TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 60371454bdbbcee61dd82506ed16b926e1651906^! / .
commit60371454bdbbcee61dd82506ed16b926e1651906[log] [tgz]
authorSimon Butcher <simon.butcher@arm.com>Fri Oct 14 01:10:02 2016 +0100
committerSimon Butcher <simon.butcher@arm.com>Fri Oct 14 01:10:02 2016 +0100
tree6cf0e736424a3c6d759b39983eb56473650ae5f2
parent8a1a91f3dae7d1cbfa17a49eb30128b3b8cddb5a [diff]
parentd1ebdf56be90ad4b20f3ddfeebe1af9f21ebc074 [diff]
Merge branch for fix for #502 - Unchecked calls

diff --git a/ChangeLog b/ChangeLog
index c6cb0e9..92410a3 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -7,7 +7,7 @@
      with RFC5116 and could lead to session key recovery in very long TLS
      sessions. (H. Bock, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic -
      "Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM in TLS")
-  * Fix potential stack corruption in mbedtls_x509write_crt_der() and
+   * Fix potential stack corruption in mbedtls_x509write_crt_der() and
      mbedtls_x509write_csr_der() when the signature is copied to the buffer
      without checking whether there is enough space in the destination. The
      issue cannot be triggered remotely. (found by Jethro Beekman)
@@ -30,6 +30,10 @@
    * Fix documentation and implementation missmatch for function arguments of
      mbedtls_gcm_finish(). Found by cmiatpaar. #602
    * Guarantee that P>Q at RSA key generation. Found by inestlerode. #558
+   * Fix missing return code check after call to md_init_ctx() that could
+     result in usage of invalid md_ctx in rsa_rsaes_oaep_encrypt(),
+     rsa_rsaes_oaep_decrypt(), rsa_rsassa_pss_sign() and
+     rsa_rsassa_pss_verify_ext(). Fixed by Brian J. Murray. #502
 
 Changes
    * Add compile time option for relaxed X509 time verification to enable

diff --git a/library/rsa.c b/library/rsa.c
index bf77cb5..79726c1 100644
--- a/library/rsa.c
+++ b/library/rsa.c

@@ -547,7 +547,11 @@
     memcpy( p, input, ilen );
 
     md_init( &md_ctx );
-    md_init_ctx( &md_ctx, md_info );
+    if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
+    {
+        md_free( &md_ctx );
+        return( ret );
+    }
 
     // maskedDB: Apply dbMask to DB
     //
@@ -728,7 +732,11 @@
         return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
 
     md_init( &md_ctx );
-    md_init_ctx( &md_ctx, md_info );
+    if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
+    {
+        md_free( &md_ctx );
+        return( ret );
+    }
 
     /* Generate lHash */
     md( md_info, label, label_len, lhash );
@@ -974,7 +982,11 @@
     p += slen;
 
     md_init( &md_ctx );
-    md_init_ctx( &md_ctx, md_info );
+    if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
+    {
+        md_free( &md_ctx );
+        return( ret );
+    }
 
     // Generate H = Hash( M' )
     //
@@ -1247,7 +1259,11 @@
         return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
 
     md_init( &md_ctx );
-    md_init_ctx( &md_ctx, md_info );
+    if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
+    {
+        md_free( &md_ctx );
+        return( ret );
+    }
 
     mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx );