Hello community, here is the log from the commit of package mbedtls for openSUSE:Factory checked in at 2016-01-15 10:38:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mbedtls (Old) and /work/SRC/openSUSE:Factory/.mbedtls.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mbedtls" Changes: -------- --- /work/SRC/openSUSE:Factory/mbedtls/mbedtls.changes 2015-11-24 22:31:53.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.mbedtls.new/mbedtls.changes 2016-01-15 10:38:40.000000000 +0100 @@ -1,0 +2,21 @@ +Sun Jan 10 13:08:11 UTC 2016 - [email protected] + +- Update to 1.3.16 + * Fixes a potential double free when + mbedtls_asn1_store_named_data() fails to allocate memory. This + was only used for certificate generation and was not + triggerable remotely in SSL/TLS. boo#961290 + * Disables by default MD5 handshake signatures in TLS 1.2 to + prevent the SLOTH (CVE-2015-7575) attack on TLS 1.2 server + authentication (other attacks from the SLOTH paper do not apply + to any version of mbed TLS or PolarSSL). boo#961284 + * Fixes an over-restrictive length limit in GCM. + * Fixes a bug in certificate validation that caused valid chains + to be rejected when the first intermediate certificate has a + pathLenConstraint equal to zero. + * Removed potential leak in mbedtls_rsa_rsassa_pkcs1_v15_sign() + * Added config.h option POLARSSL_SSL_ENABLE_MD5_SIGNATURES to + control use of MD5-based signatures for TLS 1.2 handshake + (disabled by default). + +------------------------------------------------------------------- Old: ---- mbedtls-1.3.15-gpl.tgz New: ---- mbedtls-1.3.16-gpl.tgz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mbedtls.spec ++++++ --- /var/tmp/diff_new_pack.OzozmD/_old 2016-01-15 10:38:41.000000000 +0100 +++ /var/tmp/diff_new_pack.OzozmD/_new 2016-01-15 10:38:41.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package mbedtls # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %define lib_name lib%{name}9 Name: mbedtls -Version: 1.3.15 +Version: 1.3.16 Release: 0 Summary: Open Source embedded SSL/TLS cryptographic library License: GPL-2.0+ @@ -44,7 +44,7 @@ %package devel Summary: Open Source embedded SSL/TLS cryptographic library Group: Development/Libraries/C and C++ -Requires: %{lib_name} = %{version} +Requires: %{lib_name} = %{version}-%{release} Provides: libpolarssl-devel = %{version} Obsoletes: libpolarssl-devel < %{version} Provides: polarssl-devel = %{version} @@ -64,7 +64,6 @@ -DUSE_STATIC_MBEDTLS_LIBRARY=OFF \ -DENABLE_ZLIB_SUPPORT=ON \ -DENABLE_PROGRAMS=OFF - make VERBOSE=1 %{?_smp_mflags} %install ++++++ mbedtls-1.3.15-gpl.tgz -> mbedtls-1.3.16-gpl.tgz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.15/ChangeLog new/mbedtls-1.3.16/ChangeLog --- old/mbedtls-1.3.15/ChangeLog 2015-11-05 16:44:46.000000000 +0100 +++ new/mbedtls-1.3.16/ChangeLog 2016-01-04 23:49:30.000000000 +0100 @@ -1,5 +1,25 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 1.3.16 released 2016-01-05 + +Security + * Fix potential double free when mbedtls_asn1_store_named_data() fails to + allocate memory. Only used for certificate generation, not triggerable + remotely in SSL/TLS. Found by RafaĆ Przywara. #367 + * Disable MD5 