_C) - if( memcmp( s1, "DEK-Info: AES-", 14 ) == 0 ) + if( s2 - s1 >= 14 && memcmp( s1, "DEK-Info: AES-", 14 ) == 0 ) { - if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 ) + if( s2 - s1 < 22 ) + return( POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG ); + else if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 ) enc_alg = POLARSSL_CIPHER_AES_128_CBC; else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 ) enc_alg = POLARSSL_CIPHER_AES_192_CBC; @@ -298,7 +300,7 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, return( POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG ); s1 += 22; - if( pem_get_iv( s1, pem_iv, 16 ) != 0 ) + if( s2 - s1 < 32 || pem_get_iv( s1, pem_iv, 16 ) != 0 ) return( POLARSSL_ERR_PEM_INVALID_ENC_IV ); s1 += 32; @@ -317,7 +319,7 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, ( POLARSSL_AES_C || POLARSSL_DES_C ) */ } - if( s1 == s2 ) + if( s1 >= s2 ) return( POLARSSL_ERR_PEM_INVALID_DATA ); len = 0; From fada2e9f3e9f233b889bc711d0325b6be219e846 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 24 Oct 2016 14:31:54 +0100 Subject: [PATCH 02/44] Add tests for overreads in pem_read_buffer() --- ChangeLog | 2 +- tests/suites/test_suite_pem.data | 9 +++++++++ tests/suites/test_suite_pem.function | 24 ++++++++++++++++++------ 3 files changed, 28 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index ea7ce072fc..4cfcfeb435 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,7 +4,7 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing - the input string in pem format to extract the different components. Found + the input string in PEM format to extract the different components. Found by Eyal Itkin. = mbed TLS 1.3.18 branch 2016-10-17 diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index 311ea9c15a..9c7b305179 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -15,3 +15,12 @@ pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"00010203040506 PEM write (exactly two lines + 1) pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n" + +PEM read (DES-EDE3-CBC + invalid iv) +pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":-4608 + +PEM read (DES-CBC + invalid iv) +pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":-4608 + +PEM read (unknown encryption algorithm) +pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":-4736 diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function index f8aab47c1a..e0b7679841 100644 --- a/tests/suites/test_suite_pem.function +++ b/tests/suites/test_suite_pem.function @@ -3,12 +3,7 @@ #include "polarssl/pem.h" /* END_HEADER */ -/* BEGIN_DEPENDENCIES - * depends_on:POLARSSL_PEM_WRITE_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:POLARSSL_PEM_WRITE_C */ void pem_write_buffer( char *start, char *end, char *buf_str, char *result_str ) { unsigned char buf[5000]; @@ -38,3 +33,20 @@ exit: polarssl_free( check_buf ); } /* END_CASE */ + +/* BEGIN_CASE depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_AES_C:POLARSSL_DES_C:POLARSSL_MD5_C:POLARSSL_CIPHER_MODE_CBC */ +void pem_read_buffer( char *header, char *footer, char *data, int ret ) +{ + pem_context ctx; + size_t use_len = 0; + + pem_init( &ctx ); + + TEST_ASSERT( pem_read_buffer( &ctx, header, footer, + (const unsigned char *)data, NULL, 0, + &use_len ) == ret ); + +exit: + pem_free( &ctx ); +} +/* END_CASE */ From 593e8b27937c266a38aa8f1eca1dd237d7b63a9d Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 18 Jan 2017 13:56:58 +0000 Subject: [PATCH 03/44] Fix integer overflows in buffer bound checks Fix potential integer overflows in the following functions: * mbedtls_md2_update() to be bypassed and cause * mbedtls_cipher_update() * mbedtls_ctr_drbg_reseed() This overflows would mainly be exploitable in 32-bit systems and could cause buffer bound checks to be bypassed. --- ChangeLog | 10 ++++++++++ library/cipher.c | 4 ++-- library/ctr_drbg.c | 3 ++- library/md2.c | 2 +- 4 files changed, 15 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index d4cf85b7e6..fb0d5fef09 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,15 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 1.3.x branch released xxxx-xx-xx + +Bugfix + * Fixed potential arithmetic overflow in mbedtls_ctr_drbg_reseed() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflows in mbedtls_cipher_update() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in mbedtls_md2_update() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. + = mbed TLS 1.3.18 branch 2016-10-17 Security diff --git a/library/cipher.c b/library/cipher.c index b69d331060..7ea25cfc2b 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -315,9 +315,9 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, * If there is not enough data for a full block, cache it. */ if( ( ctx->operation == POLARSSL_DECRYPT && - ilen + ctx->unprocessed_len <= cipher_get_block_size( ctx ) ) || + ilen <= cipher_get_block_size( ctx ) - ctx->unprocessed_len ) || ( ctx->operation == POLARSSL_ENCRYPT && - ilen + ctx->unprocessed_len < cipher_get_block_size( ctx ) ) ) + ilen < cipher_get_block_size( ctx ) - ctx->unprocessed_len ) ) { memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, ilen ); diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 24adff08f9..7b315e888b 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -277,7 +277,8 @@ int ctr_drbg_reseed( ctr_drbg_context *ctx, unsigned char seed[CTR_DRBG_MAX_SEED_INPUT]; size_t seedlen = 0; - if( ctx->entropy_len + len > CTR_DRBG_MAX_SEED_INPUT ) + if( ctx->entropy_len > CTR_DRBG_MAX_SEED_INPUT || + len > CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len ) return( POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG ); memset( seed, 0, CTR_DRBG_MAX_SEED_INPUT ); diff --git a/library/md2.c b/library/md2.c index 110cd95bcd..2ac7eba61b 100644 --- a/library/md2.c +++ b/library/md2.c @@ -155,7 +155,7 @@ void md2_update( md2_context *ctx, const unsigned char *input, size_t ilen ) while( ilen > 0 ) { - if( ctx->left + ilen > 16 ) + if( ilen > 16 - ctx->left ) fill = 16 - ctx->left; else fill = ilen; From 3e3698ca307b0991c573a007e0d773b48c83e862 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 18 Jan 2017 17:21:03 +0000 Subject: [PATCH 04/44] Fix integer overflow in mbedtls_base64_decode() Fix potential integer overflows in the function mbedtls_base64_decode(). This overflow would mainly be exploitable in 32-bit systems and could cause buffer bound checks to be bypassed. --- ChangeLog | 6 ++++++ library/base64.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index d4cf85b7e6..124d056fc4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 1.x.x branch released xxxx-xx-xx + +Bugfix + * Fixed potential arithmetic overflow in mbedtls_base64_decode() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. + = mbed TLS 1.3.18 branch 2016-10-17 Security diff --git a/library/base64.c b/library/base64.c index 7de87e51ce..3de67f0905 100644 --- a/library/base64.c +++ b/library/base64.c @@ -198,7 +198,7 @@ int base64_decode( unsigned char *dst, size_t *dlen, return( 0 ); } - n = ( ( n * 6 ) + 7 ) >> 3; + n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); n -= j; if( dst == NULL || *dlen < n ) From e567101f6b4c605cb7b816a202423f0acadd67e3 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 8 Dec 2016 17:08:44 +0000 Subject: [PATCH 05/44] Fix CRL parsing to avoid infinite loop This patch modifies the function mbedtls_x509_crl_parse() to ensure that a CRL in PEM format with trailing characters after the footer does not result in the execution of an infinite loop. --- ChangeLog | 9 +++++++++ library/x509_crl.c | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index d4cf85b7e6..2e127855f5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,14 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Security + * Fixed potential livelock during the parsing of a CRL in PEM format in + mbedtls_x509_crl_parse(). A string containing a CRL followed by trailing + characters after the footer could result in the execution of an infinite + loop. The issue can be triggered remotely. Found by Greg Zaverucha, + Microsoft. + = mbed TLS 1.3.18 branch 2016-10-17 Security diff --git a/library/x509_crl.c b/library/x509_crl.c index de2079fc7b..0d92bb1318 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -525,7 +525,7 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen ) pem_free( &pem ); } - else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) + else if( is_pem ) { pem_free( &pem ); return( ret ); From 67c6df4a8a00bbb3be2b432768c9ae1f66c1dc29 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 8 Dec 2016 17:10:38 +0000 Subject: [PATCH 06/44] Add test for infinite loop in CRL parse --- .../crl-malformed-trailing-spaces.pem | 20 +++++++++++++++++++ tests/suites/test_suite_x509parse.data | 4 ++++ tests/suites/test_suite_x509parse.function | 16 +++++++++++++++ 3 files changed, 40 insertions(+) create mode 100644 tests/data_files/crl-malformed-trailing-spaces.pem diff --git a/tests/data_files/crl-malformed-trailing-spaces.pem b/tests/data_files/crl-malformed-trailing-spaces.pem new file mode 100644 index 0000000000..9eae3da192 --- /dev/null +++ b/tests/data_files/crl-malformed-trailing-spaces.pem @@ -0,0 +1,20 @@ +-----BEGIN X509 CRL----- +MIIBbzCB9gIBATAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQ +b2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQRcNMTMwOTI0MTYz +MTA4WhcNMjMwOTIyMTYzMTA4WjAUMBICAQoXDTEzMDkyNDE2MjgzOFqgcjBwMG4G +A1UdIwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8oUKkQDA+MQswCQYDVQQGEwJO +TDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMg +Q0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2kAMGYCMQDVG95rrSSl4dJgbJ5vR1GW +svEuEsAh35EhF1WrcadMuCeMQVX9cUPupFfQUpHyMfoCMQCKf0yv8pN9BAoi3FVm +56meWPhUekgLKKMAobt2oJJY6feuiFU2YFGs1aF0rV6Bj+U= +-----END X509 CRL----- +-----BEGIN X509 CRL----- +MIIBcTCB9wIBATAKBggqhkjOPQQDBDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2 +MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu +BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC +TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD +IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwQDaQAwZgIxAL/VFrDIYUECsS0rVpAy +6zt/CqeAZ1sa/l5LTaG1XW286n2Kibipr6EpkYZNYIQILgIxAI0wb3Py1DHPWpYf +/BFBH7C3KYq+nWTrLeEnhrjU1LzG/CiQ8lnuskya6lw/P3lJ/A== +-----END X509 CRL----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index b289fc992f..3dc7e0301a 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -194,6 +194,10 @@ X509 CRL Information EC, SHA512 Digest depends_on:POLARSSL_PEM_PARSE_C x509_crl_info:"data_files/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA512\n" +X509 CRL Malformed Input (trailing spaces at end of file) +depends_on:POLARSSL_PEM_PARSE_C +x509_crl_parse:"data_files/crl-malformed-trailing-spaces.pem":POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT + X509 CSR Information RSA with MD4 depends_on:POLARSSL_PEM_PARSE_C x509_csr_info:"data_files/server1.req.md4":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\n" diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index eee82412bf..4ae3c9fc8d 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -167,6 +167,22 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRL_PARSE_C */ +void x509_crl_parse( char *crl_file, int result ) +{ + x509_crl crl; + char buf[2000]; + + x509_crl_init( &crl ); + memset( buf, 0, 2000 ); + + TEST_ASSERT( x509_crl_parse_file( &crl, crl_file ) == result ); + +exit: + x509_crl_free( &crl ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CSR_PARSE_C */ void x509_csr_info( char *csr_file, char *result_str ) { From 2f3fe70f7e362caf1ac88a258d2a370a988486c9 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 20 Jan 2017 17:07:46 +0000 Subject: [PATCH 07/44] Fix verify out flags from x509_crt_verify_top() This change fixes a regression introduced by an earlier commit that modified x509_crt_verify_top() to ensure that valid certificates that are after past or future valid in the chain are processed. However the change introduced a change in behaviour that caused the verification flags BADCERT_EXPIRED and BADCERT_FUTURE to always be set whenever there is a failure in the verification regardless of the cause. The fix maintains both behaviours: * Ensure that valid certificates after future and past are verified * Ensure that the correct verification flags are set. To do so, a temporary pointer to the first future or past valid certificate is maintained while traversing the chain. If a truly valid certificate is found then that one is used, otherwise if no valid certificate is found and the end of the chain is reached, the program reverts back to using the future or past valid certificate. --- ChangeLog | 9 +++++++++ library/x509_crt.c | 31 ++++++++++++++++++++----------- 2 files changed, 29 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index d4cf85b7e6..20c8eaf951 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,14 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Fix output certificate verification flags set by x509_crt_verify_top() when + traversing a chain of trusted CA. The issue would cause both flags, + BADCERT_NOT_TRUSTED and BADCERT_EXPIRED, to be set when the verification + conditions are not met regardless of the cause. Found by Harm Verhagen and + inestlerode. #665 #561 + = mbed TLS 1.3.18 branch 2016-10-17 Security diff --git a/library/x509_crt.c b/library/x509_crt.c index 4b831aed30..a3517f64f4 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1775,6 +1775,7 @@ static int x509_crt_verify_top( int ca_flags = 0, check_path_cnt; unsigned char hash[POLARSSL_MD_MAX_SIZE]; const md_info_t *md_info; + x509_crt *future_past_ca = NULL; if( x509_time_expired( &child->valid_to ) ) *flags |= BADCERT_EXPIRED; @@ -1823,16 +1824,6 @@ static int x509_crt_verify_top( continue; } - if( x509_time_expired( &trust_ca->valid_to ) ) - { - continue; - } - - if( x509_time_future( &trust_ca->valid_from ) ) - { - continue; - } - if( pk_verify_ext( child->sig_pk, child->sig_opts, &trust_ca->pk, child->sig_md, hash, md_info->size, child->sig.p, child->sig.len ) != 0 ) @@ -1840,11 +1831,23 @@ static int x509_crt_verify_top( continue; } + if( x509_time_expired( &trust_ca->valid_to ) || + x509_time_future( &trust_ca->valid_from ) ) + { + if( future_past_ca == NULL ) + future_past_ca = trust_ca; + continue; + } + + break; + } + + if( trust_ca != NULL || ( trust_ca = future_past_ca ) != NULL ) + { /* * Top of chain is signed by a trusted CA */ *flags &= ~BADCERT_NOT_TRUSTED; - break; } /* @@ -1864,6 +1867,12 @@ static int x509_crt_verify_top( ((void) ca_crl); #endif + if( x509_time_expired( &trust_ca->valid_to ) ) + ca_flags |= BADCERT_EXPIRED; + + if( x509_time_future( &trust_ca->valid_from ) ) + ca_flags |= BADCERT_FUTURE; + if( NULL != f_vrfy ) { if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1, From 28ba747c8caed5ce2082f9b0635327b05b71f857 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 20 Jan 2017 17:09:15 +0000 Subject: [PATCH 08/44] Add tests for out flags from x509_crt_verify_top() The tests load certificate chains from files. The CA chains contain a past or future certificate and an invalid certificate. The test then checks that the flags set are BADCERT_EXPIRED or BADCERT_FUTURE. --- .../test-ca2_cat-future-invalid.crt | 27 +++++++++++++++++++ .../data_files/test-ca2_cat-past-invalid.crt | 27 +++++++++++++++++++ tests/suites/test_suite_x509parse.data | 8 ++++++ 3 files changed, 62 insertions(+) create mode 100644 tests/data_files/test-ca2_cat-future-invalid.crt create mode 100644 tests/data_files/test-ca2_cat-past-invalid.crt diff --git a/tests/data_files/test-ca2_cat-future-invalid.crt b/tests/data_files/test-ca2_cat-future-invalid.crt new file mode 100644 index 0000000000..b1cfbf0547 --- /dev/null +++ b/tests/data_files/test-ca2_cat-future-invalid.crt @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIICIDCCAaWgAwIBAgIBCjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG +CCqGSM49AwEHA0IABIFZMXZJJPoVraugMW4O7TMR+pElVcGwwZwDcj6Yui2kcjeJ +H0M3jR+OOtjwV+gvT8kApPfbcw+yxgSU0UA7OOOjgZ0wgZowCQYDVR0TBAIwADAd +BgNVHQ4EFgQUfmWPPjMDFOXhvmCy4IV/jOdgK3swbgYDVR0jBGcwZYAUnW0gJEkB +PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh +clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG +CCqGSM49BAMCA2kAMGYCMQCsYTyleBFuI4nizuxo/ie5dxJnD0ynwCnRJ+84PZP4 +AQA3HdUz0qNYs4CZ2am9Gz0CMQDr2TNLFA3C3S3pmgXMT0eKzR1Ca1/Nulf0llQZ +Xj09kLboxuemP40IIqhQnpYptMg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB+zCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0yMzA5MjIxNTQ5NDlaFw0zMDEyMzEyMzU5NTlaMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 +MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 +WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p +w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E +FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ +vH4kydv7NnwwDAYIKoZIzj0EAwIFAANnADBkAjB1ZNdOM7KRJiPo45hP17A1sJSH +qHFPEJbml6KdNevoVZ1HqvP8AoFGcPJRpQVtzC0CMDa7JEqn0dOss8EmW9pVF/N2 ++XvzNczj89mWMgPhJJlT+MONQx3LFQO+TMSI9hLdkw== +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca2_cat-past-invalid.crt b/tests/data_files/test-ca2_cat-past-invalid.crt new file mode 100644 index 0000000000..febad74081 --- /dev/null +++ b/tests/data_files/test-ca2_cat-past-invalid.crt @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIB/TCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0wMzA5MjQxNTQ5NDhaFw0xMzA5MjQxNTQ5NDhaMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 +MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 +WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p +w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E +FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ +vH4kydv7NnwwDAYIKoZIzj0EAwIFAANpADBmAjEAvQ/49lXXrLYdOIGtTaYWjpZP +tRBXQiGPMzUvmKBk7gM7bF4iFPsdJikyXHmuwv3RAjEA8vtUX8fAAB3fbh5dEXRm +l7tz0Sw/RW6AHFtaIauGkhHqeKIaKIi6WSgHu6x97uyg +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICIDCCAaWgAwIBAgIBCjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG +CCqGSM49AwEHA0IABIFZMXZJJPoVraugMW4O7TMR+pElVcGwwZwDcj6Yui2kcjeJ +H0M3jR+OOtjwV+gvT8kApPfbcw+yxgSU0UA7OOOjgZ0wgZowCQYDVR0TBAIwADAd +BgNVHQ4EFgQUfmWPPjMDFOXhvmCy4IV/jOdgK3swbgYDVR0jBGcwZYAUnW0gJEkB +PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh +clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG +CCqGSM49BAMCA2kAMGYCMQCsYTyleBFuI4nizuxo/ie5dxJnD0ynwCnRJ+84PZP4 +AQA3HdUz0qNYs4CZ2am9Gz0CMQDr2TNLFA3C3S3pmgXMT0eKzR1Ca1/Nulf0llQZ +Xj09kLboxuemP40IIqhQnpYptMg= +-----END CERTIFICATE----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index b289fc992f..a4d65ff75b 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -711,6 +711,14 @@ X509 Certificate verification #85 (Not yet valid CA and valid CA) depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" +X509 Certificate verification #86 (Not yet valid CA and invalid CA) +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_SHA1_C:POLARSSL_SHA256_C +x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_FUTURE:"NULL" + +X509 Certificate verification #87 (Expired CA and invalid CA) +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_SHA1_C:POLARSSL_SHA256_C +x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_EXPIRED:"NULL" + X509 Certificate verification callback: trusted EE cert depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_SHA256_C:POLARSSL_ECP_DP_SECP256R1_ENABLED x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL\n" From 2d56a827ccf8d693db34f4cdb37202f34fb4048f Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Feb 2017 08:46:53 +0000 Subject: [PATCH 09/44] Add comment to integer overflow fix in base64.c Adds clarifying comment to the integer overflow fix in base64.c --- library/base64.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/base64.c b/library/base64.c index 3de67f0905..ba6926083b 100644 --- a/library/base64.c +++ b/library/base64.c @@ -198,6 +198,10 @@ int base64_decode( unsigned char *dst, size_t *dlen, return( 0 ); } + /* The following expression is to calculate the following formula without + * risk of integer overflow in n: + * n = ( ( n * 6 ) + 7 ) >> 3; + */ n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); n -= j; From 6aa732f25a86719d60e56b1b7ff0d7168f298063 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 2 Feb 2017 14:36:49 +0000 Subject: [PATCH 10/44] Fix generate_code.pl to handle escaped : --- tests/scripts/generate_code.pl | 2 +- tests/suites/test_suite_pem.data | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 078e82df95..e13a2d0da3 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -139,7 +139,7 @@ while($test_cases =~ /\/\* BEGIN_CASE *([\w:]*) \*\/\n(.*?)\n\/\* END_CASE \*\// $param_defs .= " char *param$i = params[$i];\n"; $param_checks .= " if( verify_string( ¶m$i ) != 0 ) return( 2 );\n"; push @dispatch_params, "param$i"; - $mapping_regex .= ":[^:\n]+"; + $mapping_regex .= ":(?:\\\\.|[^:\n])+"; } else { diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index 9c7b305179..b5f63e5504 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -17,10 +17,10 @@ PEM write (exactly two lines + 1) pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n" PEM read (DES-EDE3-CBC + invalid iv) -pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":-4608 +pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":POLARSSL_ERR_PEM_INVALID_ENC_IV PEM read (DES-CBC + invalid iv) -pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":-4608 +pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":POLARSSL_ERR_PEM_INVALID_ENC_IV PEM read (unknown encryption algorithm) -pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":-4736 +pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG From 50b4b12f9f423bcd0dead5c395c69c4ee8acdb8e Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Feb 2017 15:01:24 +0000 Subject: [PATCH 11/44] Fix curves.pl script to build The script, `tests/scripts/curves.pl` was broken, and did not build due to the make command not having been updated with the change from polarssl to mbed TLS. --- tests/scripts/curves.