- Merged security fixes to 1.1 branch

2024-11-26 23:45:42 +01:00 · 2012-04-20 13:33:14 +00:00 · 2012-04-20 13:33:14 +00:00 · e2f8ff6797
commit e2f8ff6797
parent e2e36d31bd
4 changed files with 19 additions and 10 deletions
--- a/6
+++ b/6
@ -1,5 +1,11 @@
 PolarSSL ChangeLog

+= Version 1.1.2 released on 2012-04-20
+Security
+   * Fixed potential memory corruption on miscrafted client messages (found by
+     Frama-C team at CEA LIST)
+   * Fixed generate of DHM parameters to correct length
+
 = Version 1.1.1 released on 2012-01-23
 Bugfix
   * Check for failed malloc() in ssl_set_hostname() and x509_get_entries()
--- a/library/bignum.c
+++ b/library/bignum.c
@ -1813,7 +1813,7 @@ int mpi_is_prime( mpi *X,
        /*
         * pick a random A, 1 < A < |X| - 1
         */
-        MPI_CHK( mpi_fill_random( &A, X->n, f_rng, p_rng ) );
+        MPI_CHK( mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) );

        if( mpi_cmp_mpi( &A, &W ) >= 0 )
        {
@ -1885,7 +1885,7 @@ int mpi_gen_prime( mpi *X, size_t nbits, int dh_flag,

    n = BITS_TO_LIMBS( nbits );

-    MPI_CHK( mpi_fill_random( X, n, f_rng, p_rng ) );
+    MPI_CHK( mpi_fill_random( X, n * ciL, f_rng, p_rng ) );

    k = mpi_msb( X );
    if( k < nbits ) MPI_CHK( mpi_shift_l( X, nbits - k ) );
--- a/library/dhm.c
+++ b/library/dhm.c
@ -130,16 +130,14 @@ int dhm_make_params( dhm_context *ctx, int x_size,
                     int (*f_rng)(void *, unsigned char *, size_t),
                     void *p_rng )
 {
-    int ret, n;
+    int ret;
    size_t n1, n2, n3;
    unsigned char *p;

    /*
     * Generate X as large as possible ( < P )
     */
-    n = x_size / sizeof( t_uint ) + 1;
-
-    mpi_fill_random( &ctx->X, n, f_rng, p_rng );
+    mpi_fill_random( &ctx->X, x_size, f_rng, p_rng );

    while( mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 )
           mpi_shift_r( &ctx->X, 1 );
@ -207,7 +205,7 @@ int dhm_make_public( dhm_context *ctx, int x_size,
                     int (*f_rng)(void *, unsigned char *, size_t),
                     void *p_rng )
 {
-    int ret, n;
+    int ret;

    if( ctx == NULL || olen < 1 || olen > ctx->len )
        return( POLARSSL_ERR_DHM_BAD_INPUT_DATA );
@ -215,9 +213,7 @@ int dhm_make_public( dhm_context *ctx, int x_size,
    /*
     * generate X and calculate GX = G^X mod P
     */
-    n = x_size / sizeof( t_uint ) + 1;
-
-    mpi_fill_random( &ctx->X, n, f_rng, p_rng );
+    mpi_fill_random( &ctx->X, x_size, f_rng, p_rng );

    while( mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 )
           mpi_shift_r( &ctx->X, 1 );
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -785,6 +785,13 @@ static int ssl_decrypt_buf( ssl_context *ssl )
    /*
     * Always compute the MAC (RFC4346, CBCTIME).
     */
+    if( ssl->in_msglen <= ssl->maclen + padlen )
+    {
+        SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",
+                    ssl->in_msglen, ssl->maclen, padlen ) );
+        return( POLARSSL_ERR_SSL_INVALID_MAC );
+    }
+
    ssl->in_msglen -= ( ssl->maclen + padlen );

    ssl->in_hdr[3] = (unsigned char)( ssl->in_msglen >> 8 );