Merge commit '01b34fb316a5' into development

Merge a development version of Mbed TLS 2.16.0 that doesn't have parameter validation into development. The following conflicts were resolved: - Update ChangeLog to include release notes merged from development so far, with a version of "2.14.0+01b34fb316a5" and release date of "xxxx-xx-xx" to show this is not a released version, but instead a snapshot of the development branch equivalent to version of the 2.14.0 with additional commits from the mbedtls/development branch up through 01b34fb316 included. Entries added for unreleased versions of Mbed Crypto remain at the top of the file for Mbed TLS 2.xx.x. - Replace the Mbed Crypto version of mbedtls_rsa_rsaes_pkcs1_v15_decrypt() with the version from Mbed TLS which fixes timing variations and memory access variations that could lead to a Bleichenbacher-style padding oracle attack. This will prevent using psa_asymmetric_decrypt() with zero-length output buffers until a follow up commit is made to restore this capability. - In ssl_srv.c, include changes for both the new ECDH interface and opaque PSK as already added to development previously.
2025-07-30 22:43:08 +03:00 · 2019-02-05 12:05:16 +00:00
parent acdf07c033 01b34fb316
commit 68933640f5
46 changed files with 1605 additions and 394 deletions
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@ -217,9 +217,9 @@ static int ssl_save_session( const mbedtls_ssl_session *session,
    if( left < 3 + cert_len )
        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );

-    *p++ = (unsigned char)( cert_len >> 16 & 0xFF );
-    *p++ = (unsigned char)( cert_len >>  8 & 0xFF );
-    *p++ = (unsigned char)( cert_len       & 0xFF );
+    *p++ = (unsigned char)( ( cert_len >> 16 ) & 0xFF );
+    *p++ = (unsigned char)( ( cert_len >>  8 ) & 0xFF );
+    *p++ = (unsigned char)( ( cert_len       ) & 0xFF );

    if( session->peer_cert != NULL )
        memcpy( p, session->peer_cert->raw.p, cert_len );
@ -244,14 +244,14 @@ static int ssl_load_session( mbedtls_ssl_session *session,
    size_t cert_len;
 #endif /* MBEDTLS_X509_CRT_PARSE_C */

-    if( p + sizeof( mbedtls_ssl_session ) > end )
+    if( sizeof( mbedtls_ssl_session ) > (size_t)( end - p ) )
        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );

    memcpy( session, p, sizeof( mbedtls_ssl_session ) );
    p += sizeof( mbedtls_ssl_session );

 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-    if( p + 3 > end )
+    if( 3 > (size_t)( end - p ) )
        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );

    cert_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2];
@ -265,7 +265,7 @@ static int ssl_load_session( mbedtls_ssl_session *session,
    {
        int ret;

-        if( p + cert_len > end )
+        if( cert_len > (size_t)( end - p ) )
            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );

        session->peer_cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
@ -276,7 +276,7 @@ static int ssl_load_session( mbedtls_ssl_session *session,
        mbedtls_x509_crt_init( session->peer_cert );

        if( ( ret = mbedtls_x509_crt_parse_der( session->peer_cert,
-                                        p, cert_len ) ) != 0 )
+                                                p, cert_len ) ) != 0 )
        {
            mbedtls_x509_crt_free( session->peer_cert );
            mbedtls_free( session->peer_cert );