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl index 1f489a3879..25e43d8961 100755 --- a/tests/scripts/curves.pl +++ b/tests/scripts/curves.pl @@ -34,7 +34,7 @@ for my $curve (@curves) { system( "scripts/config.pl unset $curve" ) and abort "Failed to disable $curve\n"; - system( "make polarssl" ) and abort "Failed to build lib: $curve\n"; + system( "make lib" ) and abort "Failed to build lib: $curve\n"; system( "cd tests && make" ) and abort "Failed to build tests: $curve\n"; system( "make $test" ) and abort "Failed test suite: $curve\n"; From 5cf7f388066dffa0f8ee57ad214b070e6e075472 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 3 Feb 2017 13:00:02 +0000 Subject: [PATCH 12/44] Add lib target to library/CMakeLists.txt --- library/CMakeLists.txt | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 8ccc7a3910..d98fc716ad 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -136,10 +136,18 @@ endif(USE_SHARED_MBEDTLS_LIBRARY) if(UNIX) add_custom_target(polarssl - DEPENDS mbedtls # TODO: and mbedtls_static is shared is defined + DEPENDS mbedtls COMMAND ${CMAKE_SOURCE_DIR}/scripts/polarssl_symlinks.sh ${CMAKE_BINARY_DIR}/library ) + add_custom_target(lib + DEPENDS polarssl + ) + + set_directory_properties(PROPERTIES + ADDITIONAL_MAKE_CLEAN_FILES "${CMAKE_BINARY_DIR}/library/libpolarssl.a" + ) + if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) add_dependencies(polarssl mbedtls_static) endif() From c71b7eb0e7b9a0ecfe16a418c4c9735af230259f Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 19 Jan 2017 11:24:33 +0000 Subject: [PATCH 13/44] Fix data loss in unsigned int cast in PK This patch introduces some additional checks in the PK module for 64-bit systems only. The problem is that the API functions in the PK abstraction accept a size_t value for the hashlen, while the RSA module accepts an unsigned int for the hashlen. Instead of silently casting size_t to unsigned int, this change checks whether the hashlen overflows an unsigned int and returns an error. --- ChangeLog | 9 ++++++++- library/pk.c | 11 ++++++++++- library/pk_wrap.c | 18 ++++++++++++++++++ 3 files changed, 36 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1e1420ab0a..316c5def27 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,13 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch xxxx-xx-xx += mbed TLS x.x.x branch released xxxx-xx-xx + +Security + * Add checks to prevent signature forgeries for very large messages while + using RSA through the PK module in 64-bit systems. The issue was caused by + some data loss when casting a size_t to an unsigned int value in the + functions rsa_verify_wrap(), rsa_sign_wrap(), rsa_alt_sign_wrap() and + pk_sign(). Found by Jean-Philippe Aumasson. Bugfix * Fix unused variable/function compilation warnings in pem.c and x509_csr.c diff --git a/library/pk.c b/library/pk.c index 4d78b57455..fc036d2c53 100644 --- a/library/pk.c +++ b/library/pk.c @@ -30,6 +30,8 @@ #include "polarssl/pk.h" #include "polarssl/pk_wrap.h" +#include "polarssl/bignum.h" + #if defined(POLARSSL_RSA_C) #include "polarssl/rsa.h" #endif @@ -40,6 +42,8 @@ #include "polarssl/ecdsa.h" #endif +#include + /* Implementation that should never be optimized out by the compiler */ static void polarssl_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; @@ -208,6 +212,11 @@ int pk_verify_ext( pk_type_t type, const void *options, int ret; const pk_rsassa_pss_options *pss_opts; +#if defined(POLARSSL_HAVE_INT64) + if( md_alg == POLARSSL_MD_NONE && UINT_MAX < hash_len ) + return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); +#endif /* POLARSSL_HAVE_INT64 */ + if( options == NULL ) return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); @@ -231,7 +240,7 @@ int pk_verify_ext( pk_type_t type, const void *options, return( 0 ); #else return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE ); -#endif +#endif /* POLARSSL_RSA_C && POLARSSL_PKCS1_V21 */ } /* General case: no options */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 6068605bfd..ceaaad1100 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -31,6 +31,7 @@ /* Even if RSA not activated, for the sake of RSA-alt */ #include "polarssl/rsa.h" +#include "polarssl/bignum.h" #include @@ -50,6 +51,8 @@ #define polarssl_free free #endif +#include + /* Implementation that should never be optimized out by the compiler */ static void polarssl_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; @@ -73,6 +76,11 @@ static int rsa_verify_wrap( void *ctx, md_type_t md_alg, { int ret; +#if defined(POLARSSL_HAVE_INT64) + if( md_alg == POLARSSL_MD_NONE && UINT_MAX < hash_len ) + return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); +#endif /* POLARSSL_HAVE_INT64 */ + if( sig_len < ((rsa_context *) ctx)->len ) return( POLARSSL_ERR_RSA_VERIFY_FAILED ); @@ -92,6 +100,11 @@ static int rsa_sign_wrap( void *ctx, md_type_t md_alg, unsigned char *sig, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { +#if defined(POLARSSL_HAVE_INT64) + if( md_alg == POLARSSL_MD_NONE && UINT_MAX < hash_len ) + return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); +#endif /* POLARSSL_HAVE_INT64 */ + *sig_len = ((rsa_context *) ctx)->len; return( rsa_pkcs1_sign( (rsa_context *) ctx, f_rng, p_rng, RSA_PRIVATE, @@ -411,6 +424,11 @@ static int rsa_alt_sign_wrap( void *ctx, md_type_t md_alg, { rsa_alt_context *rsa_alt = (rsa_alt_context *) ctx; +#if defined(POLARSSL_HAVE_INT64) + if( UINT_MAX < hash_len ) + return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); +#endif /* POLARSSL_HAVE_INT64 */ + *sig_len = rsa_alt->key_len_func( rsa_alt->key ); return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, RSA_PRIVATE, From 562bbb6f6a775dc371a641be7b1bd80812e3ca9f Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 20 Jan 2017 11:52:40 +0000 Subject: [PATCH 14/44] Add PK tests to avoid hashlen overflow for RSA --- tests/suites/test_suite_pk.data | 3 +++ tests/suites/test_suite_pk.function | 35 +++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 73694d29db..7915be764c 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -150,3 +150,6 @@ Check pair #5 (RSA vs EC) depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_RSA_C pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server1.key":POLARSSL_ERR_PK_TYPE_MISMATCH +RSA hash_len overflow (size_t vs unsigned int) +depends_on:POLARSSL_RSA_C:POLARSSL_HAVE_INT64 +pk_rsa_overflow: diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index cc378c499f..435efb43c5 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -5,6 +5,9 @@ #include "polarssl/ecp.h" #include "polarssl/rsa.h" +/* For detecting 64-bit compilation */ +#include "polarssl/bignum.h" + static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ); #define RSA_KEY_SIZE 512 @@ -414,6 +417,33 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:POLARSSL_RSA_C:POLARSSL_HAVE_INT64 */ +void pk_rsa_overflow( ) +{ + pk_context pk; + size_t hash_len = (size_t)-1; + + pk_init( &pk ); + + TEST_ASSERT( pk_init_ctx( &pk, pk_info_from_type( POLARSSL_PK_RSA ) ) == 0 ); + +#if defined(POLARSSL_PKCS1_V21) + TEST_ASSERT( pk_verify_ext( POLARSSL_PK_RSASSA_PSS, NULL, &pk, + POLARSSL_MD_NONE, NULL, hash_len, NULL, 0 ) == + POLARSSL_ERR_PK_BAD_INPUT_DATA ); +#endif /* POLARSSL_PKCS1_V21 */ + + TEST_ASSERT( pk_verify( &pk, POLARSSL_MD_NONE, NULL, hash_len, + NULL, 0 ) == POLARSSL_ERR_PK_BAD_INPUT_DATA ); + + TEST_ASSERT( pk_sign( &pk, POLARSSL_MD_NONE, NULL, hash_len, NULL, 0, + rnd_std_rand, NULL ) == POLARSSL_ERR_PK_BAD_INPUT_DATA ); + +exit: + pk_free( &pk ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:POLARSSL_RSA_C */ void pk_rsa_alt( ) { @@ -461,6 +491,11 @@ void pk_rsa_alt( ) /* Test signature */ TEST_ASSERT( pk_sign( &alt, POLARSSL_MD_NONE, hash, sizeof hash, sig, &sig_len, rnd_std_rand, NULL ) == 0 ); +#if defined(POLARSSL_HAVE_INT64) + TEST_ASSERT( pk_sign( &alt, POLARSSL_MD_NONE, hash, (size_t)-1, + NULL, NULL, rnd_std_rand, NULL ) == + POLARSSL_ERR_PK_BAD_INPUT_DATA ); +#endif /* POLARSSL_HAVE_INT64 */ TEST_ASSERT( sig_len == RSA_KEY_LEN ); TEST_ASSERT( pk_verify( &rsa, POLARSSL_MD_NONE, hash, sizeof hash, sig, sig_len ) == 0 ); From d9c8f26f8bfbbc9d704371639124a7f6c2914512 Mon Sep 17 00:00:00 2001 From: Simon B Date: Thu, 10 Nov 2016 13:19:42 +0000 Subject: [PATCH 15/44] Fix for MSVC Compiler warnings Fixes Microsoft Visual C compiler warnings in multiple files. All issues with type mismatches. --- library/ccm.c | 6 ++++-- library/ssl_srv.c | 10 ++++++++++ library/ssl_tls.c | 2 +- library/x509_crt.c | 2 +- 4 files changed, 16 insertions(+), 4 deletions(-) diff --git a/library/ccm.c b/library/ccm.c index e397e0a428..bc3700f092 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -140,7 +140,7 @@ static int ccm_auth_crypt( ccm_context *ctx, int mode, size_t length, { int ret; unsigned char i; - unsigned char q = 16 - 1 - iv_len; + unsigned char q; size_t len_left, olen; unsigned char b[16]; unsigned char y[16]; @@ -163,6 +163,8 @@ static int ccm_auth_crypt( ccm_context *ctx, int mode, size_t length, if( add_len > 0xFF00 ) return( POLARSSL_ERR_CCM_BAD_INPUT ); + q = 16 - 1 - (unsigned char) iv_len; + /* * First block B_0: * 0 .. 0 flags @@ -254,7 +256,7 @@ static int ccm_auth_crypt( ccm_context *ctx, int mode, size_t length, while( len_left > 0 ) { - unsigned char use_len = len_left > 16 ? 16 : len_left; + size_t use_len = len_left > 16 ? 16 : len_left; if( mode == CCM_ENCRYPT ) { diff --git a/library/ssl_srv.c b/library/ssl_srv.c index f0a88fe2d8..90d5ac7ff0 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2981,7 +2981,17 @@ static int ssl_parse_encrypted_pms( ssl_context *ssl, ssl->handshake->pmslen = 48; /* mask = diff ? 0xff : 0x00 */ + /* MSVC has a warning about unary minus on unsigned, but this is + * well-defined and precisely what we want to do here */ +#if defined(_MSC_VER) +#pragma warning( push ) +#pragma warning( disable : 4146 ) +#endif mask = - ( diff | - diff ) >> ( sizeof( unsigned int ) * 8 - 1 ); +#if defined(_MSC_VER) +#pragma warning( pop ) +#endif + for( i = 0; i < ssl->handshake->pmslen; i++ ) pms[i] = ( mask & fake_pms[i] ) | ( (~mask) & peer_pms[i] ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0dd4a6c56f..8604997995 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1484,7 +1484,7 @@ static int ssl_decrypt_buf( ssl_context *ssl ) unsigned char add_data[13]; unsigned char taglen = ssl->transform_in->ciphersuite_info->flags & POLARSSL_CIPHERSUITE_SHORT_TAG ? 8 : 16; - unsigned char explicit_iv_len = ssl->transform_in->ivlen - + size_t explicit_iv_len = ssl->transform_in->ivlen - ssl->transform_in->fixed_ivlen; if( ssl->in_msglen < (size_t) explicit_iv_len + taglen ) diff --git a/library/x509_crt.c b/library/x509_crt.c index b7c73df1db..4b831aed30 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -988,7 +988,7 @@ int x509_crt_parse_path( x509_crt *chain, const char *path ) p = filename + len; filename[len++] = '*'; - w_ret = MultiByteToWideChar( CP_ACP, 0, filename, len, szDir, + w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir, MAX_PATH - 3 ); if( w_ret == 0 ) return( POLARSSL_ERR_X509_BAD_INPUT_DATA ); From 29b43737ba22ce86934cc5f63107b14cd0eb8f79 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 7 Dec 2016 16:08:04 +0000 Subject: [PATCH 16/44] Fix unused variable/function compilation warnings This PR fixes a number of unused variable/function compilation warnings that arise when using a config.h that does not define the macro POLARSSL_PEM_PARSE_C. --- ChangeLog | 3 +++ library/pem.c | 2 +- library/x509_csr.c | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4cfcfeb435..2e25e1ca9f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,9 @@ Bugfix * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing the input string in PEM format to extract the different components. Found by Eyal Itkin. + * Fix unused variable/function compilation warnings in pem.c and x509_csr.c + that are reported when building mbed TLS with a config.h that does not + define POLARSSL_PEM_PARSE_C. #562 = mbed TLS 1.3.18 branch 2016-10-17 diff --git a/library/pem.c b/library/pem.c index 1fe238726c..b2c16c292a 100644 --- a/library/pem.c +++ b/library/pem.c @@ -45,12 +45,12 @@ #define polarssl_free free #endif +#if defined(POLARSSL_PEM_PARSE_C) /* Implementation that should never be optimized out by the compiler */ static void polarssl_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; } -#if defined(POLARSSL_PEM_PARSE_C) void pem_init( pem_context *ctx ) { memset( ctx, 0, sizeof( pem_context ) ); diff --git a/library/x509_csr.c b/library/x509_csr.c index 558b078b73..9bdfe884f1 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -260,8 +260,8 @@ int x509_csr_parse_der( x509_csr *csr, */ int x509_csr_parse( x509_csr *csr, const unsigned char *buf, size_t buflen ) { - int ret; #if defined(POLARSSL_PEM_PARSE_C) + int ret; size_t use_len; pem_context pem; #endif From cfad1812508dd8e1baf9c99514c89bda5ab1cd10 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 18 Jan 2017 13:56:58 +0000 Subject: [PATCH 17/44] Fix integer overflows in buffer bound checks Fix potential integer overflows in the following functions: * mbedtls_md2_update() to be bypassed and cause * mbedtls_cipher_update() * mbedtls_ctr_drbg_reseed() This overflows would mainly be exploitable in 32-bit systems and could cause buffer bound checks to be bypassed. --- ChangeLog | 6 ++++++ library/cipher.c | 4 ++-- library/ctr_drbg.c | 3 ++- library/md2.c | 2 +- 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2e25e1ca9f..545893fb6a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,12 @@ Bugfix * Fix unused variable/function compilation warnings in pem.c and x509_csr.c that are reported when building mbed TLS with a config.h that does not define POLARSSL_PEM_PARSE_C. #562 + * Fixed potential arithmetic overflow in mbedtls_ctr_drbg_reseed() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflows in mbedtls_cipher_update() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in mbedtls_md2_update() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. = mbed TLS 1.3.18 branch 2016-10-17 diff --git a/library/cipher.c b/library/cipher.c index b69d331060..7ea25cfc2b 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -315,9 +315,9 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, * If there is not enough data for a full block, cache it. */ if( ( ctx->operation == POLARSSL_DECRYPT && - ilen + ctx->unprocessed_len <= cipher_get_block_size( ctx ) ) || + ilen <= cipher_get_block_size( ctx ) - ctx->unprocessed_len ) || ( ctx->operation == POLARSSL_ENCRYPT && - ilen + ctx->unprocessed_len < cipher_get_block_size( ctx ) ) ) + ilen < cipher_get_block_size( ctx ) - ctx->unprocessed_len ) ) { memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, ilen ); diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 24adff08f9..7b315e888b 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -277,7 +277,8 @@ int ctr_drbg_reseed( ctr_drbg_context *ctx, unsigned char seed[CTR_DRBG_MAX_SEED_INPUT]; size_t seedlen = 0; - if( ctx->entropy_len + len > CTR_DRBG_MAX_SEED_INPUT ) + if( ctx->entropy_len > CTR_DRBG_MAX_SEED_INPUT || + len > CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len ) return( POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG ); memset( seed, 0, CTR_DRBG_MAX_SEED_INPUT ); diff --git a/library/md2.c b/library/md2.c index 110cd95bcd..2ac7eba61b 100644 --- a/library/md2.c +++ b/library/md2.c @@ -155,7 +155,7 @@ void md2_update( md2_context *ctx, const unsigned char *input, size_t ilen ) while( ilen > 0 ) { - if( ctx->left + ilen > 16 ) + if( ilen > 16 - ctx->left ) fill = 16 - ctx->left; else fill = ilen; From 7ded99ff6475d04d02344bfab9a00e482526dbe2 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 18 Jan 2017 17:21:03 +0000 Subject: [PATCH 18/44] Fix integer overflow in mbedtls_base64_decode() Fix potential integer overflows in the function mbedtls_base64_decode(). This overflow would mainly be exploitable in 32-bit systems and could cause buffer bound checks to be bypassed. --- ChangeLog | 2 ++ library/base64.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 545893fb6a..81af3700a0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,8 @@ Bugfix cause buffer bound checks to be bypassed. Found by Eyal Itkin. * Fixed potential arithmetic overflow in mbedtls_md2_update() that could cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in mbedtls_base64_decode() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. = mbed TLS 1.3.18 branch 2016-10-17 diff --git a/library/base64.c b/library/base64.c index 7de87e51ce..3de67f0905 100644 --- a/library/base64.c +++ b/library/base64.c @@ -198,7 +198,7 @@ int base64_decode( unsigned char *dst, size_t *dlen, return( 0 ); } - n = ( ( n * 6 ) + 7 ) >> 3; + n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); n -= j; if( dst == NULL || *dlen < n ) From b2bad3c79be5712a2213fc13d092898c7889988f Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 1 Feb 2017 12:38:44 +0000 Subject: [PATCH 19/44] Adds dl link library to OpenSSL example builds The example o_p_test uses OpenSSL. On some platforms that fails to build unless the dl library is included as a static link library. --- programs/test/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index da3376e646..500043146c 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -31,7 +31,7 @@ install(TARGETS selftest benchmark ssl_test ssl_cert_test if(OPENSSL_FOUND) add_executable(o_p_test o_p_test.c) include_directories(${OPENSSL_INCLUDE_DIR}) - target_link_libraries(o_p_test ${libs} ${OPENSSL_LIBRARIES}) + target_link_libraries(o_p_test ${libs} ${OPENSSL_LIBRARIES} ${CMAKE_DL_LIBS}) install(TARGETS o_p_test DESTINATION "bin" From ba32ebf7f4ad336cb1f5429fba884d70bf94e39d Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Feb 2017 08:46:53 +0000 Subject: [PATCH 20/44] Add comment to integer overflow fix in base64.c Adds clarifying comment to the integer overflow fix in base64.c --- library/base64.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/base64.c b/library/base64.c index 3de67f0905..ba6926083b 100644 --- a/library/base64.c +++ b/library/base64.c @@ -198,6 +198,10 @@ int base64_decode( unsigned char *dst, size_t *dlen, return( 0 ); } + /* The following expression is to calculate the following formula without + * risk of integer overflow in n: + * n = ( ( n * 6 ) + 7 ) >> 3; + */ n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); n -= j; From e6254531d06763777e2f0ff9ea072847459b42e7 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Feb 2017 15:01:24 +0000 Subject: [PATCH 21/44] Fix curves.pl script to build The script, `tests/scripts/curves.pl` was broken, and did not build due to the make command not having been updated with the change from polarssl to mbed TLS. --- tests/scripts/curves.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl index 1f489a3879..25e43d8961 100755 --- a/tests/scripts/curves.pl +++ b/tests/scripts/curves.pl @@ -34,7 +34,7 @@ for my $curve (@curves) { system( "scripts/config.pl unset $curve" ) and abort "Failed to disable $curve\n"; - system( "make polarssl" ) and abort "Failed to build lib: $curve\n"; + system( "make lib" ) and abort "Failed to build lib: $curve\n"; system( "cd tests && make" ) and abort "Failed to build tests: $curve\n"; system( "make $test" ) and abort "Failed test suite: $curve\n"; From 851dcc96d4a19b66668abfec1b0a35b6a68c88cd Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Feb 2017 16:53:50 +0000 Subject: [PATCH 22/44] Add credit to Changelog for #562 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 81af3700a0..3c7a423b20 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,7 +8,7 @@ Bugfix by Eyal Itkin. * Fix unused variable/function compilation warnings in pem.c and x509_csr.c that are reported when building mbed TLS with a config.h that does not - define POLARSSL_PEM_PARSE_C. #562 + define POLARSSL_PEM_PARSE_C. Found by omnium21. #562 * Fixed potential arithmetic overflow in mbedtls_ctr_drbg_reseed() that could cause buffer bound checks to be bypassed. Found by Eyal Itkin. * Fixed potential arithmetic overflows in mbedtls_cipher_update() that could From 63c4fda9cfd52606902565c69692f4d7bdd176db Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 3 Feb 2017 13:00:02 +0000 Subject: [PATCH 23/44] Add lib target to library/CMakeLists.txt --- library/CMakeLists.txt | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 8ccc7a3910..d98fc716ad 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -136,10 +136,18 @@ endif(USE_SHARED_MBEDTLS_LIBRARY) if(UNIX) add_custom_target(polarssl - DEPENDS mbedtls # TODO: and mbedtls_static is shared is defined + DEPENDS mbedtls COMMAND ${CMAKE_SOURCE_DIR}/scripts/polarssl_symlinks.sh ${CMAKE_BINARY_DIR}/library ) + add_custom_target(lib + DEPENDS polarssl + ) + + set_directory_properties(PROPERTIES + ADDITIONAL_MAKE_CLEAN_FILES "${CMAKE_BINARY_DIR}/library/libpolarssl.a" + ) + if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) add_dependencies(polarssl mbedtls_static) endif() From de6079af8e60fc07ad64747db3e2731388305f53 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 24 Oct 2016 11:23:36 +0100 Subject: [PATCH 24/44] Fix buffer overreads in mbedtls_pem_read_buffer() --- ChangeLog | 3 +++ library/pem.c | 20 +++++++++++--------- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 316c5def27..80c9c09a4b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,9 @@ Bugfix * Fix unused variable/function compilation warnings in pem.c and x509_csr.c that are reported when building mbed TLS with a config.h that does not define POLARSSL_PEM_PARSE_C. Found by omnium21. #562 + * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing + the input string in pem format to extract the different components. Found + by Eyal Itkin. = mbed TLS 1.3.18 branch 2016-10-17 diff --git a/library/pem.c b/library/pem.c index ac83116916..b2c16c292a 100644 --- a/library/pem.c +++ b/library/pem.c @@ -250,7 +250,7 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, enc = 0; - if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 ) + if( s2 - s1 >= 22 && memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 ) { #if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \ ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) ) @@ -263,22 +263,22 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, #if defined(POLARSSL_DES_C) - if( memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 ) + if( s2 - s1 >= 23 && memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 ) { enc_alg = POLARSSL_CIPHER_DES_EDE3_CBC; s1 += 23; - if( pem_get_iv( s1, pem_iv, 8 ) != 0 ) + if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8 ) != 0 ) return( POLARSSL_ERR_PEM_INVALID_ENC_IV ); s1 += 16; } - else if( memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 ) + else if( s2 - s1 >= 18 && memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 ) { enc_alg = POLARSSL_CIPHER_DES_CBC; s1 += 18; - if( pem_get_iv( s1, pem_iv, 8) != 0 ) + if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8) != 0 ) return( POLARSSL_ERR_PEM_INVALID_ENC_IV ); s1 += 16; @@ -286,9 +286,11 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, #endif /* POLARSSL_DES_C */ #if defined(POLARSSL_AES_C) - if( memcmp( s1, "DEK-Info: AES-", 14 ) == 0 ) + if( s2 - s1 >= 14 && memcmp( s1, "DEK-Info: AES-", 14 ) == 0 ) { - if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 ) + if( s2 - s1 < 22 ) + return( POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG ); + else if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 ) enc_alg = POLARSSL_CIPHER_AES_128_CBC; else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 ) enc_alg = POLARSSL_CIPHER_AES_192_CBC; @@ -298,7 +300,7 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, return( POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG ); s1 += 22; - if( pem_get_iv( s1, pem_iv, 16 ) != 0 ) + if( s2 - s1 < 32 || pem_get_iv( s1, pem_iv, 16 ) != 0 ) return( POLARSSL_ERR_PEM_INVALID_ENC_IV ); s1 += 32; @@ -317,7 +319,7 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, ( POLARSSL_AES_C || POLARSSL_DES_C ) */ } - if( s1 == s2 ) + if( s1 >= s2 ) return( POLARSSL_ERR_PEM_INVALID_DATA ); len = 0; From 480f7e7d5e5996f2bfd9a88aa2a043edae5c0354 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 24 Oct 2016 14:31:54 +0100 Subject: [PATCH 25/44] Add tests for overreads in pem_read_buffer() --- ChangeLog | 2 +- tests/suites/test_suite_pem.data | 9 +++++++++ tests/suites/test_suite_pem.function | 24 ++++++++++++++++++------ 3 files changed, 28 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 80c9c09a4b..83fd5ac5fb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,7 +14,7 @@ Bugfix that are reported when building mbed TLS with a config.h that does not define POLARSSL_PEM_PARSE_C. Found by omnium21. #562 * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing - the input string in pem format to extract the different components. Found + the input string in PEM format to extract the different components. Found by Eyal Itkin. = mbed TLS 1.3.18 branch 2016-10-17 diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index 311ea9c15a..9c7b305179 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -15,3 +15,12 @@ pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"00010203040506 PEM write (exactly two lines + 1) pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n" + +PEM read (DES-EDE3-CBC + invalid iv) +pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":-4608 + +PEM read (DES-CBC + invalid iv) +pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":-4608 + +PEM read (unknown encryption algorithm) +pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":-4736 diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function index f8aab47c1a..e0b7679841 100644 --- a/tests/suites/test_suite_pem.function +++ b/tests/suites/test_suite_pem.function @@ -3,12 +3,7 @@ #include "polarssl/pem.h" /* END_HEADER */ -/* BEGIN_DEPENDENCIES - * depends_on:POLARSSL_PEM_WRITE_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:POLARSSL_PEM_WRITE_C */ void pem_write_buffer( char *start, char *end, char *buf_str, char *result_str ) { unsigned char buf[5000]; @@ -38,3 +33,20 @@ exit: polarssl_free( check_buf ); } /* END_CASE */ + +/* BEGIN_CASE depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_AES_C:POLARSSL_DES_C:POLARSSL_MD5_C:POLARSSL_CIPHER_MODE_CBC */ +void pem_read_buffer( char *header, char *footer, char *data, int ret ) +{ + pem_context ctx; + size_t use_len = 0; + + pem_init( &ctx ); + + TEST_ASSERT( pem_read_buffer( &ctx, header, footer, + (const unsigned char *)data, NULL, 0, + &use_len ) == ret ); + +exit: + pem_free( &ctx ); +} +/* END_CASE */ From 74ef65077202543b06f1d310d2db3fb69facc0d7 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 18 Jan 2017 13:56:58 +0000 Subject: [PATCH 26/44] Fix integer overflows in buffer bound checks Fix potential integer overflows in the following functions: * mbedtls_md2_update() to be bypassed and cause * mbedtls_cipher_update() * mbedtls_ctr_drbg_reseed() This overflows would mainly be exploitable in 32-bit systems and could cause buffer bound checks to be bypassed. --- ChangeLog | 6 ++++++ library/cipher.c | 4 ++-- library/ctr_drbg.c | 3 ++- library/md2.c | 2 +- 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 83fd5ac5fb..6f5d24b72b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,12 @@ Bugfix * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing the input string in PEM format to extract the different components. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in mbedtls_ctr_drbg_reseed() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflows in mbedtls_cipher_update() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in mbedtls_md2_update() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. = mbed TLS 1.3.18 branch 2016-10-17 diff --git a/library/cipher.c b/library/cipher.c index b69d331060..7ea25cfc2b 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -315,9 +315,9 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, * If there is not enough data for a full block, cache it. */ if( ( ctx->operation == POLARSSL_DECRYPT && - ilen + ctx->unprocessed_len <= cipher_get_block_size( ctx ) ) || + ilen <= cipher_get_block_size( ctx ) - ctx->unprocessed_len ) || ( ctx->operation == POLARSSL_ENCRYPT && - ilen + ctx->unprocessed_len < cipher_get_block_size( ctx ) ) ) + ilen < cipher_get_block_size( ctx ) - ctx->unprocessed_len ) ) { memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, ilen ); diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 24adff08f9..7b315e888b 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -277,7 +277,8 @@ int ctr_drbg_reseed( ctr_drbg_context *ctx, unsigned char seed[CTR_DRBG_MAX_SEED_INPUT]; size_t seedlen = 0; - if( ctx->entropy_len + len > CTR_DRBG_MAX_SEED_INPUT ) + if( ctx->entropy_len > CTR_DRBG_MAX_SEED_INPUT || + len > CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len ) return( POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG ); memset( seed, 0, CTR_DRBG_MAX_SEED_INPUT ); diff --git a/library/md2.c b/library/md2.c index 110cd95bcd..2ac7eba61b 100644 --- a/library/md2.c +++ b/library/md2.c @@ -155,7 +155,7 @@ void md2_update( md2_context *ctx, const unsigned char *input, size_t ilen ) while( ilen > 0 ) { - if( ctx->left + ilen > 16 ) + if( ilen > 16 - ctx->left ) fill = 16 - ctx->left; else fill = ilen; From 59abd301f53d295c9a831fdcf9f97ef2878df72a Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 18 Jan 2017 17:21:03 +0000 Subject: [PATCH 27/44] Fix integer overflow in mbedtls_base64_decode() Fix potential integer overflows in the function mbedtls_base64_decode(). This overflow would mainly be exploitable in 32-bit systems and could cause buffer bound checks to be bypassed. --- ChangeLog | 2 ++ library/base64.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 6f5d24b72b..d8b1061001 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,8 @@ Bugfix cause buffer bound checks to be bypassed. Found by Eyal Itkin. * Fixed potential arithmetic overflow in mbedtls_md2_update() that could cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in mbedtls_base64_decode() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. = mbed TLS 1.3.18 branch 2016-10-17 diff --git a/library/base64.c b/library/base64.c index 7de87e51ce..3de67f0905 100644 --- a/library/base64.c +++ b/library/base64.c @@ -198,7 +198,7 @@ int base64_decode( unsigned char *dst, size_t *dlen, return( 0 ); } - n = ( ( n * 6 ) + 7 ) >> 3; + n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); n -= j; if( dst == NULL || *dlen < n ) From 746edf4e75e686075f0659701151582b56cb4ffb Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Feb 2017 08:46:53 +0000 Subject: [PATCH 28/44] Add comment to integer overflow fix in base64.c Adds clarifying comment to the integer overflow fix in base64.c --- library/base64.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/base64.c b/library/base64.c index 3de67f0905..ba6926083b 100644 --- a/library/base64.c +++ b/library/base64.c @@ -198,6 +198,10 @@ int base64_decode( unsigned char *dst, size_t *dlen, return( 0 ); } + /* The following expression is to calculate the following formula without + * risk of integer overflow in n: + * n = ( ( n * 6 ) + 7 ) >> 3; + */ n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); n -= j; From 22d77a209f05be7a461bf24b9fb1133e662b13f3 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 2 Feb 2017 14:36:49 +0000 Subject: [PATCH 29/44] Fix generate_code.pl to handle escaped : --- tests/scripts/generate_code.pl | 2 +- tests/suites/test_suite_pem.data | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 078e82df95..e13a2d0da3 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -139,7 +139,7 @@ while($test_cases =~ /\/\* BEGIN_CASE *([\w:]*) \*\/\n(.*?)\n\/\* END_CASE \*\// $param_defs .= " char *param$i = params[$i];\n"; $param_checks .= " if( verify_string( ¶m$i ) != 0 ) return( 2 );\n"; push @dispatch_params, "param$i"; - $mapping_regex .= ":[^:\n]+"; + $mapping_regex .= ":(?:\\\\.|[^:\n])+"; } else { diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index 9c7b305179..b5f63e5504 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -17,10 +17,10 @@ PEM write (exactly two lines + 1) pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n" PEM read (DES-EDE3-CBC + invalid iv) -pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":-4608 +pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":POLARSSL_ERR_PEM_INVALID_ENC_IV PEM read (DES-CBC + invalid iv) -pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":-4608 +pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":POLARSSL_ERR_PEM_INVALID_ENC_IV PEM read (unknown encryption algorithm) -pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":-4736 +pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG From dcd49ec05a85cc465af30be5366435626418fcd2 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 3 Feb 2017 13:00:02 +0000 Subject: [PATCH 30/44] Add lib target to library/CMakeLists.txt --- library/CMakeLists.txt | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 8ccc7a3910..d98fc716ad 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -136,10 +136,18 @@ endif(USE_SHARED_MBEDTLS_LIBRARY) if(UNIX) add_custom_target(polarssl - DEPENDS mbedtls # TODO: and mbedtls_static is shared is defined + DEPENDS mbedtls COMMAND ${CMAKE_SOURCE_DIR}/scripts/polarssl_symlinks.sh ${CMAKE_BINARY_DIR}/library ) + add_custom_target(lib + DEPENDS polarssl + ) + + set_directory_properties(PROPERTIES + ADDITIONAL_MAKE_CLEAN_FILES "${CMAKE_BINARY_DIR}/library/libpolarssl.a" + ) + if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) add_dependencies(polarssl mbedtls_static) endif() From 7346a7e55a4fb936da97044bc261bd460e92e511 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 26 Feb 2017 02:01:49 +0000 Subject: [PATCH 31/44] Fix formatting in ChangeLog --- ChangeLog | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index beb4dca7ec..6ff5cc183b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,11 +3,11 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 1.3.x branch released xxxx-xx-xx Security - * Add checks to prevent signature forgeries for very large messages while - using RSA through the PK module in 64-bit systems. The issue was caused