mirror/openvpn3
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn3.git synced 2024-09-19 19:52:15 +02:00
Code

deps: update mbedTLS to 2.7.0

Browse Source 
At the same time rebase patches on top of ne wversion
and get rid of fixes that have been merged upstream.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
This commit is contained in:
Antonio Quartulli 2018-03-20 09:42:39 +08:00 committed by Antonio Quartulli
parent 59de63fa65
commit e6d68831a7
No known key found for this signature in database
GPG Key ID: 07A53C580EF2CD74
14 changed files with 35 additions and 2310 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
deps/lib-versions vendored
View File

@ -4,8 +4,8 @@ export ASIO_CSUM=fa8c3a16dc2163f5b3451f2a14ce95277c971f46700497d4e94af6059c00dc0
export LZ4_VERSION=lz4-1.8.0
export LZ4_CSUM=2ca482ea7a9bb103603108b5a7510b7592b90158c151ff50a28f1ca8389fccf6
export MBEDTLS_VERSION=mbedtls-2.6.0
export MBEDTLS_CSUM=99bc9d4212d3d885eeb96273bcde8ecc649a481404b8d7ea7bb26397c9909687
export MBEDTLS_VERSION=mbedtls-2.7.0
export MBEDTLS_CSUM=aeb66d6cd43aa1c79c145d15845c655627a7fc30d624148aaafbb6c36d7f55ef
export OPENSSL_VERSION=openssl-1.0.2h

24
deps/mbedtls/patches/0001-mbedtls-relaxed-x509-date-format.patch → deps/mbedtls/patches/0001-relax-x509-date-format-check.patch vendored
View File

@ -1,7 +1,18 @@
diff -urw mbedtls-2.6.0.orig/library/x509.c mbedtls-2.6.0/library/x509.c
--- mbedtls-2.6.0.orig/library/x509.c 2017-11-03 11:46:21.403848065 +0800
+++ mbedtls-2.6.0/library/x509.c 2017-11-03 11:58:46.259817520 +0800
@@ -559,13 +559,20 @@
From 62dd1588a7ec3501edfaf9470cf7a1ca15cb4ba1 Mon Sep 17 00:00:00 2001
From: Antonio Quartulli <antonio@openvpn.net>
Date: Tue, 20 Mar 2018 09:35:47 +0800
Subject: [PATCH] relax x509 date format check
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
---
library/x509.c | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/library/x509.c b/library/x509.c
index 371d6da1..df2cea81 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -565,13 +565,20 @@ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen,
/*
* Parse seconds if present
*/
@ -23,7 +34,7 @@ diff -urw mbedtls-2.6.0.orig/library/x509.c mbedtls-2.6.0/library/x509.c
/*
* Parse trailing 'Z' if present
@@ -575,6 +582,15 @@
@@ -581,6 +588,15 @@ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen,
(*p)++;
len--;
}
@ -39,3 +50,6 @@ diff -urw mbedtls-2.6.0.orig/library/x509.c mbedtls-2.6.0/library/x509.c
/*
* We should have parsed all characters at this point
--
2.16.2

8
deps/mbedtls/patches/0002-pkcs5v2-add-support-for-additional-hmacSHA-algorithm.patch vendored
View File

@ -1,4 +1,4 @@
From 4e75bd33172a8a73abfa6a15d442d1f80f466870 Mon Sep 17 00:00:00 2001
From 56df6d5003b20fa673b67fb06c2ec03a8197c4c2 Mon Sep 17 00:00:00 2001
From: Antonio Quartulli <antonio@openvpn.net>
Date: Wed, 20 Dec 2017 07:03:55 +0800
Subject: [PATCH] pkcs5v2: add support for additional hmacSHA algorithms
@ -25,10 +25,10 @@ Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
4 files changed, 66 insertions(+), 5 deletions(-)
diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h
index fcecdafd..d621c075 100644
index bf2ef5ec..408645ec 100644
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@@ -227,6 +227,14 @@
@@ -228,6 +228,14 @@
#define MBEDTLS_OID_HMAC_SHA1 MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
@ -43,7 +43,7 @@ index fcecdafd..d621c075 100644
/*
* Encryption algorithms
*/
@@ -513,6 +521,16 @@ int mbedtls_oid_get_oid_by_sig_alg( mbedtls_pk_type_t pk_alg, mbedtls_md_type_t
@@ -514,6 +522,16 @@ int mbedtls_oid_get_oid_by_sig_alg( mbedtls_pk_type_t pk_alg, mbedtls_md_type_t
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg );

2
deps/mbedtls/patches/0003-tests-pkcs5-pbkdf2_hmac-add-unit-tests-for-additiona.patch vendored
View File

@ -1,4 +1,4 @@
From 5abb7fb80073bc310a96d5a184694b1e29a19faf Mon Sep 17 00:00:00 2001
From bb029567d8a2b55e500a85c916a8d22ae9434ab3 Mon Sep 17 00:00:00 2001
From: Antonio Quartulli <antonio@openvpn.net>
Date: Wed, 31 Jan 2018 23:23:02 +0800
Subject: [PATCH] tests/pkcs5/pbkdf2_hmac: add unit tests for additional SHA

