yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-30 17:34:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge 'iotssl-621-potential-integer-overflow'

Browse Source 
Backport of fix for IOTSSL-621
This commit is contained in:
Simon Butcher 2016-03-17 10:21:18 +00:00
commit 67c1ea7abd
2 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -9,6 +9,10 @@ Security
mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable remotely in mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable remotely in
SSL/TLS. SSL/TLS.
Security
* Fix potential integer overflow to buffer overflow in
mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt
Bugfix Bugfix
* Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three
arguments where the same (in-place doubling). Found and fixed by Janos arguments where the same (in-place doubling). Found and fixed by Janos

6
library/rsa.c
View File

@ -523,7 +523,8 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
olen = ctx->len; olen = ctx->len;
hlen = mbedtls_md_get_size( md_info ); hlen = mbedtls_md_get_size( md_info );
if( olen < ilen + 2 * hlen + 2 ) // first comparison checks for overflow
if( ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
memset( output, 0, olen ); memset( output, 0, olen );
@ -589,7 +590,8 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
olen = ctx->len; olen = ctx->len;
if( olen < ilen + 11 ) // first comparison checks for overflow
if( ilen + 11 < ilen || olen < ilen + 11 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
nb_pad = olen - 3 - ilen; nb_pad = olen - 3 - ilen;