yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-30 01:04:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

CBC mode: Allow zero-length message fragments (100% padding)

Browse Source 
Fixes https://github.com/ARMmbed/mbedtls/issues/1632
This commit is contained in:
Angus Gratton 2018-06-19 15:57:50 +10:00 committed by Andres Amaya Garcia
parent 57e9fe2df4
commit 1226dd7715
2 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -15,6 +15,11 @@ Bugfix
by Brendan Shanks. Part of a fix for #992. by Brendan Shanks. Part of a fix for #992.
* Fix compilation error when MBEDTLS_ARC4_C is disabled and * Fix compilation error when MBEDTLS_ARC4_C is disabled and
MBEDTLS_CIPHER_NULL_CIPHER is enabled. Found by TrinityTonic in #1719. MBEDTLS_CIPHER_NULL_CIPHER is enabled. Found by TrinityTonic in #1719.
* Fix decryption of zero length messages (all padding) in some circumstances:
DTLS 1.0 and 1.2, and CBC ciphersuites using encrypt-then-MAC. Most often
seen when communicating with OpenSSL using TLS 1.0. Reported by @kFYatek
(#1632) and by Conor Murphy on the forum. Fix contributed by Espressif
Systems.
Changes Changes
* Change the shebang line in Perl scripts to look up perl in the PATH. * Change the shebang line in Perl scripts to look up perl in the PATH.

14
library/ssl_tls.c
View File

@ -1881,27 +1881,27 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
* and fake check up to 256 bytes of padding * and fake check up to 256 bytes of padding
*/ */
size_t pad_count = 0, real_count = 1; size_t pad_count = 0, real_count = 1;
size_t padding_idx = ssl->in_msglen - padlen - 1; size_t padding_idx = ssl->in_msglen - padlen;
/* /*
* Padding is guaranteed to be incorrect if: * Padding is guaranteed to be incorrect if:
* 1. padlen >= ssl->in_msglen * 1. padlen > ssl->in_msglen
* *
* 2. padding_idx >= MBEDTLS_SSL_MAX_CONTENT_LEN + * 2. padding_idx > MBEDTLS_SSL_MAX_CONTENT_LEN +
* ssl->transform_in->maclen * ssl->transform_in->maclen
* *
* In both cases we reset padding_idx to a safe value (0) to * In both cases we reset padding_idx to a safe value (0) to
* prevent out-of-buffer reads. * prevent out-of-buffer reads.
*/ */
correct &= ( ssl->in_msglen >= padlen + 1 ); correct &= ( padlen <= ssl->in_msglen );
correct &= ( padding_idx < MBEDTLS_SSL_MAX_CONTENT_LEN + correct &= ( padding_idx <= MBEDTLS_SSL_MAX_CONTENT_LEN +
ssl->transform_in->maclen ); ssl->transform_in->maclen );
padding_idx *= correct; padding_idx *= correct;
for( i = 1; i <= 256; i++ ) for( i = 0; i < 256; i++ )
{ {
real_count &= ( i <= padlen ); real_count &= ( i < padlen );
pad_count += real_count * pad_count += real_count *
( ssl->in_msg[padding_idx + i] == padlen - 1 ); ( ssl->in_msg[padding_idx + i] == padlen - 1 );
} }