2
deps/mbedtls/patches/0004-tests-pkcs5-pbkdf2_hmac-extend-array-to-accommodate-.patch vendored
View File

@ -1,4 +1,4 @@
From ea10371f909419d2634a75ef30fab8cd8df71a91 Mon Sep 17 00:00:00 2001
From d09cecb5f7d1e66476c97a35caee7248930ef425 Mon Sep 17 00:00:00 2001
From: Antonio Quartulli <a@unstable.cc>
Date: Wed, 31 Jan 2018 23:45:09 +0800
Subject: [PATCH] tests/pkcs5/pbkdf2_hmac: extend array to accommodate longer

6
deps/mbedtls/patches/0005-data_files-pkcs8-v2-add-keys-generated-with-PRF-SHA1.patch vendored
View File

@ -1,4 +1,4 @@
From 8e866133ec2c28a615212d76c85745e5dc2ebd7c Mon Sep 17 00:00:00 2001
From 4e96327a813d2e1d06dfb7e44caacb400fd8769b Mon Sep 17 00:00:00 2001
From: Antonio Quartulli <antonio@openvpn.net>
Date: Thu, 1 Feb 2018 13:54:13 +0800
Subject: [PATCH] data_files/pkcs8-v2: add keys generated with PRF != SHA1
@ -122,10 +122,10 @@ Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index f7826d43..fab04ee8 100644
index d4aed678..7069b4f3 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -66,6 +66,574 @@ all_final += server2-sha256.crt
@@ -392,6 +392,574 @@ server1_all: server1.csr server1.crt server1.noauthid.crt server1.crt.openssl se

10
deps/mbedtls/patches/0006-tests_suite_pkparse-new-PKCS8-v2-keys-with-PRF-SHA1.patch vendored
View File

@ -1,4 +1,4 @@
From 32b9493a889f7a72eb3f124ffc8dc8a3544b26a8 Mon Sep 17 00:00:00 2001
From 7ed2575f310fd889fba025aa760f74ec1b41924b Mon Sep 17 00:00:00 2001
From: Antonio Quartulli <antonio@openvpn.net>
Date: Thu, 1 Feb 2018 14:03:36 +0800
Subject: [PATCH] tests_suite_pkparse: new PKCS8-v2 keys with PRF != SHA1
@ -13,12 +13,12 @@ Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
1 file changed, 576 insertions(+)
diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data
index 9c0edbb5..01bc1f03 100644
index 416f9dfe..1bf06270 100644
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@@ -102,6 +102,582 @@ Parse RSA Key #20 (PKCS#8 encrypted v2 PBDFK2 DES)
depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.key":"PolarSSLTest":0
@@ -362,6 +362,582 @@ Parse RSA Key #49.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, no PW)
depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+Parse RSA Key #50 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC

130
deps/mbedtls/patches/0007-Use-in-place-decryption-in-pk_parse_pkcs8_encrypted_.patch vendored
View File

@ -1,130 +0,0 @@
From 1ab62937e63f3a4ecbbea9233f68e5afd2a2f229 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 25 Aug 2017 13:38:26 +0100
Subject: [PATCH] Use in-place decryption in pk_parse_pkcs8_encrypted_der
The stack buffer used to hold the decrypted key in pk_parse_pkcs8_encrypted_der
was statically sized to 2048 bytes, which is not enough for DER encoded 4096bit
RSA keys.
This commit resolves the problem by performing the key-decryption in-place,
circumventing the introduction of another stack or heap copy of the key.
There are two situations where pk_parse_pkcs8_encrypted_der is invoked:
1. When processing a PEM-encoded encrypted key in mbedtls_pk_parse_key.
This does not need adaption since the PEM context used to hold the decoded
key is already constructed and owned by mbedtls_pk_parse_key.
2. When processing a DER-encoded encrypted key in mbedtls_pk_parse_key.
In this case, mbedtls_pk_parse_key calls pk_parse_pkcs8_encrypted_der with
the buffer provided by the user, which is declared const. The commit
therefore adds a small code paths making a copy of the keybuffer before
calling pk_parse_pkcs8_encrypted_der.
---
library/pkparse.c | 35 ++++++++++++++++++++++-------------
1 file changed, 22 insertions(+), 13 deletions(-)
diff --git a/library/pkparse.c b/library/pkparse.c
index efdf4374..cf25cdd2 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -936,12 +936,12 @@ static int pk_parse_key_pkcs8_unencrypted_der(
#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
static int pk_parse_key_pkcs8_encrypted_der(
mbedtls_pk_context *pk,
- const unsigned char *key, size_t keylen,
+ unsigned char *key, size_t keylen,
const unsigned char *pwd, size_t pwdlen )
{
int ret, decrypted = 0;
size_t len;
- unsigned char buf[2048];
+ unsigned char *buf;
unsigned char *p, *end;
mbedtls_asn1_buf pbe_alg_oid, pbe_params;
#if defined(MBEDTLS_PKCS12_C)
@@ -949,8 +949,6 @@ static int pk_parse_key_pkcs8_encrypted_der(
mbedtls_md_type_t md_alg;
#endif
- memset( buf, 0, sizeof( buf ) );
-
p = (unsigned char *) key;
end = p + keylen;
@@ -985,8 +983,7 @@ static int pk_parse_key_pkcs8_encrypted_der(
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
- if( len > sizeof( buf ) )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ buf = p;
/*
* Decrypt EncryptedData with appropriate PDE
@@ -1084,7 +1081,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
- if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
+ if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ),
pem.buf, pem.buflen ) ) != 0 )
{
@@ -1116,7 +1113,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL )
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
- if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
+ if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
pem.buf, pem.buflen ) ) != 0 )
{
@@ -1194,12 +1191,24 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
* error
*/
#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
- if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen,
- pwd, pwdlen ) ) == 0 )
{
- return( 0 );
+ unsigned char *key_copy;
+
+ if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL )
+ return( MBEDTLS_ERR_PK_ALLOC_FAILED );
+
+ memcpy( key_copy, key, keylen );
+
+ ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen,
+ pwd, pwdlen );
+
+ mbedtls_zeroize( key_copy, keylen );
+ mbedtls_free( key_copy );
}
+ if( ret == 0 )
+ return( 0 );
+
mbedtls_pk_free( pk );
if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH )
@@ -1217,7 +1226,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
- if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
+ if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) ) == 0 )
{
return( 0 );
@@ -1230,7 +1239,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL )
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
- if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
+ if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), key, keylen ) ) == 0 )
{
return( 0 );
--
2.16.2

