Merge branch 'iotssl-1077-dos-crl'
Modifies the function mbedtls_x509_crl_parse() to ensure that a CRL in PEM format with trailing characters after the footer does not result in the execution of an infinite loop.
This commit is contained in:
commit
0278a38f10
@ -3,6 +3,11 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
||||
= mbed TLS 2.x.x branch released xxxx-xx-xx
|
||||
|
||||
Security
|
||||
* Fixed potential livelock during the parsing of a CRL in PEM format in
|
||||
mbedtls_x509_crl_parse(). A string containing a CRL followed by trailing
|
||||
characters after the footer could result in the execution of an infinite
|
||||
loop. The issue can be triggered remotely. Found by Greg Zaverucha,
|
||||
Microsoft.
|
||||
* Removed MD5 from the allowed hash algorithms for CertificateRequest and
|
||||
CertificateVerify messages, to prevent SLOTH attacks against TLS 1.2.
|
||||
Introduced by interoperability fix for #513.
|
||||
|
@ -530,7 +530,7 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s
|
||||
|
||||
mbedtls_pem_free( &pem );
|
||||
}
|
||||
else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
||||
else if( is_pem )
|
||||
{
|
||||
mbedtls_pem_free( &pem );
|
||||
return( ret );
|
||||
|
20
tests/data_files/crl-malformed-trailing-spaces.pem
Normal file
20
tests/data_files/crl-malformed-trailing-spaces.pem
Normal file
@ -0,0 +1,20 @@
|
||||
-----BEGIN X509 CRL-----
|
||||
MIIBbzCB9gIBATAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQ
|
||||
b2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQRcNMTMwOTI0MTYz
|
||||
MTA4WhcNMjMwOTIyMTYzMTA4WjAUMBICAQoXDTEzMDkyNDE2MjgzOFqgcjBwMG4G
|
||||
A1UdIwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8oUKkQDA+MQswCQYDVQQGEwJO
|
||||
TDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMg
|
||||
Q0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2kAMGYCMQDVG95rrSSl4dJgbJ5vR1GW
|
||||
svEuEsAh35EhF1WrcadMuCeMQVX9cUPupFfQUpHyMfoCMQCKf0yv8pN9BAoi3FVm
|
||||
56meWPhUekgLKKMAobt2oJJY6feuiFU2YFGs1aF0rV6Bj+U=
|
||||
-----END X509 CRL-----
|
||||
-----BEGIN X509 CRL-----
|
||||
MIIBcTCB9wIBATAKBggqhkjOPQQDBDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
|
||||
UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2
|
||||
MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu
|
||||
BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC
|
||||
TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
|
||||
IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwQDaQAwZgIxAL/VFrDIYUECsS0rVpAy
|
||||
6zt/CqeAZ1sa/l5LTaG1XW286n2Kibipr6EpkYZNYIQILgIxAI0wb3Py1DHPWpYf
|
||||
/BFBH7C3KYq+nWTrLeEnhrjU1LzG/CiQ8lnuskya6lw/P3lJ/A==
|
||||
-----END X509 CRL-----
|
@ -198,6 +198,10 @@ X509 CRL Information EC, SHA512 Digest
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C
|
||||
mbedtls_x509_crl_info:"data_files/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA512\n"
|
||||
|
||||
X509 CRL Malformed Input (trailing spaces at end of file)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C
|
||||
mbedtls_x509_crl_parse:"data_files/crl-malformed-trailing-spaces.pem":MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT
|
||||
|
||||
X509 CSR Information RSA with MD4
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C
|
||||
mbedtls_x509_csr_info:"data_files/server1.req.md4":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\n"
|
||||
|
@ -163,6 +163,22 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */
|
||||
void mbedtls_x509_crl_parse( char *crl_file, int result )
|
||||
{
|
||||
mbedtls_x509_crl crl;
|
||||
char buf[2000];
|
||||
|
||||
mbedtls_x509_crl_init( &crl );
|
||||
memset( buf, 0, 2000 );
|
||||
|
||||
TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == result );
|
||||
|
||||
exit:
|
||||
mbedtls_x509_crl_free( &crl );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C */
|
||||
void mbedtls_x509_csr_info( char *csr_file, char *result_str )
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user