commit e2f8ff67972a85bfc748b16b7128fee08c4dd4c0
author Paul Bakker <p.j.bakker@polarssl.org> Fri Apr 20 13:33:14 2012 +0000
committer Paul Bakker <p.j.bakker@polarssl.org> Fri Apr 20 13:33:14 2012 +0000
tree 2b2b7854722fa8079d2885b5fd3b6b2793438cc4
parent e2e36d31bddcda8958237173111916c624426843

 - Merged security fixes to 1.1 branch

library/bignum.c

diff --git a/library/bignum.c b/library/bignum.c
index 9dff991..a744767 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1813,7 +1813,7 @@
         /*
          * pick a random A, 1 < A < |X| - 1
          */
-        MPI_CHK( mpi_fill_random( &A, X->n, f_rng, p_rng ) );
+        MPI_CHK( mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) );
 
         if( mpi_cmp_mpi( &A, &W ) >= 0 )
         {
@@ -1885,7 +1885,7 @@
 
     n = BITS_TO_LIMBS( nbits );
 
-    MPI_CHK( mpi_fill_random( X, n, f_rng, p_rng ) );
+    MPI_CHK( mpi_fill_random( X, n * ciL, f_rng, p_rng ) );
 
     k = mpi_msb( X );
     if( k < nbits ) MPI_CHK( mpi_shift_l( X, nbits - k ) );

library/dhm.c

diff --git a/library/dhm.c b/library/dhm.c
index bddd076..eb77871 100644
--- a/library/dhm.c
+++ b/library/dhm.c
@@ -130,16 +130,14 @@
                      int (*f_rng)(void *, unsigned char *, size_t),
                      void *p_rng )
 {
-    int ret, n;
+    int ret;
     size_t n1, n2, n3;
     unsigned char *p;
 
     /*
      * Generate X as large as possible ( < P )
      */
-    n = x_size / sizeof( t_uint ) + 1;
-
-    mpi_fill_random( &ctx->X, n, f_rng, p_rng );
+    mpi_fill_random( &ctx->X, x_size, f_rng, p_rng );
 
     while( mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 )
            mpi_shift_r( &ctx->X, 1 );
@@ -207,7 +205,7 @@
                      int (*f_rng)(void *, unsigned char *, size_t),
                      void *p_rng )
 {
-    int ret, n;
+    int ret;
 
     if( ctx == NULL || olen < 1 || olen > ctx->len )
         return( POLARSSL_ERR_DHM_BAD_INPUT_DATA );
@@ -215,9 +213,7 @@
     /*
      * generate X and calculate GX = G^X mod P
      */
-    n = x_size / sizeof( t_uint ) + 1;
-
-    mpi_fill_random( &ctx->X, n, f_rng, p_rng );
+    mpi_fill_random( &ctx->X, x_size, f_rng, p_rng );
 
     while( mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 )
            mpi_shift_r( &ctx->X, 1 );

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 44e972c..8933355 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -785,6 +785,13 @@
     /*
      * Always compute the MAC (RFC4346, CBCTIME).
      */
+    if( ssl->in_msglen <= ssl->maclen + padlen )
+    {
+        SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",
+                    ssl->in_msglen, ssl->maclen, padlen ) );
+        return( POLARSSL_ERR_SSL_INVALID_MAC );
+    }
+
     ssl->in_msglen -= ( ssl->maclen + padlen );
 
     ssl->in_hdr[3] = (unsigned char)( ssl->in_msglen >> 8 );