handshake signatures in TLS 1.2 by default + +Bugfix + * Fix over-restricive length limit in GCM. Found by Andreas-N. #362 + * Fix bug in certificate validation that caused valid chains to be rejected + when the first intermediate certificate has pathLenConstraint=0. Found by + Nicholas Wilson. Introduced in mbed TLS 1.3.15. #280 + * Removed potential leak in rsa_rsassa_pkcs1_v15_sign(), found by + JayaraghavendranK. #372 + +Changes + * Add config.h option POLARSSL_SSL_ENABLE_MD5_SIGNATURES controlling + use of MD5-based signatures for TLS 1.2 handshake (disabled by default). + = mbed TLS 1.3.15 released 2015-11-04 Security diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.15/doxygen/input/doc_mainpage.h new/mbedtls-1.3.16/doxygen/input/doc_mainpage.h --- old/mbedtls-1.3.15/doxygen/input/doc_mainpage.h 2015-11-05 16:44:46.000000000 +0100 +++ new/mbedtls-1.3.16/doxygen/input/doc_mainpage.h 2016-01-04 23:49:30.000000000 +0100 @@ -4,7 +4,7 @@ */ /** - * @mainpage mbed TLS v1.3.15 source code documentation + * @mainpage mbed TLS v1.3.16 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.15/doxygen/mbedtls.doxyfile new/mbedtls-1.3.16/doxygen/mbedtls.doxyfile --- old/mbedtls-1.3.15/doxygen/mbedtls.doxyfile 2015-11-05 16:44:46.000000000 +0100 +++ new/mbedtls-1.3.16/doxygen/mbedtls.doxyfile 2016-01-04 23:49:30.000000000 +0100 @@ -28,7 +28,7 @@ # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v1.3.15" +PROJECT_NAME = "mbed TLS v1.3.16" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.15/include/polarssl/bignum.h new/mbedtls-1.3.16/include/polarssl/bignum.h --- old/mbedtls-1.3.15/include/polarssl/bignum.h 2015-11-05 16:44:46.000000000 +0100 +++ new/mbedtls-1.3.16/include/polarssl/bignum.h 2016-01-04 23:49:30.000000000 +0100 @@ -152,6 +152,7 @@ #define POLARSSL_HAVE_INT64 typedef int64_t t_sint; typedef uint64_t t_uint; + /* mbedtls_t_udbl defined as 128-bit unsigned int */ typedef unsigned int t_udbl __attribute__((mode(TI))); #define POLARSSL_HAVE_UDBL #else diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.15/include/polarssl/config.h new/mbedtls-1.3.16/include/polarssl/config.h --- old/mbedtls-1.3.15/include/polarssl/config.h 2015-11-05 16:44:46.000000000 +0100 +++ new/mbedtls-1.3.16/include/polarssl/config.h 2016-01-04 23:49:30.000000000 +0100 @@ -1093,6 +1093,19 @@ #define POLARSSL_SSL_TRUNCATED_HMAC /** + * \def POLARSSL_SSL_ENABLE_MD5_SIGNATURES + * + * Offer, accept and do MD5-based signatures in the TLS 1.2 handshake. + * Has no effect on which algorithms are accepted for certificates. + * Has no effect on other SSL/TLS versions. + * + * \warning Enabling this could be a security risk! + * + * Uncomment to enable MD5 signatures in TLS 1.2 + */ +//#define POLARSSL_SSL_ENABLE_MD5_SIGNATURES + +/** * \def POLARSSL_SSL_SET_CURVES * * Enable ssl_set_curves(). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.15/include/polarssl/version.h new/mbedtls-1.3.16/include/polarssl/version.h --- old/mbedtls-1.3.15/include/polarssl/version.h 2015-11-05 16:44:46.000000000 +0100 +++ new/mbedtls-1.3.16/include/polarssl/version.h 2016-01-04 23:49:30.000000000 +0100 @@ -40,16 +40,16 @@ */ #define POLARSSL_VERSION_MAJOR 1 #define POLARSSL_VERSION_MINOR 3 -#define POLARSSL_VERSION_PATCH 15 +#define POLARSSL_VERSION_PATCH 16 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define POLARSSL_VERSION_NUMBER 0x01030F00 -#define POLARSSL_VERSION_STRING "1.3.15" -#define POLARSSL_VERSION_STRING_FULL "mbed TLS 1.3.15" +#define POLARSSL_VERSION_NUMBER 0x01031000 +#define POLARSSL_VERSION_STRING "1.3.16" +#define POLARSSL_VERSION_STRING_FULL "mbed TLS 1.3.16" #if defined(POLARSSL_VERSION_C) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.15/library/CMakeLists.txt new/mbedtls-1.3.16/library/CMakeLists.txt --- old/mbedtls-1.3.15/library/CMakeLists.txt 2015-11-05 16:44:46.000000000 +0100 +++ new/mbedtls-1.3.16/library/CMakeLists.txt 2016-01-04 23:49:30.000000000 +0100 @@ -117,7 +117,7 @@ if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedtls SHARED ${src}) - set_target_properties(mbedtls PROPERTIES VERSION 1.3.15 SOVERSION 9) + set_target_properties(mbedtls PROPERTIES VERSION 1.3.16 SOVERSION 9) target_link_libraries(mbedtls ${libs}) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.15/library/asn1write.c new/mbedtls-1.3.16/library/asn1write.c --- old/mbedtls-1.3.15/library/asn1write.c 2015-11-05 16:44:46.000000000 +0100 +++ new/mbedtls-1.3.16/library/asn1write.c 2016-01-04 23:49:30.000000000 +0100 @@ -342,19 +342,18 @@ } else if( cur->val.len < val_len ) { - // Enlarge existing value buffer if needed - // - polarssl_free( cur->val.p ); - cur->val.p = NULL; + /* + * Enlarge existing value buffer if needed + * Preserve old data until the allocation succeeded, to leave list in + * a consistent state in case allocation fails. + */ + void *p = polarssl_malloc( val_len ); + if( p == NULL ) + return( NULL ); + polarssl_free( cur->val.p ); + cur->val.p = p; cur->val.len = val_len; - cur->val.p = polarssl_malloc( val_len ); - if( cur->val.p == NULL ) - { - polarssl_free( cur->oid.p ); - polarssl_free( cur ); - return( NULL ); - } } if( val != NULL ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.15/library/bignum.c new/mbedtls-1.3.16/library/bignum.c --- old/mbedtls-1.3.15/library/bignum.c 2015-11-05 16:44:46.000000000 +0100 +++ new/mbedtls-1.3.16/library/bignum.c 2016-01-04 23:49:30.000000000 +0100 @@ -19,12 +19,21 @@ * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ + /* - * This MPI implementation is based on: + * The following sources were referenced in the design of this Multi-precision + * Integer library: + * + * [1] Handbook of Applied Cryptography - 1997 + * Menezes, van Oorschot and Vanstone + * + * [2] Multi-Precision Math + * Tom St Denis + * https://github.com/libtom/libtommath/blob/develop/tommath.pdf + * + * [3] GNU Multi-Precision Arithmetic Library + * https://gmplib.org/manual/index.html * - * http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf - * http://www.stillhq.com/extracted/gnupg-api/mpi/ - * http://math.libtomcrypt.com/files/tommath.pdf */ #if !defined(POLARSSL_CONFIG_FILE) @@ -353,6 +362,24 @@ } /* + * Count leading zero bits in a given integer + */ +static size_t int_clz( const t_uint x ) +{ + size_t j; + t_uint mask = (t_uint) 1 << (biL - 1); + + for( j = 0; j < biL; j++ ) + { + if( x & mask ) break; + + mask >>= 1; + } + + return