by - some data loss when casting a size_t to an unsigned int value in the - functions rsa_verify_wrap(), rsa_sign_wrap(), rsa_alt_sign_wrap() and - pk_sign(). Found by Jean-Philippe Aumasson. + * Add checks to prevent signature forgeries for very large messages while + using RSA through the PK module in 64-bit systems. The issue was caused by + some data loss when casting a size_t to an unsigned int value in the + functions rsa_verify_wrap(), rsa_sign_wrap(), rsa_alt_sign_wrap() and + pk_sign(). Found by Jean-Philippe Aumasson. * Fixed potential livelock during the parsing of a CRL in PEM format in mbedtls_x509_crl_parse(). A string containing a CRL followed by trailing characters after the footer could result in the execution of an infinite From 03af0e0151b82e93fb43100dc44fa57c5742278d Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 23 Jan 2017 14:58:27 +0000 Subject: [PATCH 32/44] Fix memory leak in x509_crl_parse() The memory leak call was caused by missing calls to pem_free(). --- ChangeLog | 3 +++ library/x509_crl.c | 5 +++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index fd7a3f5b6c..12c541cde6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -37,6 +37,9 @@ Bugfix cause buffer bound checks to be bypassed. Found by Eyal Itkin. * Fixed potential arithmetic overflow in mbedtls_base64_decode() that could cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fix potential memory leak in x509_crl_parse(). The leak was caused by + missing calls to pem_free() in cases when a + POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was encountered. = mbed TLS 1.3.18 branch 2016-10-17 diff --git a/library/x509_crl.c b/library/x509_crl.c index 0d92bb1318..b2b0bed6e9 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -520,16 +520,17 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen ) if( ( ret = x509_crl_parse_der( chain, pem.buf, pem.buflen ) ) != 0 ) { + pem_free( &pem ); return( ret ); } - - pem_free( &pem ); } else if( is_pem ) { pem_free( &pem ); return( ret ); } + + pem_free( &pem ); } while( is_pem && buflen > 0 ); From bfef0ce5e46473e41de87482e81c775e0c766e3b Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 28 Feb 2017 16:36:22 +0000 Subject: [PATCH 33/44] Fix credit in ChangeLog for #722 --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 12c541cde6..e26caed4ac 100644 --- a/ChangeLog +++ b/ChangeLog @@ -39,7 +39,8 @@ Bugfix cause buffer bound checks to be bypassed. Found by Eyal Itkin. * Fix potential memory leak in x509_crl_parse(). The leak was caused by missing calls to pem_free() in cases when a - POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was encountered. + POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was encountered. Found and + fix proposed by Guido Vranken. #722 = mbed TLS 1.3.18 branch 2016-10-17 From 0990a8b4c54a39a30f143d1cf7ff35575c957fa8 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 27 Jan 2017 15:51:14 +0000 Subject: [PATCH 34/44] Add invalid key tests for curve SECP224K1 This curve has special arithmetic on 64 bit platforms and an untested path lead to trying to free a buffer on the stack. For the sake of completeness, a test case for a point with non-affine coordinates has been added as well. --- tests/suites/test_suite_ecp.data | 12 ++++++++++-- tests/suites/test_suite_ecp.function | 7 ++++--- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index a5dc528e48..1a6c241b79 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -161,11 +161,19 @@ ecp_small_check_pub:10:25:1:POLARSSL_ERR_ECP_INVALID_KEY ECP check pubkey Montgomery #1 (too big) depends_on:POLARSSL_ECP_DP_M255_ENABLED -ecp_check_pub_mx:POLARSSL_ECP_DP_M255:"010000000000000000000000000000000000000000000000000000000000000000":POLARSSL_ERR_ECP_INVALID_KEY +ecp_check_pub:POLARSSL_ECP_DP_M255:"010000000000000000000000000000000000000000000000000000000000000000":"0":"1":POLARSSL_ERR_ECP_INVALID_KEY ECP check pubkey Montgomery #2 (biggest) depends_on:POLARSSL_ECP_DP_M255_ENABLED -ecp_check_pub_mx:POLARSSL_ECP_DP_M255:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":0 +ecp_check_pub:POLARSSL_ECP_DP_M255:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":"0":"1":0 + +ECP check pubkey Koblitz #1 (point not on curve) +depends_on:POLARSSL_ECP_DP_SECP224K1_ENABLED +ecp_check_pub:POLARSSL_ECP_DP_SECP224K1:"E2000000000000BB3A13D43B323337383935321F0603551D":"100101FF040830060101FF02010A30220603551D0E041B04636FC0C0":"1":POLARSSL_ERR_ECP_INVALID_KEY + +ECP check pubkey Koblitz #2 (coordinate not affine) +depends_on:POLARSSL_ECP_DP_SECP224K1_ENABLED +ecp_check_pub:POLARSSL_ECP_DP_SECP224K1:"E2000000000000BB3A13D43B323337383935321F0603551D":"100101FF040830060101FF02010A30220603551D0E041B04636FC0C0":"101":POLARSSL_ERR_ECP_INVALID_KEY ECP write binary #0 (zero, bad format) depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 696c5977ec..edb4b61d64 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -196,7 +196,7 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void ecp_check_pub_mx( int grp_id, char *key_hex, int ret ) +void ecp_check_pub( int grp_id, char *x_hex, char *y_hex, char *z_hex, int ret ) { ecp_group grp; ecp_point P; @@ -206,8 +206,9 @@ void ecp_check_pub_mx( int grp_id, char *key_hex, int ret ) TEST_ASSERT( ecp_use_known_dp( &grp, grp_id ) == 0 ); - TEST_ASSERT( mpi_read_string( &P.X, 16, key_hex ) == 0 ); - TEST_ASSERT( mpi_lset( &P.Z, 1 ) == 0 ); + TEST_ASSERT( mpi_read_string( &P.X, 16, x_hex ) == 0 ); + TEST_ASSERT( mpi_read_string( &P.Y, 16, y_hex ) == 0 ); + TEST_ASSERT( mpi_read_string( &P.Z, 16, z_hex ) == 0 ); TEST_ASSERT( ecp_check_pubkey( &grp, &P ) == ret ); From f5ffc79896681daddf7530646c0908f51a887dbd Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 27 Jan 2017 16:05:20 +0000 Subject: [PATCH 35/44] ECP: Prevent freeing a buffer on stack The function ecp_mod_koblitz computed the space for the result of a multiplication optimally for that specific case, but unfortunately the function mbedtls_mpi_mul_mpi performs a generic, suboptimal calculation and needs one more limb for the result. Since the result's buffer is on the stack, the best case scenario is that the program stops. This only happened on 64 bit platforms. Fixes #569 --- ChangeLog | 6 ++++++ library/ecp_curves.c | 6 +++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index e26caed4ac..e657ebeeec 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,12 @@ Security characters after the footer could result in the execution of an infinite loop. The issue can be triggered remotely. Found by Greg Zaverucha, Microsoft. + * Fixed a bug that caused freeing a buffer that was allocated on the stack, + when verifying the validity of a key on secp224k1. This could be + triggered remotely for example with a maliciously constructed certificate + and might have led to remote code execution on some exotic embedded + platforms. Reported independently by rongsaws and Regina Wilson. + CVE-2017-2784 Bugfix * Fix output certificate verification flags set by x509_crt_verify_top() when diff --git a/library/ecp_curves.c b/library/ecp_curves.c index f5afe44b5a..db6ad3ced8 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -1264,7 +1264,7 @@ static inline int ecp_mod_koblitz( mpi *N, t_uint *Rp, size_t p_limbs, int ret; size_t i; mpi M, R; - t_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R]; + t_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1]; if( N->n < p_limbs ) return( 0 ); @@ -1286,7 +1286,7 @@ static inline int ecp_mod_koblitz( mpi *N, t_uint *Rp, size_t p_limbs, memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( t_uint ) ); if( shift != 0 ) MPI_CHK( mpi_shift_r( &M, shift ) ); - M.n += R.n - adjust; /* Make room for multiplication by R */ + M.n += R.n; /* Make room for multiplication by R */ /* N = A0 */ if( mask != 0 ) @@ -1308,7 +1308,7 @@ static inline int ecp_mod_koblitz( mpi *N, t_uint *Rp, size_t p_limbs, memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( t_uint ) ); if( shift != 0 ) MPI_CHK( mpi_shift_r( &M, shift ) ); - M.n += R.n - adjust; /* Make room for multiplication by R */ + M.n += R.n; /* Make room for multiplication by R */ /* N = A0 */ if( mask != 0 ) From 866a447784cf8ec9fcc337cd2afd8aad0ac9cba5 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 28 Feb 2017 18:47:27 +0000 Subject: [PATCH 36/44] Clarify ChangeLog for #569 --- ChangeLog | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index e657ebeeec..4ccba2fff8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,9 +16,8 @@ Security * Fixed a bug that caused freeing a buffer that was allocated on the stack, when verifying the validity of a key on secp224k1. This could be triggered remotely for example with a maliciously constructed certificate - and might have led to remote code execution on some exotic embedded - platforms. Reported independently by rongsaws and Regina Wilson. - CVE-2017-2784 + and potentially could lead to remote code execution on some platforms. + Reported independently by rongsaws and Regina Wilson. #569 CVE-2017-2784 Bugfix * Fix output certificate verification flags set by x509_crt_verify_top() when From 5b6002555ed32e987ee132835661549757c0c73a Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 1 Mar 2017 22:17:49 +0000 Subject: [PATCH 37/44] Fix Visual Studio template files Adds interim directories to the Visual Studio project files to avoid warning MSB8028 in Visual Studio 2015, where shared directories of intermediate files between project files generate the warning. --- .../data_files/vs2010-app-template.vcxproj | 28 +++++++++++-------- .../data_files/vs2010-main-template.vcxproj | 4 +++ 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/scripts/data_files/vs2010-app-template.vcxproj b/scripts/data_files/vs2010-app-template.vcxproj index 593c22df95..806130a10a 100644 --- a/scripts/data_files/vs2010-app-template.vcxproj +++ b/scripts/data_files/vs2010-app-template.