1766
deps/mbedtls/patches/0008-timing-test-patches.patch vendored
View File

File diff suppressed because it is too large Load Diff

139
deps/mbedtls/patches/0009-RSA-Fix-buffer-overflow-in-PSS-signature-verificatio.patch vendored
View File

@ -1,139 +0,0 @@
From 01d6ae9a77df70d739aa5eea79d219b1feb2a592 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 17 Oct 2017 19:01:38 +0200
Subject: [PATCH] RSA: Fix buffer overflow in PSS signature verification
Fix buffer overflow in RSA-PSS signature verification when the hash is
too large for the key size. Found by Seth Terashima, Qualcomm.
Added a non-regression test and a positive test with the smallest
permitted key size for a SHA-512 hash.
---
library/rsa.c | 2 ++
tests/data_files/rsa512.key | 9 +++++++++
tests/data_files/rsa521.key | 9 +++++++++
tests/data_files/rsa522.key | 9 +++++++++
tests/data_files/rsa528.key | 9 +++++++++
tests/suites/test_suite_pkcs1_v21.data | 32 ++++++++++++++++++++++++++++++++
6 files changed, 70 insertions(+)
create mode 100644 tests/data_files/rsa512.key
create mode 100644 tests/data_files/rsa521.key
create mode 100644 tests/data_files/rsa522.key
create mode 100644 tests/data_files/rsa528.key
diff --git a/library/rsa.c b/library/rsa.c
index bdd2538c..a4e3ee68 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -1362,6 +1362,8 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
hlen = mbedtls_md_get_size( md_info );
+ if( siglen < hlen + 2 )
+ return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
slen = siglen - hlen - 1; /* Currently length of salt + padding */
memset( zeros, 0, 8 );
diff --git a/tests/data_files/rsa512.key b/tests/data_files/rsa512.key
new file mode 100644
index 00000000..1fd7987c
--- /dev/null
+++ b/tests/data_files/rsa512.key
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOwIBAAJBALB20jJQgW+aqwIwfkUrl/DK51mDabQWJOivx5caWaE4kvZLB+qm
+7JKMFgstbsj50N1bY8izrAdntPZciS9WwQ8CAwEAAQJAKYfNcIoB7II6PQmsrhrU
+Z5dZW3fSKNANX7X/A1DwR0DlF8uZnpWsWbYcRoXX7QjvepZqc54wryhW55Wlm6yI
+AQIhAOJIaLjSpbHjzzcJQ7mylxn2WGIlbJPPzJ9OaFZCZQvxAiEAx6OEAvl6JKa6
+6a+N2Wvhtcgb4qqR6UHQGJQYGJz5nP8CIAvgoR6ScAAWZRoOcm+c4DGMrLb6H+ji
+T2tNQkzEz2kBAiEAmw34GStU36STpa6RGJ4+tyZN6jWakDVqf7x+HpfFE1cCIQDc
+KzXIxec2taye4OeIa1v4W/MigMmYE9w93Uw/Qi3azA==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/rsa521.key b/tests/data_files/rsa521.key
new file mode 100644
index 00000000..0b940aa6
--- /dev/null
+++ b/tests/data_files/rsa521.key
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPQIBAAJCATG2mGDzy5v4XqNY/fK9KZDxt3qA1qT9+BekPdiWvffdJq+KwCN/
+Um4NM7EFyXH9vU/6ns6Z/EafMez0Kej1YsHDAgMBAAECQCdoYjwdMSHp4kksL5Aa
+0kDc58ni0chy9IgXo+FHjTVmR9DkaZANrwfVvYMJxqYCZo0im1Dw7ZJBUDJQNXnl
+ZokCIRiSk66I24AWa7XGUFvatVwXWi2ACE4QEKqzWQe1mQ24/wIhDHD1TCKpqucA
+XDI+1N7EHs+fN4CfTSWe8FPGiK6q3VM9AiESrKKLi/q011U4KeS8SfR2blDcL2cg
+XFkuQWqxzzLoGOUCIQmgl5E0+Ypwe0zc7NYZFDarf4+ZjqxKQnXCvk0irMHcGQIh
+EVPli6RQb3Gcx7vXJHltzSTno7NElzBDRMBVUlBmVxAJ
+-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/rsa522.key b/tests/data_files/rsa522.key
new file mode 100644
index 00000000..18fbe70c
--- /dev/null
+++ b/tests/data_files/rsa522.key
