From effeb14219ab9b9560ddf0ea56f939a1aa8f1d71 Mon Sep 17 00:00:00 2001
From: matrixssl-admin <matrixssl@rambus.com>
Date: Thu, 29 Dec 2022 11:25:01 +0200
Subject: [PATCH] MatrixSSL 4.6.0

---
 apps/ssl/server.c                             |  2 +-
 core/include/psStat.h                         |  1 +
 crypto/common/alg_info.c                      |  7 ++--
 crypto/crypto_sign/ps_ed25519.c               |  1 +
 crypto/crypto_sign/ps_ed25519.h               |  1 +
 crypto/cryptolib.h                            |  2 +-
 doc/CHANGES_v4.x.html                         |  7 ++++
 doc/CHANGES_v4.x.md                           |  6 ++++
 doc/CHANGES_v4.x.txt                          |  6 ++++
 matrixssl/test/pkcs12Test.c                   |  2 +-
 matrixssl/test/provider.c                     |  2 +-
 matrixssl/test/sslTest.c                      | 34 ++++++++++++++-----
 matrixssl/tls13Decode.c                       |  9 ++++-
 matrixssl/version.h                           |  6 ++--
 ...open.html => release_notes-4-6-0-open.html |  7 ++++
 15 files changed, 73 insertions(+), 20 deletions(-)
 rename release_notes-4-5-1-open.html => release_notes-4-6-0-open.html (98%)

diff --git a/apps/ssl/server.c b/apps/ssl/server.c
index 49a8c4f..7a1c309 100644
--- a/apps/ssl/server.c
+++ b/apps/ssl/server.c
@@ -1934,7 +1934,7 @@ static int32 sighandlers(void)
 /* Warn on segmentation violation */
 static void sigsegv_handler(int unused)
 {
-    Printf("Segfault! Please report this as a bug to support@peersec.com\n");
+    Printf("Segfault! Please report this as a bug to matrixssl@rambus.com\n");
     exit(EXIT_FAILURE);
 }
 
diff --git a/core/include/psStat.h b/core/include/psStat.h
index 52a1642..9918691 100644
--- a/core/include/psStat.h
+++ b/core/include/psStat.h
@@ -166,6 +166,7 @@ typedef enum
     PS_STAT_ID_IKEV1_DERIVE_KEYING_MATERIAL,
     PS_STAT_ID_RBG_TEST_VECTOR,
     PS_STAT_ID_RBG_RAW_ENTROPY,
+    PS_STAT_ID_RBG_RAW_NOISE,
     PS_STAT_ID_ASSET_ALLOCATE_EX,
     PS_STAT_ID_ASSET_REBIND,
     PS_STAT_ID_ASSET_ALLOCATE_AND_ASSOCIATE_KEY_EXTRA_EX,
diff --git a/crypto/common/alg_info.c b/crypto/common/alg_info.c
index c57684c..4f1b4e1 100644
--- a/crypto/common/alg_info.c
+++ b/crypto/common/alg_info.c
@@ -86,6 +86,7 @@ psResSize_t psSigAlgToHashLen(int32_t sigAlg)
     case OID_MD5_RSA_SIG:
         return MD5_HASH_SIZE;
     case OID_SHA1_RSA_SIG:
+    case OID_SHA1_RSA_SIG2:
     case OID_SHA1_ECDSA_SIG:
     case OID_SHA1_DSA_SIG:
         return SHA1_HASH_SIZE;
@@ -132,7 +133,7 @@ psResSize_t psSigAlgToHashLen(int32_t sigAlg)
     }
 }
 
-# ifdef USE_PKCS1_PSS
+# if defined(USE_PKCS1_PSS) || defined(USE_PKCS1_OAEP)
 psResSize_t psPssHashAlgToHashLen(int32_t pssHashAlg)
 {
     switch(pssHashAlg)
@@ -420,8 +421,8 @@ psBool_t psIsEcdheGroup(uint16_t namedGroup)
             namedGroup == namedgroup_secp256r1 ||
             namedGroup == namedgroup_secp384r1 ||
             namedGroup == namedgroup_secp521r1 ||
-# ifdef USE_BRAIN521R1
-            namedGroup == namedgroup_brain521r1 ||
+# ifdef USE_BRAIN512R1
+            namedGroup == namedgroup_brain512r1 ||
 # endif
 # ifdef USE_BRAIN384R1
             namedGroup == namedgroup_brain384r1 ||
diff --git a/crypto/crypto_sign/ps_ed25519.c b/crypto/crypto_sign/ps_ed25519.c
index 975f421..56056ac 100644
--- a/crypto/crypto_sign/ps_ed25519.c
+++ b/crypto/crypto_sign/ps_ed25519.c
@@ -41,6 +41,7 @@
 #endif
 
