Backport 1.3: check if iv is zero in gcm.

1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
This commit is contained in:
Ron Eldor 2016-12-16 16:15:56 +02:00 committed by Simon Butcher
parent 88252333e2
commit b34be244e6

View File

@ -2,6 +2,22 @@ mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS 1.3.21 branch released xxxx-xx-xx = mbed TLS 1.3.21 branch released xxxx-xx-xx
Security
* Fix authentication bypass in SSL/TLS: when auth_mode is set to optional,
ssl_get_verify_result() would incorrectly return 0 when the peer's
X.509 certificate chain had more than POLARSSL_X509_MAX_INTERMEDIATE_CA
(default: 8) intermediates, even when it was not trusted. Could be
triggered remotely on both sides. (With auth_mode set to required
(default), the handshake was correctly aborted.)
API Changes
* Certificate verification functions now set flags to -1 in case the full
chain was not verified due to an internal error (including in the verify
callback) or chain length limitations.
* With authmode set to optional, handshake is now aborted if the
verification of the peer's certificate failed due to an overlong chain or
a fatal error in the vrfy callback.
Bugfix Bugfix
* Add a check if iv_len is zero, and return an error if it is zero. reported * Add a check if iv_len is zero, and return an error if it is zero. reported
by roberto. #716 by roberto. #716
@ -25,23 +41,7 @@ Bugfix
to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
KNOX Security, Samsung Research America KNOX Security, Samsung Research America
Security = mbed TLS 1.3.20 branch released 2017-06-21
* Fix authentication bypass in SSL/TLS: when auth_mode is set to optional,
ssl_get_verify_result() would incorrectly return 0 when the peer's
X.509 certificate chain had more than POLARSSL_X509_MAX_INTERMEDIATE_CA
(default: 8) intermediates, even when it was not trusted. Could be
triggered remotely on both sides. (With auth_mode set to required
(default), the handshake was correctly aborted.)
API Changes
* Certificate verification functions now set flags to -1 in case the full
chain was not verified due to an internal error (including in the verify
callback) or chain length limitations.
* With authmode set to optional, handshake is now aborted if the
verification of the peer's certificate failed due to an overlong chain or
a fatal error in the vrfy callback.
= mbed TLS 1.3.20 released 2017-06-21
Security Security
* Fixed unlimited overread of heap-based buffer in ssl_read(). * Fixed unlimited overread of heap-based buffer in ssl_read().