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPgIBAAJCAtMCdT492ij0L02fkshkdCDqb7yXwQ+EmLlmqVPzV2mNZYEGDf4y
+yKuY20vFzirN8MHm5ASnWhMoJVDBqjfTzci/AgMBAAECQU05ffxf7uVg74yC9tKg
+qCa746NpMh3OM+HZrUxiOXv0sJMRXNEPD5HNLtgcNY6MI5NYbUvkOXktnFZpxWYP
+TH7BAiEeFJGs5Z6gRd2v/IbYLMFDHgjqho04INGTOvnyI7lGVKUCIRgJM7moFuoM
+UrKTmJK1uOzauWEykCKgc6BGH6TGZoEWkwIhBzQn2v82qO1ydOYGKRk2w2sa+Yd1
+pH5/kkHqf+m8QjKdAiEQ9eVW+4J30wxD0JyX4b1E/S5UpN5KYNhWX0US+6D3NBsC
+IRxePzdQlutZWg0Cnku3QE1tOLBCFlP7QVVl5FbKcY5H5w==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/rsa528.key b/tests/data_files/rsa528.key
new file mode 100644
index 00000000..fd463b54
--- /dev/null
+++ b/tests/data_files/rsa528.key
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBRQIBAAJDAOMcJG1GSFmEJh/RdMqz1DVzRGAuzXk8R9vlQlLTe7NQvGNDWbGV
+FVQggORySktnIpG+V8dkj1Finq7yNOhH2ZzGXwIDAQABAkMAsWYyLglQSlwnS4NZ
+L1z4zieTqW3lomWr2+BgxkHbxl2w0Rx4L+Ezp+YK6mhtIQWNkoytPvWJJMS7Jrkg
+agMAHQJBAiIA+F1y5GO0Bv+igsNLXwwtbCqs8hAkavU9W8egt/oDbhzbAiIA6hds
+PZp/s1X7n7dwfmebSs+3vLZFuQfifN8XZLw0CXHNAiEuEzgDQrPdMIN3er96zImI
+rYoUBgabiQ9u/WPFfa4xOU0CIgDDYC089Tfjy72pPgcr2PkpZVhqro5esg/8PI5f
+yxx7TXkCIgCYoE8Y5IxomtL1ub1AQzPe9UyyUGzQB1yWeiloJh6LjxA=
+-----END RSA PRIVATE KEY-----
diff --git a/tests/suites/test_suite_pkcs1_v21.data b/tests/suites/test_suite_pkcs1_v21.data
index ac16beb8..6d31494e 100644
--- a/tests/suites/test_suite_pkcs1_v21.data
+++ b/tests/suites/test_suite_pkcs1_v21.data
@@ -787,3 +787,35 @@ RSASSA-PSS Signature verify options #13 (MGF1 alg != MSG hash alg, arg wrong)
depends_on:MBEDTLS_SHA256_C
pkcs1_rsassa_pss_verify_ext:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":MBEDTLS_MD_NONE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:MBEDTLS_RSA_SALT_LEN_ANY:"c0719e9a8d5d838d861dc6f675c899d2b309a3a65bb9fe6b11e5afcbf9a2c0b1":"7fc506d26ca3b22922a1ce39faaedd273161b82d9443c56f1a034f131ae4a18cae1474271cb4b66a17d9707ca58b0bdbd3c406b7e65bbcc9bbbce94dc45de807b4989b23b3e4db74ca29298137837eb90cc83d3219249bc7d480fceaf075203a86e54c4ecfa4e312e39f8f69d76534089a36ed9049ca9cfd5ab1db1fa75fe5c8":0:MBEDTLS_ERR_RSA_INVALID_PADDING
+RSASSA-PSS verify ext, 512-bit key, empty salt, good signature
+depends_on:MBEDTLS_SHA256_C
+pkcs1_rsassa_pss_verify_ext:512:16:"00b076d23250816f9aab02307e452b97f0cae7598369b41624e8afc7971a59a13892f64b07eaa6ec928c160b2d6ec8f9d0dd5b63c8b3ac0767b4f65c892f56c10f":16:"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:0:"":"ace8b03347da1b9a7a5e94a0d76359bb39c819bb170bef38ea84995ed653446c0ae87ede434cdf9d0cb2d7bf164cf427892363e6855a1d24d0ce5dd72acaf246":0:0
+
+RSASSA-PSS verify ext, 512-bit key, empty salt, bad signature
+depends_on:MBEDTLS_SHA256_C
+pkcs1_rsassa_pss_verify_ext:512:16:"00b076d23250816f9aab02307e452b97f0cae7598369b41624e8afc7971a59a13892f64b07eaa6ec928c160b2d6ec8f9d0dd5b63c8b3ac0767b4f65c892f56c10f":16:"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:0:"":"ace8b03347da1b9a7a5e94a0d76359bb39c819bb170bef38ea84995ed653446c0ae87ede434cdf9d0cb2d7bf164cf427892363e6855a1d24d0ce5dd72acaf247":MBEDTLS_ERR_RSA_INVALID_PADDING:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+RSASSA-PSS verify ext, 522-bit key, SHA-512, empty salt, good signature
