mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 11:05:47 +01:00
CBC mode: Allow zero-length message fragments (100% padding)
Fixes https://github.com/ARMmbed/mbedtls/issues/1632
This commit is contained in:
parent
57e9fe2df4
commit
1226dd7715
@ -15,6 +15,11 @@ Bugfix
|
||||
by Brendan Shanks. Part of a fix for #992.
|
||||
* Fix compilation error when MBEDTLS_ARC4_C is disabled and
|
||||
MBEDTLS_CIPHER_NULL_CIPHER is enabled. Found by TrinityTonic in #1719.
|
||||
* Fix decryption of zero length messages (all padding) in some circumstances:
|
||||
DTLS 1.0 and 1.2, and CBC ciphersuites using encrypt-then-MAC. Most often
|
||||
seen when communicating with OpenSSL using TLS 1.0. Reported by @kFYatek
|
||||
(#1632) and by Conor Murphy on the forum. Fix contributed by Espressif
|
||||
Systems.
|
||||
|
||||
Changes
|
||||
* Change the shebang line in Perl scripts to look up perl in the PATH.
|
||||
|
@ -1881,27 +1881,27 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
|
||||
* and fake check up to 256 bytes of padding
|
||||
*/
|
||||
size_t pad_count = 0, real_count = 1;
|
||||
size_t padding_idx = ssl->in_msglen - padlen - 1;
|
||||
size_t padding_idx = ssl->in_msglen - padlen;
|
||||
|
||||
/*
|
||||
* Padding is guaranteed to be incorrect if:
|
||||
* 1. padlen >= ssl->in_msglen
|
||||
* 1. padlen > ssl->in_msglen
|
||||
*
|
||||
* 2. padding_idx >= MBEDTLS_SSL_MAX_CONTENT_LEN +
|
||||
* 2. padding_idx > MBEDTLS_SSL_MAX_CONTENT_LEN +
|
||||
* ssl->transform_in->maclen
|
||||
*
|
||||
* In both cases we reset padding_idx to a safe value (0) to
|
||||
* prevent out-of-buffer reads.
|
||||
*/
|
||||
correct &= ( ssl->in_msglen >= padlen + 1 );
|
||||
correct &= ( padding_idx < MBEDTLS_SSL_MAX_CONTENT_LEN +
|
||||
correct &= ( padlen <= ssl->in_msglen );
|
||||
correct &= ( padding_idx <= MBEDTLS_SSL_MAX_CONTENT_LEN +
|
||||
ssl->transform_in->maclen );
|
||||
|
||||
padding_idx *= correct;
|
||||
|
||||
for( i = 1; i <= 256; i++ )
|
||||
for( i = 0; i < 256; i++ )
|
||||
{
|
||||
real_count &= ( i <= padlen );
|
||||
real_count &= ( i < padlen );
|
||||
pad_count += real_count *
|
||||
( ssl->in_msg[padding_idx + i] == padlen - 1 );
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user