 #ifdef USE_MATRIX_ED25519
+/* The pubkey must be the genuine key matching the privKey */
 int32_t psEd25519Sign(const unsigned char *msg,
         psSizeL_t msgLen,
         unsigned char *sigOut,
diff --git a/crypto/crypto_sign/ps_ed25519.h b/crypto/crypto_sign/ps_ed25519.h
index 0197565..cab2c42 100644
--- a/crypto/crypto_sign/ps_ed25519.h
+++ b/crypto/crypto_sign/ps_ed25519.h
@@ -44,6 +44,7 @@
 # include "osdep-types.h"
 
 #ifdef USE_MATRIX_ED25519
+/* The pubkey must be the genuine key matching the privKey */
 int32_t psEd25519Sign(const unsigned char *msg,
         psSizeL_t msgLen,
         unsigned char *sigOut,
diff --git a/crypto/cryptolib.h b/crypto/cryptolib.h
index e3b525f..b358d7e 100644
--- a/crypto/cryptolib.h
+++ b/crypto/cryptolib.h
@@ -474,7 +474,7 @@ extern int32_t psGetPrngLocked(unsigned char *bytes, psSize_t size,
 #  define namedgroup_secp521r1   0x0019
 #  define namedgroup_brain256r1  0x001a
 #  define namedgroup_brain384r1  0x001b
-#  define namedgroup_brain521r1  0x001c
+#  define namedgroup_brain512r1  0x001c
 #  define namedgroup_x25519      0x001d
 #  define namedgroup_x448        0x001e
 #  define namedgroup_ffdhe2048   0x0100
diff --git a/doc/CHANGES_v4.x.html b/doc/CHANGES_v4.x.html
index 565bdfc..87b86b9 100644
--- a/doc/CHANGES_v4.x.html
+++ b/doc/CHANGES_v4.x.html
@@ -1,5 +1,12 @@
 <h1>MatrixSSL 4.x changelog</h1>
 
+<h2>Changes between 4.5.1 and 4.6.0 [December 2022]</h2>
+
+<pre><code>* Fixed a integer overflow (CVE-2022-43974) The vulnerability was found by
+  Robert Hörr and Alissar Ibrahim, Security Evaluators of the Telekom
+  Security Evaluation Facility.
+</code></pre>
+
 <h2>Changes between 4.5.0 and 4.5.1 [July 2022]</h2>
 
 <pre><code>* Fix a usage of return value of psX509ParseCert when a flag is set
diff --git a/doc/CHANGES_v4.x.md b/doc/CHANGES_v4.x.md
index 6d2f6bd..2730e7e 100644
--- a/doc/CHANGES_v4.x.md
+++ b/doc/CHANGES_v4.x.md
@@ -1,5 +1,11 @@
 # MatrixSSL 4.x changelog
 
+## Changes between 4.5.1 and 4.6.0 [December 2022]
+
+    * Fixed a integer overflow (CVE-2022-43974) The vulnerability was found by
+      Robert Hörr and Alissar Ibrahim, Security Evaluators of the Telekom
+      Security Evaluation Facility.
+
 ## Changes between 4.5.0 and 4.5.1 [July 2022]
 
     * Fix a usage of return value of psX509ParseCert when a flag is set
diff --git a/doc/CHANGES_v4.x.txt b/doc/CHANGES_v4.x.txt
index 23fef3e..134a4a5 100644
--- a/doc/CHANGES_v4.x.txt
+++ b/doc/CHANGES_v4.x.txt
@@ -1,5 +1,11 @@
                             MatrixSSL 4.x changelog
 