j; +} + +/* * Return the number of most significant bits */ size_t mpi_msb( const mpi *X ) @@ -366,9 +393,7 @@ if( X->p[i] != 0 ) break; - for( j = biL; j > 0; j-- ) - if( ( ( X->p[i] >> ( j - 1 ) ) & 1 ) != 0 ) - break; + j = biL - int_clz( X->p[i] ); return( ( i * biL ) + j ); } @@ -1193,6 +1218,101 @@ } /* + * Unsigned integer divide - double t_uint, dividend, u1/u0, and t_uint + * divisor, d + */ +static t_uint int_div_int( t_uint u1, t_uint u0, t_uint d, t_uint *r ) +{ +#if defined(POLARSSL_HAVE_UDBL) + t_udbl dividend, quotient; +#else + const t_uint radix = (t_uint) 1 << biH; + const t_uint uint_halfword_mask = ( (t_uint) 1 << biH ) - 1; + t_uint d0, d1, q0, q1, rAX, r0, quotient; + t_uint u0_msw, u0_lsw; + size_t s; +#endif + + /* + * Check for overflow + */ + if( 0 == d || u1 >= d ) + { + if ( r != NULL ) *r = ~0; + + return ( ~0 ); + } + +#if defined(POLARSSL_HAVE_UDBL) + dividend = (t_udbl) u1 << biL; + dividend |= (t_udbl) u0; + quotient = dividend / d; + if( quotient > ( (t_udbl) 1 << biL ) - 1 ) + quotient = ( (t_udbl) 1 << biL ) - 1; + + if( r != NULL ) + *r = (t_uint)( dividend - (quotient * d ) ); + + return (t_uint) quotient; +#else + + /* + * Algorithm D, Section 4.3.1 - The Art of Computer Programming + * Vol. 2 - Seminumerical Algorithms, Knuth + */ + + /* + * Normalize the divisor, d, and dividend, u0, u1 + */ + s = int_clz( d ); + d = d << s; + + u1 = u1 << s; + u1 |= ( u0 >> ( biL - s ) ) & ( -(t_sint)s >> ( biL - 1 ) ); + u0 = u0 << s; + + d1 = d >> biH; + d0 = d & uint_halfword_mask; + + u0_msw = u0 >> biH; + u0_lsw = u0 & uint_halfword_mask; + + /* + * Find the first quotient and remainder + */ + q1 = u1 / d1; + r0 = u1 - d1 * q1; + + while( q1 >= radix || ( q1 * d0 > radix * r0 + u0_msw ) ) + { + q1 -= 1; + r0 += d1; + + if ( r0 >= radix ) break; + } + + rAX = ( u1 * radix ) + ( u0_msw - q1 * d ); + q0 = rAX / d1; + r0 = rAX - q0 * d1; + + while( q0 >= radix || ( q0 * d0 > radix * r0 + u0_lsw ) ) + { + q0 -= 1; + r0 += d1; + + if ( r0 >= radix ) break; + } + + if (r != NULL) + *r = ( rAX * radix + u0_lsw - q0 * d ) >> s; + + quotient = q1 * radix + q0; + + return quotient; +#endif +} + +/* * Division by mpi: A = Q * B + R (HAC 14.20) */ int mpi_div_mpi( mpi *Q, mpi *R, const mpi *A, const mpi *B ) @@ -1249,57 +1369,7 @@ Z.p[i - t - 1] = ~0; else { -#if defined(POLARSSL_HAVE_UDBL) - t_udbl r; - - r = (t_udbl) X.p[i] << biL; - r |= (t_udbl) X.p[i - 1]; - r /= Y.p[t]; - if( r > ( (t_udbl) 1 << biL ) - 1 ) - r = ( (t_udbl) 1 << biL ) - 1; - - Z.p[i - t - 1] = (t_uint) r; -#else - /* - * __udiv_qrnnd_c, from gmp/longlong.h - */ - t_uint q0, q1, r0, r1; - t_uint d0, d1, d, m; - - d = Y.p[t]; - d0 = ( d << biH ) >> biH; - d1 = ( d >> biH ); - - q1 = X.p[i] / d1; - r1 = X.p[i] - d1 * q1; - r1 <<= biH; - r1 |= ( X.p[i - 1] >> biH ); - - m = q1 * d0; - if( r1 < m ) - { - q1--, r1 += d; - while( r1 >= d && r1 < m ) - q1--, r1 += d; - } - r1 -= m; - - q0 = r1 / d1; - r0 = r1 - d1 * q0; - r0 <<= biH; - r0 |= ( X.p[i - 1] << biH ) >> biH; - - m = q0 * d0; - if( r0 < m ) - { - q0--, r0 += d; - while( r0 >= d && r0 < m ) - q0--, r0 += d; - } - r0 -= m; - - Z.p[i - t - 1] = ( q1 << biH ) | q0; -#endif /* POLARSSL_HAVE_UDBL && !64-bit Apple with Clang 5.0 */ + Z.p[i - t - 1] = int_div_int( X.p[i], X.p[i - 1], Y.p[t], NULL); } Z.p[i - t - 1]++; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.15/library/gcm.c new/mbedtls-1.3.16/library/gcm.c --- old/mbedtls-1.3.15/library/gcm.c 2015-11-05 16:44:46.000000000 +0100 +++ new/mbedtls-1.3.16/library/gcm.c 2016-01-04 23:49:30.000000000 +0100 @@ -357,7 +357,7 @@ /* Total length is restricted to 2^39 - 256 bits, ie 2^36 - 2^5 bytes * Also check for possible overflow */ if( ctx->len + length < ctx->len || - (uint64_t) ctx->len + length > 0x03FFFFE0ull ) + (uint64_t) ctx->len + length > 0xFFFFFFFE0ull ) { return( POLARSSL_ERR_GCM_BAD_INPUT ); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.15/library/rsa.c new/mbedtls-1.3.16/library/rsa.c --- old/mbedtls-1.3.15/library/rsa.c 2015-11-05 16:44:46.000000000 +0100 +++ new/mbedtls-1.3.16/library/rsa.c 2016-01-04 23:49:30.000000000 +0100 @@ -1082,9 +1082,15 @@ * temporary buffer and check it before returning it. */ sig_try = polarssl_malloc( ctx->len ); + if( sig_try == NULL ) + return( POLARSSL_ERR_MPI_MALLOC_FAILED ); + verif = polarssl_malloc( ctx->len ); - if( sig_try == NULL || verif == NULL ) + if( verif == NULL ) + { + polarssl_free( sig_try ); return( POLARSSL_ERR_MPI_MALLOC_FAILED ); + } MPI_CHK( rsa_private( ctx, f_rng, p_rng, sig, sig_try ) ); MPI_CHK( rsa_public( ctx, sig_try, verif ) ); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.15/library/ssl_cli.c new/mbedtls-1.3.16/library/ssl_cli.c --- old/mbedtls-1.3.15/library/ssl_cli.c 2015-11-05 16:44:46.000000000 +0100 +++ new/mbedtls-1.3.16/library/ssl_cli.c 2016-01-04 23:49:30.000000000 +0100 @@ -191,7 +191,7 @@ /* SHA1 + RSA signature */ sig_alg_len += 2; #endif -#if defined(POLARSSL_MD5_C) +#if defined(POLARSSL_MD5_C) && defined(POLARSSL_SSL_ENABLE_MD5_SIGNATURES) /* MD5 + RSA signature */ sig_alg_len += 2; #endif @@ -209,7 +209,7 @@ /* SHA1 + ECDSA signature */ sig_alg_len += 2; #endif -#if defined(POLARSSL_MD5_C) +#if defined(POLARSSL_MD5_C) && defined(POLARSSL_SSL_ENABLE_MD5_SIGNATURES) /* MD5 + ECDSA signature */ sig_alg_len += 2; #endif @@ -243,7 +243,7 @@ sig_alg_list[sig_alg_len++] = SSL_HASH_SHA1; sig_alg_list[sig_alg_len++] = SSL_SIG_RSA; #endif -#if defined(POLARSSL_MD5_C) +#if defined(POLARSSL_MD5_C) && defined(POLARSSL_SSL_ENABLE_MD5_SIGNATURES) sig_alg_list[sig_alg_len++] = SSL_HASH_MD5; sig_alg_list[sig_alg_len++] = SSL_SIG_RSA; #endif @@ -265,7 +265,7 @@ sig_alg_list[sig_alg_len++] = SSL_HASH_SHA1; sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA; #endif -#if defined(POLARSSL_MD5_C) +#if defined(POLARSSL_MD5_C) && defined(POLARSSL_SSL_ENABLE_MD5_SIGNATURES) sig_alg_list[sig_alg_len++] = SSL_HASH_MD5; sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA; #endif @@ -2035,6 +2035,14 @@ SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } + +#if !defined(POLARSSL_SSL_ENABLE_MD5_SIGNATURES) + if( md_alg == POLARSSL_MD_MD5 ) + { + SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); + return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + } +#endif } else #endif /* POLARSSL_SSL_PROTO_TLS1_2 */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.15/library/ssl_srv.c