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/scripts/data_files/vs2010-main-template.vcxproj b/scripts/data_files/vs2010-main-template.vcxproj index 6e30ffe154..773b58a331 100644 --- a/scripts/data_files/vs2010-main-template.vcxproj +++ b/scripts/data_files/vs2010-main-template.vcxproj @@ -65,15 +65,19 @@ true + $(Configuration)\$(TargetName)\ true + $(Configuration)\$(TargetName)\ false + $(Configuration)\$(TargetName)\ false + $(Configuration)\$(TargetName)\ From c1526faaeed0013601752a8eb8858118c02080b6 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 1 Mar 2017 23:18:38 +0000 Subject: [PATCH 38/44] Update of the Visual Studio files Contains additional project file, ecdh_curve25519.vcxproj, as well as fix for intermediate files causing the warning MSB8028 with Visual Studio 2015. --- visualc/VS2010/aescrypt2.vcxproj | 28 ++++++++++++---------- visualc/VS2010/benchmark.vcxproj | 28 ++++++++++++---------- visualc/VS2010/cert_app.vcxproj | 28 ++++++++++++---------- visualc/VS2010/cert_req.vcxproj | 28 ++++++++++++---------- visualc/VS2010/cert_write.vcxproj | 28 ++++++++++++---------- visualc/VS2010/crl_app.vcxproj | 28 ++++++++++++---------- visualc/VS2010/crypt_and_hash.vcxproj | 28 ++++++++++++---------- visualc/VS2010/dh_client.vcxproj | 28 ++++++++++++---------- visualc/VS2010/dh_genprime.vcxproj | 28 ++++++++++++---------- visualc/VS2010/dh_server.vcxproj | 28 ++++++++++++---------- visualc/VS2010/ecdsa.vcxproj | 28 ++++++++++++---------- visualc/VS2010/gen_entropy.vcxproj | 28 ++++++++++++---------- visualc/VS2010/gen_key.vcxproj | 28 ++++++++++++---------- visualc/VS2010/gen_random_ctr_drbg.vcxproj | 28 ++++++++++++---------- visualc/VS2010/gen_random_havege.vcxproj | 28 ++++++++++++---------- visualc/VS2010/generic_sum.vcxproj | 28 ++++++++++++---------- visualc/VS2010/hello.vcxproj | 28 ++++++++++++---------- visualc/VS2010/key_app.vcxproj | 28 ++++++++++++---------- visualc/VS2010/key_app_writer.vcxproj | 28 ++++++++++++---------- visualc/VS2010/mbedTLS.vcxproj | 4 ++++ visualc/VS2010/md5sum.vcxproj | 28 ++++++++++++---------- visualc/VS2010/mini_client.vcxproj | 28 ++++++++++++---------- visualc/VS2010/mpi_demo.vcxproj | 28 ++++++++++++---------- visualc/VS2010/pem2der.vcxproj | 28 ++++++++++++---------- visualc/VS2010/pk_decrypt.vcxproj | 28 ++++++++++++---------- visualc/VS2010/pk_encrypt.vcxproj | 28 ++++++++++++---------- visualc/VS2010/pk_sign.vcxproj | 28 ++++++++++++---------- visualc/VS2010/pk_verify.vcxproj | 28 ++++++++++++---------- visualc/VS2010/req_app.vcxproj | 28 ++++++++++++---------- visualc/VS2010/rsa_decrypt.vcxproj | 28 ++++++++++++---------- visualc/VS2010/rsa_encrypt.vcxproj | 28 ++++++++++++---------- visualc/VS2010/rsa_genkey.vcxproj | 28 ++++++++++++---------- visualc/VS2010/rsa_sign.vcxproj | 28 ++++++++++++---------- visualc/VS2010/rsa_sign_pss.vcxproj | 28 ++++++++++++---------- visualc/VS2010/rsa_verify.vcxproj | 28 ++++++++++++---------- visualc/VS2010/rsa_verify_pss.vcxproj | 28 ++++++++++++---------- visualc/VS2010/selftest.vcxproj | 28 ++++++++++++---------- visualc/VS2010/sha1sum.vcxproj | 28 ++++++++++++---------- visualc/VS2010/sha2sum.vcxproj | 28 ++++++++++++---------- visualc/VS2010/ssl_cert_test.vcxproj | 28 ++++++++++++---------- visualc/VS2010/ssl_client1.vcxproj | 28 ++++++++++++---------- visualc/VS2010/ssl_client2.vcxproj | 28 ++++++++++++---------- visualc/VS2010/ssl_fork_server.vcxproj | 28 ++++++++++++---------- visualc/VS2010/ssl_mail_client.vcxproj | 28 ++++++++++++---------- visualc/VS2010/ssl_server.vcxproj | 28 ++++++++++++---------- visualc/VS2010/ssl_server2.vcxproj | 28 ++++++++++++---------- visualc/VS2010/ssl_test.vcxproj | 28 ++++++++++++---------- visualc/VS2010/strerror.vcxproj | 28 ++++++++++++---------- 48 files changed, 756 insertions(+), 564 deletions(-) diff --git a/visualc/VS2010/aescrypt2.vcxproj b/visualc/VS2010/aescrypt2.vcxproj index afbfe48c70..644ef751b3 100644 --- a/visualc/VS2010/aescrypt2.vcxproj +++ b/visualc/VS2010/aescrypt2.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/benchmark.vcxproj b/visualc/VS2010/benchmark.vcxproj index ee3ada3bef..2655c657c1 100644 --- a/visualc/VS2010/benchmark.vcxproj +++ b/visualc/VS2010/benchmark.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/cert_app.vcxproj b/visualc/VS2010/cert_app.vcxproj index 0988a298a2..e73b5eb2a9 100644 --- a/visualc/VS2010/cert_app.vcxproj +++ b/visualc/VS2010/cert_app.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/cert_req.vcxproj b/visualc/VS2010/cert_req.vcxproj index ef3ed2ea28..d378271df5 100644 --- a/visualc/VS2010/cert_req.vcxproj +++ b/visualc/VS2010/cert_req.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/cert_write.vcxproj b/visualc/VS2010/cert_write.vcxproj index 43c009325c..39a3239fc2 100644 --- a/visualc/VS2010/cert_write.vcxproj +++ b/visualc/VS2010/cert_write.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/crl_app.vcxproj b/visualc/VS2010/crl_app.vcxproj index d7599990db..d4055982e6 100644 --- a/visualc/VS2010/crl_app.vcxproj +++ b/visualc/VS2010/crl_app.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/crypt_and_hash.vcxproj b/visualc/VS2010/crypt_and_hash.vcxproj index d9d70ea393..35d4a7b9b8 100644 --- a/visualc/VS2010/crypt_and_hash.vcxproj +++ b/visualc/VS2010/crypt_and_hash.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/dh_client.vcxproj b/visualc/VS2010/dh_client.vcxproj index c211badd09..4774caed85 100644 --- a/visualc/VS2010/dh_client.vcxproj +++ b/visualc/VS2010/dh_client.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/dh_genprime.vcxproj b/visualc/VS2010/dh_genprime.vcxproj index 4e2ee20491..ae8754c0b9 100644 --- a/visualc/VS2010/dh_genprime.vcxproj +++ b/visualc/VS2010/dh_genprime.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/dh_server.vcxproj b/visualc/VS2010/dh_server.vcxproj index 025c54874b..ee219971dd 100644 --- a/visualc/VS2010/dh_server.vcxproj +++ b/visualc/VS2010/dh_server.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ecdsa.vcxproj b/visualc/VS2010/ecdsa.vcxproj index 5d83e1f40e..786b838d57 100644 --- a/visualc/VS2010/ecdsa.vcxproj +++ b/visualc/VS2010/ecdsa.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/gen_entropy.vcxproj b/visualc/VS2010/gen_entropy.vcxproj index d3eee21cbd..00905666d8 100644 --- a/visualc/VS2010/gen_entropy.vcxproj +++ b/visualc/VS2010/gen_entropy.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/gen_key.vcxproj b/visualc/VS2010/gen_key.vcxproj index e72d475219..c7ee53f57c 100644 --- a/visualc/VS2010/gen_key.vcxproj +++ b/visualc/VS2010/gen_key.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/gen_random_ctr_drbg.vcxproj b/visualc/VS2010/gen_random_ctr_drbg.vcxproj index cffbc434ce..78da2dfcb1 100644 --- a/visualc/VS2010/gen_random_ctr_drbg.vcxproj +++ b/visualc/VS2010/gen_random_ctr_drbg.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/gen_random_havege.vcxproj b/visualc/VS2010/gen_random_havege.vcxproj index 729f8fe60e..7e638e3c54 100644 --- a/visualc/VS2010/gen_random_havege.vcxproj +++ b/visualc/VS2010/gen_random_havege.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/generic_sum.vcxproj b/visualc/VS2010/generic_sum.vcxproj index 3ff1563046..b6438610a3 100644 --- a/visualc/VS2010/generic_sum.vcxproj +++ b/visualc/VS2010/generic_sum.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/hello.vcxproj b/visualc/VS2010/hello.vcxproj index 1d368951e3..e0692d9e25 100644 --- a/visualc/VS2010/hello.vcxproj +++ b/visualc/VS2010/hello.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/key_app.vcxproj b/visualc/VS2010/key_app.vcxproj index ecd1154ab9..47e1b29367 100644 --- a/visualc/VS2010/key_app.vcxproj +++ b/visualc/VS2010/key_app.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/key_app_writer.vcxproj b/visualc/VS2010/key_app_writer.vcxproj index 6443005dc7..c434baeb6c 100644 --- a/visualc/VS2010/key_app_writer.vcxproj +++ b/visualc/VS2010/key_app_writer.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 0ee568a307..6e1119a045 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -65,15 +65,19 @@ true + $(Configuration)\$(TargetName)\ true + $(Configuration)\$(TargetName)\ false + $(Configuration)\$(TargetName)\ false + $(Configuration)\$(TargetName)\ diff --git a/visualc/VS2010/md5sum.vcxproj b/visualc/VS2010/md5sum.vcxproj index 02fae33d12..a70e6619fb 100644 --- a/visualc/VS2010/md5sum.vcxproj +++ b/visualc/VS2010/md5sum.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/mini_client.vcxproj b/visualc/VS2010/mini_client.vcxproj index e3007d75b7..4dbeb9d623 100644 --- a/visualc/VS2010/mini_client.vcxproj +++ b/visualc/VS2010/mini_client.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/mpi_demo.vcxproj b/visualc/VS2010/mpi_demo.vcxproj index 881ea23502..dfb68eb9c1 100644 --- a/visualc/VS2010/mpi_demo.vcxproj +++ b/visualc/VS2010/mpi_demo.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/pem2der.vcxproj b/visualc/VS2010/pem2der.vcxproj index 50f877d902..3823107e84 100644 --- a/visualc/VS2010/pem2der.vcxproj +++ b/visualc/VS2010/pem2der.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/pk_decrypt.vcxproj b/visualc/VS2010/pk_decrypt.vcxproj index 17f0ffe908..9b689bf8f5 100644 --- a/visualc/VS2010/pk_decrypt.vcxproj +++ b/visualc/VS2010/pk_decrypt.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/pk_encrypt.vcxproj b/visualc/VS2010/pk_encrypt.vcxproj index 2e49348dad..c58c1d9543 100644 --- a/visualc/VS2010/pk_encrypt.vcxproj +++ b/visualc/VS2010/pk_encrypt.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/pk_sign.vcxproj b/visualc/VS2010/pk_sign.vcxproj index 1549dfdc5b..4b22d3e214 100644 --- a/visualc/VS2010/pk_sign.vcxproj +++ b/visualc/VS2010/pk_sign.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/pk_verify.vcxproj b/visualc/VS2010/pk_verify.vcxproj index 1aee7aeb7f..6d9654c6ab 100644 --- a/visualc/VS2010/pk_verify.vcxproj +++ b/visualc/VS2010/pk_verify.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/req_app.vcxproj b/visualc/VS2010/req_app.vcxproj index 1d38095272..5c6870ce1f 100644 --- a/visualc/VS2010/req_app.vcxproj +++ b/visualc/VS2010/req_app.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/rsa_decrypt.vcxproj b/visualc/VS2010/rsa_decrypt.vcxproj index 67404ef207..fb3f4441c7 100644 --- a/visualc/VS2010/rsa_decrypt.vcxproj +++ b/visualc/VS2010/rsa_decrypt.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/rsa_encrypt.vcxproj b/visualc/VS2010/rsa_encrypt.vcxproj index 8fab1d5ef2..779c020cdc 100644 --- a/visualc/VS2010/rsa_encrypt.vcxproj +++ b/visualc/VS2010/rsa_encrypt.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/rsa_genkey.vcxproj b/visualc/VS2010/rsa_genkey.vcxproj index 87e67f47cb..756b597b45 100644 --- a/visualc/VS2010/rsa_genkey.vcxproj +++ b/visualc/VS2010/rsa_genkey.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/rsa_sign.vcxproj b/visualc/VS2010/rsa_sign.vcxproj index b24d3a1e3e..cf15c70450 100644 --- a/visualc/VS2010/rsa_sign.vcxproj +++ b/visualc/VS2010/rsa_sign.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/rsa_sign_pss.vcxproj b/visualc/VS2010/rsa_sign_pss.vcxproj index d4b605c387..67246d12fe 100644 --- a/visualc/VS2010/rsa_sign_pss.vcxproj +++ b/visualc/VS2010/rsa_sign_pss.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/rsa_verify.vcxproj b/visualc/VS2010/rsa_verify.vcxproj index daaa29da6f..8aa85cb3f8 100644 --- a/visualc/VS2010/rsa_verify.vcxproj +++ b/visualc/VS2010/rsa_verify.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/rsa_verify_pss.vcxproj b/visualc/VS2010/rsa_verify_pss.vcxproj index f8b8c807e2..a046fe2127 100644 --- a/visualc/VS2010/rsa_verify_pss.vcxproj +++ b/visualc/VS2010/rsa_verify_pss.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/selftest.vcxproj b/visualc/VS2010/selftest.vcxproj index 44268d21bb..ae85181b09 100644 --- a/visualc/VS2010/selftest.vcxproj +++ b/visualc/VS2010/selftest.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/sha1sum.vcxproj b/visualc/VS2010/sha1sum.vcxproj index f0b927d659..fab781d089 100644 --- a/visualc/VS2010/sha1sum.vcxproj +++ b/visualc/VS2010/sha1sum.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/sha2sum.vcxproj b/visualc/VS2010/sha2sum.vcxproj index 030bebbf9e..f8353ffec7 100644 --- a/visualc/VS2010/sha2sum.vcxproj +++ b/visualc/VS2010/sha2sum.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ssl_cert_test.vcxproj b/visualc/VS2010/ssl_cert_test.vcxproj index 187c2ec4c2..158f2366ae 100644 --- a/visualc/VS2010/ssl_cert_test.vcxproj +++ b/visualc/VS2010/ssl_cert_test.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ssl_client1.vcxproj b/visualc/VS2010/ssl_client1.vcxproj index 479ca94ccd..390593085d 100644 --- a/visualc/VS2010/ssl_client1.vcxproj +++ b/visualc/VS2010/ssl_client1.