diff --git a/ChangeLog b/ChangeLog index 0f9d6bd60b..86c6ef539f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -204,6 +204,8 @@ API Changes Bugfix * Fix an issue with MicroBlaze support in bn_mul.h which was causing the build to fail. Found by zv-io. Fixes #1651. + * Fix undefined shifts with negative values in certificates parsing + (found by Catena cyber using oss-fuzz) Changes * Support TLS testing in out-of-source builds using cmake. Fixes #1193. diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 73e4391a0e..82d76af79f 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -3332,8 +3332,8 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); - lifetime = ( msg[0] << 24 ) | ( msg[1] << 16 ) | - ( msg[2] << 8 ) | ( msg[3] ); + lifetime = ( ((uint32_t) msg[0]) << 24 ) | ( msg[1] << 16 ) | + ( msg[2] << 8 ) | ( msg[3] ); ticket_len = ( msg[4] << 8 ) | ( msg[5] ); diff --git a/library/x509_crt.c b/library/x509_crt.c index 290c1eb3d1..89194b320f 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -163,6 +163,9 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb = static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile, mbedtls_md_type_t md_alg ) { + if( md_alg == MBEDTLS_MD_NONE ) + return( -1 ); + if( ( profile->allowed_mds & MBEDTLS_X509_ID_FLAG( md_alg ) ) != 0 ) return( 0 ); @@ -176,6 +179,9 @@ static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile, static int x509_profile_check_pk_alg( const mbedtls_x509_crt_profile *profile, mbedtls_pk_type_t pk_alg ) { + if( pk_alg == MBEDTLS_PK_NONE ) + return( -1 ); + if( ( profile->allowed_pks & MBEDTLS_X509_ID_FLAG( pk_alg ) ) != 0 ) return( 0 ); @@ -208,6 +214,9 @@ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile, { const mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id; + if( gid == MBEDTLS_ECP_DP_NONE ) + return( -1 ); + if( ( profile->allowed_curves & MBEDTLS_X509_ID_FLAG( gid ) ) != 0 ) return( 0 );