new/mbedtls-1.3.16/library/ssl_srv.c --- old/mbedtls-1.3.15/library/ssl_srv.c 2015-11-05 16:44:46.000000000 +0100 +++ new/mbedtls-1.3.16/library/ssl_srv.c 2016-01-04 23:49:30.000000000 +0100 @@ -492,6 +492,12 @@ * So, just look at the HashAlgorithm part. */ for( md_cur = md_list(); *md_cur != POLARSSL_MD_NONE; md_cur++ ) { +#if !defined(POLARSSL_SSL_ENABLE_MD5_SIGNATURES) + /* Skip MD5 */ + if( *md_cur == POLARSSL_MD_MD5 ) + continue; +#endif + for( p = buf + 2; p < end; p += 2 ) { if( *md_cur == (int) ssl_md_alg_from_hash( p[0] ) ) { ssl->handshake->sig_alg = p[0]; @@ -2409,7 +2415,9 @@ { dn_size = crt->subject_raw.len; - if( end < p || (size_t)( end - p ) < 2 + dn_size ) + if( end < p || + (size_t)( end - p ) < dn_size || + (size_t)( end - p ) < 2 + dn_size ) { SSL_DEBUG_MSG( 1, ( "skipping CAs: buffer too short" ) ); break; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.15/library/version_features.c new/mbedtls-1.3.16/library/version_features.c --- old/mbedtls-1.3.15/library/version_features.c 2015-11-05 16:44:46.000000000 +0100 +++ new/mbedtls-1.3.16/library/version_features.c 2016-01-04 23:49:30.000000000 +0100 @@ -345,6 +345,9 @@ #if defined(POLARSSL_SSL_TRUNCATED_HMAC) "POLARSSL_SSL_TRUNCATED_HMAC", #endif /* POLARSSL_SSL_TRUNCATED_HMAC */ +#if defined(POLARSSL_SSL_ENABLE_MD5_SIGNATURES) + "POLARSSL_SSL_ENABLE_MD5_SIGNATURES", +#endif /* POLARSSL_SSL_ENABLE_MD5_SIGNATURES */ #if defined(POLARSSL_SSL_SET_CURVES) "POLARSSL_SSL_SET_CURVES", #endif /* POLARSSL_SSL_SET_CURVES */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.15/library/x509_crt.c new/mbedtls-1.3.16/library/x509_crt.c --- old/mbedtls-1.3.15/library/x509_crt.c 2015-11-05 16:44:46.000000000 +0100 +++ new/mbedtls-1.3.16/library/x509_crt.c 2016-01-04 23:49:30.000000000 +0100 @@ -2092,18 +2092,8 @@ { /* Look for a parent upwards the chain */ for( parent = crt->next; parent != NULL; parent = parent->next ) - { - /* +2 because the current step is not yet accounted for - * and because max_pathlen is one higher than it should be */ - if( parent->max_pathlen > 0 && - parent->max_pathlen < 2 + pathlen ) - { - continue; - } - if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 ) break; - } /* Are we part of the chain or at the top? */ if( parent != NULL ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.15/tests/data_files/dir4/Readme new/mbedtls-1.3.16/tests/data_files/dir4/Readme --- old/mbedtls-1.3.15/tests/data_files/dir4/Readme 2015-11-05 16:44:46.000000000 +0100 +++ new/mbedtls-1.3.16/tests/data_files/dir4/Readme 2016-01-04 23:49:30.000000000 +0100 @@ -36,3 +36,12 @@ cert71.crt (max_pathlen=1) -> cert72.crt -> cert73.crt (self signed) -> cert74.crt -> cert74.crt ``` +8. zero pathlen constraint on first intermediate CA (valid) +``` +cert81.crt -> cert82.crt (max_pathlen=0) -> cert83.crt +``` + +9. zero pathlen constraint on trusted root (valid) +``` +cert91.crt (max_pathlen=0) -> cert92.crt +``` diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.15/tests/data_files/dir4/cert81.crt new/mbedtls-1.3.16/tests/data_files/dir4/cert81.crt --- old/mbedtls-1.3.15/tests/data_files/dir4/cert81.