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ssl_client2.vcxproj b/visualc/VS2010/ssl_client2.vcxproj index a956922d5b..4fcb6adb70 100644 --- a/visualc/VS2010/ssl_client2.vcxproj +++ b/visualc/VS2010/ssl_client2.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ssl_fork_server.vcxproj b/visualc/VS2010/ssl_fork_server.vcxproj index 18c9165573..389097684d 100644 --- a/visualc/VS2010/ssl_fork_server.vcxproj +++ b/visualc/VS2010/ssl_fork_server.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ssl_mail_client.vcxproj b/visualc/VS2010/ssl_mail_client.vcxproj index c1856175cf..e85cfcbf81 100644 --- a/visualc/VS2010/ssl_mail_client.vcxproj +++ b/visualc/VS2010/ssl_mail_client.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ssl_server.vcxproj b/visualc/VS2010/ssl_server.vcxproj index 09888b750e..cf2b258aa2 100644 --- a/visualc/VS2010/ssl_server.vcxproj +++ b/visualc/VS2010/ssl_server.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ssl_server2.vcxproj b/visualc/VS2010/ssl_server2.vcxproj index b39ce5dce7..5cac05ef99 100644 --- a/visualc/VS2010/ssl_server2.vcxproj +++ b/visualc/VS2010/ssl_server2.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ssl_test.vcxproj b/visualc/VS2010/ssl_test.vcxproj index 33200ab785..56db6fd001 100644 --- a/visualc/VS2010/ssl_test.vcxproj +++ b/visualc/VS2010/ssl_test.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/strerror.vcxproj b/visualc/VS2010/strerror.vcxproj index 58feabceba..927942ffea 100644 --- a/visualc/VS2010/strerror.vcxproj +++ b/visualc/VS2010/strerror.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + From dccf7433658514e38efcdfc30e237bedb79260ef Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Mar 2017 09:18:09 +0000 Subject: [PATCH 39/44] Add fix and credit for #742 to the ChangeLog --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 4ccba2fff8..03bad2ce1f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -46,6 +46,9 @@ Bugfix missing calls to pem_free() in cases when a POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was encountered. Found and fix proposed by Guido Vranken. #722 + * Fixed the templates used to generate project and solution files for Visual + Studio 2015 as well as the files themselves, to remove a build warning + generated in Visual Studio 2015. Reported by Steve Valliere. #742 = mbed TLS 1.3.18 branch 2016-10-17 From c066af670baa44378878bff985728f2ec958d03b Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 1 Mar 2017 13:22:46 +0000 Subject: [PATCH 40/44] Fix failing pkparse test case The first three test cases from test_suites_pkparse.data failed because the key file they read requires DES to be read. However, POLARSSL_DES_C was missing from the dependency list. --- tests/suites/test_suite_pkparse.data | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index aab568d188..f9a35fc116 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -1,13 +1,13 @@ Parse RSA Key #1 (No password when required) -depends_on:POLARSSL_MD5_C:POLARSSL_PEM_PARSE_C:POLARSSL_CIPHER_MODE_CBC +depends_on:POLARSSL_MD5_C:POLARSSL_PEM_PARSE_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_DES_C pk_parse_keyfile_rsa:"data_files/test-ca.key":"NULL":POLARSSL_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #2 (Correct password) -depends_on:POLARSSL_MD5_C:POLARSSL_PEM_PARSE_C:POLARSSL_CIPHER_MODE_CBC +depends_on:POLARSSL_MD5_C:POLARSSL_PEM_PARSE_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_DES_C pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLTest":0 Parse RSA Key #3 (Wrong password) -depends_on:POLARSSL_MD5_C:POLARSSL_PEM_PARSE_C:POLARSSL_CIPHER_MODE_CBC +depends_on:POLARSSL_MD5_C:POLARSSL_PEM_PARSE_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_DES_C pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLWRONG":POLARSSL_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #4 (DES Encrypted) From 2b2fc115df493296ea9dd047d6b52aec7297c0cc Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 1 Mar 2017 14:04:08 +0000 Subject: [PATCH 41/44] Fix buffer overflow in mpi_write_string() Fix a buffer overflow when writting a string representation of an MPI number to a buffer in hexadecimal. The problem occurs because hex digits are written in pairs and this is not accounted for in the calculation of the required buffer size when the number of digits is odd. --- ChangeLog | 3 +++ library/bignum.c | 7 ++++++- tests/suites/test_suite_mpi.data | 3 +++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 03bad2ce1f..8b9e4a6b4c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -49,6 +49,9 @@ Bugfix * Fixed the templates used to generate project and solution files for Visual Studio 2015 as well as the files themselves, to remove a build warning generated in Visual Studio 2015. Reported by Steve Valliere. #742 + * Fix 1 byte buffer overflow in mpi_write_string() when the MPI number to + write in hexadecimal is negative and requires an odd number of digits. + Found and fixed by Guido Vranken. = mbed TLS 1.3.18 branch 2016-10-17 diff --git a/library/bignum.c b/library/bignum.c index 4fe841c344..afde19bd5b 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -538,7 +538,12 @@ int mpi_write_string( const mpi *X, int radix, char *s, size_t *slen ) n = mpi_msb( X ); if( radix >= 4 ) n >>= 1; if( radix >= 16 ) n >>= 1; - n += 3; + /* + * Round up the buffer length to an even value to ensure that there is + * enough room for hexadecimal values that can be represented in an odd + * number of digits. + */ + n += 3 + ( ( n + 1 ) & 1 ); if( *slen < n ) { diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index a8da378f0f..81fc73f325 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -46,6 +46,9 @@ mpi_read_write_string:16:"":16:"00":4:0:0 Test mpi_read_write_string #9 (Empty MPI -> dec) mpi_read_write_string:16:"":10:"0":4:0:0 +Test mpi_write_string #10 (Negative hex with odd number of digits) +mpi_read_write_string:16:"-1":16:"":3:0:POLARSSL_ERR_MPI_BUFFER_TOO_SMALL + Base test mpi_read_binary #1 mpi_read_binary:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924" From d2d6316afc28e2285068ae59b6c10d13e59a00de Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 3 Mar 2017 16:08:27 +0000 Subject: [PATCH 42/44] Removed duplicate entry in ChangeLog --- ChangeLog | 3 --- 1 file changed, 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8b9e4a6b4c..215263d20a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,9 +31,6 @@ Bugfix * Fix unused variable/function compilation warnings in pem.c and x509_csr.c that are reported when building mbed TLS with a config.h that does not define POLARSSL_PEM_PARSE_C. Found by omnium21. #562 - * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing - the input string in PEM format to extract the different components. Found - by Eyal Itkin. * Fixed potential arithmetic overflow in mbedtls_ctr_drbg_reseed() that could cause buffer bound checks to be bypassed. Found by Eyal Itkin. * Fixed potential arithmetic overflows in mbedtls_cipher_update() that could From 4c5154d0c0d28353e4f311d869b20e959acac24a Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 8 Mar 2017 17:22:34 +0000 Subject: [PATCH 43/44] Updated version number to 1.3.19 for release --- ChangeLog | 2 +- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/polarssl/version.h | 8 ++++---- library/CMakeLists.txt | 2 +- tests/suites/test_suite_version.data | 4 ++-- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index 215263d20a..1ff98d9ce2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 1.3.x branch released xxxx-xx-xx += mbed TLS 1.3.19 branch released 2017-03-08 Security * Add checks to prevent signature forgeries for very large messages while diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index efc5839040..5a4de619c4 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -4,7 +4,7 @@ */ /** - * @mainpage mbed TLS v1.3.18 source code documentation + * @mainpage mbed TLS v1.3.19 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 3a62380e4b..15df9425e1 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v1.3.18" +PROJECT_NAME = "mbed TLS v1.3.19" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/polarssl/version.h b/include/polarssl/version.h index d0ef7676b2..7b4478c18c 100644 --- a/include/polarssl/version.h +++ b/include/polarssl/version.h @@ -40,16 +40,16 @@ */ #define POLARSSL_VERSION_MAJOR 1 #define POLARSSL_VERSION_MINOR 3 -#define POLARSSL_VERSION_PATCH 18 +#define POLARSSL_VERSION_PATCH 19 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define POLARSSL_VERSION_NUMBER 0x01031200 -#define POLARSSL_VERSION_STRING "1.3.18" -#define POLARSSL_VERSION_STRING_FULL "mbed TLS 1.3.18" +#define POLARSSL_VERSION_NUMBER 0x01031300 +#define POLARSSL_VERSION_STRING "1.3.19" +#define POLARSSL_VERSION_STRING_FULL "mbed TLS 1.3.19" #if defined(POLARSSL_VERSION_C) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index d98fc716ad..105c8fed21 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -117,7 +117,7 @@ endif() if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedtls SHARED ${src}) - set_target_properties(mbedtls PROPERTIES VERSION 1.3.18 SOVERSION 9) + set_target_properties(mbedtls PROPERTIES VERSION 1.3.19 SOVERSION 9) target_link_libraries(mbedtls ${libs}) diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index 1b2fd9eda3..86d7281186 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"1.3.18" +check_compiletime_version:"1.3.19" Check runtime library version -check_runtime_version:"1.3.18" +check_runtime_version:"1.3.19" Check for POLARSSL_VERSION_C check_feature:"POLARSSL_VERSION_C":0 From bb4bebc26a8d2f0060422a21cc2ab9a3598efa18 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 10 Mar 2017 20:31:09 +0000 Subject: [PATCH 44/44] Correct function names in the ChangeLog from backported fixed --- ChangeLog | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1ff98d9ce2..5099081773 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,14 +31,14 @@ Bugfix * Fix unused variable/function compilation warnings in pem.c and x509_csr.c that are reported when building mbed TLS with a config.h that does not define POLARSSL_PEM_PARSE_C. Found by omnium21. #562 - * Fixed potential arithmetic overflow in mbedtls_ctr_drbg_reseed() that could - cause buffer bound checks to be bypassed. Found by Eyal Itkin. - * Fixed potential arithmetic overflows in mbedtls_cipher_update() that could - cause buffer bound checks to be bypassed. Found by Eyal Itkin. - * Fixed potential arithmetic overflow in mbedtls_md2_update() that could - cause buffer bound checks to be bypassed. Found by Eyal Itkin. - * Fixed potential arithmetic overflow in mbedtls_base64_decode() that could - cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in ctr_drbg_reseed() that could cause + buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflows in cipher_update() that could cause + buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in md2_update() that could cause buffer + bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in base64_decode() that could cause + buffer bound checks to be bypassed. Found by Eyal Itkin. * Fix potential memory leak in x509_crl_parse(). The leak was caused by missing calls to pem_free() in cases when a POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was encountered. Found and