ECP: Prevent freeing a buffer on stack The function ecp_mod_koblitz computed the space for the result of a multiplication optimally for that specific case, but unfortunately the function mbedtls_mpi_mul_mpi performs a generic, suboptimal calculation and needs one more limb for the result. Since the result's buffer is on the stack, the best case scenario is that the program stops. This only happened on 64 bit platforms. Fixes #569

commit: 7dadc2f25990e852f4766a0d3a94bc0b99d02631 [log] [tgz]
author: Janos Follath <janos.follath@arm.com> Fri Jan 27 16:05:20 2017 +0000
committer: Simon Butcher <simon.butcher@arm.com> Tue Feb 28 18:41:39 2017 +0000
tree: 330c0b8c6e90dfcd31c6e12a460c85b264e40b6c
parent: 28fff141133314308994738fbe4f24f4a1e3c64d [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 51c5e20..99df526 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -12,6 +12,14 @@
      CertificateVerify messages, to prevent SLOTH attacks against TLS 1.2.
      Introduced by interoperability fix for #513.
 
+Security
+   * Fixed a bug that caused freeing a buffer that was allocated on the stack,
+     when verifying the validity of a key on secp224k1. This could be
+     triggered remotely for example with a maliciously constructed certificate
+     and might have led to remote code execution on some exotic embedded
+     platforms. Reported independently by rongsaws and Regina Wilson.
+     CVE-2017-2784
+
 Bugfix
    * Fix output certificate verification flags set by x509_crt_verify_top() when
      traversing a chain of trusted CA. The issue would cause both flags,
commit	7dadc2f25990e852f4766a0d3a94bc0b99d02631	[log] [tgz]
author	Janos Follath <janos.follath@arm.com>	Fri Jan 27 16:05:20 2017 +0000
committer	Simon Butcher <simon.butcher@arm.com>	Tue Feb 28 18:41:39 2017 +0000
tree	330c0b8c6e90dfcd31c6e12a460c85b264e40b6c
parent	28fff141133314308994738fbe4f24f4a1e3c64d [diff] [blame]