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.16/tests/data_files/dir4/cert81.crt 2016-01-04 23:49:30.000000000 +0100 @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBpTCCAUmgAwIBAgIBUTAMBggqhkjOPQQDAgUAMDExDzANBgNVBAMTBlJvb3Qg +ODERMA8GA1UEChMIbWJlZCBUTFMxCzAJBgNVBAYTAlVLMB4XDTAxMDEwMTAwMDAw +MFoXDTMwMTIzMTIzNTk1OVowMTEPMA0GA1UEAxMGUm9vdCA4MREwDwYDVQQKEwht +YmVkIFRMUzELMAkGA1UEBhMCVUswWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT1 +GuTQ9vgf2l3oLM25r78cvIAQqE02GzQGjp/WWw3CysEwTwNEuZGhRiD5lDmkbUGW +UNxv/7uJjy7k3K3fDNdko1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTHFA2h +Au0tPnzeYnLcmlTQj4FAajAfBgNVHSMEGDAWgBTHFA2hAu0tPnzeYnLcmlTQj4FA +ajAMBggqhkjOPQQDAgUAA0gAMEUCIH7Z/HNb/Pwbs40iNll1a9gmgAbYOgdlVPWo +nSdcb7cZAiEAlhVb6CdBXsjOfAWWEET/QP74z608PKFccCIFPCDLkxo= +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.15/tests/data_files/dir4/cert82.crt new/mbedtls-1.3.16/tests/data_files/dir4/cert82.crt --- old/mbedtls-1.3.15/tests/data_files/dir4/cert82.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.16/tests/data_files/dir4/cert82.crt 2016-01-04 23:49:30.000000000 +0100 @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBqDCCAUygAwIBAgIBUjAMBggqhkjOPQQDAgUAMDExDzANBgNVBAMTBlJvb3Qg +ODERMA8GA1UEChMIbWJlZCBUTFMxCzAJBgNVBAYTAlVLMB4XDTAxMDEwMTAwMDAw +MFoXDTMwMTIzMTIzNTk1OVowMTEPMA0GA1UEAxMGSW50IDgyMREwDwYDVQQKEwht +YmVkIFRMUzELMAkGA1UEBhMCVUswWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS2 +giYQt4HVfQ2t8eTS0bvISwp7ol2x17umbllBxwzGDFEUQ00JL1/SStezecK0lNhE +0AvY8Ez2soQEtdSeQGkCo1MwUTAPBgNVHRMECDAGAQH/AgEAMB0GA1UdDgQWBBS3 ++nsv3nQknSg4aDjlTiRpCPo7XzAfBgNVHSMEGDAWgBTHFA2hAu0tPnzeYnLcmlTQ +j4FAajAMBggqhkjOPQQDAgUAA0gAMEUCIQDus2Lvx3yyvaViY1s334uMm6ge484X +oktMyxLVjkAMiAIgehTHiJJaT9PnlVa+hUpxsIfVAuMexrm5fw/bDF5Nxzw= +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.15/tests/data_files/dir4/cert83.crt new/mbedtls-1.3.16/tests/data_files/dir4/cert83.crt --- old/mbedtls-1.3.15/tests/data_files/dir4/cert83.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.16/tests/data_files/dir4/cert83.crt 2016-01-04 23:49:30.000000000 +0100 @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBoDCCAUWgAwIBAgIBUzAMBggqhkjOPQQDAgUAMDExDzANBgNVBAMTBkludCA4 +MjERMA8GA1UEChMIbWJlZCBUTFMxCzAJBgNVBAYTAlVLMB4XDTAxMDEwMTAwMDAw +MFoXDTMwMTIzMTIzNTk1OVowMDEOMAwGA1UEAxMFRUUgODMxETAPBgNVBAoTCG1i +ZWQgVExTMQswCQYDVQQGEwJVSzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMSy +6X5iBYrdxxOMfdcA23pLBoJCeyEjiWfALxTm80MJGBdRNVdnT50xNU3SDDwHWPda +/EQqHq+itsqkUeyAGAyjTTBLMAkGA1UdEwQCMAAwHQYDVR0OBBYEFGsFH/KsvM4n +r+i1gI2iCVXi3KtFMB8GA1UdIwQYMBaAFLf6ey/edCSdKDhoOOVOJGkI+jtfMAwG +CCqGSM49BAMCBQADRwAwRAIgQURH8DHWFHVK38+znWc85G1P+g4ocdkA5Gt0LbOg +SJMCIBsacOLFywxZYF8atizw6zMRw+QeHR2514JIhJUck2kd +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.15/tests/data_files/dir4/cert91.crt new/mbedtls-1.3.16/tests/data_files/dir4/cert91.crt --- old/mbedtls-1.3.15/tests/data_files/dir4/cert91.