+depends_on:MBEDTLS_SHA512_C
+pkcs1_rsassa_pss_verify_ext:522:16:"02d302753e3dda28f42f4d9f92c8647420ea6fbc97c10f8498b966a953f357698d6581060dfe32c8ab98db4bc5ce2acdf0c1e6e404a75a13282550c1aa37d3cdc8bf":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:0:"":"016752ae0b5dfbade6bbd3dd37868d48c8d741f92dca41c360aeda553204c2212a117b1a3d77e0d3f48723503c46e16c8a64de00f1dee3e37e478417452630859486":0:0
+
+RSASSA-PSS verify ext, 528-bit key, SHA-512, saltlen=64, good signature with saltlen=0
+depends_on:MBEDTLS_SHA512_C
+pkcs1_rsassa_pss_verify_ext:528:16:"00e31c246d46485984261fd174cab3d4357344602ecd793c47dbe54252d37bb350bc634359b19515542080e4724a4b672291be57c7648f51629eaef234e847d99cc65f":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:64:"":"a9ad7994ba3a1071124153486924448cc67a5af3a5d34e9261d53770782cc85f58e2edde5f7004652a645e3e9606530eb57de41df7298ae2be9dec69cc0d613ab629":0:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+RSASSA-PSS verify ext, 528-bit key, SHA-512, empty salt, good signature
+depends_on:MBEDTLS_SHA512_C
+pkcs1_rsassa_pss_verify_ext:528:16:"00e31c246d46485984261fd174cab3d4357344602ecd793c47dbe54252d37bb350bc634359b19515542080e4724a4b672291be57c7648f51629eaef234e847d99cc65f":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:0:"":"a9ad7994ba3a1071124153486924448cc67a5af3a5d34e9261d53770782cc85f58e2edde5f7004652a645e3e9606530eb57de41df7298ae2be9dec69cc0d613ab629":0:0
+
+RSASSA-PSS verify ext, 528-bit key, SHA-512, saltlen=64, good signature with saltlen=0
+depends_on:MBEDTLS_SHA512_C
+pkcs1_rsassa_pss_verify_ext:528:16:"00e31c246d46485984261fd174cab3d4357344602ecd793c47dbe54252d37bb350bc634359b19515542080e4724a4b672291be57c7648f51629eaef234e847d99cc65f":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:64:"":"a9ad7994ba3a1071124153486924448cc67a5af3a5d34e9261d53770782cc85f58e2edde5f7004652a645e3e9606530eb57de41df7298ae2be9dec69cc0d613ab629":0:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+RSASSA-PSS verify ext, 512-bit key, SHA-512 (hash too large)
+depends_on:MBEDTLS_SHA512_C
+pkcs1_rsassa_pss_verify_ext:512:16:"00b076d23250816f9aab02307e452b97f0cae7598369b41624e8afc7971a59a13892f64b07eaa6ec928c160b2d6ec8f9d0dd5b63c8b3ac0767b4f65c892f56c10f":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:0:"":"ace8b03347da1b9a7a5e94a0d76359bb39c819bb170bef38ea84995ed653446c0ae87ede434cdf9d0cb2d7bf164cf427892363e6855a1d24d0ce5dd72acaf246":MBEDTLS_ERR_RSA_BAD_INPUT_DATA:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
+
+RSASSA-PSS verify ext, 521-bit key, SHA-512, empty salt, bad signature
+depends_on:MBEDTLS_SHA512_C
+pkcs1_rsassa_pss_verify_ext:521:16:"0131b69860f3cb9bf85ea358fdf2bd2990f1b77a80d6a4fdf817a43dd896bdf7dd26af8ac0237f526e0d33b105c971fdbd4ffa9ece99fc469f31ecf429e8f562c1c3":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:0:"":"00471794655837da498cbf27242807b40593a353c707eb22fd2cc5a3259e728ac4f1df676043eeec8e16c1175b3d9ac8cae72ec1d5772dd69de71c5677f19031568e":MBEDTLS_ERR_RSA_INVALID_PADDING:MBEDTLS_ERR_RSA_INVALID_PADDING
+
--
2.16.2

108
deps/mbedtls/patches/0010-RSA-Fix-another-buffer-overflow-in-PSS-signature-ver.patch vendored
View File

@ -1,108 +0,0 @@
From d85814a0d05cf9f81d00cf25ad89e732bcda0bd5 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 17 Oct 2017 19:02:13 +0200
Subject: [PATCH] RSA: Fix another buffer overflow in PSS signature
verification
Fix buffer overflow in RSA-PSS signature verification when the masking
operation results in an all-zero buffer. This could happen at any key size.
---
library/rsa.c | 21 +++++++++++----------
tests/suites/test_suite_pkcs1_v21.data | 4 ++++
2 files changed, 15 insertions(+), 10 deletions(-)
diff --git a/library/rsa.c b/library/rsa.c
index a4e3ee68..f9aec227 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -1319,10 +1319,11 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
int ret;
size_t siglen;
unsigned char *p;
+ unsigned char *hash_start;
unsigned char result[MBEDTLS_MD_MAX_SIZE];
unsigned char zeros[8];
unsigned int hlen;
- size_t slen, msb;
+ size_t observed_salt_len, msb;
const mbedtls_md_info_t *md_info;
mbedtls_md_context_t md_ctx;
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
@@ -1364,7 +1365,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
hlen = mbedtls_md_get_size( md_info );
if( siglen < hlen + 2 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- slen = siglen - hlen - 1; /* Currently length of salt + padding */
+ hash_start = buf + siglen - hlen - 1;
memset( zeros, 0, 8 );
@@ -1379,6 +1380,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
p++;
siglen -= 1;
}
+ else
if( buf[0] >> ( 8 - siglen * 8 + msb ) )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -1389,25 +1391,24 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
return( ret );
}
- mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx );
+ mgf_mask( p, siglen - hlen - 1, hash_start, hlen, &md_ctx );
buf[0] &= 0xFF >> ( siglen * 8 - msb );
- while( p < buf + siglen && *p == 0 )
+ while( p < hash_start - 1 && *p == 0 )
p++;
- if( p == buf + siglen ||
+ if( p == hash_start ||
*p++ != 0x01 )
{
mbedtls_md_free( &md_ctx );
return( MBEDTLS_ERR_RSA_INVALID_PADDING );
}
- /* Actual salt len */
- slen -= p - buf;
+ observed_salt_len = hash_start - p;
if( expected_salt_len != MBEDTLS_RSA_SALT_LEN_ANY &&
- slen != (size_t) expected_salt_len )
+ observed_salt_len != (size_t) expected_salt_len )
{
mbedtls_md_free( &md_ctx );
return( MBEDTLS_ERR_RSA_INVALID_PADDING );
@@ -1419,12 +1420,12 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
mbedtls_md_starts( &md_ctx );
mbedtls_md_update( &md_ctx, zeros, 8 );
mbedtls_md_update( &md_ctx, hash, hashlen );
- mbedtls_md_update( &md_ctx, p, slen );
+ mbedtls_md_update( &md_ctx, p, observed_salt_len );
mbedtls_md_finish( &md_ctx, result );
mbedtls_md_free( &md_ctx );
- if( memcmp( p + slen, result, hlen ) == 0 )
+ if( memcmp( hash_start, result, hlen ) == 0 )
return( 0 );
else
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
diff --git a/tests/suites/test_suite_pkcs1_v21.data b/tests/suites/test_suite_pkcs1_v21.data
index 6d31494e..7c202e9c 100644
--- a/tests/suites/test_suite_pkcs1_v21.data
+++ b/tests/suites/test_suite_pkcs1_v21.data
@@ -819,3 +819,7 @@ RSASSA-PSS verify ext, 521-bit key, SHA-512, empty salt, bad signature
depends_on:MBEDTLS_SHA512_C
pkcs1_rsassa_pss_verify_ext:521:16:"0131b69860f3cb9bf85ea358fdf2bd2990f1b77a80d6a4fdf817a43dd896bdf7dd26af8ac0237f526e0d33b105c971fdbd4ffa9ece99fc469f31ecf429e8f562c1c3":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:0:"":"00471794655837da498cbf27242807b40593a353c707eb22fd2cc5a3259e728ac4f1df676043eeec8e16c1175b3d9ac8cae72ec1d5772dd69de71c5677f19031568e":MBEDTLS_ERR_RSA_INVALID_PADDING:MBEDTLS_ERR_RSA_INVALID_PADDING
+RSASSA-PSS verify ext, all-zero padding, automatic salt length
+depends_on:MBEDTLS_SHA256_C
+pkcs1_rsassa_pss_verify_ext:512:16:"00b076d23250816f9aab02307e452b97f0cae7598369b41624e8afc7971a59a13892f64b07eaa6ec928c160b2d6ec8f9d0dd5b63c8b3ac0767b4f65c892f56c10f":16:"010001":MBEDTLS_MD_NONE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:MBEDTLS_RSA_SALT_LEN_ANY:"":"63a35294577c7e593170378175b7df27c293dae583ec2a971426eb2d66f2af483e897bfae5dc20300a9d61a3644e08c3aee61a463690a3498901563c46041056":MBEDTLS_ERR_RSA_INVALID_PADDING:MBEDTLS_ERR_RSA_INVALID_PADDING
+
--
2.16.2