+Changes between 4.5.1 and 4.6.0 [December 2022]
+
+* Fixed a integer overflow (CVE-2022-43974) The vulnerability was found by
+  Robert Hörr and Alissar Ibrahim, Security Evaluators of the Telekom
+  Security Evaluation Facility.
+
 Changes between 4.5.0 and 4.5.1 [July 2022]
 
 * Fix a usage of return value of psX509ParseCert when a flag is set
diff --git a/matrixssl/test/pkcs12Test.c b/matrixssl/test/pkcs12Test.c
index cb822b7..4dc4135 100644
--- a/matrixssl/test/pkcs12Test.c
+++ b/matrixssl/test/pkcs12Test.c
@@ -5,7 +5,7 @@
  *      Test program that tries out the new extensions to pkcs12 parsing.
  */
 /*
- *      Copyright (c) 2020 Rambus Inc
+ *      Copyright (c) 2020 INSIDE Secure Corporation
  *      All Rights Reserved
  *
  *      The latest version of this code is available at http://www.matrixssl.org
diff --git a/matrixssl/test/provider.c b/matrixssl/test/provider.c
index 6dd0622..92961ac 100644
--- a/matrixssl/test/provider.c
+++ b/matrixssl/test/provider.c
@@ -5,7 +5,7 @@
  *      Example how to set crypto provider programmatically.
  */
 /*
- *      Copyright (c) 2017-2017 Rambus Inc
+ *      Copyright (c) 2017-2017 INSIDE Secure Corporation
  *      All Rights Reserved
  *
  *      The latest version of this code is available at http://www.matrixssl.org
diff --git a/matrixssl/test/sslTest.c b/matrixssl/test/sslTest.c
index d5330ff..6223db0 100644
--- a/matrixssl/test/sslTest.c
+++ b/matrixssl/test/sslTest.c
@@ -7,7 +7,7 @@
  *      Iterates over all supported protocol versions and ciphersuites.
  */
 /*
- *      Copyright (c) 2014-2018 Rambus Inc
+ *      Copyright (c) 2014-2018 INSIDE Secure Corporation
  *      Copyright (c) PeerSec Networks, 2002-2011
  *      All Rights Reserved
  *
@@ -362,6 +362,9 @@ static __THREAD uint32_t ECCKEY_SIZE, ECC_SIZE, ECCCA_SIZE;
 #   include "testkeys/DH/2048_DH_PARAMS.h"
 #   include "testkeys/DH/3072_DH_PARAMS.h"
 #   include "testkeys/DH/4096_DH_PARAMS.h"
+#   include "testkeys/DH/ffdhe2048_DH_PARAMS.h"
+#   include "testkeys/DH/ffdhe3072_DH_PARAMS.h"
+#   include "testkeys/DH/ffdhe4096_DH_PARAMS.h"
 #   ifdef USE_LARGE_DH_GROUPS
 #    include "testkeys/DH/ffdhe6144_DH_PARAMS.h"
 #    include "testkeys/DH/ffdhe8192_DH_PARAMS.h"
@@ -1660,24 +1663,36 @@ L_NEXT_DH:
             switch (DH_SIZE)
             {
             case 0:
-                DHPARAM = DHPARAM1024; DH_SIZE = DHPARAM1024_SIZE;
-                keysize = 1024;
-                break;
+                {
+                    DHPARAM = DHPARAM1024; DH_SIZE = DHPARAM1024_SIZE;
+                    keysize = 1024;
+                    break;
+                }
             case DHPARAM1024_SIZE:
-                DHPARAM = DHPARAM2048; DH_SIZE = DHPARAM2048_SIZE;
-                keysize = 2048;
-                break;
+                {
+                    DHPARAM = DHPARAM2048; DH_SIZE = DHPARAM2048_SIZE;
+                    keysize = 2048;
+                    break;
+                }
             case DHPARAM2048_SIZE:
                 DHPARAM = DHPARAM3072; DH_SIZE = DHPARAM3072_SIZE;
                 keysize = 3072;
                 break;
+            case ffdhe2048_DH_PARAMS_SIZE:
+                DHPARAM = ffdhe3072_DH_PARAMS; DH_SIZE = ffdhe3072_DH_PARAMS_SIZE;
+                keysize = 3072;
+                break;
+            case ffdhe3072_DH_PARAMS_SIZE:
+                DHPARAM = ffdhe4096_DH_PARAMS; DH_SIZE = ffdhe4096_DH_PARAMS_SIZE;
+                keysize = 4096;
+                break;
             case DHPARAM3072_SIZE:
 #   if !defined(EMBEDDED) || defined(USE_LARGE_DH_GROUPS)
                 DHPARAM = DHPARAM4096; DH_SIZE = DHPARAM4096_SIZE;
                 keysize = 4096;
                 break;
 #   if defined(USE_LARGE_DH_GROUPS)
-            case DHPARAM4096_SIZE:
+            case DHPARAM4096_SIZE:case ffdhe4096_DH_PARAMS_SIZE:
                 DHPARAM = ffdhe6144_DH_PARAMS;
                 DH_SIZE = ffdhe6144_DH_PARAMS_SIZE;
                 keysize = 6144;
@@ -1689,7 +1704,7 @@ L_NEXT_DH:
                 break;
             case ffdhe8192_DH_PARAMS_SIZE:
 #   else
-            case DHPARAM4096_SIZE:
+            case DHPARAM4096_SIZE:case ffdhe4096_DH_PARAMS_SIZE:
 #   endif
 #   endif       /* !EMBEDDED || USE_LARGE_DH_GROUPS */
                 DH_SIZE = 0;
@@ -1702,6 +1717,7 @@ L_NEXT_DH:
         }
 #  endif /* REQUIRE_DH_PARAMS */
 