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.16/tests/data_files/dir4/cert91.crt 2016-01-04 23:49:30.000000000 +0100 @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBqTCCAUygAwIBAgIBWzAMBggqhkjOPQQDAgUAMDExDzANBgNVBAMTBlJvb3Qg +OTERMA8GA1UEChMIbWJlZCBUTFMxCzAJBgNVBAYTAlVLMB4XDTAxMDEwMTAwMDAw +MFoXDTMwMTIzMTIzNTk1OVowMTEPMA0GA1UEAxMGUm9vdCA5MREwDwYDVQQKEwht +YmVkIFRMUzELMAkGA1UEBhMCVUswWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATh +D2SmdS6D7cYi2vGMyuCdol/OOUN2di2pS2wfSI/MsY/Z4O9iNHqbXQP6l+hcT5ap +daycs7r6ZPNqmWM7b16go1MwUTAPBgNVHRMECDAGAQH/AgEAMB0GA1UdDgQWBBRb +zVrcAxddj0i0DEqvTGT8F37bizAfBgNVHSMEGDAWgBRbzVrcAxddj0i0DEqvTGT8 +F37bizAMBggqhkjOPQQDAgUAA0kAMEYCIQDbrSV4ndH0vAR3HqJfBn8NT8zdvMjB +qSJes6Qwa42b2wIhAKyoH0H+b1Svw8pMkvUYF4ElH5Cnn7gxb7Wl3arc0+hQ +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.15/tests/data_files/dir4/cert92.crt new/mbedtls-1.3.16/tests/data_files/dir4/cert92.crt --- old/mbedtls-1.3.15/tests/data_files/dir4/cert92.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.16/tests/data_files/dir4/cert92.crt 2016-01-04 23:49:30.000000000 +0100 @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBoTCCAUWgAwIBAgIBXDAMBggqhkjOPQQDAgUAMDExDzANBgNVBAMTBlJvb3Qg +OTERMA8GA1UEChMIbWJlZCBUTFMxCzAJBgNVBAYTAlVLMB4XDTAxMDEwMTAwMDAw +MFoXDTMwMTIzMTIzNTk1OVowMDEOMAwGA1UEAxMFRUUgOTIxETAPBgNVBAoTCG1i +ZWQgVExTMQswCQYDVQQGEwJVSzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABC9E +tK1pE8Ei8vgScunyjx50C+qDsQS8D2RhGHC4VkE2yyiFxJA/ynhoeXTKZsHuEWI9 +CfOSvk0RrTWf9nr0pTGjTTBLMAkGA1UdEwQCMAAwHQYDVR0OBBYEFLqsN52tAf1k +XlzxQmdD5qG6Sy6PMB8GA1UdIwQYMBaAFFvNWtwDF12PSLQMSq9MZPwXftuLMAwG +CCqGSM49BAMCBQADSAAwRQIgXlfKqhkhXgK112Eycl+Z5NHM+6aqXE7i9j7IyGfk +ikICIQDBYNGbpSx82XG+IS/h4AWNTa4Hs6rmWvQDWJum7NrzMQ== +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.15/tests/suites/test_suite_version.data new/mbedtls-1.3.16/tests/suites/test_suite_version.data --- old/mbedtls-1.3.15/tests/suites/test_suite_version.data 2015-11-05 16:44:46.000000000 +0100 +++ new/mbedtls-1.3.16/tests/suites/test_suite_version.data 2016-01-04 23:49:30.000000000 +0100 @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"1.3.15" +check_compiletime_version:"1.3.16" Check runtime library version -check_runtime_version:"1.3.15" +check_runtime_version:"1.3.16" Check for POLARSSL_VERSION_C check_feature:"POLARSSL_VERSION_C":0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.15/tests/suites/test_suite_x509parse.data new/mbedtls-1.3.16/tests/suites/test_suite_x509parse.data --- old/mbedtls-1.3.15/tests/suites/test_suite_x509parse.data 2015-11-05 16:44:46.000000000 +0100 +++ new/mbedtls-1.3.16/tests/suites/test_suite_x509parse.data 2016-01-04 23:49:30.000000000 +0100 @@ -1156,6 +1156,14 @@ depends_on:POLARSSL_SHA256_C:POLARSSL_RSA_C x509_crt_verify_chain:"data_files/dir4/cert61.crt data_files/dir4/cert63.crt data_files/dir4/cert62.crt":"data_files/dir4/cert61.crt":0 +X509 CRT verify chain #9 (zero pathlen first intermediate, valid) +depends_on:POLARSSL_SHA256_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP256R1_ENABLED +x509_crt_verify_chain:"data_files/dir4/cert83.crt data_files/dir4/cert82.crt":"data_files/dir4/cert81.crt":0 + +X509 CRT verify chain #10 (zero pathlen root, valid) +depends_on:POLARSSL_SHA256_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP256R1_ENABLED +x509_crt_verify_chain:"data_files/dir4/cert92.crt":"data_files/dir4/cert91.crt":0 + X509 OID description #1 x509_oid_desc:"2B06010505070301":"TLS Web Server Authentication"
