Merge branch 'mbedtls-2.1'
Merge of fix for memory leak in RSA-SSA signing - #372
diff --git a/ChangeLog b/ChangeLog
index cd7d5c9..182faec 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,13 @@
= mbed TLS 2.1.4 released 2015-12-xx
+Security
+
+ * Fix potential double free when mbedtls_asn1_store_named_data() fails to
+ allocate memory. Only used for certificate generation, not triggerable
+ remotely in SSL/TLS. Found by RafaĆ Przywara. #367
+ * Disable MD5 handshake signatures in TLS 1.2 by default
+
Bugfix
* Fix over-restrictive length limit in GCM. Found by Andreas-N. #362
* Fix bug in certificate validation that caused valid chains to be rejected
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 73e96dd..1e6915a 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1554,7 +1554,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
/**
* \brief Set the allowed hashes for signatures during the handshake.
- * (Default: all available hashes.)
+ * (Default: all available hashes except MD5.)
*
* \note This only affects which hashes are offered and can be used
* for signatures during the handshake. Hashes for message
diff --git a/library/asn1write.c b/library/asn1write.c
index 456660d..00ed73c 100644
--- a/library/asn1write.c
+++ b/library/asn1write.c
@@ -339,19 +339,18 @@
}
else if( cur->val.len < val_len )
{
- // Enlarge existing value buffer if needed
- //
- mbedtls_free( cur->val.p );
- cur->val.p = NULL;
-
- cur->val.len = val_len;
- cur->val.p = mbedtls_calloc( 1, val_len );
- if( cur->val.p == NULL )
- {
- mbedtls_free( cur->oid.p );
- mbedtls_free( cur );
+ /*
+ * Enlarge existing value buffer if needed
+ * Preserve old data until the allocation succeeded, to leave list in
+ * a consistent state in case allocation fails.
+ */
+ void *p = mbedtls_calloc( 1, val_len );
+ if( p == NULL )
return( NULL );
- }
+
+ mbedtls_free( cur->val.p );
+ cur->val.p = p;
+ cur->val.len = val_len;
}
if( val != NULL )
diff --git a/library/bignum.c b/library/bignum.c
index ca05f77..21069d8 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -33,7 +33,7 @@
* [3] GNU Multi-Precision Arithmetic Library
* https://gmplib.org/manual/index.html
*
-*/
+ */
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -1212,23 +1212,29 @@
}
/*
- * Unsigned integer divide - 64bit dividend and 32bit divisor
+ * Unsigned integer divide - double mbedtls_mpi_uint dividend, u1/u0, and
+ * mbedtls_mpi_uint divisor, d
*/
-static mbedtls_mpi_uint mbedtls_int_div_int(mbedtls_mpi_uint u1,
- mbedtls_mpi_uint u0, mbedtls_mpi_uint d, mbedtls_mpi_uint *r)
+static mbedtls_mpi_uint mbedtls_int_div_int( mbedtls_mpi_uint u1,
+ mbedtls_mpi_uint u0, mbedtls_mpi_uint d, mbedtls_mpi_uint *r )
{
#if defined(MBEDTLS_HAVE_UDBL)
mbedtls_t_udbl dividend, quotient;
+#else
+ const mbedtls_mpi_uint radix = 1 << biH;
+ mbedtls_mpi_uint d0, d1, q0, q1, rAX, r0, quotient;
+ mbedtls_mpi_uint u0_msw, u0_lsw;
+ int s;
#endif
/*
* Check for overflow
*/
- if(( 0 == d ) || ( u1 >= d ))
+ if( 0 == d || u1 >= d )
{
- if (r != NULL) *r = (~0);
+ if (r != NULL) *r = ~0;
- return (~0);
+ return ( ~0 );
}
#if defined(MBEDTLS_HAVE_UDBL)
@@ -1243,10 +1249,6 @@
return (mbedtls_mpi_uint) quotient;
#else
- const mbedtls_mpi_uint radix = 1 << biH;
- mbedtls_mpi_uint d0, d1, q0, q1, rAX, r0, quotient;
- mbedtls_mpi_uint u0_msw, u0_lsw;
- int s;
/*
* Algorithm D, Section 4.3.1 - The Art of Computer Programming
@@ -1260,7 +1262,7 @@
d = d << s;
u1 = u1 << s;
- u1 |= (u0 >> (32 - s)) & ( (-s) >> 31);
+ u1 |= ( u0 >> ( 32 - s ) ) & ( -s >> 31 );
u0 = u0 << s;
d1 = d >> biH;
@@ -1283,7 +1285,7 @@
if ( r0 >= radix ) break;
}
- rAX = (u1 * radix) + (u0_msw - q1 * d);
+ rAX = ( u1 * radix ) + ( u0_msw - q1 * d );
q0 = rAX / d1;
r0 = rAX - q0 * d1;
@@ -1296,7 +1298,7 @@
}
if (r != NULL)
- *r = (rAX * radix + u0_lsw - q0 * d) >> s;
+ *r = ( rAX * radix + u0_lsw - q0 * d ) >> s;
quotient = q1 * radix + q0;
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index c8f4205..09fc337 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1950,7 +1950,7 @@
*/
if( ( *md_alg = mbedtls_ssl_md_alg_from_hash( (*p)[0] ) ) == MBEDTLS_MD_NONE )
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used unsupported "
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Server used unsupported "
"HashAlgorithm %d", *(p)[0] ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
@@ -1960,7 +1960,7 @@
*/
if( ( *pk_alg = mbedtls_ssl_pk_alg_from_sig( (*p)[1] ) ) == MBEDTLS_PK_NONE )
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "server used unsupported "
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used unsupported "
"SignatureAlgorithm %d", (*p)[1] ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
@@ -1970,7 +1970,7 @@
*/
if( mbedtls_ssl_check_sig_hash( ssl, *md_alg ) != 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "server used HashAlgorithm "
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used HashAlgorithm "
"that was not offered" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ddc7bdc..bf60941 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7032,6 +7032,23 @@
memset( conf, 0, sizeof( mbedtls_ssl_config ) );
}
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+static int ssl_preset_default_hashes[] = {
+#if defined(MBEDTLS_SHA512_C)
+ MBEDTLS_MD_SHA512,
+ MBEDTLS_MD_SHA384,
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ MBEDTLS_MD_SHA256,
+ MBEDTLS_MD_SHA224,
+#endif
+#if defined(MBEDTLS_SHA1_C)
+ MBEDTLS_MD_SHA1,
+#endif
+ MBEDTLS_MD_NONE
+};
+#endif
+
static int ssl_preset_suiteb_ciphersuites[] = {
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
@@ -7188,7 +7205,7 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
- conf->sig_hashes = mbedtls_md_list();
+ conf->sig_hashes = ssl_preset_default_hashes;
#endif
#if defined(MBEDTLS_ECP_C)