+
 # ifdef USE_PSK_CIPHER_SUITE
         if (spec->type == CS_PSK)
         {
diff --git a/matrixssl/tls13Decode.c b/matrixssl/tls13Decode.c
index 2ae88e2..0249bc7 100644
--- a/matrixssl/tls13Decode.c
+++ b/matrixssl/tls13Decode.c
@@ -269,7 +269,14 @@ parse_next_record_header:
         }
         /* Done - tell the caller what we've consumed. */
         *in += parsedBytes;
-        *len -= parsedBytes;
+        if (*len >= parsedBytes)
+        {
+            *len -= parsedBytes;
+        }
+        else
+        {
+            return MATRIXSSL_ERROR;
+        }
         *remaining -= PS_MIN(parsedBytes, *remaining);
         /* If there's handshake message waiting in outbuf then send it */
         if (ssl->outlen > 0)
diff --git a/matrixssl/version.h b/matrixssl/version.h
index 8b313b9..1ab38a7 100644
--- a/matrixssl/version.h
+++ b/matrixssl/version.h
@@ -8,10 +8,10 @@
 extern "C" {
 #endif
 
-#define MATRIXSSL_VERSION      "4.5.1-OPEN"
+#define MATRIXSSL_VERSION      "4.6.0-OPEN"
 #define MATRIXSSL_VERSION_MAJOR 4
-#define MATRIXSSL_VERSION_MINOR 5
-#define MATRIXSSL_VERSION_PATCH 1
+#define MATRIXSSL_VERSION_MINOR 6
+#define MATRIXSSL_VERSION_PATCH 0
 #define MATRIXSSL_VERSION_CODE "OPEN"
 
 #ifdef __cplusplus
diff --git a/release_notes-4-5-1-open.html b/release_notes-4-6-0-open.html
similarity index 98%
rename from release_notes-4-5-1-open.html
rename to release_notes-4-6-0-open.html
index 565bdfc..87b86b9 100644
--- a/release_notes-4-5-1-open.html
+++ b/release_notes-4-6-0-open.html
@@ -1,5 +1,12 @@
 <h1>MatrixSSL 4.x changelog</h1>
 
+<h2>Changes between 4.5.1 and 4.6.0 [December 2022]</h2>
+
+<pre><code>* Fixed a integer overflow (CVE-2022-43974) The vulnerability was found by
+  Robert Hörr and Alissar Ibrahim, Security Evaluators of the Telekom
+  Security Evaluation Facility.
+</code></pre>
+
 <h2>Changes between 4.5.0 and 4.5.1 [July 2022]</h2>
 
 <pre><code>* Fix a usage of return value of psX509ParseCert when a flag is set