Merge branch 'mbedtls-2.1'

This commit is contained in:
Simon Butcher 2016-03-30 01:49:22 +01:00
commit 8e9cccb652
2 changed files with 16 additions and 5 deletions

View File

@ -5,6 +5,11 @@ mbed TLS ChangeLog (Sorted per branch, date)
Security
* Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt
required by PKCS1 v2.2
* Fix a potential integer underflow to buffer overread in
mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable remotely in
SSL/TLS.
* Fix potential integer overflow to buffer overflow in
mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt
Bugfix
* Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three

View File

@ -523,7 +523,8 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
olen = ctx->len;
hlen = mbedtls_md_get_size( md_info );
if( olen < ilen + 2 * hlen + 2 )
// first comparison checks for overflow
if( ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
memset( output, 0, olen );
@ -589,7 +590,8 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
olen = ctx->len;
if( olen < ilen + 11 )
// first comparison checks for overflow
if( ilen + 11 < ilen || olen < ilen + 11 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
nb_pad = olen - 3 - ilen;
@ -699,6 +701,12 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
if( md_info == NULL )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
hlen = mbedtls_md_get_size( md_info );
// checking for integer underflow
if( 2 * hlen + 2 > ilen )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
/*
* RSA operation
*/
@ -712,8 +720,6 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
/*
* Unmask data and generate lHash
*/
hlen = mbedtls_md_get_size( md_info );
mbedtls_md_init( &md_ctx );
mbedtls_md_setup( &md_ctx, md_info, 0 );