55
deps/mbedtls/patches/0011-RSA-PSS-fix-minimum-length-check-for-keys-of-size-8N.patch vendored
View File

@ -1,55 +0,0 @@
From 1f7bffd54c78dd140594b7c8474195e2f2f59b85 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 18 Oct 2017 19:03:42 +0200
Subject: [PATCH] RSA PSS: fix minimum length check for keys of size 8N+1
The check introduced by the previous security fix was off by one. It
fixed the buffer overflow but was not compliant with the definition of
PSS which technically led to accepting some invalid signatures (but
not signatures made without the private key).
---
library/rsa.c | 7 ++++---
tests/suites/test_suite_pkcs1_v21.data | 2 +-
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/library/rsa.c b/library/rsa.c
index f9aec227..f25137ab 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -1363,9 +1363,6 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
hlen = mbedtls_md_get_size( md_info );
- if( siglen < hlen + 2 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- hash_start = buf + siglen - hlen - 1;
memset( zeros, 0, 8 );
@@ -1384,6 +1381,10 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
if( buf[0] >> ( 8 - siglen * 8 + msb ) )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if( siglen < hlen + 2 )
+ return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ hash_start = p + siglen - hlen - 1;
+
mbedtls_md_init( &md_ctx );
if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
{
diff --git a/tests/suites/test_suite_pkcs1_v21.data b/tests/suites/test_suite_pkcs1_v21.data
index 7c202e9c..7785b123 100644
--- a/tests/suites/test_suite_pkcs1_v21.data
+++ b/tests/suites/test_suite_pkcs1_v21.data
@@ -817,7 +817,7 @@ pkcs1_rsassa_pss_verify_ext:512:16:"00b076d23250816f9aab02307e452b97f0cae7598369
RSASSA-PSS verify ext, 521-bit key, SHA-512, empty salt, bad signature
depends_on:MBEDTLS_SHA512_C
-pkcs1_rsassa_pss_verify_ext:521:16:"0131b69860f3cb9bf85ea358fdf2bd2990f1b77a80d6a4fdf817a43dd896bdf7dd26af8ac0237f526e0d33b105c971fdbd4ffa9ece99fc469f31ecf429e8f562c1c3":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:0:"":"00471794655837da498cbf27242807b40593a353c707eb22fd2cc5a3259e728ac4f1df676043eeec8e16c1175b3d9ac8cae72ec1d5772dd69de71c5677f19031568e":MBEDTLS_ERR_RSA_INVALID_PADDING:MBEDTLS_ERR_RSA_INVALID_PADDING
+pkcs1_rsassa_pss_verify_ext:521:16:"0131b69860f3cb9bf85ea358fdf2bd2990f1b77a80d6a4fdf817a43dd896bdf7dd26af8ac0237f526e0d33b105c971fdbd4ffa9ece99fc469f31ecf429e8f562c1c3":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:0:"":"00471794655837da498cbf27242807b40593a353c707eb22fd2cc5a3259e728ac4f1df676043eeec8e16c1175b3d9ac8cae72ec1d5772dd69de71c5677f19031568e":MBEDTLS_ERR_RSA_BAD_INPUT_DATA:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
RSASSA-PSS verify ext, all-zero padding, automatic salt length
depends_on:MBEDTLS_SHA256_C
--
2.16.2

60
deps/mbedtls/patches/0012-RSA-PSS-fix-first-byte-check-for-keys-of-size-8N-1.patch vendored
View File

@ -1,60 +0,0 @@
From 4b9854d025974f6538a9e2df78f3d9758ccca207 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 19 Oct 2017 15:23:49 +0200
Subject: [PATCH] RSA PSS: fix first byte check for keys of size 8N+1
For a key of size 8N+1, check that the first byte after applying the
public key operation is 0 (it could have been 1 instead). The code was
incorrectly doing a no-op check instead, which led to invalid
signatures being accepted. Not a security flaw, since you would need the
private key to craft such an invalid signature, but a bug nonetheless.
---
library/rsa.c | 6 +++---
tests/suites/test_suite_pkcs1_v21.data | 8 ++++++++
2 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/library/rsa.c b/library/rsa.c
index f25137ab..b54960fb 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -1371,15 +1371,15 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
*/
msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
+ if( buf[0] >> ( 8 - siglen * 8 + msb ) )
+ return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
/* Compensate for boundary condition when applying mask */
if( msb % 8 == 0 )
{
p++;
siglen -= 1;
}
- else
- if( buf[0] >> ( 8 - siglen * 8 + msb ) )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
if( siglen < hlen + 2 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
diff --git a/tests/suites/test_suite_pkcs1_v21.data b/tests/suites/test_suite_pkcs1_v21.data
index 7785b123..6258c626 100644
--- a/tests/suites/test_suite_pkcs1_v21.data
+++ b/tests/suites/test_suite_pkcs1_v21.data
@@ -819,6 +819,14 @@ RSASSA-PSS verify ext, 521-bit key, SHA-512, empty salt, bad signature
depends_on:MBEDTLS_SHA512_C
pkcs1_rsassa_pss_verify_ext:521:16:"0131b69860f3cb9bf85ea358fdf2bd2990f1b77a80d6a4fdf817a43dd896bdf7dd26af8ac0237f526e0d33b105c971fdbd4ffa9ece99fc469f31ecf429e8f562c1c3":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:0:"":"00471794655837da498cbf27242807b40593a353c707eb22fd2cc5a3259e728ac4f1df676043eeec8e16c1175b3d9ac8cae72ec1d5772dd69de71c5677f19031568e":MBEDTLS_ERR_RSA_BAD_INPUT_DATA:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
+RSASSA-PSS verify ext, 521-bit key, SHA-256, empty salt, good signature
+depends_on:MBEDTLS_SHA256_C
+pkcs1_rsassa_pss_verify_ext:521:16:"0131b69860f3cb9bf85ea358fdf2bd2990f1b77a80d6a4fdf817a43dd896bdf7dd26af8ac0237f526e0d33b105c971fdbd4ffa9ece99fc469f31ecf429e8f562c1c3":16:"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:0:"41":"009c4941157fa36288e467310b198ab0c615c40963d611ffeef03000549ded809235955ecc57adba44782e9497c004f480ba2b3d58db8335fe0b391075c02c843a6d":0:0
+
+RSASSA-PSS verify ext, 521-bit key, SHA-256, empty salt, flipped-highest-bit signature
+depends_on:MBEDTLS_SHA256_C
+pkcs1_rsassa_pss_verify_ext:521:16:"0131b69860f3cb9bf85ea358fdf2bd2990f1b77a80d6a4fdf817a43dd896bdf7dd26af8ac0237f526e0d33b105c971fdbd4ffa9ece99fc469f31ecf429e8f562c1c3":16:"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:0:"41":"00e11a2403df681c44a1f73f014b6c9ad17847d0b673f7c2a801cee208d10ab5792c10cd0cd495a4b331aaa521409fca7cb1b0d978b3a84cd67e28078b98753e9466":MBEDTLS_ERR_RSA_BAD_INPUT_DATA:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
+
RSASSA-PSS verify ext, all-zero padding, automatic salt length
depends_on:MBEDTLS_SHA256_C
pkcs1_rsassa_pss_verify_ext:512:16:"00b076d23250816f9aab02307e452b97f0cae7598369b41624e8afc7971a59a13892f64b07eaa6ec928c160b2d6ec8f9d0dd5b63c8b3ac0767b4f65c892f56c10f":16:"010001":MBEDTLS_MD_NONE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:MBEDTLS_RSA_SALT_LEN_ANY:"":"63a35294577c7e593170378175b7df27c293dae583ec2a971426eb2d66f2af483e897bfae5dc20300a9d61a3644e08c3aee61a463690a3498901563c46041056":MBEDTLS_ERR_RSA_INVALID_PADDING:MBEDTLS_ERR_RSA_INVALID_PADDING
--
2.16.2

31
deps/mbedtls/patches/0013-RSA-PSS-remove-redundant-check-changelog.patch vendored
View File

@ -1,31 +0,0 @@
From f23dcce9e1a12b1895d3bfd190e704f539ddeffb Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 19 Oct 2017 17:46:14 +0200
Subject: [PATCH] RSA PSS: remove redundant check; changelog
Remove a check introduced in the previous buffer overflow fix with keys of
size 8N+1 which the subsequent fix for buffer start calculations made
redundant.
Added a changelog entry for the buffer start calculation fix.
---
library/rsa.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/library/rsa.c b/library/rsa.c
index b54960fb..148f6b34 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -1399,8 +1399,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
while( p < hash_start - 1 && *p == 0 )
p++;
- if( p == hash_start ||
- *p++ != 0x01 )
+ if( *p++ != 0x01 )
{
mbedtls_md_free( &md_ctx );
return( MBEDTLS_ERR_RSA_INVALID_PADDING );
--
2.16.2